You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/15 16:20:26 UTC
[7/7] airavata git commit: Ansible - keycloak for dev SciGaP deploy
Ansible - keycloak for dev SciGaP deploy
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/2075f41e
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/2075f41e
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/2075f41e
Branch: refs/heads/develop
Commit: 2075f41e1f1a7e3b7ff887f12901e6e1706e100b
Parents: 35c7cdf
Author: Marcus Christie <ma...@apache.org>
Authored: Thu Jun 15 09:35:57 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Thu Jun 15 12:19:56 2017 -0400
----------------------------------------------------------------------
.../scigap/develop/files/keycloak.jks | 143 +++++++++++++++++++
.../scigap/develop/group_vars/all/vars.yml | 6 +-
.../scigap/develop/group_vars/all/vault.yml | 56 ++++----
.../ansible/roles/database/tasks/keycloak.yml | 38 +++++
dev-tools/ansible/roles/database/tasks/main.yml | 9 +-
.../ansible/roles/keycloak/defaults/main.yml | 1 +
dev-tools/ansible/roles/keycloak/tasks/main.yml | 15 +-
7 files changed, 230 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/inventories/scigap/develop/files/keycloak.jks
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/develop/files/keycloak.jks b/dev-tools/ansible/inventories/scigap/develop/files/keycloak.jks
new file mode 100644
index 0000000..c896d03
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/develop/files/keycloak.jks
@@ -0,0 +1,143 @@
+$ANSIBLE_VAULT;1.1;AES256
+66353964396536666532306233383464343935653932393865616364373334333365346439633266
+6634663634323434643464633734316137336562653463340a383030363463386465303639626439
+36303865353236336132663634626462313266626362613536643532613239346438333834383733
+3339653664613332370a653838373036626231613532653233633732646562353762303530653039
+65613364353436323463616239303538376462643666373063326437313935353839363262333735
+34303838356532636566646530353262613864313236373738626334306563346266393566316163
+62666238633236633231626262333963363366343138646432356366326538353966653630643737
+64306235383835343236643962343164653531616333373933633139326465336331666634373839
+63373361313232383661366264336261383635313138323362636664643065303661666138366332
+39343164346434373137663266636538333661643836633531333363616138313165363833623966
+63613462343332393962363436366637353065303435333236666661356436366136643338326664
+66313664616535626438363230313765663431333266636466363233383735313534356635663230
+64656638303730613337616137363930373631616137393438623032326236613037663232336233
+61646565656630333864666364616231653465653264633838363832623232666366666235623832
+36343139363466633132396461333335393862383939363834366434333561393734666465366464
+30626135393766366665613336623564643832343130396365643838363863383134363932633165
+62393730323636343862396635306463666230363231393633363631333732653935333939336435
+30643331383165626666353937623039323434333631356631336435646635656461616663393763
+61303634626632356630343039333438363034663566313230396363353963313766393536646131
+34336561366662366232383463376664383565346135386663363363373432316238323162333063
+32656563383838333338343630376536643764326639613530633866663636646433323830623739
+38326130313337306132373038393637626461396637383031363732646437643036616232323765
+30626662663331326233336163393961666262366230656532323562383761323265343863346562
+30353431343531346535383932663035333135633035643064383132386431346530343562393765
+38366231613566623965363534303762636235613561343963323834356431616537303537306636
+38396463666562306131376138396633373765643233656532396630333232393934396262386561
+62383034326665303436613834366331353562613730633965356339316430363061336237626235
+38656336626330343962343035313237353261366230663738353161353366343561333864333832
+64333131666332636335666530323933626138643637363132353132653061373238636265363734
+37363039336661353966366461353138363130333763313761653234386666366661663734396161
+35333137613262376662396462383637333436393932306134666232303061316332643937653236
+30316336303663303332643431316539326432343864356133633737656331366331663833613230
+65383763316565313962323564616536393265396539313034636635343731396536643733663164
+66316161623162633664333931613233333432303335363461363535643365323133346334626537
+38633039356462333031313239323064303038316564326364306332376432376163356639313732
+66386136626436303061396232363433353533643562633530633430323534353365316531316336
+31653164303166616366633135323661306563376363373839343663643033343736396364646334
+62353939346166333461666131643636663538336531346561316437666531386166633536646435
