kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,280 Commits 1 Branch 0 Tags
Commit Graph

12 Commits

Author SHA1 Message Date
Kevin Veen-Birkenbach
e497c001d6
keycloak: robust LDAP bind and connectionUrl update via kcadm (argv + JSON); strict ldap.*; idempotent 
Switch to command:argv to avoid shell quoting and argument splitting issues.

Pass -s config values as JSON arrays via to_json, fixing previous errors: Cannot parse the JSON / failed at splitting arguments.

Also reconcile config.connectionUrl from ldap.server.uri.

Source desired values strictly from ldap.* (no computed defaults) and assert their presence.

Keep operation idempotent by reading current values and updating only on change.

Minor refactor: build reusable kcadm_argv_base and expand client state extraction.

Touch: roles/web-app-keycloak/tasks/03_update-ldap-bind.yml

https://chatgpt.com/share/689bea84-7188-800f-ba51-830a0735f24c
 2025-08-13 03:30:14 +02:00
Kevin Veen-Birkenbach
4fa1c6cfbd
ansible: quote file modes; keycloak: robust LDAP bind update + config cleanup 
Highlights
- Quote all file modes as strings ("0755"/"0770") across multiple roles to avoid YAML octal quirks and improve portability.
- Keycloak: introduce actions.{import_realm,update_ldap_bind} feature flags and wire them via vars/config.
- Implement idempotent LDAP bind updater (tasks/03_update-ldap-bind.yml):
  * kcadm login with no_log protection,
  * fetch LDAP UserStorage component by name,
  * compare current bindDn/bindCredential and update only when changed.
- Keycloak realm import template: keep providerId="ldap" and set name from keycloak_ldap_component_name.
- Centralize Keycloak readiness check in tasks/main.yml; remove duplicate waits from 02_update_client_redirects.yml and 04_ssh_public_key.yml.
- 01_import.yml: fix typo (keycloak), quote modes, tidy spacing, and replace Jinja-in-Jinja fileglob with concatenation.
- 02_update_client_redirects.yml: correct assert fail_msg filename; keep login-first flow.
- Minor template/vars tidy-ups (spacing, comments, consistent variable usage).

Files touched (excerpt)
- roles/*/*: replace 0755/0770 → "0755"/"0770"
- roles/web-app-keycloak/config/main.yml: add actions map
- roles/web-app-keycloak/vars/main.yml: unify Keycloak vars and feature flags
- roles/web-app-keycloak/tasks/{01_import,02_update_client_redirects,03_update-ldap-bind,04_ssh_public_key,main}.yml
- roles/web-app-keycloak/templates/{docker-compose.yml.j2,import/realm.json.j2}

https://chatgpt.com/share/689bda16-b138-800f-8258-e13f6d7d8239
 2025-08-13 02:20:38 +02:00
Kevin Veen-Birkenbach
b5d8ac5462
Reactivated keycloak docker and webserver tasks and implemented correct logic for element and synapse redirect handling 2025-08-11 02:21:02 +02:00
Kevin Veen-Birkenbach
6e8ae793e3
Added auto setting for redirect urls for keycloak clients. Element and Synapse still need to be mapped 2025-08-11 00:17:18 +02:00
Kevin Veen-Birkenbach
aae69ea15b
Ensure that keycloak is up 2025-08-08 17:25:31 +02:00
Kevin Veen-Birkenbach
ab12a933f6
Optimized keycloak variables 2025-07-17 06:56:26 +02:00
Kevin Veen-Birkenbach
bfd1a2ee70
Optimized keycloak variables 2025-07-14 11:20:10 +02:00
Kevin Veen-Birkenbach
7a38241485
Made code more modular and refactored to cmp roles 2025-07-09 20:15:32 +02:00
Kevin Veen-Birkenbach
c9c73cbdb2
Decoupeld database, docker and proxy 2025-07-09 14:21:30 +02:00
Kevin Veen-Birkenbach
575df76ec3
Shortened service- to svc- 2025-07-09 05:00:41 +02:00
Kevin Veen-Birkenbach
66198ca1ec
Shortened webserver to srv-web- 2025-07-09 04:27:58 +02:00
Kevin Veen-Birkenbach
563d5fd528
Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation 2025-07-08 23:43:13 +02:00