commit f2789b72b68f7c7582549c5b2bf028f48ad9b51b Author: Johanna Dorothea Reichmann Date: Sat Nov 26 23:57:00 2022 +0100 feat(keycloak): initial role draft diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml new file mode 100644 index 0000000..422ac19 --- /dev/null +++ b/roles/keycloak/defaults/main.yml @@ -0,0 +1,34 @@ +--- + +keycloak_version: 20.0.0 +keycloak_container_name: keycloak + +keycloak_container_upstream_image_name: quai.io/keycloak/keycloak +keycloak_container_image_name: "keycloak:{{ keycloak_version }}-custom" + +keycloak_container_database_vendor: postgres +keycloak_container_build_directory: /opt/keycloak/build + +keycloak_database_hostname: localhost +keycloak_database_port: 5432 +keycloak_database_username: keycloak +keycloak_database_password: ~ +keycloak_database_database: keycloak + +keycloak_container_env: {} +keycloak_container_labels: ~ +keycloak_container_volumes: ~ +keycloak_container_restart_policy: unless-stopped +keycloak_container_command: >-2 + start + --db-username {{ keycloak_database_username }} + --db-password {{ keycloak_database_password }} + --db-url jdbc:postgresql://{{ keycloak_database_hostname }}:{{ keycloak_database_port }}/{{ keycloak_database_database }} + --optimized + +keycloak_config_health_enabled: true +keycloak_config_metrics_enabled: true + +keycloak_config_hostname: localhost +keycloak_config_admin_username: admin +keycloak_config_admin_password: ~ diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml new file mode 100644 index 0000000..4a68cca --- /dev/null +++ b/roles/keycloak/tasks/main.yml @@ -0,0 +1,47 @@ +--- + +- name: Ensure build directory exists + file: + name: "{{ keycloak_container_build_directory }}" + state: directory + recurse: yes + mode: 0700 + +- name: Ensure Dockerfile is templated + template: + src: Dockerfile.j2 + dest: "{{ keycloak_container_build_directory }}/Dockerfile" + mode: 0640 + +- name: Ensure Keycloak container image is present + docker_image: + name: "{{ keycloak_container_upstream_image_name }}:{{ keycloak_version }}" + source: pull + state: present + +- name: Ensure custom keycloak is built + docker_image: + name: "{{ keycloak_container_image_name }}" + build: + args: + DB_VENDOR: "{{ keycloak_container_database_vendor }}" + dockerfile: "{{ keycloak_container_build_directory }}/Dockerfile" + path: "{{ keycloak_container_build_directory }}" + source: build + state: present + +- name: Ensure keycloak container is running + docker_container: + name: "{{ keycloak_container_name }}" + image: "{{ keycloak_container_image_name }}" + env: "{{ keycloak_container_env | default(omit, true) }}" + labels: "{{ keycloak_container_labels | default(omit, true) }}" + volumes: "{{ keycloak_container_volumes | default(omit, true) }}" + restart_policy: "{{ keycloak_container_restart_policy }}" + state: started + command: >-2 + start + --db-username {{ keycloak_database_username }} + --db-password {{ keycloak_database_password }} + --db-url jdbc:postgresql://{{ keycloak_database_hostname }}:{{ keycloak_database_port }}/{{ keycloak_database_database }} + --optimized diff --git a/roles/keycloak/templates/Dockerfile.j2 b/roles/keycloak/templates/Dockerfile.j2 new file mode 100644 index 0000000..bf69289 --- /dev/null +++ b/roles/keycloak/templates/Dockerfile.j2 @@ -0,0 +1,25 @@ +FROM {{ keycloak_container_upstream_image_name }}:{{ keycloak_version }} as builder + +# Enable health and metrics support +ENV KC_HEALTH_ENABLED={{ keycloak_config_health_enabled | ternary('true', 'false') }} +ENV KC_METRICS_ENABLED={{ keycloak_config_metrics_enabled | ternary('true', 'false') }} + +# Configure a database vendor +ARG DB_VENDOR +ENV KC_DB=$DB_VENDOR + +WORKDIR {{ keycloak_container_working_directory }} +RUN {{ keycloak_container_working_directory }}/bin/kc.sh build + + +FROM {{ keycloak_container_upstream_image_name }}:{{ keycloak_version }} +COPY --from=builder {{ keycloak_container_working_directory }}/ {{ keycloak_container_working_directory }}/ + +# change these values to point to a running postgres instance +#ENV KC_DB_URL={{ keycloak_config_database_url }} +#ENV KC_DB_USERNAME={{ keycloak_config_database_username }} +#ENV KC_DB_PASSWORD={{ keycloak_config_database_password }} +ENV KC_HOSTNAME={{ keycloak_config_hostname }} +ENV KEYCLOAK_ADMIN={{ keycloak_config_admin_username }} +ENV KEYCLOAK_PASSWORD={{ keycloak_config_admin_password }} +ENTRYPOINT ["{{ keycloak_container_working_directory }}/bin/kc.sh"] diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml new file mode 100644 index 0000000..69a5302 --- /dev/null +++ b/roles/keycloak/vars/main.yml @@ -0,0 +1,3 @@ +--- + +keycloak_container_working_directory: /opt/keycloak