Accueil Explorer Aide
Connexion
rht
/
ocp-ing-ichp-materials
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: f0eb5faa30
Branches Tags
ocp-ing-ichp...
/
playbooks
/
roles
/
deploy-rhbk
/
tasks
/
main.yml

main.yml 2.5 KB
Historique Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 
  1. ---
    2. 

  2. # Ensures there is an instance of RHBoK running in a configurable namespace.
    3. 

  3. #
    4. 

  4. # Configures it with a realm, and some users.
    5. 

  5. #
    6. 

  6. # Required variables:
    7. 

  7. #
    8. 

  8. # rhbk:
    9. 

  9. #   namespace:        namespace to deploy to (keycloak)
    10. 

  10. #   name:             name of the instance (sso)
    11. 

  11. #   replicas:         how many instances
    12. 

  12. #   fqdn:             fqdn of the route (hostname), detected if omitted
    13. 

  13. #   admin:            bootstrap admin credentials
    14. 

  14. #     username:         username (rhbk)
    15. 

  15. #     password:         password (secret)
    16. 

  16. #   db:               database-specific settings
    17. 

  17. #     image:            db server image
    18. 

  18. #     name:             database name (rhbk)
    19. 

  19. #     username:         database owner (rhbk)
    20. 

  20. #     password:         db owner's password (secret)
    21. 

  21. #     claim_modes:[]    volume claim template access modes, list (ReadWriteOnce)
    22. 

  22. #     storage_class:    storage class name, no default (omitted)
    23. 

  23. #     size:             pvc size (1Gi)
    24. 

  24. #     replicas:         how many instances (TODO ignored for now)
    25. 

  25. #   realm:            name of the realm (sample-realm)
    26. 

  26. #   clients:[]        a list of clients to create in the realm
    27. 

  27. #     - id:             clientId
    28. 

  28. #       name:           client (human readable) name (client.id)
    29. 

  29. #       secret:         the client secret, if used
    30. 

  30. #       base_url:       the base URL for redirects and other bits
    31. 

  31. #       direct_grants:  whether to allow direct grants (yes if you allow CLI login, no otherwise, default true)
    32. 

  32. #       map_groups:     whether to map groups into a groups claim (default true)
    33. 

  33. #   groups:[]         groups to create in the realm, no default (meaning no groups)
    34. 

  34. #   users:            users to create in realm, no default (meaning no users)
    35. 

  35. #     - username:       required (as it is key)
    36. 

  36. #       password:       optional, defaults to "secret"
    37. 

  37. #       email:          optional, set to username@example.com if empty
    38. 

  38. #       firstname:      optional
    39. 

  39. #       lastname:       optional
    40. 

  40. #       groups:[]       groups the user should be a member of
    41. 

  41. #   state:            present (default) or absent (removes a RHBK instance if found)
    42. 

  42. #
    43. 

  43. # NOTE: Use rhbk_state to override rhbk.state from command line.
    44. 

  44. #
    45. 

  45. # NOTE: Must have an operator deployed in that namespace prior (use deploy-operators role for that).
    46. 

  46. #
    47. 

  47. # More info: https://www.keycloak.org/docs-api/latest/rest-api/index.html
    48. 

  48. #
    49. 

  49. - name: Pick up whatever value we can for rhbk.state.
    50. 

  50.   ansible.builtin.set_fact:
    51. 

  51.     rhbk_action: "{{ rhbk_state | default(rhbk.state | default('present')) }}"
    52. 

  52. 

  53. - name: Include the correct set of tasks.
    54. 

  54.   ansible.builtin.include_tasks:
    55. 

  55.     file: tasks/{{ rhbk_action }}.yml
    56. 

  56. ...
    57.