From bfd1a2ee70e048840067a3441aca5f9a885ad4f8 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 14 Jul 2025 11:20:10 +0200 Subject: [PATCH] Optimized keycloak variables --- roles/web-app-keycloak/config/main.yml | 7 ++--- .../tasks/attributes/ssh_public_key.yml | 4 +-- roles/web-app-keycloak/tasks/main.yml | 8 +++--- .../templates/docker-compose.yml.j2 | 8 +++--- roles/web-app-keycloak/vars/main.yml | 27 ++++++++++--------- 5 files changed, 29 insertions(+), 25 deletions(-) diff --git a/roles/web-app-keycloak/config/main.yml b/roles/web-app-keycloak/config/main.yml index 99beac24..5ffd36b0 100644 --- a/roles/web-app-keycloak/config/main.yml +++ b/roles/web-app-keycloak/config/main.yml @@ -1,10 +1,8 @@ -images: - keycloak: "quay.io/keycloak/keycloak:latest" import_realm: True # If True realm will be imported. If false skip. features: matomo: true css: false - port-ui-desktop: true + port-ui-desktop: true ldap: true central_database: true recaptcha: true @@ -26,6 +24,9 @@ scopes: rbac_groups: "/rbac" docker: services: + keycloak: + image: "quay.io/keycloak/keycloak" + version: "latest" database: enabled: true diff --git a/roles/web-app-keycloak/tasks/attributes/ssh_public_key.yml b/roles/web-app-keycloak/tasks/attributes/ssh_public_key.yml index 84981b16..d4994df7 100644 --- a/roles/web-app-keycloak/tasks/attributes/ssh_public_key.yml +++ b/roles/web-app-keycloak/tasks/attributes/ssh_public_key.yml @@ -72,11 +72,11 @@ - name: Render user-profile JSON for SSH key template: src: import/user-profile.json.j2 - dest: "{{ import_directory_host }}/user-profile.json" + dest: "{{ keycloak_host_import_directory }}/user-profile.json" mode: '0644' notify: docker compose up - name: Apply SSH Public Key to user-profile via kcadm shell: | docker exec -i {{ container_name }} \ - /opt/keycloak/bin/kcadm.sh update realms/{{ keycloak_realm }} -f {{ import_directory_docker }}user-profile.json + /opt/keycloak/bin/kcadm.sh update realms/{{ keycloak_realm }} -f {{ keycloak_docker_import_directory }}user-profile.json diff --git a/roles/web-app-keycloak/tasks/main.yml b/roles/web-app-keycloak/tasks/main.yml index 8f3e11d0..17d1ccc5 100644 --- a/roles/web-app-keycloak/tasks/main.yml +++ b/roles/web-app-keycloak/tasks/main.yml @@ -3,16 +3,16 @@ include_role: name: cmp-db-docker-proxy -- name: "create directory {{import_directory_host}}" +- name: "create directory {{keycloak_host_import_directory}}" file: - path: "{{import_directory_host}}" + path: "{{keycloak_host_import_directory}}" state: directory mode: 0755 -- name: "Copy import files to {{ import_directory_host }}" +- name: "Copy import files to {{ keycloak_host_import_directory }}" template: src: "{{ item }}" - dest: "{{ import_directory_host }}/{{ item | basename | regex_replace('\\.j2$', '') }}" + dest: "{{ keycloak_host_import_directory }}/{{ item | basename | regex_replace('\\.j2$', '') }}" mode: '770' loop: "{{ lookup('fileglob', '{{ role_path }}/templates/import/*.j2', wantlist=True) }}" notify: docker compose up diff --git a/roles/web-app-keycloak/templates/docker-compose.yml.j2 b/roles/web-app-keycloak/templates/docker-compose.yml.j2 index 064a6c4d..a7806029 100644 --- a/roles/web-app-keycloak/templates/docker-compose.yml.j2 +++ b/roles/web-app-keycloak/templates/docker-compose.yml.j2 @@ -1,14 +1,14 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} application: - image: "{{ applications | get_app_conf(application_id, 'images.keycloak', True) }}" - container_name: {{container_name}} - command: start {% if applications | get_app_conf(application_id, 'import_realm', True) | bool %}--import-realm{% endif %} + image: "{{ keycloak_image }}:{{ keycloak_version }}" + container_name: {{ keycloak_container }} + command: start{% if keycloak_import_realm %} --import-realm{% endif %}{% if keycloak_debug_enabled %} --verbose{% endif %} {% include 'roles/docker-container/templates/base.yml.j2' %} ports: - "{{ keycloak_server_host }}:8080" volumes: - - "{{import_directory_host}}:{{import_directory_docker}}" + - "{{keycloak_host_import_directory}}:{{keycloak_docker_import_directory}}" {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %} {% set container_port = 9000 %} diff --git a/roles/web-app-keycloak/vars/main.yml b/roles/web-app-keycloak/vars/main.yml index b80bf0db..555adca8 100644 --- a/roles/web-app-keycloak/vars/main.yml +++ b/roles/web-app-keycloak/vars/main.yml @@ -1,14 +1,17 @@ -application_id: "keycloak" -database_type: "postgres" -container_name: "{{application_id}}_application" -import_directory_host: "{{docker_compose.directories.volumes}}import/" # Directory in which keycloack import files are placed on the host -import_directory_docker: "/opt/keycloak/data/import/" # Directory in which keycloack import files are placed in the running docker container -keycloak_realm: "{{ primary_domain}}" # This is the name of the default realm which is used by the applications -keycloak_administrator: "{{ applications | get_app_conf(application_id, 'users.administrator', True) }}" # Master Administrator -keycloak_administrator_username: "{{ keycloak_administrator.username}}" # Master Administrator Username -keycloak_administrator_password: "{{ keycloak_administrator.password}}" # Master Administrator Password -keycloak_kcadm_path: "docker exec -i {{ container_name }} /opt/keycloak/bin/kcadm.sh" +application_id: "keycloak" # Internal CyMaIS application id +database_type: "postgres" # Database which will be used +keycloak_container: "{{ application_id }}_application" # Name of the keycloack docker container +keycloak_host_import_directory: "{{ docker_compose.directories.volumes }}import/" # Directory in which keycloack import files are placed on the host +keycloak_docker_import_directory: "/opt/keycloak/data/import/" # Directory in which keycloack import files are placed in the running docker container +keycloak_realm: "{{ primary_domain}}" # This is the name of the default realm which is used by the applications +keycloak_administrator: "{{ applications | get_app_conf(application_id, 'users.administrator', True) }}" # Master Administrator +keycloak_administrator_username: "{{ keycloak_administrator.username }}" # Master Administrator Username +keycloak_administrator_password: "{{ keycloak_administrator.password }}" # Master Administrator Password +keycloak_kcadm_path: "docker exec -i {{ keycloak_container }} /opt/keycloak/bin/kcadm.sh" # Init script for keycloak keycloak_server_internal_url: "http://127.0.0.1:8080" -keycloak_server_host: "127.0.0.1:{{ports.localhost.http[application_id]}}" +keycloak_server_host: "127.0.0.1:{{ ports.localhost.http[application_id] }}" keycloak_server_host_url: "http://{{ keycloak_server_host }}" - +keycloak_image: "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.image', True) }}" # Keycloak docker image +keycloak_version: "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.version', True) }}" # Keyloak docker version +keycloak_import_realm: "{{ applications | get_app_conf(application_id, 'import_realm', True, True) }}" # Activate realm import +keycloak_debug_enabled: "{{ enable_debug }}" \ No newline at end of file