feat: usermanagement keycloak

group_vars/all.yaml

@@ -17,3 +17,6 @@ async_icinga_static_services:
     - { "name" : "backup_ths_server",       "timeout" : "30d", "token" : "HISTORY_PURGED_SECRET" }
     - { "name" : "backup_ths_storrage_box", "timeout" : "30d", "token" : "HISTORY_PURGED_SECRET" }
     - { "name" : "backup_kathi_laptop",     "timeout" : "30d", "token" : "HISTORY_PURGED_SECRET" }
+
+keycloak_admin_password: HISTORY_PURGED_SECRET
+keycloak_postgres_password: HISTORY_PURGED_SECRET

roles/base/tasks/main.yaml

@@ -11,16 +11,16 @@
   file:
     name: /opt/
     state: directory
-    mode: 711
+    mode: 0711
 
 - name: Ensure backup info dir exists and accessible
   file:
     name: /opt/backup-info/
     state: directory
-    mode: 700
+    mode: 0700
 
 - name: Copy Backup Helper script
   copy:
     src: check_dir_size_for_backup.py
     dest: /opt/check_dir_size_for_backup.py
-    mode: 755
+    mode: 0755

roles/monitoring-client/tasks/main.yaml

@@ -66,7 +66,7 @@
     src: monitoring.conf.j2
     dest: /etc/monitoring.conf
     owner: root
-    mode: 644
+    mode: 0644
 
 - name: Add monitoring report cronjob
   cron:

roles/usermanagement/tasks/main.yaml

@@ -3,30 +3,28 @@
     name: /data/
     state: directory
 
-- name: Create opt-dir
+- name: Create compose directory keycloak
   file:
-    name: /opt/
+    name: "/opt/keycloak/"
     state: directory
 
-- name: Create compose directories
+- name: Copy compose templates keycloak
-  file:
-    name: "/opt/{{ item }}"
-    state: directory
-  with_items:
-    - keycloak
-
-- name: Copy compose templates
   template:
-    src: "{{ item }}.yaml"
+    src: "keycloak.yaml"
-    dest: "/opt/{{ item }}/"
+    dest: "/opt/keycloak/"
+
+- name: Copy compose environment files keycloak
+  template:
+    src: "{{ item }}"
+    dest: "/opt/keycloak/"
   with_items:
-    - keycloak
+    - keycloak.env
+    - postgres.env
+    - postgres_password
 
 - name: Deploy compose templates
   community.docker.docker_compose:
-    project_src: "/opt/{{ item }}/"
+    project_src: "/opt/keycloak/"
     pull: true
     files:
-      - "{{ item }}.yaml"
+      - "keycloak.yaml"
-  with_items:
-    - keycloak

roles/usermanagement/templates/keycloak.env

@@ -0,0 +1,9 @@
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD={{ keycloak_admin_password }}
+PROXY_ADDRESS_FORWARDING=true
+KC_PROXY=edge
+KC_LOG_LEVEL=ALL
+
+KC_DB_URL_HOST=postgres
+KC_DB_USERNAME=keycloak
+KC_DB_PASSWORD={{ keycloak_postgres_password }}

roles/usermanagement/templates/keycloak.yaml

@@ -7,7 +7,7 @@ services:
     container_name: keycloak-container
     command: start-dev --http-enabled=true
     image: quay.io/keycloak/keycloak:18.0.0
-    env_file: .env.keycloak
+    env_file: keycloak.env
     restart: unless-stopped
     ports:
     - 5050:8080
@@ -18,7 +18,7 @@ services:
   postgres:
     container_name: postgres-container
     image: postgres:13.2
-    env_file: .env.postgres
+    env_file: postgres.env
     restart: unless-stopped
     secrets:
     - postgres_password

roles/usermanagement/templates/postgres.env

@@ -0,0 +1,3 @@
+POSTGRES_DB=keycloak
+POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
+POSTGRES_USER=keycloak

roles/usermanagement/templates/postgres_password

@@ -0,0 +1 @@
+{{ keycloak_postgres_password }}