External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-23 23:41:23 -03:30
Code Issues Packages Projects Releases Wiki Activity
awx/tools/docker-compose/ansible/plumb_keycloak.yml
Adam Miller 2034cca3a9 update playbooks to use fqcn 
Signed-off-by: Adam Miller <admiller@redhat.com>
2024-03-27 15:13:43 -04:00

97 lines
3.9 KiB
YAML
Raw Permalink Blame History

---
- name: Plumb a keycloak instance
hosts: localhost
connection: local
gather_facts: False
vars:
private_key_file: ../_sources/keycloak.key
public_key_file: ../_sources/keycloak.cert
awx_host: "https://localhost:8043"
keycloak_realm_template: ../_sources/keycloak.awx.realm.json
keycloak_user: admin
keycloak_pass: admin
cert_subject: "/C=US/ST=NC/L=Durham/O=awx/CN="
tasks:
- name: Generate certificates for keycloak
ansible.builtin.command: 'openssl req -new -x509 -days 365 -nodes -out {{ public_key_file }} -keyout {{ private_key_file }} -subj "{{ cert_subject }}"'
args:
creates: "{{ public_key_file }}"
- name: Load certs, existing and new SAML settings
ansible.builtin.set_fact:
private_key: "{{ private_key_content }}"
public_key: "{{ public_key_content }}"
public_key_trimmed: "{{ public_key_content | regex_replace('-----BEGIN CERTIFICATE-----\\\\n', '') | regex_replace('\\\\n-----END CERTIFICATE-----', '') }}"
existing_saml: "{{ lookup('awx.awx.controller_api', 'settings/saml', host=awx_host, verify_ssl=false) }}"
new_saml: "{{ lookup('template', 'saml_settings.json.j2') }}"
existing_oidc: "{{ lookup('awx.awx.controller_api', 'settings/oidc', host=awx_host, verify_ssl=false) }}"
new_oidc: "{{ lookup('template', 'oidc_settings.json.j2') }}"
vars:
# We add the extra \\ in here so that when jinja is templating out the files we end up with \n in the strings.
public_key_content: "{{ lookup('file', public_key_file) | regex_replace('\n', '\\\\n') }}"
private_key_content: "{{ lookup('file', private_key_file) | regex_replace('\n', '\\\\n') }}"
- name: Displauy existing SAML configuration
ansible.builtin.debug:
msg:
- "Here is your existing SAML configuration for reference:"
- "{{ existing_saml }}"
- "Here is your existing OIDC configuration for reference:"
- "{{ existing_oidc }}"
- ansible.builtin.pause:
prompt: "Continuing to run this will replace your existing saml and OIDC settings (displayed above). They will all be captured except for your private key. Be sure that is backed up before continuing"
- name: Write out the existing content
ansible.builtin.copy:
dest: "../_sources/{{ item.filename }}"
content: "{{ item.content }}"
loop:
- filename: "existing_saml_adapter_settings.json"
content: "{{ existing_saml }}"
- filename: "existing_oidc_adapter_settings.json"
content: "{{ existing_oidc }}"
- name: Configure AWX SAML adapter
awx.awx.settings:
settings: "{{ new_saml }}"
controller_host: "{{ awx_host }}"
validate_certs: False
- name: Configure AWX OIDC adapter
awx.awx.settings:
settings: "{{ new_oidc }}"
controller_host: "{{ awx_host }}"
validate_certs: False
- name: Get a keycloak token
ansible.builtin.uri:
url: "https://localhost:8443/auth/realms/master/protocol/openid-connect/token"
method: POST
body_format: form-urlencoded
body:
client_id: "admin-cli"
username: "{{ keycloak_user }}"
password: "{{ keycloak_pass }}"
grant_type: "password"
validate_certs: False
register: keycloak_response
- name: Template the AWX realm
ansible.builtin.template:
src: keycloak.awx.realm.json.j2
dest: "{{ keycloak_realm_template }}"
- name: Create the AWX realm
ansible.builtin.uri:
url: "https://localhost:8443/auth/admin/realms"
method: POST
body_format: json
body: "{{ lookup('file', keycloak_realm_template) }}"
validate_certs: False
headers:
Authorization: "Bearer {{ keycloak_response.json.access_token }}"
status_code: 201
register: realm_creation
changed_when: True
Reference in New Issue View Git Blame Copy Permalink