keycloak-standalone

Example:

# Install Keycloak standalone, incl. PostgreSQL server, Nginx and Let's Encrypt https certificate.
- keycloak-standalone:
    hostname: auth.example.com
    admin_email: hello@example.com
    keycloak_admin_password: password123

Description

Install a Keycloak standalone service.

This follows more or less the Keycloak documentation on how to install Keycloak in standalone mode.

It also installs Postgresql and the Nginx webserver, including https certificate (if so specified).

In case no 'keycloak_db_password' is specified, freckles will generate a random one.

Variables

Name Type Default Description

admin_email

n/a --

The email for letsencrypt. Required

hostname

string --

The (external) domain name, to be used by the reverse proxy. Required

keycloak_admin_password

string --

The initial admin user password. Required

keycloak_db_password

string --

The postgres database password. Required

keycloak_bind_ip

string 127.0.0.1

The ip address keycloak listens on.

keycloak_bind_ip_management

string --

The ip address the keycloak management interface listens on.

keycloak_db_name

string keycloak

The database name.

keycloak_db_user

string keycloak

The database user.

letsencrypt_staging

boolean False

Whether to use the letsencrypt staging server (for development).

version

string 6.0.1

The version of keycloak.

Examples

Example 1

Install Keycloak standalone, incl. PostgreSQL server, Nginx and Let's Encrypt https certificate.

Code
- keycloak-standalone:
    hostname: auth.example.com
    admin_email: hello@example.com
    keycloak_admin_password: password123

Code

doc:
  short_help: Install a Keycloak standalone service.
  help: |
    Install a Keycloak standalone service.

    This follows more or less the [Keycloak documentation](https://www.keycloak.org/docs/latest/getting_started/)
    on how to install Keycloak in standalone mode.

    It also installs Postgresql and the Nginx webserver, including https certificate (if so specified).

    In case no 'keycloak_db_password' is specified, freckles will generate a random one.
  examples:
  - title: Install Keycloak standalone, incl. PostgreSQL server, Nginx and Let's Encrypt
      https certificate.
    vars:
      hostname: auth.example.com
      admin_email: hello@example.com
      keycloak_admin_password: password123

args:
  version:
    doc:
      short_help: The version of keycloak.
    type: string
    required: false
    default: 6.0.1
  keycloak_bind_ip:
    doc:
      short_help: The ip address keycloak listens on.
    type: string
    required: false
    default: 127.0.0.1
    cli:
      metavar: IP
  keycloak_bind_ip_management:
    doc:
      short_help: The ip address the keycloak management interface listens on.
    type: string
    required: false
    cli:
      metavar: IP
  keycloak_admin_password:
    doc:
      short_help: The initial admin user password.
    type: string
    empty: false
    required: true
    secret: true
  keycloak_db_name:
    doc:
      short_help: The database name.
    type: string
    required: false
    default: keycloak
  keycloak_db_user:
    doc:
      short_help: The database user.
    type: string
    required: false
    default: keycloak
  keycloak_db_password:
    doc:
      short_help: The postgres database password.
    type: string
    required: true
    secret: true
  hostname:
    doc:
      short_help: The (external) domain name, to be used by the reverse proxy.
    type: string
    required: true
  admin_email:
    doc:
      short_help: The email for letsencrypt.
  letsencrypt_staging:
    doc:
      short_help: Whether to use the letsencrypt staging server (for development).
    default: false
    required: false
    type: boolean
    cli:
      is_flag: true
      param_decls:
      - --letsencrypt-staging

