Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Run service as keycloak_service_user #106

Merged
merged 7 commits into from
Aug 30, 2023
Merged

Run service as keycloak_service_user #106

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
07b1c51
Add User and Group directives in systemd unit file
schmaxit Aug 8, 2023
91ec411
create pidfile folder if needed
schmaxit Aug 8, 2023
c8ebbe7
change default pidfile location
schmaxit Aug 8, 2023
40c015d
always create pidfile folder
schmaxit Aug 29, 2023
276444c
Add default for keycloak_service_runas
schmaxit Aug 29, 2023
0199e55
overridexml test uses runas feature
guidograzioli Aug 30, 2023
7bb9647
update systemd unit to use standalone.sh directly
guidograzioli Aug 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion roles/keycloak/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ Role Defaults
|`keycloak_service_startlimitintervalsec`| systemd StartLimitIntervalSec | `300` |
|`keycloak_service_startlimitburst`| systemd StartLimitBurst | `5` |
|`keycloak_service_restartsec`| systemd RestartSec | `10s` |
|`keycloak_service_pidfile`| pid file path for service | `/run/keycloak.pid` |
|`keycloak_service_pidfile`| pid file path for service | `/run/keycloak/keycloak.pid` |
|`keycloak_features` | List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]` | `[]`
|`keycloak_jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-headless` |
|`keycloak_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path | `None` |
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ keycloak_config_override_template: ''
keycloak_config_path_to_properties: "{{ keycloak_jboss_home }}/standalone/configuration/profile.properties"
keycloak_service_user: keycloak
keycloak_service_group: keycloak
keycloak_service_pidfile: "/run/keycloak.pid"
keycloak_service_pidfile: "/run/keycloak/keycloak.pid"
guidograzioli marked this conversation as resolved.
Show resolved Hide resolved
keycloak_service_name: keycloak
keycloak_service_desc: Keycloak
keycloak_service_start_delay: 10
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak/meta/argument_specs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ argument_specs:
type: "str"
keycloak_service_pidfile:
# line 31 of keycloak/defaults/main.yml
default: "/run/keycloak.pid"
default: "/run/keycloak/keycloak.pid"
description: "PID file path for service"
type: "str"
keycloak_features:
Expand Down
15 changes: 15 additions & 0 deletions roles/keycloak/tasks/install.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,21 @@
group: "{{ keycloak_service_group }}"
mode: 0750

- name: Check pidfile folder
ansible.builtin.stat:
path: "{{ keycloak_service_pidfile | dirname }}"
register: keycloak_service_pidfile_stat
- name: Create pidfile folder
become: yes
become_user: root
ansible.builtin.file:
dest: "{{ keycloak_service_pidfile | dirname }}"
state: directory
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
mode: "0750"
when: not keycloak_service_pidfile_stat.stat.exists
guidograzioli marked this conversation as resolved.
Show resolved Hide resolved

## check remote archive
- name: Set download archive path
ansible.builtin.set_fact:
Expand Down
2 changes: 2 additions & 0 deletions roles/keycloak/templates/keycloak.service.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ StartLimitBurst={{ keycloak_service_startlimitburst }}

[Service]
Type=forking
User={{ keycloak_service_user }}
Group={{ keycloak_service_group }}
EnvironmentFile=-/etc/sysconfig/keycloak
PIDFile={{ keycloak_service_pidfile }}
ExecStart={{ keycloak_dest }}/keycloak-service.sh start
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak_quarkus/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ keycloak_quarkus_config_dir: "{{ keycloak_quarkus_home }}/conf"
keycloak_quarkus_start_dev: False
keycloak_quarkus_service_user: keycloak
keycloak_quarkus_service_group: keycloak
keycloak_quarkus_service_pidfile: "/run/keycloak.pid"
keycloak_quarkus_service_pidfile: "/run/keycloak/keycloak.pid"
keycloak_quarkus_configure_firewalld: False

### administrator console password
Expand Down
2 changes: 1 addition & 1 deletion roles/keycloak_quarkus/meta/argument_specs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ argument_specs:
type: "str"
keycloak_quarkus_service_pidfile:
# line 18 of defaults/main.yml
default: "/run/keycloak.pid"
default: "/run/keycloak/keycloak.pid"
description: "Pid file path for service"
type: "str"
keycloak_quarkus_configure_firewalld:
Expand Down