+33633533326537356530616235306164666231333936386135316362306431393334396466383039
+62653763393165333862383165633030666635323666653930396635373238396636316136633864
+39666237313465313537366330346663316265343638626531343665663062373434323130366366
+61313761363432613464633333383762333137616334343564366638333037326536323035343833
+61633235333238313562393431356538346334613834366434643433663436616339396663326335
+65613134653335373139393437353666623037643939383939373238366235366332383731356132
+30313036656435353663353339343164303536663736376336343461636665303038306137643765
+36343333313364336431353332613665636265336636346536396166323732623630386461636638
+32613139316430663132643138346261353031326639656464303536643736343165336631383739
+30643961643233633238333632313933303434663530666331356666653062663036613862663739
+39343439626533376232626534316333316464303064393338616362626166663332613631363464
+62633634643462346463303961383865343466396336323465663036666534623366633462306330
+63386332666538313265303666343337373864326638313131393365653964316632643536613363
+35353038383565623430376665646264313033323761356138646366623464643232353231323061
+33613936626365303639663361646631653231643938616537653163363439333131373161366639
+35316464383436396536343966383630333539306637353135643663636364303630646133636131
+34383036633539663064656532313730656630666436373638333765343465383865616139623133
+62633764386463346239333536323835613963316661363732663538306335313439386430643032
+62646338633730663438343931333732373966623838313430636137366230353736323034653537
+34646537663263383062643761363738396163386265386565353335616435323736363466353164
+39666365376137326637363661326437383337393234336266393437333063663366383862666162
+65306235626436333237353466303934653436613639303236373932626563356662393463323032
+32373963323964333030663362336435353063366638363830393866393563646663343165353161
+31303832613839613930623732656232306438336463393233326339653636626266666238353462
+39623361376663363833323330333862383237653733636332363934613965633035393337633539
+62613064393338333062333764646332633461626462663863626330636231373366656235323266
+61646636633234656532643235643363626235643938633235633234643834396639353864336365
+36333231626531613538333330323230626264393466373234396634373263323238386465353339
+65626637306537653261623336356363343136363836616635306664303866346262626366386138
+30633539376438653938626264383631353736353133653134306534636632613834366534303439
+35626265663564316266636337646266316430353065303331343462666537633135363363363563
+33613538323564613834363432633261633532353931363730626263396461303034346433666332
+32623439333931363333363533353539306234313063353865333362623839306438633565373730
+35616233313235386338356464336362366166663663343339383937393564313338386566666631
+63373532663363646438363637346139373534363935313833333465363634363861346435366265
+38303634623037663665396337383339366166373164633764383433633663636663663862353135
+66326561663838623865633839616139336633633530626538643661366163376530646233336233
+36333263633036616531633666666539343436336236353431396435336164663363366533356633
+32303730653236656264343365303763646236313461336139353737383233343666636334346565
+38653030616339303763313661333139666535363730656263616663373362353637656434313265
+32613839613336333837636430626166393162653032323130303965663237633962373931346161
+38373364383462376162336335626162346334333564626661643338653637316339613562613137
+62316130306633636431643036376236353438616163383139613630383065346138363530633964
+33326165363431316334616237326635306163633661316161656362373263393561666335623661
+37333839656131353162323731323438343238383435306633373932353135336139643565363939
+32363261633737376138386133366135323563316462616162666137353433333862356234613562
+61306337363736663332623039306136383064396139326433333036386337363031343638333238
+30613862316538666362353634376364656331323965393466386263356166383138346661343764
+64363331633061616233303562373133363164373165613632653235633261353433373932323039
+30646363653938623566336161613166616134353131623564653432646265663532366634393235
+61393335356361333239393634356130636237646437356662366666336164303463333330323930
+32383733663563306336383264633137353138663234643136376232383462663231313634336631
+66636363343230636237303565393363326230376235353735623032336235373266343633333262
+36346462373864313738613330653461363664666434336638396662656161366533643063353337
+63643931313539393266613630633636356439323337353537363061353337396137303531333062
+35393633343132353338373034653061316661366232616234626630613938616164323966333237
