feat(keycloak): initial role draft

roles/keycloak/defaults/main.yml

@@ -0,0 +1,34 @@
+---
+
+keycloak_version: 20.0.0
+keycloak_container_name: keycloak
+
+keycloak_container_upstream_image_name: quay.io/keycloak/keycloak
+keycloak_container_image_name: "keycloak:{{ keycloak_version }}-custom"
+
+keycloak_container_database_vendor: postgres
+keycloak_container_build_directory: /opt/keycloak/build
+
+keycloak_database_hostname: localhost
+keycloak_database_port: 5432
+keycloak_database_username: keycloak
+keycloak_database_password: ~
+keycloak_database_database: keycloak
+
+keycloak_container_env: {}
+keycloak_container_labels: ~
+keycloak_container_volumes: ~
+keycloak_container_restart_policy: unless-stopped
+keycloak_container_command: >-2
+  start
+  --db-username {{ keycloak_database_username }}
+  --db-password {{ keycloak_database_password }}
+  --db-url jdbc:postgresql://{{ keycloak_database_hostname }}:{{ keycloak_database_port }}/{{ keycloak_database_database }}
+  --optimized
+
+keycloak_config_health_enabled: true
+keycloak_config_metrics_enabled: true
+
+keycloak_config_hostname: localhost
+keycloak_config_admin_username: admin
+keycloak_config_admin_password: ~

roles/keycloak/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+
+- name: Ensure build directory exists
+  file:
+    name: "{{ keycloak_container_build_directory }}"
+    state: directory
+    recurse: yes
+    mode: 0700
+
+- name: Ensure Dockerfile is templated
+  template:
+    src: Dockerfile.j2
+    dest: "{{ keycloak_container_build_directory }}/Dockerfile"
+    mode: 0640
+
+- name: Ensure Keycloak container image is present
+  docker_image:
+    name: "{{ keycloak_container_upstream_image_name }}:{{ keycloak_version }}"
+    source: pull
+    state: present
+
+- name: Ensure custom keycloak is built
+  docker_image:
+    name: "{{ keycloak_container_image_name }}"
+    build:
+      args:
+        DB_VENDOR: "{{ keycloak_container_database_vendor }}"
+        KC_ADMIN_PASSWORD: "{{ keycloak_config_admin_password }}"
+      dockerfile: "{{ keycloak_container_build_directory }}/Dockerfile"
+      path: "{{ keycloak_container_build_directory }}"
+    source: build
+    state: present
+
+- name: Ensure keycloak container is running
+  docker_container:
+    name: "{{ keycloak_container_name }}"
+    image: "{{ keycloak_container_image_name }}"
+    env: "{{ keycloak_container_env | default(omit, true) }}"
+    labels: "{{ keycloak_container_labels | default(omit, true) }}"
+    volumes: "{{ keycloak_container_volumes | default(omit, true) }}"
+    restart_policy: "{{ keycloak_container_restart_policy }}"
+    state: started
+    command: >-2
+      start
+      --db-username {{ keycloak_database_username }}
+      --db-password {{ keycloak_database_password }}
+      --db-url jdbc:postgresql://{{ keycloak_database_hostname }}:{{ keycloak_database_port }}/{{ keycloak_database_database }}
+      --optimized

roles/keycloak/templates/Dockerfile.j2

@@ -0,0 +1,22 @@
+FROM {{ keycloak_container_upstream_image_name }}:{{ keycloak_version }} as builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED={{ keycloak_config_health_enabled | ternary('true', 'false') }}
+ENV KC_METRICS_ENABLED={{ keycloak_config_metrics_enabled | ternary('true', 'false') }}
+
+# Configure a database vendor
+ARG DB_VENDOR
+ENV KC_DB=$DB_VENDOR
+
+WORKDIR {{ keycloak_container_working_directory }}
+RUN {{ keycloak_container_working_directory }}/bin/kc.sh build
+
+
+FROM {{ keycloak_container_upstream_image_name }}:{{ keycloak_version }}
+COPY --from=builder {{ keycloak_container_working_directory }}/ {{ keycloak_container_working_directory }}/
+
+ENV KC_HOSTNAME={{ keycloak_config_hostname }}
+ENV KEYCLOAK_ADMIN={{ keycloak_config_admin_username }}
+ARG KC_ADMIN_PASSWORD
+ENV KEYCLOAK_PASSWORD=$KC_ADMIN_PASSWORD
+ENTRYPOINT ["{{ keycloak_container_working_directory }}/bin/kc.sh"]

roles/keycloak/vars/main.yml

@@ -0,0 +1,3 @@
+---
+
+keycloak_container_working_directory: /opt/keycloak