4Modules2Roles9Plugins2Dependencies
Install and configure a keycloak, or Red Hat Single Sign-on, service.
Collection to install and configure Red Hat Build of Keycloak.
This collection has been tested against following Ansible versions: >=2.16.0.
Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.
Before using the collection, you need to setup Ansible Automation Hub as galaxy server; then install it via the CLI:
ansible-galaxy collection install redhat.rhbk
You can also include it in a requirements.yml
file and install it via ansible-galaxy collection install -r requirements.yml
, using the format:
---
collections:
- name: redhat.rhbk
The rhbk collection also depends on the following python packages to be present on the controller host:
A requirement file is provided to install:
pip install -r requirements.txt
rhbk
: role for installing the service.rhbk_realm
: role for configuring a realm, user federation(s), clients and users, in an installed service.---
- name: Playbook for rhbk Hosts
hosts: all
vars:
rhbk_admin_password: "remembertochangeme"
roles:
- redhat.rhbk.rhbk
Both playbooks include the rhbk
role, with different settings, as described in the following sections.
For full service configuration details, refer to the rhbk role README.
Making the rhbk zip archive available to the playbook working directory, and setting rhbk_offline_install
to true
, allows to skip
the download tasks. The local path for the archive does match the downloaded archive path, so that it is also used as a cache when multiple hosts are provisioned in a cluster.
rhbk_offline_install: true
The rhbk
role supports downloading and installing from the Red Hat Customer Portal using credentials associated to a service account. After having
authenticated in the customer portal, navigate to the hybrid cloud console, and select the services account tab
to create one, if needed. Client ID and Client Secret associated to the service account need to be provided to the collection using the following variables:
rhn_username: '<client_id>'
rhn_password: '<client_secret>'
The downloaded product archive will be stored in the controller working directory, and then distributed to target nodes.
It is possible to perform downloads from alternate sources, using the rhbk_download_url
variable; make sure the final downloaded filename matches with the source filename (ie. rhbk-legacy-x.y.zip or rh-sso-x.y.z-server-dist.zip).
Execute the following command from the source root directory
ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/rhbk.yml -e rhbk_admin_password=<changeme>
rhbk_admin_password
Password for the administration console user account.ansible_hosts
is the inventory, below is an example inventory for deploying to localhost[rhbk]
localhost ansible_connection=local
Note: when deploying clustered configurations, all hosts belonging to the cluster must be present in ansible_play_batch
; ie. they must be targeted by the same ansible-playbook execution.
The below example playbook can creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).
---
- name: Playbook for rhbk Hosts
hosts: all
vars:
rhbk_admin_password: "remembertochangeme"
rhbk_clients:
- name: TestClient1
client_id: TestClient1
roles:
- TestClient1Admin
- TestClient1User
realm: TestRealm
public_client: true
web_origins:
- http://testclient1origin/application
- http://testclient1origin/other
users:
- username: TestUser
password: password
client_roles:
- client: TestClient1
role: TestClient1User
realm: TestRealm
roles:
- role: redhat.rhbk.rhbk_realm
rhbk_realm: TestRealm
Execute the following command from the source root directory:
ansible-playbook -i <ansible_hosts> playbooks/rhbk_realm.yml -e rhbk_admin_password=<changeme> -e rhbk_realm=test
rhbk_admin_password
password for the administration console user account.rhbk_realm
name of the realm to be created/used.ansible_hosts
is the inventory, below is an example inventory for deploying to localhost[rhbk]
localhost ansible_connection=local
For full configuration details, refer to the rhbk_realm role.
redhat.rhbk collection v3.0.1 is for Technical Preview. If you have any issues or questions related to collection, please don't hesitate to contact us on Ansible-middleware-core@redhat.com or open an issue on https://github.com/ansible-middleware/keycloak/issues referring to the keycloak_quarkus role
Apache License v2.0 or later See LICENSE to view the full text.
Product |
---|
Red Hat Ansible Automation Platform 2.4 |
Red Hat Ansible Automation Platform 2.5 |
This collection requires the following collections for use:
Name | Summary |
---|
The Red Hat Ecosystem Catalog is the official source for discovering and learning more about the Red Hat Ecosystem of both Red Hat and certified third-party products and services.
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.