Get started with the Keycloak Collection

The article A tutorial on Middleware Automation Collections discussed setting up an Ansible Galaxy server on your control node. It also guides the use of the ansible-navigator utility and Ansible execution environment. We also went through the ansible-middleware-ee execution environment provided by the team that includes all of the Ansible Content Collections and their dependencies.

In this tutorial, we will leverage the ansible-middleware-ee execution environment and get started using the Keycloak collection provided by the Ansible Middleware team which can help us automate the Keycloak single sign-on (SSO) server.

Step 1: Use the ansible-navigator utility

Let’s use the execution environment and the ansible-navigator utility to perform the automation and provisioning of Keycloak collection. The ansible-middleware-ee execution environment provided by the Ansible Middleware team includes all the latest collections in the image. To browse the list of the latest collections included in the image, run the following command:

$ ansible-navigator --eei quay.io/ansible-middleware/ansible-middleware-ee:latest collections
Name                       Version Shadowed Type     Path
 0│ansible.builtin            2.15.3  False    contained /usr/local/lib/python3.9/si
 1│ansible.netcommon          5.1.2   False    contained /usr/share/ansible/collecti
 2│ansible.posix              1.5.4   False    contained /usr/share/ansible/collecti
 3│ansible.utils              2.10.3  False    contained /usr/share/ansible/collecti
 4│community.general          7.3.0   False    contained /usr/share/ansible/collecti
 5│middleware_automation.amq  1.3.8   False    contained /usr/share/ansible/collecti
 6│middleware_automation.amq_s0.0.5   False    contained /usr/share/ansible/collecti
 7│middleware_automation.commo1.1.2   False    contained /usr/share/ansible/collecti
 8│middleware_automation.infin1.2.0   False    contained /usr/share/ansible/collecti
 9│middleware_automation.jws  1.2.3   False    contained /usr/share/ansible/collecti
10│middleware_automation.keycl1.2.8   False    contained /usr/share/ansible/collecti
11│middleware_automation.redha1.2.2   False    contained /usr/share/ansible/collecti
12│middleware_automation.wildf1.3.4   False    contained /usr/share/ansible/collecti

Step 2: Set up the inventory

Let's now set up a Keycloak instance. Create an inventory file that includes a Red Hat Enterprise Linux 8 instance, the IP address of the instance, and login information for Ansible to access it. We are using SSH keys instead of passwords. These SSH keys are created on the controller node and we provide the path of the private key in the inventory file. Our inventory file looks like this:

[keycloak]
keycloak-0 ansible_host=10.0.10.1 ansible_user=root ansible_ssh_private_key_file=”path to your private key”

Step 3: Install and configure Keycloak single sign-on

Here is the playbook keycloak.yml which will install and configure single sign-on. This playbook automatically downloads and installs the Keycloak, and allows you to define realm, client, and users. See below:

---
- name: Playbook for Keycloak Hosts
  hosts: all
  vars:
    keycloak_admin_password: "remembertochangeme"
    keycloak_realm: TestRealm
  collections:
    - middleware_automation.keycloak
  roles:
    - keycloak
  tasks:
 - name: Keycloak Realm Role
   ansible.builtin.include_role:
     name: keycloak_realm
   vars:
     keycloak_client_default_roles:
       - TestRoleAdmin
       - TestRoleUser
     keycloak_client_users:
       - username: TestUser
         password: password
         client_roles:
           - client: TestClient
             role: TestRoleUser
             realm: "{{ keycloak_realm }}"
       - username: TestAdmin
         password: password
         client_roles:
           - client: TestClient
             role: TestRoleUser
             realm: "{{ keycloak_realm }}"
           - client: TestClient
             role: TestRoleAdmin
             realm: "{{ keycloak_realm }}"
     keycloak_realm: TestRealm
     keycloak_clients:
       - name: TestClient
         roles: "{{ keycloak_client_default_roles }}"
         realm: "{{ keycloak_realm }}"
         public_client: "{{ keycloak_client_public }}"
         web_origins: "{{ keycloak_client_web_origins }}"
         users: "{{ keycloak_client_users }}"
         client_id: TestClient

Step 4: Run the Ansible Playbook

Now, run the Ansible Playbook using ansible-navigator and the execution environment to configure Keycloak on the remote node as follows:

$ansible-navigator --eei quay.io/ansible-middleware/ansible-middleware-ee:latest run keycloak.yml -i inventory -m stdout --become

Once the Keycloak service is deployed, SSH into the instance to check the service status:

ssh root@10.0.10.1 systemctl status keycloak.service

We can also check if the port is accessible or not using the below command:

# curl -I http://localhost:9990/health
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: application/json
Content-Length: 283

Conclusion

In this tutorial, we have demonstrated how to use the Ansible middleware execution environment and set up Keycloak using the Ansible Content Collections for Keycloak. You can check out the other collections and demos within the GitHub organization ansible-middleware and the Middleware Automation Collections website.