156 lines
6.2 KiB
YAML
156 lines
6.2 KiB
YAML
---
|
|
- name: Installer et configurer Keycloak
|
|
hosts: servers
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
git_dest: "/opt/Neah-Enkun"
|
|
keycloak_container: "neah-keycloak"
|
|
keycloak_server: "http://localhost:8080"
|
|
keycloak_realm: "master"
|
|
keycloak_old_admin: "admin"
|
|
keycloak_old_password: "0aff634a5aab66c4cddc0fe9221e4d02defc87c98d2cd81ce6e8e04271f6c189"
|
|
keycloak_admin_user: "enkun"
|
|
keycloak_admin_password: "9569dd645b4963262f76f10dc320b114c62950ea4927c1806c3df56b03185297"
|
|
keycloak_admin_email: "enkun@connect.neah.local"
|
|
keycloak_admin_first_name: "Enkun"
|
|
keycloak_admin_last_name: "Administrator"
|
|
check_file: "/opt/keycloak/data/.configured"
|
|
keycloak_bin: "/opt/keycloak/bin/kcadm.sh"
|
|
keycloak_roles:
|
|
- TEACHERS
|
|
- STUDENTS
|
|
keycloak_groups:
|
|
- TESTING
|
|
teacher_permissions:
|
|
- account/view-groups
|
|
- account/view-applications
|
|
- master-realm/manage-users
|
|
- account/delete-account
|
|
- master-realm/view-users
|
|
- account/manage-account
|
|
- account/view-profile
|
|
student_permissions:
|
|
- master-realm/view-users
|
|
|
|
tasks:
|
|
- name: Lancer le service Keycloak
|
|
command: "docker compose up -d --build --remove-orphans keycloak"
|
|
args:
|
|
chdir: "{{ git_dest }}"
|
|
register: keycloak_launch
|
|
until: keycloak_launch is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
- name: Vérifier si la configuration a déjà été effectuée
|
|
command: docker exec {{ keycloak_container }} test -f {{ check_file }}
|
|
register: check_config
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Configurer les credentials avec kcadm.sh
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} config credentials --server {{ keycloak_server }} --realm {{ keycloak_realm }} --user {{ keycloak_old_admin }} --password {{ keycloak_old_password }}
|
|
register: config_status
|
|
until: config_status is success
|
|
retries: 6
|
|
delay: 10
|
|
when: check_config.rc != 0
|
|
|
|
- name: Créer un nouvel utilisateur administrateur
|
|
block:
|
|
- name: Créer l'utilisateur
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} create users -r {{ keycloak_realm }} -s username={{ keycloak_admin_user }} -s email={{ keycloak_admin_email }} -s firstName={{ keycloak_admin_first_name }} -s lastName={{ keycloak_admin_last_name }} -s emailVerified=true -s enabled=true
|
|
register: create_user
|
|
|
|
- name: Définir le mot de passe
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} set-password -r {{ keycloak_realm }} --username {{ keycloak_admin_user }} --new-password {{ keycloak_admin_password }} --temporary=false
|
|
register: set_password
|
|
|
|
- name: Attribuer le rôle d'administrateur
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} add-roles -r {{ keycloak_realm }} --uusername {{ keycloak_admin_user }} --rolename admin
|
|
register: add_role
|
|
when: check_config.rc != 0
|
|
rescue:
|
|
- name: Gérer les erreurs de configuration
|
|
debug:
|
|
msg: "Erreur lors de la configuration de l'utilisateur administrateur"
|
|
|
|
- name: Créer les rôles
|
|
block:
|
|
- name: Créer le rôle {{ item }}
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} create roles -r {{ keycloak_realm }} -s name={{ item }}
|
|
register: create_role
|
|
with_items: "{{ keycloak_roles }}"
|
|
until: create_role is success
|
|
retries: 3
|
|
delay: 5
|
|
when: check_config.rc != 0
|
|
rescue:
|
|
- name: Gérer les erreurs de création des rôles
|
|
debug:
|
|
msg: "Erreur lors de la création du rôle {{ item }}"
|
|
|
|
- name: Créer les groupes
|
|
block:
|
|
- name: Créer le groupe {{ item }}
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} create groups -r {{ keycloak_realm }} -s name={{ item }}
|
|
register: create_group
|
|
with_items: "{{ keycloak_groups }}"
|
|
until: create_group is success
|
|
retries: 3
|
|
delay: 5
|
|
when: check_config.rc != 0
|
|
rescue:
|
|
- name: Gérer les erreurs de création des groupes
|
|
debug:
|
|
msg: "Erreur lors de la création du groupe {{ item }}"
|
|
|
|
- name: Attribuer les permissions aux rôles
|
|
block:
|
|
- name: Attribuer les permissions au rôle TEACHERS
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} add-roles -r {{ keycloak_realm }} --rname TEACHERS --cclientid {{ item.split('/')[0] }} --rolename {{ item.split('/')[1] }}
|
|
with_items: "{{ teacher_permissions }}"
|
|
register: add_teacher_perms
|
|
until: add_teacher_perms is success
|
|
retries: 3
|
|
delay: 5
|
|
|
|
- name: Attribuer les permissions au rôle STUDENTS
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} add-roles -r {{ keycloak_realm }} --rname STUDENTS --cclientid {{ item.split('/')[0] }} --rolename {{ item.split('/')[1] }}
|
|
with_items: "{{ student_permissions }}"
|
|
register: add_student_perms
|
|
until: add_student_perms is success
|
|
retries: 3
|
|
delay: 5
|
|
when: check_config.rc != 0
|
|
rescue:
|
|
- name: Gérer les erreurs d'attribution des permissions
|
|
debug:
|
|
msg: "Erreur lors de l'attribution des permissions aux rôles"
|
|
|
|
- name: Supprimer l'administrateur temporaire
|
|
block:
|
|
- name: Récupérer les informations
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} get users -r {{ keycloak_realm }} -q username={{ keycloak_old_admin }}
|
|
register: temp_admin_info
|
|
|
|
- name: Extraire l'ID
|
|
set_fact:
|
|
temp_admin_id: "{{ (temp_admin_info.stdout | from_json)[0].id }}"
|
|
|
|
- name: Supprimer l'utilisateur
|
|
shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} delete users/{{ temp_admin_id }}
|
|
when: check_config.rc != 0
|
|
|
|
- name: Marquer la configuration comme terminée
|
|
shell: docker exec {{ keycloak_container }} touch {{ check_file }}
|
|
when: check_config.rc != 0
|
|
|
|
handlers:
|
|
- name: Redémarrer Keycloak
|
|
command: "docker compose restart keycloak"
|
|
args:
|
|
chdir: "{{ git_dest }}"
|