Ansible Collection - redhat.rhbk

Collection to install and configure Red Hat Build of Keycloak.

Ansible version compatibility

This collection has been tested against following Ansible versions: >=2.16.0.

Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.

Installation

Installing the Collection from Automation Hub

Before using the collection, you need to setup Ansible Automation Hub as galaxy server; then install it via the CLI:

ansible-galaxy collection install redhat.rhbk

You can also include it in a requirements.yml file and install it via ansible-galaxy collection install -r requirements.yml, using the format:

---
collections:
  - name: redhat.rhbk

The rhbk collection also depends on the following python packages to be present on the controller host:

• netaddr
• lxml

A requirement file is provided to install:

pip install -r requirements.txt

Included roles

• rhbk: role for installing the service.
• rhbk_realm: role for configuring a realm, user federation(s), clients and users, in an installed service.

Usage

Install Playbook

• The below example playbook can install based on the defined variables (using most defaults).

---
- name: Playbook for rhbk Hosts
  hosts: all
  vars:
    rhbk_admin_password: "remembertochangeme"
  roles:
    - redhat.rhbk.rhbk

Both playbooks include the rhbk role, with different settings, as described in the following sections.

For full service configuration details, refer to the rhbk role README.

Install from controller node (offline)

Making the rhbk zip archive available to the playbook working directory, and setting rhbk_offline_install to true, allows to skip the download tasks. The local path for the archive does match the downloaded archive path, so that it is also used as a cache when multiple hosts are provisioned in a cluster.

rhbk_offline_install: true

Downloading from the Customer Portal

The rhbk role supports downloading and installing from the Red Hat Customer Portal using credentials associated to a service account. After having authenticated in the customer portal, navigate to the hybrid cloud console, and select the services account tab to create one, if needed. Client ID and Client Secret associated to the service account need to be provided to the collection using the following variables:

rhn_username: '<client_id>'
rhn_password: '<client_secret>'

The downloaded product archive will be stored in the controller working directory, and then distributed to target nodes.

Install from alternate sources (like corporate Nexus, artifactory, proxy, etc)

It is possible to perform downloads from alternate sources, using the rhbk_download_url variable; make sure the final downloaded filename matches with the source filename (ie. rhbk-legacy-x.y.zip or rh-sso-x.y.z-server-dist.zip).

Example installation command

Execute the following command from the source root directory

ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/rhbk.yml -e rhbk_admin_password=<changeme>

• rhbk_admin_password Password for the administration console user account.
• ansible_hosts is the inventory, below is an example inventory for deploying to localhost

[rhbk] localhost ansible_connection=local

Note: when deploying clustered configurations, all hosts belonging to the cluster must be present in ansible_play_batch; ie. they must be targeted by the same ansible-playbook execution.

Configuration

Config Playbook

The below example playbook can creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).

---
- name: Playbook for rhbk Hosts
  hosts: all
  vars:
    rhbk_admin_password: "remembertochangeme"
    rhbk_clients:
      - name: TestClient1
        client_id: TestClient1
        roles:
          - TestClient1Admin
          - TestClient1User
        realm: TestRealm
        public_client: true
        web_origins:
          - http://testclient1origin/application
          - http://testclient1origin/other
        users:
          - username: TestUser
            password: password
            client_roles:
              - client: TestClient1
                role: TestClient1User
                realm: TestRealm
  roles:
    - role: redhat.rhbk.rhbk_realm
      rhbk_realm: TestRealm

Example configuration command

Execute the following command from the source root directory:

ansible-playbook -i <ansible_hosts> playbooks/rhbk_realm.yml -e rhbk_admin_password=<changeme> -e rhbk_realm=test

• rhbk_admin_password password for the administration console user account.
• rhbk_realm name of the realm to be created/used.
• ansible_hosts is the inventory, below is an example inventory for deploying to localhost

[rhbk] localhost ansible_connection=local For full configuration details, refer to the rhbk_realm role.

Support

redhat.rhbk collection v3.0.1 is for Technical Preview. If you have any issues or questions related to collection, please don't hesitate to contact us on Ansible-middleware-core@redhat.com or open an issue on https://github.com/ansible-middleware/keycloak/issues referring to the keycloak_quarkus role

License

Apache License v2.0 or later See LICENSE to view the full text.