Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / roles / keycloak / tasks / main.yml
blob: f1b8bba6b6d0589b4c347230d320b2358180f035 [file] [log] [blame]
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]1# Copyright (c) 2022 VEXXHOST, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15- name: Get the Kuberentes service for Percona XtraDB Cluster
16 run_once: true
17 kubernetes.core.k8s_info:
18 kind: Service
19 name: "{{ openstack_helm_endpoints.oslo_db.hosts.default }}"
20 namespace: openstack
21 register: _pxc_service
22
Rico Lin46bb4f12023-10-18 00:28:48 +0800[diff] [blame]23- name: Install MySQL python package
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]24 ansible.builtin.pip:
25 name: PyMySQL
26
Rico Lin46bb4f12023-10-18 00:28:48 +0800[diff] [blame]27- name: Check MySQL ready
Mohammed Naser6a8b6ca2024-05-30 17:25:30 -0400[diff] [blame]28 run_once: true
Rico Lin46bb4f12023-10-18 00:28:48 +0800[diff] [blame]29 community.mysql.mysql_info:
30 login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
31 login_user: root
32 login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
33 filter:
34 - version
35 register: mysql_ready
36 until: mysql_ready is not failed
Rico Lin8bedb842024-06-20 06:28:18 +0800[diff] [blame]37 retries: 120
Rico Lin46bb4f12023-10-18 00:28:48 +0800[diff] [blame]38 delay: 5
39
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]40- name: Create Keycloak database
41 run_once: true
42 community.mysql.mysql_db:
43 login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
44 login_user: root
45 login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
46 name: "{{ keycloak_database_name }}"
47
48- name: Create a Keycloak user
49 run_once: true
50 community.mysql.mysql_user:
51 login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
52 login_user: root
53 login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
54 name: "{{ keycloak_database_username }}"
55 password: "{{ keycloak_database_password }}"
56 host: "%"
57 priv: "{{ keycloak_database_name }}.*:ALL"
58
59- name: Disable pxc strict mode
Mohammed Naser6a8b6ca2024-05-30 17:25:30 -0400[diff] [blame]60 run_once: true
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]61 community.mysql.mysql_query:
62 login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
63 login_user: root
64 login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
65 query: "set global pxc_strict_mode='PERMISSIVE'"
66
67- name: Deploy Helm chart
68 run_once: true
69 kubernetes.core.helm:
70 name: "{{ keycloak_helm_release_name }}"
71 chart_ref: "{{ keycloak_helm_chart_ref }}"
72 release_namespace: "{{ keycloak_helm_release_namespace }}"
73 create_namespace: true
Austin Talbot78a774a2024-09-25 10:15:36 -0600[diff] [blame]74 kubeconfig: "{{ keycloak_helm_kubeconfig }}"
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]75 wait: true
Oleksandr Ka5183832024-01-02 22:17:48 +0100[diff] [blame]76 timeout: 10m
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]77 values: "{{ _keycloak_helm_values | combine(keycloak_helm_values, recursive=True) }}"
78
Oleksandr K.bdfeea32024-08-21 20:39:27 +0200[diff] [blame]79- name: Wait until keycloak ready
80 kubernetes.core.k8s_info:
81 api_version: apps/v1
82 kind: StatefulSet
83 name: "{{ keycloak_helm_release_name }}"
84 namespace: "{{ keycloak_helm_release_namespace }}"
85 register: _keycloak_sts
86 retries: 120
87 delay: 5
88 until:
89 - _keycloak_sts.resources[0].status.replicas == _keycloak_sts.resources[0].status.readyReplicas
90
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]91- name: Create Keycloak Ingress
92 ansible.builtin.include_role:
93 name: ingress
94 vars:
95 ingress_name: keycloak
96 ingress_namespace: "{{ keycloak_helm_release_namespace }}"
97 ingress_class_name: "{{ keycloak_ingress_class_name }}"
98 ingress_host: "{{ keycloak_host }}"
99 ingress_service_name: "{{ keycloak_helm_release_name }}"
100 ingress_service_port: 80
Michiel Piscaer4ea52202023-09-11 17:29:29 +0200[diff] [blame]101 ingress_secret_name: "{{ keycloak_host_tls_secret_name }}"
Michiel Piscaerf2ab55e2024-10-26 00:29:48 +0200[diff] [blame]102 ingress_annotations: "{{ _keycloak_ingress_annotations | combine(keycloak_ingress_annotations, recursive=True) }}"
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]103
Rico Lin46bb4f12023-10-18 00:28:48 +0800[diff] [blame]104- name: Enable pxc strict mode
Mohammed Naser6a8b6ca2024-05-30 17:25:30 -0400[diff] [blame]105 run_once: true
Oleksandr Kozachenkob0093492023-09-06 21:43:47 +0200[diff] [blame]106 community.mysql.mysql_query:
107 login_host: "{{ _pxc_service.resources[0].spec.clusterIP }}"
108 login_user: root
109 login_password: "{{ openstack_helm_endpoints.oslo_db.auth.admin.password }}"
Oleksandr K.6ceab222024-09-04 21:04:03 +0200[diff] [blame]110 query: "set global pxc_strict_mode='MASTER'"