You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2022/07/27 13:35:21 UTC
[airavata] 04/10: AIRAVATA-3609 keycloak updates for js2, switched to systemd for init script
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 45f8dac6d16673deda5fdc1f1717f60bebda8e09
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 11:34:57 2022 -0400
AIRAVATA-3609 keycloak updates for js2, switched to systemd for init script
---
dev-tools/ansible/roles/keycloak/tasks/main.yml | 53 +++++++---------------
.../roles/keycloak/templates/keycloak.service.j2 | 32 +++++++++++++
2 files changed, 49 insertions(+), 36 deletions(-)
diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml
index 45f3df6291..bf79733519 100644
--- a/dev-tools/ansible/roles/keycloak/tasks/main.yml
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@ -23,6 +23,11 @@
yum: name="httpd" state=latest update_cache=yes
become: yes
+- name: set selinux to permissive
+ selinux: state=permissive policy=targeted
+ become: yes
+ when: ansible_os_family == "RedHat"
+
- name: allow httpd to proxy to Keycloak process
seboolean:
name: httpd_can_network_connect
@@ -140,27 +145,16 @@
# <---------- setup init script for keycloak, starts the server after reboot ----------->
-# Init script to start keycloak in Standalone mode
-- name: copy init script file (Standalone)
- template: >
- src=keycloak-standalone-init.j2
- dest="/etc/init.d/keycloak"
- owner="{{ user }}"
- group="{{ group }}"
- mode="u=rwx,g=rx,o=rx"
- become: yes
- become_user: root
- tags:
- - standalone
-
-# System command to add the init script to enable on startup
-- name: add init script to chkconfig and startup on boot
- command: chkconfig --level 345 keycloak on
+- name: copy keycloak.service systemd unit file
+ template:
+ src: "keycloak.service.j2"
+ dest: "/etc/systemd/system/keycloak.service"
+ backup: yes
become: yes
- become_user: root
tags:
- always
+
# </---------- setup init script for keycloak, starts the server after reboot ----------->
# <-------------------------Initialize a new admin for keycloak-------------------------->
@@ -176,26 +170,13 @@
# <--------------------------start keycloak Identity server------------------------------>
-- name: reload Keycloak init script
- command: systemctl daemon-reload
+- name: start/restart keycloak
+ service:
+ name: keycloak
+ state: restarted
+ enabled: yes
+ daemon_reload: yes
become: yes
- become_user: root
- tags:
- - always
-
-# FIXME: restarting Keycloak server doesn't work
-- name: stop Keycloak server
- service: name=keycloak state=stopped
- ignore_errors: yes
- become: yes
- become_user: root
- tags:
- - always
-
-- name: start Keycloak server
- service: name=keycloak state=started
- become: yes
- become_user: root
tags:
- always
...
diff --git a/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2 b/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2
new file mode 100644
index 0000000000..da3be9f2ce
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2
@@ -0,0 +1,32 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# {{ansible_managed}}
+
+[Unit]
+Description=Keycloak
+
+[Service]
+ExecStart={{ user_home }}/{{ keycloak_install_dir }}/bin/standalone.sh -b 0.0.0.0
+User={{user}}
+Group={{group}}
+
+[Install]
+WantedBy=multi-user.target