You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2022/07/27 13:35:21 UTC

[airavata] 04/10: AIRAVATA-3609 keycloak updates for js2, switched to systemd for init script

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git

commit 45f8dac6d16673deda5fdc1f1717f60bebda8e09
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 11:34:57 2022 -0400

    AIRAVATA-3609 keycloak updates for js2, switched to systemd for init script
---
 dev-tools/ansible/roles/keycloak/tasks/main.yml    | 53 +++++++---------------
 .../roles/keycloak/templates/keycloak.service.j2   | 32 +++++++++++++
 2 files changed, 49 insertions(+), 36 deletions(-)

diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml
index 45f3df6291..bf79733519 100644
--- a/dev-tools/ansible/roles/keycloak/tasks/main.yml
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@ -23,6 +23,11 @@
   yum: name="httpd" state=latest update_cache=yes
   become: yes
 
+- name: set selinux to permissive
+  selinux: state=permissive policy=targeted
+  become: yes
+  when: ansible_os_family == "RedHat"
+
 - name: allow httpd to proxy to Keycloak process
   seboolean:
     name: httpd_can_network_connect
@@ -140,27 +145,16 @@
 
 # <---------- setup init script for keycloak, starts the server after reboot ----------->
 
-# Init script to start keycloak in Standalone mode
-- name: copy init script file (Standalone)
-  template: >
-    src=keycloak-standalone-init.j2
-    dest="/etc/init.d/keycloak"
-    owner="{{ user }}"
-    group="{{ group }}"
-    mode="u=rwx,g=rx,o=rx"
-  become: yes
-  become_user: root
-  tags:
-       - standalone
-
-# System command to add the init script to enable on startup
-- name: add init script to chkconfig and startup on boot
-  command: chkconfig --level 345 keycloak on
+- name: copy keycloak.service systemd unit file
+  template:
+    src: "keycloak.service.j2"
+    dest: "/etc/systemd/system/keycloak.service"
+    backup: yes
   become: yes
-  become_user: root
   tags:
        - always
 
+
 # </---------- setup init script for keycloak, starts the server after reboot ----------->
 
 # <-------------------------Initialize a new admin for keycloak-------------------------->
@@ -176,26 +170,13 @@
 
 
 # <--------------------------start keycloak Identity server------------------------------>
-- name: reload Keycloak init script
-  command: systemctl daemon-reload
+- name: start/restart keycloak
+  service:
+    name: keycloak
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
   become: yes
-  become_user: root
-  tags:
-       - always
-
-# FIXME: restarting Keycloak server doesn't work
-- name: stop Keycloak server
-  service: name=keycloak state=stopped
-  ignore_errors: yes
-  become: yes
-  become_user: root
-  tags:
-       - always
-
-- name: start Keycloak server
-  service: name=keycloak state=started
-  become: yes
-  become_user: root
   tags:
        - always
 ...
diff --git a/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2 b/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2
new file mode 100644
index 0000000000..da3be9f2ce
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2
@@ -0,0 +1,32 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# {{ansible_managed}}
+
+[Unit]
+Description=Keycloak
+
+[Service]
+ExecStart={{ user_home }}/{{ keycloak_install_dir }}/bin/standalone.sh -b 0.0.0.0
+User={{user}}
+Group={{group}}
+
+[Install]
+WantedBy=multi-user.target