roles/keycloak/tasks/main.yml

# Copyright (c) 2022 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

- name: Get the Kuberentes service for Percona XtraDB Cluster
  run_once: true
  kubernetes.core.k8s_info:
    kind: Service
    name: "{{ openstack_helm_endpoints.oslo_db.hosts.default }}"
    namespace: openstack
  register: _pxc_service

- name: Install MySQL python package
  ansible.builtin.pip:
    name: PyMySQL

- name: Check MySQL ready
  community.mysql.mysql_info:
    login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
    login_user: root
    login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
    filter:
      - version
  register: mysql_ready
  until: mysql_ready is not failed
  retries: 10
  delay: 5

- name: Create Keycloak database
  run_once: true
  community.mysql.mysql_db:
    login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
    login_user: root
    login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
    name: "{{ keycloak_database_name }}"

- name: Create a Keycloak user
  run_once: true
  community.mysql.mysql_user:
    login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
    login_user: root
    login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
    name: "{{ keycloak_database_username }}"
    password: "{{ keycloak_database_password }}"
    host: "%"
    priv: "{{ keycloak_database_name }}.*:ALL"

- name: Disable pxc strict mode
  community.mysql.mysql_query:
    login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
    login_user: root
    login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
    query: "set global pxc_strict_mode='PERMISSIVE'"

- name: Deploy Helm chart
  run_once: true
  kubernetes.core.helm:
    name: "{{ keycloak_helm_release_name }}"
    chart_ref: "{{ keycloak_helm_chart_ref }}"
    release_namespace: "{{ keycloak_helm_release_namespace }}"
    create_namespace: true
    kubeconfig: /etc/kubernetes/admin.conf
    wait: true
    values: "{{ _keycloak_helm_values | combine(keycloak_helm_values, recursive=True) }}"

- name: Create Keycloak Ingress
  ansible.builtin.include_role:
    name: ingress
  vars:
    ingress_name: keycloak
    ingress_namespace: "{{ keycloak_helm_release_namespace }}"
    ingress_class_name: "{{ keycloak_ingress_class_name }}"
    ingress_host: "{{ keycloak_host }}"
    ingress_service_name: "{{ keycloak_helm_release_name }}"
    ingress_service_port: 80
    ingress_secret_name: "{{ keycloak_host_tls_secret_name }}"
    ingress_annotations:
      cert-manager.io/cluster-issuer: atmosphere

- name: Enable pxc strict mode
  community.mysql.mysql_query:
    login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
    login_user: root
    login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
    query: "set global pxc_strict_mode='ENFORCING'"