+35376233613132383630376661333039316164623332373531323833326538613136333137653837
+39363930376531326632663963323432326562383036623463316161306235303839363333663366
+63356436316439366136333464623134633962633331393131313233346233616536396339613763
+37663265383065396336333861626337336365653436336464643839376136663035393939366164
+39643535343262613630643165333137666663383939393732373563386663333332383537323036
+63633734346164646433383565616565323564636131383738653263313630353638343032353662
+30393661396131633334373065323661646434346433376238616238376261643535396163373139
+63363336666262653664623633303130646132393362323436323964346538333533336265633630
+36616135383665363738643331363936303232393864626364356363663530663565643662663235
+64666666386438626634343064363136393332623034306638356634643335666630623831313365
+61663934346537376264323031356133333639613838303336636537633766623733343536656638
+61326537643265623931393233636363656330663737353737643431633531626164666337656433
+38383631636365373534336131646333333532646633343564353437316339303239626238303638
+30656165333133373063646539373131383339626133643231663331343431616231393939366530
+61363863623830656238336335643163653632663862396165623433356636303337333265633464
+39623037346237363531636432383465313263316633653834636639633461386536626239336233
+35396633363034613430393330643034343338356536663437623238323065303062393131363465
+31353465626562643937623932373862623433653138323339333039386563303834653830366662
+64343064323037633836333138626434366330323230313463353162653639343232326661353231
+30383764343138653363323137366663376666313061313532326661343532633563396537366561
+35396134623139386533626464303766313834303735656161383132643130316136323265393638
+61613635313065303931303066616137343238653639656336666439303530343131623635626237
+64383830666335383037323632306337393366373331323639653964343237396230353466363436
+62326162373137306531353261363130323232613866613639313134623266366162333966303163
+31373839626435646535323730363530613737363838383463303730326433353761336333313032
+65666433663333636362363539643238663937323466653134633161633665613961663265346135
+34393565343530336166313332343562383466333737613266323362353065323732343661356665
+33376337653435633265356230346363666231396563393566373534333430363365383062346335
+61383636616565613362636633613366643666643863376139336435616333353262303031303533
+64323338306463303166373862323537303965336332616236613333643064316137333636633065
+31343266663635383065363432653166633761646336613538643162396566373033363265623465
+62633839376639653132623234343937653831336266333735303232366332356138633061356539
+35343330323739613938646234396362393933356230636364366239393537613638393461626432
+39303632333735653764623738373036616433613939393561353765636361646562316235613762
+36323964303135646666346637303865393966373063363138343333626233326534313962663561
+34333935653563386132316230613362343433396130343239326665323638616165313331623736
+34663339633132376133326361333030363233323836323737333461636263303934396133656630
+36383638313362306166316231313064313064386565386662313239636130663130373665336434
+38303231656432316533643637326131323333313161613333303239633639343964376238393332
+61333637363735663861353231313061393538376436343538343939353433663036656332666436
+61316537316137616635376463633833316262313766636532623664363031313461326539323733
+66363261656435646232633466613838393338376538353031636236393931343465306231633137
+32633766613264363031316635386130623738613161313039626634376233636265623565333137
+62633966383065326539313464306230316564623130633637363830616532383265303038313633
+66333436383664363265323263613936666333643739313530663438303061643535646330306636
+37653161326533346434653238613662313537623566646661353065363963653963653331626462
+37623034303238316132393766346331373561343730393631636663663033366664313535303966
+3963336630363238656363396139346463616266666266363632
http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
index a8a2737..c2376fe 100644
--- a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
@@ -124,12 +124,14 @@ sharing_registry_host: "{{ groups['api-orch'][0] }}"
sharing_registry_port: 7878
# Profile Service related variables
-profile_service_host: "{{ ansible_fqdn }}"
+profile_service_host: "{{ groups['api-orch'][0] }}"
profile_service_port: 8962
# Keycloak
-keycloak_ssl_keystore_file_name: "{{ inventory_dir }}/files/keycloak.jks"
+keycloak_ssl_keystore_file: "{{ inventory_dir }}/files/keycloak.jks"
keycloak_ssl_keystore_password: "{{ vault_keycloak_ssl_keystore_password }}"
keycloak_db_host: "{{ groups['database'][0] }}"
