mirror of
https://github.com/ansible/awx.git
synced 2026-01-17 04:31:21 -03:30
97 lines
3.8 KiB
YAML
97 lines
3.8 KiB
YAML
---
|
|
- name: Plumb a keycloak instance
|
|
hosts: localhost
|
|
connection: local
|
|
gather_facts: False
|
|
vars:
|
|
private_key_file: ../_sources/keycloak.key
|
|
public_key_file: ../_sources/keycloak.cert
|
|
awx_host: "https://localhost:8043"
|
|
keycloak_realm_template: ../_sources/keycloak.awx.realm.json
|
|
keycloak_user: admin
|
|
keycloak_pass: admin
|
|
cert_subject: "/C=US/ST=NC/L=Durham/O=awx/CN="
|
|
tasks:
|
|
- name: Generate certificates for keycloak
|
|
command: 'openssl req -new -x509 -days 365 -nodes -out {{ public_key_file }} -keyout {{ private_key_file }} -subj "{{ cert_subject }}"'
|
|
args:
|
|
creates: "{{ public_key_file }}"
|
|
|
|
- name: Load certs, existing and new SAML settings
|
|
set_fact:
|
|
private_key: "{{ private_key_content }}"
|
|
public_key: "{{ public_key_content }}"
|
|
public_key_trimmed: "{{ public_key_content | regex_replace('-----BEGIN CERTIFICATE-----\\\\n', '') | regex_replace('\\\\n-----END CERTIFICATE-----', '') }}"
|
|
existing_saml: "{{ lookup('awx.awx.controller_api', 'settings/saml', host=awx_host, verify_ssl=false) }}"
|
|
new_saml: "{{ lookup('template', 'saml_settings.json.j2') }}"
|
|
existing_oidc: "{{ lookup('awx.awx.controller_api', 'settings/oidc', host=awx_host, verify_ssl=false) }}"
|
|
new_oidc: "{{ lookup('template', 'oidc_settings.json.j2') }}"
|
|
vars:
|
|
# We add the extra \\ in here so that when jinja is templating out the files we end up with \n in the strings.
|
|
public_key_content: "{{ lookup('file', public_key_file) | regex_replace('\n', '\\\\n') }}"
|
|
private_key_content: "{{ lookup('file', private_key_file) | regex_replace('\n', '\\\\n') }}"
|
|
|
|
- name: Displauy existing SAML configuration
|
|
debug:
|
|
msg:
|
|
- "Here is your existing SAML configuration for reference:"
|
|
- "{{ existing_saml }}"
|
|
- "Here is your existing OIDC configuration for reference:"
|
|
- "{{ existing_oidc }}"
|
|
|
|
- pause:
|
|
prompt: "Continuing to run this will replace your existing saml and OIDC settings (displayed above). They will all be captured except for your private key. Be sure that is backed up before continuing"
|
|
|
|
- name: Write out the existing content
|
|
copy:
|
|
dest: "../_sources/{{ item.filename }}"
|
|
content: "{{ item.content }}"
|
|
loop:
|
|
- filename: "existing_saml_adapter_settings.json"
|
|
content: "{{ existing_saml }}"
|
|
- filename: "existing_oidc_adapter_settings.json"
|
|
content: "{{ existing_oidc }}"
|
|
|
|
- name: Configure AWX SAML adapter
|
|
awx.awx.settings:
|
|
settings: "{{ new_saml }}"
|
|
controller_host: "{{ awx_host }}"
|
|
validate_certs: False
|
|
|
|
- name: Configure AWX OIDC adapter
|
|
awx.awx.settings:
|
|
settings: "{{ new_oidc }}"
|
|
controller_host: "{{ awx_host }}"
|
|
validate_certs: False
|
|
|
|
- name: Get a keycloak token
|
|
uri:
|
|
url: "https://localhost:8443/auth/realms/master/protocol/openid-connect/token"
|
|
method: POST
|
|
body_format: form-urlencoded
|
|
body:
|
|
client_id: "admin-cli"
|
|
username: "{{ keycloak_user }}"
|
|
password: "{{ keycloak_pass }}"
|
|
grant_type: "password"
|
|
validate_certs: False
|
|
register: keycloak_response
|
|
|
|
- name: Template the AWX realm
|
|
template:
|
|
src: keycloak.awx.realm.json.j2
|
|
dest: "{{ keycloak_realm_template }}"
|
|
|
|
- name: Create the AWX realm
|
|
uri:
|
|
url: "https://localhost:8443/auth/admin/realms"
|
|
method: POST
|
|
body_format: json
|
|
body: "{{ lookup('file', keycloak_realm_template) }}"
|
|
validate_certs: False
|
|
headers:
|
|
Authorization: "Bearer {{ keycloak_response.json.access_token }}"
|
|
status_code: 201
|
|
register: realm_creation
|
|
changed_when: True
|