This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 45f8dac6d16673deda5fdc1f1717f60bebda8e09 Author: Marcus Christie <[email protected]> AuthorDate: Wed Jul 6 11:34:57 2022 -0400 AIRAVATA-3609 keycloak updates for js2, switched to systemd for init script --- dev-tools/ansible/roles/keycloak/tasks/main.yml | 53 +++++++--------------- .../roles/keycloak/templates/keycloak.service.j2 | 32 +++++++++++++ 2 files changed, 49 insertions(+), 36 deletions(-) diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml index 45f3df6291..bf79733519 100644 --- a/dev-tools/ansible/roles/keycloak/tasks/main.yml +++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml @@ -23,6 +23,11 @@ yum: name="httpd" state=latest update_cache=yes become: yes +- name: set selinux to permissive + selinux: state=permissive policy=targeted + become: yes + when: ansible_os_family == "RedHat" + - name: allow httpd to proxy to Keycloak process seboolean: name: httpd_can_network_connect @@ -140,27 +145,16 @@ # <---------- setup init script for keycloak, starts the server after reboot -----------> -# Init script to start keycloak in Standalone mode -- name: copy init script file (Standalone) - template: > - src=keycloak-standalone-init.j2 - dest="/etc/init.d/keycloak" - owner="{{ user }}" - group="{{ group }}" - mode="u=rwx,g=rx,o=rx" - become: yes - become_user: root - tags: - - standalone - -# System command to add the init script to enable on startup -- name: add init script to chkconfig and startup on boot - command: chkconfig --level 345 keycloak on +- name: copy keycloak.service systemd unit file + template: + src: "keycloak.service.j2" + dest: "/etc/systemd/system/keycloak.service" + backup: yes become: yes - become_user: root tags: - always + # </---------- setup init script for keycloak, starts the server after reboot -----------> # <-------------------------Initialize a new admin for keycloak--------------------------> @@ -176,26 +170,13 @@ # <--------------------------start keycloak Identity server------------------------------> -- name: reload Keycloak init script - command: systemctl daemon-reload +- name: start/restart keycloak + service: + name: keycloak + state: restarted + enabled: yes + daemon_reload: yes become: yes - become_user: root - tags: - - always - -# FIXME: restarting Keycloak server doesn't work -- name: stop Keycloak server - service: name=keycloak state=stopped - ignore_errors: yes - become: yes - become_user: root - tags: - - always - -- name: start Keycloak server - service: name=keycloak state=started - become: yes - become_user: root tags: - always ... diff --git a/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2 b/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2 new file mode 100644 index 0000000000..da3be9f2ce --- /dev/null +++ b/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2 @@ -0,0 +1,32 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# {{ansible_managed}} + +[Unit] +Description=Keycloak + +[Service] +ExecStart={{ user_home }}/{{ keycloak_install_dir }}/bin/standalone.sh -b 0.0.0.0 +User={{user}} +Group={{group}} + +[Install] +WantedBy=multi-user.target
