WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
080db33424b89462017f0597c585a81636168d1e
fedora-infra_ansible/playbooks/openshift-apps/keycloak.yml
Aurélien Bompard 3cd397629d Declare in IPA the public hostname 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-10-20 15:40:51 +02:00

103 lines
3.1 KiB
YAML
Raw Blame History

#
# Keycloak
# https://www.keycloak.org/operator/installation#_installing_by_using_kubectl_without_operator_lifecycle_manager
#
---
- name: Setup the database
hosts: db-fas01.stg.rdu3.fedoraproject.org
gather_facts: no
become: yes
become_user: postgres
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Keycloak DB user
community.postgresql.postgresql_user:
name: keycloak
password: "{{ (env == 'production') | ternary(keycloak_db_password_prod, keycloak_db_password_stg) }}"
- name: Keycloak database creation
community.postgresql.postgresql_db:
name: keycloak
owner: keycloak
encoding: UTF-8
- name: Make the app be real
hosts: os_control_stg[0]
user: root
gather_facts: false
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- name: Get the IPA CA cert
slurp:
src: /etc/ipa/ca.crt
delegate_to: "{{ ipa_server }}"
register: ipa_ca_cert_var
- name: Register the IPA CA cert in a fact
set_fact:
ipa_ca_cert: "{{ ipa_ca_cert_var.content | b64decode }}"
roles:
- role: openshift/project
project_app: keycloak
project_description: "OpenID Connect provider"
project_appowners:
- abompard
- kevin
tags:
- apply-appowners
# Declare the host in IPA
- role: ipa/service
host: "keycloak.apps.ocp{{ env_suffix }}.fedoraproject.org"
service: HTTP
# Deploy KeyCloak
- role: openshift/object-remote
object_remote_app: keycloak
object_remote_url: https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/{{keycloak_version}}/kubernetes/keycloaks.k8s.keycloak.org-v1.yml
- role: openshift/object-remote
object_remote_app: keycloak
object_remote_url: https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/{{keycloak_version}}/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml
- role: openshift/object-remote
object_remote_app: keycloak
object_remote_url: https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/{{keycloak_version}}/kubernetes/kubernetes.yml
- role: openshift/object
object_app: keycloak
object_template: secrets.yml.j2
object_objectname: secrets.yml
- role: openshift/object
object_app: keycloak
object_template: certs.yml.j2
object_objectname: certs.yml
- role: openshift/object
object_app: keycloak
object_template: operator-config.yml.j2
object_objectname: operator-config.yml
# Routes
- role: openshift/route
route_app: keycloak
route_name: web
route_host: "keycloak{{ env_suffix }}.fedoraproject.org"
route_serviceport: http
route_servicename: keycloak-operator
- role: openshift/object
object_app: keycloak
object_template: ipatuura-deployment.yml.j2
object_objectname: ipatuura-deployment.yml
Reference in New Issue View Git Blame Copy Permalink