meta:
  tags:
  - keycloak
  - authentication
  - standalone

frecklets:
- user-exists:
    name: keycloak
    group: keycloak
- java-lang-installed
- postgresql-service:
    postgresql_listen_addresses:
    - localhost
    postgresql_pg_hba:
    - method: md5
- postgresql-database-exists:
    db_name: '{{:: keycloak_db_name ::}}'
    db_user: '{{:: keycloak_db_user ::}}'
    db_user_password: '{{:: keycloak_db_password ::}}'
- archive-extracted:
    src: 'https://downloads.jboss.org/keycloak/{{:: version ::}}/keycloak-{{:: version
      ::}}.tar.gz'
    remote_src: true
    dest: /opt
    owner: keycloak
    group: keycloak
    creates: '/opt/keycloak-{{:: version ::}}'
- path-has-mode:
    mode: '0700'
    path: '/opt/keycloak-{{:: version ::}}/standalone'
- link-exists:
    src: '/opt/keycloak-{{:: version ::}}'
    dest: /opt/keycloak
    owner: keycloak
    group: keycloak
    become: true
- keycloak-postgresql-jdbc-driver-installed:
    keycloak_db_name: '{{:: keycloak_db_name ::}}'
    keycloak_db_user: '{{:: keycloak_db_user ::}}'
    keycloak_db_password: '{{:: keycloak_db_password ::}}'
- keycloak-standalone-config-file:
    path: /opt/keycloak/standalone/configuration/standalone.xml
    keycloak_bind_ip: '{{:: keycloak_bind_ip ::}}'
    keycloak_bind_ip_management: '{{:: keycloak_bind_ip_management | default(keycloak_bind_ip)
      ::}}'
    proxy_address_forwarding: true
    owner: keycloak
- keycloak-service-launcher-file:
    path: /usr/local/bin/keycloak-launch.sh
    mode: '0755'
    owner: root
- systemd-service-unit:
    name: keycloak
    unit_description: keycloak authentication service
    service_environment:
      KEYCLOAK_CONFIG: standalone.xml
      KEYCLOAK_MODE: standalone
      KEYCLOAK_BIND: '{{:: keycloak_bind_ip ::}}'
      LAUNCH_JBOSS_IN_BACKGROUND: 1
    service_type: idle
    service_user: keycloak
    service_group: keycloak
    service_exec_start: /usr/local/bin/keycloak-launch.sh ${KEYCLOAK_MODE} ${KEYCLOAK_CONFIG}
    unit_before:
    - httpd.service
    unit_after:
    - network.target
    service_timeout_start_sec: 600
    service_timeout_stop_sec: 600
    install_wanted_by:
    - multi-user.target
    enabled: true
    started: true
- keycloak-add-user:
    username: admin
    password: '{{:: keycloak_admin_password ::}}'
- nginx-reverse-proxy-vhost-config:
    path: /etc/nginx/sites-enabled/keycloak.conf
    proxy_url: 'http://{{:: keycloak_bind_ip ::}}:8080/'
    server_names:
    - '{{:: hostname ::}}'
    use_https: true
    proxy_options:
    - proxy_set_header Host $host
    - proxy_set_header X-Real-IP $remote_addr
    - proxy_set_header X-Forwarded-Proto $scheme
    - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
- webserver-service:
    webserver: nginx
    use_https: true
    letsencrypt_staging: '{{:: letsencrypt_staging ::}}'
    letsencrypt_email: '{{:: admin_email ::}}'
    letsencrypt_webroot: /var/www/html
    letsencrypt_domains:
    - '{{:: hostname ::}}'
frecklecute --community keycloak-standalone --help

Usage: frecklecute keycloak-standalone [OPTIONS]

  Install a Keycloak standalone service.

  This follows more or less the [Keycloak
  documentation](https://www.keycloak.org/docs/latest/getting_started/) on
  how to install Keycloak in standalone mode.

  It also installs Postgresql and the Nginx webserver, including https
  certificate (if so specified).

  In case no 'keycloak_db_password' is specified, freckles will generate a
  random one.

Options:
  --admin-email ADMIN_EMAIL       The email for letsencrypt.  [required]
  --hostname HOSTNAME             The (external) domain name, to be used by
                                  the reverse proxy.  [required]
  --keycloak-admin-password KEYCLOAK_ADMIN_PASSWORD
                                  The initial admin user password.  [required]
  --keycloak-db-password KEYCLOAK_DB_PASSWORD
                                  The postgres database password.  [required]
  --keycloak-bind-ip IP           The ip address keycloak listens on.
  --keycloak-bind-ip-management IP
                                  The ip address the keycloak management
                                  interface listens on.
  --keycloak-db-name KEYCLOAK_DB_NAME
                                  The database name.
  --keycloak-db-user KEYCLOAK_DB_USER
                                  The database user.
  --letsencrypt-staging           Whether to use the letsencrypt staging
                                  server (for development).
  --version VERSION               The version of keycloak.
  --help                          Show this message and exit.
# -*- coding: utf-8 -*-


#
# module path: pycklets.keycloak_standalone.KeycloakStandalone
#


from dataclasses import dataclass
from pyckles import AutoPycklet
from typing import *    # noqa

@dataclass
class KeycloakStandalone(AutoPycklet):
    """Install a Keycloak standalone service.

     This follows more or less the [Keycloak documentation](https://www.keycloak.org/docs/latest/getting_started/)
     on how to install Keycloak in standalone mode.

     It also installs Postgresql and the Nginx webserver, including https certificate (if so specified).

     In case no 'keycloak_db_password' is specified, freckles will generate a random one.

       Args:
         admin_email: The email for letsencrypt.
         hostname: The (external) domain name, to be used by the reverse proxy.
         keycloak_admin_password: The initial admin user password.
         keycloak_bind_ip: The ip address keycloak listens on.
         keycloak_bind_ip_management: The ip address the keycloak management interface listens on.
         keycloak_db_name: The database name.
         keycloak_db_password: The postgres database password.
         keycloak_db_user: The database user.
         letsencrypt_staging: Whether to use the letsencrypt staging server (for development).
         version: The version of keycloak.

