Ansible - keycloak for dev SciGaP deploy
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/2075f41e Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/2075f41e Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/2075f41e Branch: refs/heads/develop Commit: 2075f41e1f1a7e3b7ff887f12901e6e1706e100b Parents: 35c7cdf Author: Marcus Christie <[email protected]> Authored: Thu Jun 15 09:35:57 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Thu Jun 15 12:19:56 2017 -0400 ---------------------------------------------------------------------- .../scigap/develop/files/keycloak.jks | 143 +++++++++++++++++++ .../scigap/develop/group_vars/all/vars.yml | 6 +- .../scigap/develop/group_vars/all/vault.yml | 56 ++++---- .../ansible/roles/database/tasks/keycloak.yml | 38 +++++ dev-tools/ansible/roles/database/tasks/main.yml | 9 +- .../ansible/roles/keycloak/defaults/main.yml | 1 + dev-tools/ansible/roles/keycloak/tasks/main.yml | 15 +- 7 files changed, 230 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/inventories/scigap/develop/files/keycloak.jks ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/develop/files/keycloak.jks b/dev-tools/ansible/inventories/scigap/develop/files/keycloak.jks new file mode 100644 index 0000000..c896d03 --- /dev/null +++ b/dev-tools/ansible/inventories/scigap/develop/files/keycloak.jks @@ -0,0 +1,143 @@ +$ANSIBLE_VAULT;1.1;AES256 +66353964396536666532306233383464343935653932393865616364373334333365346439633266 +6634663634323434643464633734316137336562653463340a383030363463386465303639626439 +36303865353236336132663634626462313266626362613536643532613239346438333834383733 +3339653664613332370a653838373036626231613532653233633732646562353762303530653039 +65613364353436323463616239303538376462643666373063326437313935353839363262333735 +34303838356532636566646530353262613864313236373738626334306563346266393566316163 +62666238633236633231626262333963363366343138646432356366326538353966653630643737 +64306235383835343236643962343164653531616333373933633139326465336331666634373839 +63373361313232383661366264336261383635313138323362636664643065303661666138366332 +39343164346434373137663266636538333661643836633531333363616138313165363833623966 +63613462343332393962363436366637353065303435333236666661356436366136643338326664 +66313664616535626438363230313765663431333266636466363233383735313534356635663230 +64656638303730613337616137363930373631616137393438623032326236613037663232336233 +61646565656630333864666364616231653465653264633838363832623232666366666235623832 +36343139363466633132396461333335393862383939363834366434333561393734666465366464 +30626135393766366665613336623564643832343130396365643838363863383134363932633165 +62393730323636343862396635306463666230363231393633363631333732653935333939336435 +30643331383165626666353937623039323434333631356631336435646635656461616663393763 +61303634626632356630343039333438363034663566313230396363353963313766393536646131 +34336561366662366232383463376664383565346135386663363363373432316238323162333063 +32656563383838333338343630376536643764326639613530633866663636646433323830623739 +38326130313337306132373038393637626461396637383031363732646437643036616232323765 +30626662663331326233336163393961666262366230656532323562383761323265343863346562 +30353431343531346535383932663035333135633035643064383132386431346530343562393765 +38366231613566623965363534303762636235613561343963323834356431616537303537306636 +38396463666562306131376138396633373765643233656532396630333232393934396262386561 +62383034326665303436613834366331353562613730633965356339316430363061336237626235 +38656336626330343962343035313237353261366230663738353161353366343561333864333832 +64333131666332636335666530323933626138643637363132353132653061373238636265363734 +37363039336661353966366461353138363130333763313761653234386666366661663734396161 +35333137613262376662396462383637333436393932306134666232303061316332643937653236 +30316336303663303332643431316539326432343864356133633737656331366331663833613230 +65383763316565313962323564616536393265396539313034636635343731396536643733663164 +66316161623162633664333931613233333432303335363461363535643365323133346334626537 +38633039356462333031313239323064303038316564326364306332376432376163356639313732 +66386136626436303061396232363433353533643562633530633430323534353365316531316336 +31653164303166616366633135323661306563376363373839343663643033343736396364646334 +62353939346166333461666131643636663538336531346561316437666531386166633536646435 +33633533326537356530616235306164666231333936386135316362306431393334396466383039 +62653763393165333862383165633030666635323666653930396635373238396636316136633864 +39666237313465313537366330346663316265343638626531343665663062373434323130366366 +61313761363432613464633333383762333137616334343564366638333037326536323035343833 +61633235333238313562393431356538346334613834366434643433663436616339396663326335 +65613134653335373139393437353666623037643939383939373238366235366332383731356132 +30313036656435353663353339343164303536663736376336343461636665303038306137643765 +36343333313364336431353332613665636265336636346536396166323732623630386461636638 +32613139316430663132643138346261353031326639656464303536643736343165336631383739 +30643961643233633238333632313933303434663530666331356666653062663036613862663739 +39343439626533376232626534316333316464303064393338616362626166663332613631363464 +62633634643462346463303961383865343466396336323465663036666534623366633462306330 +63386332666538313265303666343337373864326638313131393365653964316632643536613363 +35353038383565623430376665646264313033323761356138646366623464643232353231323061 +33613936626365303639663361646631653231643938616537653163363439333131373161366639 +35316464383436396536343966383630333539306637353135643663636364303630646133636131 +34383036633539663064656532313730656630666436373638333765343465383865616139623133 +62633764386463346239333536323835613963316661363732663538306335313439386430643032 +62646338633730663438343931333732373966623838313430636137366230353736323034653537 +34646537663263383062643761363738396163386265386565353335616435323736363466353164 +39666365376137326637363661326437383337393234336266393437333063663366383862666162 +65306235626436333237353466303934653436613639303236373932626563356662393463323032 +32373963323964333030663362336435353063366638363830393866393563646663343165353161 +31303832613839613930623732656232306438336463393233326339653636626266666238353462 +39623361376663363833323330333862383237653733636332363934613965633035393337633539 +62613064393338333062333764646332633461626462663863626330636231373366656235323266 +61646636633234656532643235643363626235643938633235633234643834396639353864336365 +36333231626531613538333330323230626264393466373234396634373263323238386465353339 +65626637306537653261623336356363343136363836616635306664303866346262626366386138 +30633539376438653938626264383631353736353133653134306534636632613834366534303439 +35626265663564316266636337646266316430353065303331343462666537633135363363363563 +33613538323564613834363432633261633532353931363730626263396461303034346433666332 +32623439333931363333363533353539306234313063353865333362623839306438633565373730 +35616233313235386338356464336362366166663663343339383937393564313338386566666631 +63373532663363646438363637346139373534363935313833333465363634363861346435366265 +38303634623037663665396337383339366166373164633764383433633663636663663862353135 +66326561663838623865633839616139336633633530626538643661366163376530646233336233 +36333263633036616531633666666539343436336236353431396435336164663363366533356633 +32303730653236656264343365303763646236313461336139353737383233343666636334346565 +38653030616339303763313661333139666535363730656263616663373362353637656434313265 +32613839613336333837636430626166393162653032323130303965663237633962373931346161 +38373364383462376162336335626162346334333564626661643338653637316339613562613137 +62316130306633636431643036376236353438616163383139613630383065346138363530633964 +33326165363431316334616237326635306163633661316161656362373263393561666335623661 +37333839656131353162323731323438343238383435306633373932353135336139643565363939 +32363261633737376138386133366135323563316462616162666137353433333862356234613562 +61306337363736663332623039306136383064396139326433333036386337363031343638333238 +30613862316538666362353634376364656331323965393466386263356166383138346661343764 +64363331633061616233303562373133363164373165613632653235633261353433373932323039 +30646363653938623566336161613166616134353131623564653432646265663532366634393235 +61393335356361333239393634356130636237646437356662366666336164303463333330323930 +32383733663563306336383264633137353138663234643136376232383462663231313634336631 +66636363343230636237303565393363326230376235353735623032336235373266343633333262 +36346462373864313738613330653461363664666434336638396662656161366533643063353337 +63643931313539393266613630633636356439323337353537363061353337396137303531333062 +35393633343132353338373034653061316661366232616234626630613938616164323966333237 +35376233613132383630376661333039316164623332373531323833326538613136333137653837 +39363930376531326632663963323432326562383036623463316161306235303839363333663366 +63356436316439366136333464623134633962633331393131313233346233616536396339613763 +37663265383065396336333861626337336365653436336464643839376136663035393939366164 +39643535343262613630643165333137666663383939393732373563386663333332383537323036 +63633734346164646433383565616565323564636131383738653263313630353638343032353662 +30393661396131633334373065323661646434346433376238616238376261643535396163373139 +63363336666262653664623633303130646132393362323436323964346538333533336265633630 +36616135383665363738643331363936303232393864626364356363663530663565643662663235 +64666666386438626634343064363136393332623034306638356634643335666630623831313365 +61663934346537376264323031356133333639613838303336636537633766623733343536656638 +61326537643265623931393233636363656330663737353737643431633531626164666337656433 +38383631636365373534336131646333333532646633343564353437316339303239626238303638 +30656165333133373063646539373131383339626133643231663331343431616231393939366530 +61363863623830656238336335643163653632663862396165623433356636303337333265633464 +39623037346237363531636432383465313263316633653834636639633461386536626239336233 +35396633363034613430393330643034343338356536663437623238323065303062393131363465 +31353465626562643937623932373862623433653138323339333039386563303834653830366662 +64343064323037633836333138626434366330323230313463353162653639343232326661353231 +30383764343138653363323137366663376666313061313532326661343532633563396537366561 +35396134623139386533626464303766313834303735656161383132643130316136323265393638 +61613635313065303931303066616137343238653639656336666439303530343131623635626237 +64383830666335383037323632306337393366373331323639653964343237396230353466363436 +62326162373137306531353261363130323232613866613639313134623266366162333966303163 +31373839626435646535323730363530613737363838383463303730326433353761336333313032 +65666433663333636362363539643238663937323466653134633161633665613961663265346135 +34393565343530336166313332343562383466333737613266323362353065323732343661356665 +33376337653435633265356230346363666231396563393566373534333430363365383062346335 +61383636616565613362636633613366643666643863376139336435616333353262303031303533 +64323338306463303166373862323537303965336332616236613333643064316137333636633065 +31343266663635383065363432653166633761646336613538643162396566373033363265623465 +62633839376639653132623234343937653831336266333735303232366332356138633061356539 +35343330323739613938646234396362393933356230636364366239393537613638393461626432 +39303632333735653764623738373036616433613939393561353765636361646562316235613762 +36323964303135646666346637303865393966373063363138343333626233326534313962663561 +34333935653563386132316230613362343433396130343239326665323638616165313331623736 +34663339633132376133326361333030363233323836323737333461636263303934396133656630 +36383638313362306166316231313064313064386565386662313239636130663130373665336434 +38303231656432316533643637326131323333313161613333303239633639343964376238393332 +61333637363735663861353231313061393538376436343538343939353433663036656332666436 +61316537316137616635376463633833316262313766636532623664363031313461326539323733 +66363261656435646232633466613838393338376538353031636236393931343465306231633137 +32633766613264363031316635386130623738613161313039626634376233636265623565333137 +62633966383065326539313464306230316564623130633637363830616532383265303038313633 +66333436383664363265323263613936666333643739313530663438303061643535646330306636 +37653161326533346434653238613662313537623566646661353065363963653963653331626462 +37623034303238316132393766346331373561343730393631636663663033366664313535303966 +3963336630363238656363396139346463616266666266363632 http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml index a8a2737..c2376fe 100644 --- a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml @@ -124,12 +124,14 @@ sharing_registry_host: "{{ groups['api-orch'][0] }}" sharing_registry_port: 7878 # Profile Service related variables -profile_service_host: "{{ ansible_fqdn }}" +profile_service_host: "{{ groups['api-orch'][0] }}" profile_service_port: 8962 # Keycloak -keycloak_ssl_keystore_file_name: "{{ inventory_dir }}/files/keycloak.jks" +keycloak_ssl_keystore_file: "{{ inventory_dir }}/files/keycloak.jks" keycloak_ssl_keystore_password: "{{ vault_keycloak_ssl_keystore_password }}" keycloak_db_host: "{{ groups['database'][0] }}" keycloak_db_username: "keycloak" keycloak_db_password: "{{ vault_keycloak_db_password }}" +keycloak_master_account_username: "admin" +keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}" http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml index 8e7a4f3..4b7425d 100644 --- a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml +++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml @@ -1,29 +1,29 @@ $ANSIBLE_VAULT;1.1;AES256 -32313735333539653633636436666662373537386237346632373635303063666535656535616435 -3161666366613764323163353064343339303661393266610a356238303466633032386366356662 -30303865613437643132613532643932636634646537626264386365356330366237353964316230 -6564376130373863340a616161393533626232663437313336313166623463303066313937326266 -35333036653864396430346634633536313464343966646562363636336234383631306261346263 -63353135623836383661393536633931623362306161363934623235366165376663313161333562 -32646565333430653166303662623364626334373163313533663932363561386532323034393030 -31343832393664366336653266363263393736333935343963333763386238663439646436336330 -33636239356633333266386136623531663433646539313834663365326634336661363961623438 -65313437363362383732323139326239643132303033326331623836633536656264383635316430 -66326332343236386137616536363433303636303433353930353061643733303032353435323265 -32633731616332393465616432663336373034346462313837643061616264376461353061326233 -30663361306165613363366162613735373333353437343163616632376363643936623333646531 -33323038346537353764323664636634633331303335626236323533363530386666643431343535 -65643331323336306166643039373532653935346264643236346464383663313136643364326532 -39383032356136306463363764366134663334393436373634393366353662363664373735623430 -36333132316165366531376133386466613262373162343832343035623738386465313836626163 -38356437643964323266643531306139663937313262376663303262366265663564313363353463 -34616261613832633630313735303836623934623736623763383233653538666334373135383564 -38373937316638333530343764616334666333626466386366623164306162306662633333363235 -35653939636366313737303239313237393136363265383161393239656236626537366237626161 -33616234323766616464626233613034623266383138336164666361306430393333306431383232 -61343262643434653362646235386431656432343037313630363331633366613937313364323061 -61616165626339343931363266666430343331346433333635633738356538393733656262393739 -64343161626661656564303135306165613135333661363266323934366661376230343566623332 -62643161613437366564373261623132383632316637626361356530336530376632306162386636 -39336563656437383764303939333766366664313834303835313230313636383236626131363462 -38643561373363653131 +35356163353838626238333130653462363633376663353637663963303662336237656161643937 +3835323536303334353266643464393234326361383636360a303334653738373536363235353034 +39313432626234636362663839386539356236653062383135333439336132633265636335653763 +3836616264306139660a633734373464303663623735376566356365316164393237663431373938 +35386332623338323034363861306536613837656533643465626464303961316238306138373637 +63613565653834336162643833626365363635386536643366643137313930623164633536306162 +65313162653833653562613535346538313939636435323430656534656430613935643464373462 +65346162376333323466363863323565396639306130336461653864336464366438656239613731 +38626433623935313364356463316366643337323464386165393234326266393831633265663436 +64303138396138666138336238646530303363626230363631373338353432623966646637316634 +62626639363433356138393533373666653038383436633137643433313361643936383963373562 +64633461343263613461653965396365303630653930313830343661313838613935376563316461 +39366130666265343635633564663736633735663436323738646665353535346165376664316661 +38663433376666633636396566663535313162393538326266643136626230666233643136323364 +31663137333661323065363638356663656539313265366438396131626264373466633162323766 +34353533366166373334386662623366636366333461613835626365613562386334376439326633 +38613135656266363263313032323966613237633132613838663861633766646635626637623365 +35373639303263656130326565643937333635316364333066333034623562653333613663356664 +36643533383536663165356138633066393739346363383661303366663965636162623661376633 +64356136373761343232343932383836326165393861636432623132353464306366626232363161 +63343634363366633938363937316638613766613937303539663639373037353066653132306532 +37373732323433336238353334653430623131383132616166666435656436356136376336376363 +30633865643863653866613335303730616538333863363133383239373466623063663334316236 +32336132393831653934353735326566663034313230323933316461326134663531326537653232 +36303034376464616536346562623836353936363463363534353936343434366163306238613363 +61663836363365613632356461313432613062666663653133383130646639633366343539326566 +65396238333930623564396635383564636637636431633833356632633065346433663534623831 +35343838303864633166 http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/roles/database/tasks/keycloak.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/roles/database/tasks/keycloak.yml b/dev-tools/ansible/roles/database/tasks/keycloak.yml new file mode 100644 index 0000000..50e31e7 --- /dev/null +++ b/dev-tools/ansible/roles/database/tasks/keycloak.yml @@ -0,0 +1,38 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- + +# Setup keycloak user and database +- name: create keycloak database + mysql_db: name="keycloak" state=present + when: "'keycloak' in groups" + +- name: give access to {{ keycloak_db_username }} from remote + mysql_user: name="{{ keycloak_db_username }}" password="{{ keycloak_db_password }}" host="{{ item }}" + with_items: + - "{{ groups['keycloak'] }}" + +- name: create new user {{ keycloak_db_username }} with all privilege + mysql_user: name="{{ keycloak_db_username }}" + password="{{ keycloak_db_password }}" + append_privs=yes + host_all=yes + priv=keycloak.*:ALL,GRANT state=present http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/roles/database/tasks/main.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/roles/database/tasks/main.yml b/dev-tools/ansible/roles/database/tasks/main.yml index 423ed99..6c47ba0 100644 --- a/dev-tools/ansible/roles/database/tasks/main.yml +++ b/dev-tools/ansible/roles/database/tasks/main.yml @@ -124,12 +124,6 @@ - "{{ groups['gfac'] }}" - "localhost" -- name: give access to {{ keycloak_db_username }} from remote - mysql_user: name="{{ keycloak_db_username }}" password="{{ keycloak_db_password }}" host="{{ item }}" - with_items: - - "{{ groups['keycloak'] }}" - when: "'keycloak' in groups" - - name: create new user {{ db_user }} with all privilege mysql_user: name="{{ db_user }}" password="{{ db_password }}" @@ -137,6 +131,9 @@ host_all=yes priv=*.*:ALL,GRANT state=present +- include: keycloak.yml + when: "'keycloak' in groups" + - name: open firewall port {{ db_server_port }} firewalld: port="{{ db_server_port }}/tcp" zone=public permanent=true state=enabled immediate=yes http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/roles/keycloak/defaults/main.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/roles/keycloak/defaults/main.yml b/dev-tools/ansible/roles/keycloak/defaults/main.yml index fecab13..e629c76 100644 --- a/dev-tools/ansible/roles/keycloak/defaults/main.yml +++ b/dev-tools/ansible/roles/keycloak/defaults/main.yml @@ -3,6 +3,7 @@ keycloak_version: "2.5.4.Final" keycloak_downlaod_url: "https://downloads.jboss.org/keycloak/{{keycloak_version}}/keycloak-{{keycloak_version}}.tar.gz"; keycloak_install_dir: "keycloak-{{keycloak_version}}" keycloak_db_connector_name: "mysql-connector-java-5.1.41" +keycloak_ssl_keystore_file: "keycloak.jks" keycloak_ssl_keystore_file_name: "keycloak.jks" keycloak_ssl_keystore_password: "Airavata" mysql_db_connector_download_url: "https://dev.mysql.com/get/Downloads/Connector-J/{{keycloak_db_connector_name}}.tar.gz"; http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/roles/keycloak/tasks/main.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml index 176e933..a394d75 100644 --- a/dev-tools/ansible/roles/keycloak/tasks/main.yml +++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml @@ -89,7 +89,7 @@ - name: copy ssl certificate files to remote copy: - src: /Users/anujbhan/github/AiravataDev/keycloak-deployment/airavata/dev-tools/ansible/roles/keycloak/files/{{keycloak_ssl_keystore_file_name}} + src: "{{keycloak_ssl_keystore_file}}" dest: "{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/{{keycloak_ssl_keystore_file_name}}" owner: "{{ user }}" group: "{{ group }}" @@ -142,6 +142,8 @@ - name: Add master realm admin account command: "{{user_home}}/{{ keycloak_install_dir }}/bin/add-user-keycloak.sh -r master -u {{ keycloak_master_account_username }} -p {{ keycloak_master_account_password }}" + args: + creates: "{{user_home}}/{{ keycloak_install_dir }}/standalone/configuration/keycloak-add-user.json" become: yes become_user: root tags: @@ -165,8 +167,17 @@ tags: - always +# FIXME: restarting Keycloak server doesn't work +- name: stop Keycloak server + service: name=keycloak state=stopped + ignore_errors: yes + become: yes + become_user: root + tags: + - always + - name: start Keycloak server - service: name=keycloak state=restarted + service: name=keycloak state=started become: yes become_user: root tags:
