fix: keycloak problems

2025-12-10 08:48:33 +01:00 · 2023-01-08 00:20:21 +01:00
parent a68fbd4838
commit 4b9ee96989
4 changed files with 62 additions and 19 deletions
--- a/roles/usermanagement/tasks/main.yaml
+++ b/roles/usermanagement/tasks/main.yaml
@@ -18,8 +18,6 @@
    src: "{{ item }}"
    dest: "/opt/keycloak/"
  with_items:
    - keycloak.env
    - postgres.env
    - postgres_password
 - name: Deploy compose templates
@@ -28,3 +26,46 @@
    pull: true
    files:
      - "keycloak.yaml"
 - name: Check/Wait for Keycloak to be up
  uri:
    url: https://keycloak.atlantishq.de/health
    method: GET
    return_content: yes
    status_code: 200
    body_format: json
  register: result
  until: result.json.status == "UP"
  retries: 10
  delay: 20
 #- name: Image Client
 #  local_action:
 #    module: keycloak_client
 #    auth_client_id: admin-cli
 #    auth_keycloak_url: https://keycloak.atlantishq.de/
 #    auth_realm: master
 #    auth_username: admin
 #    auth_password: "{{ keycloak_admin_password }}"
 #    state: present
 #    realm: master
 #    client_id: web1
 #    id: 00000000-0000-0000-0000-000000000001
 #    name: Images Upload
 #    description: Client for Web1 Services
 #    enabled: True
 #    client_authenticator_type: client-secret
 #    secret: "{{ keycloak_images_client_secret }}"
 #    redirect_uris:
 #      - https://images.atlantishq.de/*
 #      - https://images.potaris.de/*
 #      - https://sls.atlantishq.de/*
 #      - https://sounds.potaris.de/*
 #      - https://serienampel.atlantishq.de/*
 #    web_origins:
 #      - https://images.atlantishq.de/*
 #      - https://images.potaris.de/*
 #      - https://sls.atlantishq.de/*
 #      - https://serienampel.atlantishq.de/*
 #    frontchannel_logout: False
 #    protocol: openid-connect
--- a/roles/usermanagement/templates/keycloak.env
+++ b/roles/usermanagement/templates/keycloak.env
@@ -1,9 +0,0 @@
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD={{ keycloak_admin_password }}
 PROXY_ADDRESS_FORWARDING=true
 KC_PROXY=edge
 KC_LOG_LEVEL=ALL
 KC_DB_URL_HOST=postgres
 KC_DB_USERNAME=keycloak
 KC_DB_PASSWORD={{ keycloak_postgres_password }}
--- a/roles/usermanagement/templates/keycloak.yaml
+++ b/roles/usermanagement/templates/keycloak.yaml
@@ -5,9 +5,20 @@ version: '3.3'
 services:
  keycloak:
    container_name: keycloak-container
-    command: start-dev --http-enabled=true
+    command: start --hostname-strict=false --log-level=WARNING
-    image: quay.io/keycloak/keycloak:18.0.0
+    image: quay.io/keycloak/keycloak:20.0.2
-    env_file: keycloak.env
+    environment:
      - KEYCLOAK_ADMIN=admin
      - KEYCLOAK_ADMIN_PASSWORD={{ keycloak_admin_password }}
      - PROXY_ADDRESS_FORWARDING=true
      - KC_PROXY=edge
      - KC_LOG_LEVEL=ALL
      - KC_DB_URL_HOST=postgres
      - KC_DB_USERNAME=keycloak
      - KC_DB_PASSWORD={{ keycloak_postgres_password }}
      - KC_HEALTH_ENABLED=true
      - KC_METRICS_ENABLED=true
      - KEYCLOAK_LOGLEVEL=WARN
    restart: unless-stopped
    ports:
    - 5050:8080
@@ -17,8 +28,11 @@ services:
    - postgres_password
  postgres:
    container_name: postgres-container
-    image: postgres:13.2
+    image: postgres:15.1
-    env_file: postgres.env
+    environment:
      - POSTGRES_DB=keycloak
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - POSTGRES_USER=keycloak
    restart: unless-stopped
    secrets:
    - postgres_password
--- a/roles/usermanagement/templates/postgres.env
+++ b/roles/usermanagement/templates/postgres.env
@@ -1,3 +0,0 @@
 POSTGRES_DB=keycloak
 POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
 POSTGRES_USER=keycloak