fix: keycloak problems

2025-12-09 21:08:32 +01:00 · 2023-01-08 00:20:21 +01:00
parent a68fbd4838
commit 4b9ee96989
4 changed files with 62 additions and 19 deletions
--- a/roles/usermanagement/tasks/main.yaml
+++ b/roles/usermanagement/tasks/main.yaml
@@ -18,8 +18,6 @@
    src: "{{ item }}"
    dest: "/opt/keycloak/"
  with_items:
-    - keycloak.env
-    - postgres.env
    - postgres_password

 - name: Deploy compose templates
@@ -28,3 +26,46 @@
    pull: true
    files:
      - "keycloak.yaml"
+
+- name: Check/Wait for Keycloak to be up
+  uri:
+    url: https://keycloak.atlantishq.de/health
+    method: GET
+    return_content: yes
+    status_code: 200
+    body_format: json
+  register: result
+  until: result.json.status == "UP"
+  retries: 10
+  delay: 20
+
+#- name: Image Client
+#  local_action:
+#    module: keycloak_client
+#    auth_client_id: admin-cli
+#    auth_keycloak_url: https://keycloak.atlantishq.de/
+#    auth_realm: master
+#    auth_username: admin
+#    auth_password: "{{ keycloak_admin_password }}"
+#    state: present
+#    realm: master
+#    client_id: web1
+#    id: 00000000-0000-0000-0000-000000000001
+#    name: Images Upload
+#    description: Client for Web1 Services
+#    enabled: True
+#    client_authenticator_type: client-secret
+#    secret: "{{ keycloak_images_client_secret }}"
+#    redirect_uris:
+#      - https://images.atlantishq.de/*
+#      - https://images.potaris.de/*
+#      - https://sls.atlantishq.de/*
+#      - https://sounds.potaris.de/*
+#      - https://serienampel.atlantishq.de/*
+#    web_origins:
+#      - https://images.atlantishq.de/*
+#      - https://images.potaris.de/*
+#      - https://sls.atlantishq.de/*
+#      - https://serienampel.atlantishq.de/*
+#    frontchannel_logout: False
+#    protocol: openid-connect
--- a/roles/usermanagement/templates/keycloak.env
+++ b/roles/usermanagement/templates/keycloak.env
@@ -1,9 +0,0 @@
-KEYCLOAK_ADMIN=admin
-KEYCLOAK_ADMIN_PASSWORD={{ keycloak_admin_password }}
-PROXY_ADDRESS_FORWARDING=true
-KC_PROXY=edge
-KC_LOG_LEVEL=ALL
-
-KC_DB_URL_HOST=postgres
-KC_DB_USERNAME=keycloak
-KC_DB_PASSWORD={{ keycloak_postgres_password }}
--- a/roles/usermanagement/templates/keycloak.yaml
+++ b/roles/usermanagement/templates/keycloak.yaml
@@ -5,9 +5,20 @@ version: '3.3'
 services:
  keycloak:
    container_name: keycloak-container
-    command: start-dev --http-enabled=true
-    image: quay.io/keycloak/keycloak:18.0.0
-    env_file: keycloak.env
+    command: start --hostname-strict=false --log-level=WARNING
+    image: quay.io/keycloak/keycloak:20.0.2
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD={{ keycloak_admin_password }}
+      - PROXY_ADDRESS_FORWARDING=true
+      - KC_PROXY=edge
+      - KC_LOG_LEVEL=ALL
+      - KC_DB_URL_HOST=postgres
+      - KC_DB_USERNAME=keycloak
+      - KC_DB_PASSWORD={{ keycloak_postgres_password }}
+      - KC_HEALTH_ENABLED=true
+      - KC_METRICS_ENABLED=true
+      - KEYCLOAK_LOGLEVEL=WARN
    restart: unless-stopped
    ports:
    - 5050:8080
@@ -17,8 +28,11 @@ services:
    - postgres_password
  postgres:
    container_name: postgres-container
-    image: postgres:13.2
-    env_file: postgres.env
+    image: postgres:15.1
+    environment:
+      - POSTGRES_DB=keycloak
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+      - POSTGRES_USER=keycloak
    restart: unless-stopped
    secrets:
    - postgres_password
--- a/roles/usermanagement/templates/postgres.env
+++ b/roles/usermanagement/templates/postgres.env
@@ -1,3 +0,0 @@
-POSTGRES_DB=keycloak
-POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
-POSTGRES_USER=keycloak