keycloak_db_username: "keycloak"
keycloak_db_password: "{{ vault_keycloak_db_password }}"
+keycloak_master_account_username: "admin"
+keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}"
http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml
index 8e7a4f3..4b7425d 100644
--- a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vault.yml
@@ -1,29 +1,29 @@
$ANSIBLE_VAULT;1.1;AES256
-32313735333539653633636436666662373537386237346632373635303063666535656535616435
-3161666366613764323163353064343339303661393266610a356238303466633032386366356662
-30303865613437643132613532643932636634646537626264386365356330366237353964316230
-6564376130373863340a616161393533626232663437313336313166623463303066313937326266
-35333036653864396430346634633536313464343966646562363636336234383631306261346263
-63353135623836383661393536633931623362306161363934623235366165376663313161333562
-32646565333430653166303662623364626334373163313533663932363561386532323034393030
-31343832393664366336653266363263393736333935343963333763386238663439646436336330
-33636239356633333266386136623531663433646539313834663365326634336661363961623438
-65313437363362383732323139326239643132303033326331623836633536656264383635316430
-66326332343236386137616536363433303636303433353930353061643733303032353435323265
-32633731616332393465616432663336373034346462313837643061616264376461353061326233
-30663361306165613363366162613735373333353437343163616632376363643936623333646531
-33323038346537353764323664636634633331303335626236323533363530386666643431343535
-65643331323336306166643039373532653935346264643236346464383663313136643364326532
-39383032356136306463363764366134663334393436373634393366353662363664373735623430
-36333132316165366531376133386466613262373162343832343035623738386465313836626163
-38356437643964323266643531306139663937313262376663303262366265663564313363353463
-34616261613832633630313735303836623934623736623763383233653538666334373135383564
-38373937316638333530343764616334666333626466386366623164306162306662633333363235
-35653939636366313737303239313237393136363265383161393239656236626537366237626161
-33616234323766616464626233613034623266383138336164666361306430393333306431383232
-61343262643434653362646235386431656432343037313630363331633366613937313364323061
-61616165626339343931363266666430343331346433333635633738356538393733656262393739
-64343161626661656564303135306165613135333661363266323934366661376230343566623332
-62643161613437366564373261623132383632316637626361356530336530376632306162386636
-39336563656437383764303939333766366664313834303835313230313636383236626131363462
-38643561373363653131
+35356163353838626238333130653462363633376663353637663963303662336237656161643937
+3835323536303334353266643464393234326361383636360a303334653738373536363235353034
+39313432626234636362663839386539356236653062383135333439336132633265636335653763
+3836616264306139660a633734373464303663623735376566356365316164393237663431373938
+35386332623338323034363861306536613837656533643465626464303961316238306138373637
+63613565653834336162643833626365363635386536643366643137313930623164633536306162
+65313162653833653562613535346538313939636435323430656534656430613935643464373462
+65346162376333323466363863323565396639306130336461653864336464366438656239613731
+38626433623935313364356463316366643337323464386165393234326266393831633265663436
+64303138396138666138336238646530303363626230363631373338353432623966646637316634
+62626639363433356138393533373666653038383436633137643433313361643936383963373562
+64633461343263613461653965396365303630653930313830343661313838613935376563316461
+39366130666265343635633564663736633735663436323738646665353535346165376664316661
+38663433376666633636396566663535313162393538326266643136626230666233643136323364
+31663137333661323065363638356663656539313265366438396131626264373466633162323766
+34353533366166373334386662623366636366333461613835626365613562386334376439326633
+38613135656266363263313032323966613237633132613838663861633766646635626637623365
+35373639303263656130326565643937333635316364333066333034623562653333613663356664
+36643533383536663165356138633066393739346363383661303366663965636162623661376633
+64356136373761343232343932383836326165393861636432623132353464306366626232363161
+63343634363366633938363937316638613766613937303539663639373037353066653132306532
+37373732323433336238353334653430623131383132616166666435656436356136376336376363
+30633865643863653866613335303730616538333863363133383239373466623063663334316236
+32336132393831653934353735326566663034313230323933316461326134663531326537653232