    """

    FRECKLET_ID = "keycloak-standalone"

    admin_email: str = None
    hostname: str = None
    keycloak_admin_password: str = None
    keycloak_bind_ip: str = None
    keycloak_bind_ip_management: str = None
    keycloak_db_name: str = None
    keycloak_db_password: str = None
    keycloak_db_user: str = None
    letsencrypt_staging: bool = None
    version: str = None


    def __post_init__(self):
        super(KeycloakStandalone, self).__init__(var_names=["admin_email", "hostname", "keycloak_admin_password", "keycloak_bind_ip", "keycloak_bind_ip_management", "keycloak_db_name", "keycloak_db_password", "keycloak_db_user", "letsencrypt_staging", "version"])


frecklet_class = KeycloakStandalone
# -*- coding: utf-8 -*-


#
# module path: pycklets.keycloak_standalone.KeycloakStandalone
#


from pyckles import AutoPycklet

class KeycloakStandalone(AutoPycklet):
    """Install a Keycloak standalone service.

     This follows more or less the [Keycloak documentation](https://www.keycloak.org/docs/latest/getting_started/)
     on how to install Keycloak in standalone mode.

     It also installs Postgresql and the Nginx webserver, including https certificate (if so specified).

     In case no 'keycloak_db_password' is specified, freckles will generate a random one.

       Args:
         admin_email: The email for letsencrypt.
         hostname: The (external) domain name, to be used by the reverse proxy.
         keycloak_admin_password: The initial admin user password.
         keycloak_bind_ip: The ip address keycloak listens on.
         keycloak_bind_ip_management: The ip address the keycloak management interface listens on.
         keycloak_db_name: The database name.
         keycloak_db_password: The postgres database password.
         keycloak_db_user: The database user.
         letsencrypt_staging: Whether to use the letsencrypt staging server (for development).
         version: The version of keycloak.

    """

    FRECKLET_ID = "keycloak-standalone"

    def __init__(self, admin_email=None, hostname=None, keycloak_admin_password=None, keycloak_bind_ip="127.0.0.1", keycloak_bind_ip_management=None, keycloak_db_name="keycloak", keycloak_db_password=None, keycloak_db_user="keycloak", letsencrypt_staging=None, version="6.0.1"):

        super(KeycloakStandalone, self).__init__(var_names=["admin_email", "hostname", "keycloak_admin_password", "keycloak_bind_ip", "keycloak_bind_ip_management", "keycloak_db_name", "keycloak_db_password", "keycloak_db_user", "letsencrypt_staging", "version"])
        self._admin_email = admin_email
        self._hostname = hostname
        self._keycloak_admin_password = keycloak_admin_password
        self._keycloak_bind_ip = keycloak_bind_ip
        self._keycloak_bind_ip_management = keycloak_bind_ip_management
        self._keycloak_db_name = keycloak_db_name
        self._keycloak_db_password = keycloak_db_password
        self._keycloak_db_user = keycloak_db_user
        self._letsencrypt_staging = letsencrypt_staging
        self._version = version

    @property
    def admin_email(self):
        return self._admin_email

    @admin_email.setter
    def admin_email(self, admin_email):
        self._admin_email = admin_email

    @property
    def hostname(self):
        return self._hostname

    @hostname.setter
    def hostname(self, hostname):
        self._hostname = hostname

    @property
    def keycloak_admin_password(self):
        return self._keycloak_admin_password

    @keycloak_admin_password.setter
    def keycloak_admin_password(self, keycloak_admin_password):
        self._keycloak_admin_password = keycloak_admin_password

    @property
    def keycloak_bind_ip(self):
        return self._keycloak_bind_ip

    @keycloak_bind_ip.setter
    def keycloak_bind_ip(self, keycloak_bind_ip):
        self._keycloak_bind_ip = keycloak_bind_ip

    @property
    def keycloak_bind_ip_management(self):
        return self._keycloak_bind_ip_management

    @keycloak_bind_ip_management.setter
    def keycloak_bind_ip_management(self, keycloak_bind_ip_management):
        self._keycloak_bind_ip_management = keycloak_bind_ip_management

    @property
    def keycloak_db_name(self):
        return self._keycloak_db_name

    @keycloak_db_name.setter
    def keycloak_db_name(self, keycloak_db_name):
        self._keycloak_db_name = keycloak_db_name

    @property
    def keycloak_db_password(self):
        return self._keycloak_db_password

    @keycloak_db_password.setter
    def keycloak_db_password(self, keycloak_db_password):
        self._keycloak_db_password = keycloak_db_password

    @property
    def keycloak_db_user(self):
        return self._keycloak_db_user

    @keycloak_db_user.setter
    def keycloak_db_user(self, keycloak_db_user):
        self._keycloak_db_user = keycloak_db_user

    @property
    def letsencrypt_staging(self):
        return self._letsencrypt_staging

    @letsencrypt_staging.setter
    def letsencrypt_staging(self, letsencrypt_staging):
        self._letsencrypt_staging = letsencrypt_staging

    @property
    def version(self):
        return self._version

    @version.setter
    def version(self, version):
        self._version = version



frecklet_class = KeycloakStandalone