system-config/playbooks/roles/keycloak/tasks/main.yaml

- name: Ensure docker-compose directory exists
  file:
    state: directory
    path: /etc/keycloak-docker

- name: Write settings file
  template:
    src: docker-compose.yaml.j2
    dest: /etc/keycloak-docker/docker-compose.yaml
    owner: root
    group: root
    mode: "0600"
  notify: keycloak restart containers

# This deliberately does not set owner/group/mode, as the mariadb container
# chowns this directory to be owned by a container-internal user and drops
# root privileges.  We don't want to reset this from outside the container.
- name: Ensure data directory exists
  file:
    state: directory
    path: /var/lib/keycloak/db

- name: Copy our MariaDB config stub overriding bind-address
  copy:
    src: 99-bind-address.cnf
    dest: /var/lib/keycloak/99-bind-address.cnf
    owner: root
    group: root
    mode: "0644"
  notify: keycloak restart containers

- name: Install apache2
  apt:
    name:
      - apache2
      - apache2-utils
    state: present

- name: Apache modules
  apache2_module:
    state: present
    name: "{{ item }}"
  loop:
    - rewrite
    - proxy
    - proxy_http
    - ssl
    - headers
    - proxy_wstunnel
  notify: keycloak restart apache2

- name: Copy apache config
  template:
    src: keycloak.vhost.j2
    dest: /etc/apache2/sites-enabled/000-default.conf
    owner: root
    group: root
    mode: 0644
  notify: keycloak reload apache2

- name: Run docker-compose pull
  shell:
    cmd: docker-compose pull
    chdir: /etc/keycloak-docker/

- name: Run docker-compose up
  shell:
    cmd: docker-compose up -d
    chdir: /etc/keycloak-docker/
  register: keycloak_dcup

- name: Wait for keycloak to start
  wait_for:
    host: "::1"
    port: 8080
    timeout: 300

- name: Run docker prune to cleanup unneeded images
  shell:
    cmd: docker image prune -f