+36303034376464616536346562623836353936363463363534353936343434366163306238613363
+61663836363365613632356461313432613062666663653133383130646639633366343539326566
+65396238333930623564396635383564636637636431633833356632633065346433663534623831
+35343838303864633166
http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/roles/database/tasks/keycloak.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/database/tasks/keycloak.yml b/dev-tools/ansible/roles/database/tasks/keycloak.yml
new file mode 100644
index 0000000..50e31e7
--- /dev/null
+++ b/dev-tools/ansible/roles/database/tasks/keycloak.yml
@@ -0,0 +1,38 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+# Setup keycloak user and database
+- name: create keycloak database
+ mysql_db: name="keycloak" state=present
+ when: "'keycloak' in groups"
+
+- name: give access to {{ keycloak_db_username }} from remote
+ mysql_user: name="{{ keycloak_db_username }}" password="{{ keycloak_db_password }}" host="{{ item }}"
+ with_items:
+ - "{{ groups['keycloak'] }}"
+
+- name: create new user {{ keycloak_db_username }} with all privilege
+ mysql_user: name="{{ keycloak_db_username }}"
+ password="{{ keycloak_db_password }}"
+ append_privs=yes
+ host_all=yes
+ priv=keycloak.*:ALL,GRANT state=present
http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/roles/database/tasks/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/database/tasks/main.yml b/dev-tools/ansible/roles/database/tasks/main.yml
index 423ed99..6c47ba0 100644
--- a/dev-tools/ansible/roles/database/tasks/main.yml
+++ b/dev-tools/ansible/roles/database/tasks/main.yml
@@ -124,12 +124,6 @@
- "{{ groups['gfac'] }}"
- "localhost"
-- name: give access to {{ keycloak_db_username }} from remote
- mysql_user: name="{{ keycloak_db_username }}" password="{{ keycloak_db_password }}" host="{{ item }}"
- with_items:
- - "{{ groups['keycloak'] }}"
- when: "'keycloak' in groups"
-
- name: create new user {{ db_user }} with all privilege
mysql_user: name="{{ db_user }}"
password="{{ db_password }}"
@@ -137,6 +131,9 @@
host_all=yes
priv=*.*:ALL,GRANT state=present
+- include: keycloak.yml
+ when: "'keycloak' in groups"
+
- name: open firewall port {{ db_server_port }}
firewalld: port="{{ db_server_port }}/tcp"
zone=public permanent=true state=enabled immediate=yes
http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/roles/keycloak/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/keycloak/defaults/main.yml b/dev-tools/ansible/roles/keycloak/defaults/main.yml
index fecab13..e629c76 100644
--- a/dev-tools/ansible/roles/keycloak/defaults/main.yml
+++ b/dev-tools/ansible/roles/keycloak/defaults/main.yml
@@ -3,6 +3,7 @@ keycloak_version: "2.5.4.Final"
keycloak_downlaod_url: "https://downloads.jboss.org/keycloak/{{keycloak_version}}/keycloak-{{keycloak_version}}.tar.gz"
keycloak_install_dir: "keycloak-{{keycloak_version}}"
keycloak_db_connector_name: "mysql-connector-java-5.1.41"
+keycloak_ssl_keystore_file: "keycloak.jks"
keycloak_ssl_keystore_file_name: "keycloak.jks"
keycloak_ssl_keystore_password: "Airavata"
mysql_db_connector_download_url: "https://dev.mysql.com/get/Downloads/Connector-J/{{keycloak_db_connector_name}}.tar.gz"
http://git-wip-us.apache.org/repos/asf/airavata/blob/2075f41e/dev-tools/ansible/roles/keycloak/tasks/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml
index 176e933..a394d75 100644
--- a/dev-tools/ansible/roles/keycloak/tasks/main.yml
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@ -89,7 +89,7 @@
- name: copy ssl certificate files to remote
copy:
- src: /Users/anujbhan/github/AiravataDev/keycloak-deployment/airavata/dev-tools/ansible/roles/keycloak/files/{{keycloak_ssl_keystore_file_name}}
+ src: "{{keycloak_ssl_keystore_file}}"
dest: "{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/{{keycloak_ssl_keystore_file_name}}"
owner: "{{ user }}"
group: "{{ group }}"
@@ -142,6 +142,8 @@
- name: Add master realm admin account
command: "{{user_home}}/{{ keycloak_install_dir }}/bin/add-user-keycloak.sh -r master -u {{ keycloak_master_account_username }} -p {{ keycloak_master_account_password }}"
+ args:
+ creates: "{{user_home}}/{{ keycloak_install_dir }}/standalone/configuration/keycloak-add-user.json"
become: yes
become_user: root
tags:
@@ -165,8 +167,17 @@
tags:
- always
+# FIXME: restarting Keycloak server doesn't work
+- name: stop Keycloak server
+ service: name=keycloak state=stopped
+ ignore_errors: yes
+ become: yes
+ become_user: root
+ tags:
+ - always
+
- name: start Keycloak server
- service: name=keycloak state=restarted
+ service: name=keycloak state=started
become: yes
become_user: root
tags: