Copying Key Material - Githubissues

ansible-middleware / keycloak

Collection to install and configure Keycloak or Red Hat Single Sign-On / Red Hat Build of Keycloak

Apache License 2.0

81 stars 48 forks source link

Copying Key Material #208

Closed Footur closed 1 week ago

Footur commented 2 weeks ago

SUMMARY

The default directory for certificates in keycloak_quarkus is "{{ keycloak_home }}/certs". This directory is not created by the role. Also, I am missing a task that copies the key material to "{{ keycloak_home }}/certs". This should be done before the first start of Keycloak.

ISSUE TYPE

Feature Idea

guidograzioli commented 2 weeks ago

Correct, at the moment the role expects the certificates to be already in place [1] (ideally, one would install them under /etc/pki/tls/ ). We could have a few tasks that manage to use local files or download them and copy them to target nodes.

[1] https://github.com/ansible-middleware/keycloak/blob/main/molecule/quarkus/prepare.yml#L39

Footur commented 2 weeks ago

@guidograzioli What do you think about using the directories

/etc/pki/tls/private for the private key and
/etc/pki/tls/certs for the certificate as default values?

Edit: Fix typo.

guidograzioli commented 2 weeks ago

Since what you're proposing is the default in Red Hat distributions, I without any doubt second that!

Footur commented 1 week ago

@guidograzioli Can you create a new release please? :pray: