The article A tutorial on Middleware Automation Collections discussed setting up an Ansible Galaxy server on your control node. It also guides the use of the ansible-navigator utility and Ansible execution environment. We also went through the ansible-middleware-ee execution environment provided by the team that includes all of the Ansible Content Collections and their dependencies.
In this tutorial, we will leverage the ansible-middleware-ee execution environment and get started using the Keycloak collection provided by the Ansible Middleware team which can help us automate the Keycloak single sign-on (SSO) server.
Step 1: Use the ansible-navigator utility
Let’s use the execution environment and the ansible-navigator utility to perform the automation and provisioning of Keycloak collection. The ansible-middleware-ee execution environment provided by the Ansible Middleware team includes all the latest collections in the image. To browse the list of the latest collections included in the image, run the following command:
$ ansible-navigator --eei quay.io/ansible-middleware/ansible-middleware-ee:latest collections
Name Version Shadowed Type Path
0│ansible.builtin 2.15.3 False contained /usr/local/lib/python3.9/si
1│ansible.netcommon 5.1.2 False contained /usr/share/ansible/collecti
2│ansible.posix 1.5.4 False contained /usr/share/ansible/collecti
3│ansible.utils 2.10.3 False contained /usr/share/ansible/collecti
4│community.general 7.3.0 False contained /usr/share/ansible/collecti
5│middleware_automation.amq 1.3.8 False contained /usr/share/ansible/collecti
6│middleware_automation.amq_s0.0.5 False contained /usr/share/ansible/collecti
7│middleware_automation.commo1.1.2 False contained /usr/share/ansible/collecti
8│middleware_automation.infin1.2.0 False contained /usr/share/ansible/collecti
9│middleware_automation.jws 1.2.3 False contained /usr/share/ansible/collecti
10│middleware_automation.keycl1.2.8 False contained /usr/share/ansible/collecti
11│middleware_automation.redha1.2.2 False contained /usr/share/ansible/collecti
12│middleware_automation.wildf1.3.4 False contained /usr/share/ansible/collectiStep 2: Set up the inventory
Let's now set up a Keycloak instance. Create an inventory file that includes a Red Hat Enterprise Linux 8 instance, the IP address of the instance, and login information for Ansible to access it. We are using SSH keys instead of passwords. These SSH keys are created on the controller node and we provide the path of the private key in the inventory file. Our inventory file looks like this:
[keycloak]
keycloak-0 ansible_host=10.0.10.1 ansible_user=root ansible_ssh_private_key_file=”path to your private key”Step 3: Install and configure Keycloak single sign-on
Here is the playbook keycloak.yml which will install and configure single sign-on. This playbook automatically downloads and installs the Keycloak, and allows you to define realm, client, and users. See below:
---
- name: Playbook for Keycloak Hosts
hosts: all
vars:
keycloak_admin_password: "remembertochangeme"
keycloak_realm: TestRealm
collections:
- middleware_automation.keycloak
roles:
- keycloak
tasks:
- name: Keycloak Realm Role
ansible.builtin.include_role:
name: keycloak_realm
vars:
keycloak_client_default_roles:
- TestRoleAdmin
- TestRoleUser
keycloak_client_users:
- username: TestUser
password: password
client_roles:
- client: TestClient
role: TestRoleUser
realm: "{{ keycloak_realm }}"
- username: TestAdmin
password: password
client_roles:
- client: TestClient
role: TestRoleUser
realm: "{{ keycloak_realm }}"
- client: TestClient
role: TestRoleAdmin
realm: "{{ keycloak_realm }}"
keycloak_realm: TestRealm
keycloak_clients:
- name: TestClient
roles: "{{ keycloak_client_default_roles }}"
realm: "{{ keycloak_realm }}"
public_client: "{{ keycloak_client_public }}"
web_origins: "{{ keycloak_client_web_origins }}"
users: "{{ keycloak_client_users }}"
client_id: TestClientStep 4: Run the Ansible Playbook
Now, run the Ansible Playbook using ansible-navigator and the execution environment to configure Keycloak on the remote node as follows:
$ansible-navigator --eei quay.io/ansible-middleware/ansible-middleware-ee:latest run keycloak.yml -i inventory -m stdout --becomeOnce the Keycloak service is deployed, SSH into the instance to check the service status:
ssh root@10.0.10.1 systemctl status keycloak.serviceWe can also check if the port is accessible or not using the below command:
# curl -I http://localhost:9990/health
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: application/json
Content-Length: 283Conclusion
In this tutorial, we have demonstrated how to use the Ansible middleware execution environment and set up Keycloak using the Ansible Content Collections for Keycloak. You can check out the other collections and demos within the GitHub organization ansible-middleware and the Middleware Automation Collections website.
