search

ansible-middleware / keycloak

Collection to install and configure Keycloak or Red Hat Single Sign-On / Red Hat Build of Keycloak
Apache License 2.0
93 stars 53 forks source link

Keycloak redirecting to localhost #72

Closed luna-xenia closed 5 months ago

luna-xenia commented 1 year ago
SUMMARY

I'm trying to configure keycloak on a single server. I can run this playbook, and it completes successfully, but the server redirects me to localhost when I try to access it in my web browser.

ISSUE TYPE
ANSIBLE VERSION
ansible [core 2.14.3]
  config file = None
  configured module search path = ['/home/luna/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = /home/luna/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/lib/python-exec/python3.10/ansible
  python version = 3.10.10 (main, Mar 20 2023, 13:23:51) [GCC 12.2.1 20230121] (/usr/bin/python3.10)
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
# /usr/lib/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    5.2.0  
ansible.netcommon             4.1.0  
ansible.posix                 1.5.1  
ansible.utils                 2.9.0  
ansible.windows               1.13.0 
arista.eos                    6.0.0  
awx.awx                       21.12.0
azure.azcollection            1.14.0 
check_point.mgmt              4.0.0  
chocolatey.chocolatey         1.4.0  
cisco.aci                     2.4.0  
cisco.asa                     4.0.0  
cisco.dnac                    6.6.3  
cisco.intersight              1.0.23 
cisco.ios                     4.3.1  
cisco.iosxr                   4.1.0  
cisco.ise                     2.5.12 
cisco.meraki                  2.15.1 
cisco.mso                     2.2.1  
cisco.nso                     1.0.3  
cisco.nxos                    4.1.0  
cisco.ucs                     1.8.0  
cloud.common                  2.1.2  
cloudscale_ch.cloud           2.2.4  
community.aws                 5.2.0  
community.azure               2.0.0  
community.ciscosmb            1.0.5  
community.crypto              2.11.0 
community.digitalocean        1.23.0 
community.dns                 2.5.1  
community.docker              3.4.2  
community.fortios             1.0.0  
community.general             6.4.0  
community.google              1.0.0  
community.grafana             1.5.4  
community.hashi_vault         4.1.0  
community.hrobot              1.7.0  
community.libvirt             1.2.0  
community.mongodb             1.5.1  
community.mysql               3.6.0  
community.network             5.0.0  
community.okd                 2.3.0  
community.postgresql          2.3.2  
community.proxysql            1.5.1  
community.rabbitmq            1.2.3  
community.routeros            2.7.0  
community.sap                 1.0.0  
community.sap_libs            1.4.0  
community.skydive             1.0.0  
community.sops                1.6.1  
community.vmware              3.4.0  
community.windows             1.12.0 
community.zabbix              1.9.2  
containers.podman             1.10.1 
cyberark.conjur               1.2.0  
cyberark.pas                  1.0.17 
dellemc.enterprise_sonic      2.0.0  
dellemc.openmanage            6.3.0  
dellemc.os10                  1.1.1  
dellemc.os6                   1.0.7  
dellemc.os9                   1.0.4  
dellemc.powerflex             1.5.0  
dellemc.unity                 1.5.0  
f5networks.f5_modules         1.22.1 
fortinet.fortimanager         2.1.7  
fortinet.fortios              2.2.2  
frr.frr                       2.0.0  
gluster.gluster               1.0.2  
google.cloud                  1.1.2  
grafana.grafana               1.1.1  
hetzner.hcloud                1.10.0 
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.11.0 
infinidat.infinibox           1.3.12 
infoblox.nios_modules         1.4.1  
inspur.ispim                  1.3.0  
inspur.sm                     2.3.0  
junipernetworks.junos         4.1.0  
kubernetes.core               2.4.0  
lowlydba.sqlserver            1.3.1  
mellanox.onyx                 1.0.0  
netapp.aws                    21.7.0 
netapp.azure                  21.10.0
netapp.cloudmanager           21.22.0
netapp.elementsw              21.7.0 
netapp.ontap                  22.3.0 
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0 
netapp_eseries.santricity     1.4.0  
netbox.netbox                 3.11.0 
ngine_io.cloudstack           2.3.0  
ngine_io.exoscale             1.0.0  
ngine_io.vultr                1.1.3  
openstack.cloud               1.10.0 
openvswitch.openvswitch       2.1.0  
ovirt.ovirt                   2.4.1  
purestorage.flasharray        1.17.0 
purestorage.flashblade        1.10.0 
purestorage.fusion            1.3.0  
sensu.sensu_go                1.13.2 
splunk.es                     2.1.0  
t_systems_mms.icinga_director 1.32.0 
theforeman.foreman            3.9.0  
vmware.vmware_rest            2.2.0  
vultr.cloud                   1.7.0  
vyos.vyos                     4.0.0  
wti.remote                    1.0.4  

# /home/luna/.ansible/collections/ansible_collections
Collection                     Version
------------------------------ -------
ansible.posix                  1.5.2  
freeipa.ansible_freeipa        1.10.0 
middleware_automation.common   1.0.2  
middleware_automation.keycloak 1.2.1
STEPS TO REPRODUCE

1: Make playbook 2: Run playbook 3: Go to server in browser, click on administration console

- name: Install Keycloak
  hosts: all
  vars:
    keycloak_admin_password: [redacted]
  roles:
    - middleware_automation.keycloak.keycloak
EXPECTED RESULTS

When I go to the browser, I should be able to access the administrator console using the servers hostname.

ACTUAL RESULTS

The page redirects to localhost:

image image

What I've tried

I have tried setting keycloak_host, at which point the playbook hangs waiting for health to come online:

FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (25 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (24 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (23 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (22 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (21 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (20 retries left).

I ended the output there for brevity but eventually the playbook fails.

Do I need a reverse proxy or something, or am I making a configuration mistake? From the README it sounds like what I'm doing is normal but for some reason it isn't working how I expected.

luna-xenia commented 1 year ago

I can fix this by setting keycloak_frontend_url: "http://{{ inventory_hostname }}:8080/auth", but now I just get a blank screen: image

chrisvanmeer commented 1 year ago

Did you ever get this fixed? I am having the same sort of issues.
And it seems like this role is not working for newer releases like 20.0.1, since there is no legacy filename to be downloaded.

guidograzioli commented 1 year ago

@chrisvanmeer there is no download for the wildfly-based keycloak version 20+ because 19.0.3 is the last one that has been published. From 20.0+, it's the keycloak based on quarkus, for which you should use the keycloak_quarkus role of the collection.

guidograzioli commented 1 year ago

As for the redirect problem, I couldn't reproduce it. Installing in the molecule default scenario on a docker container, it produces a working console at http://localhost:8080/auth/ (on the container host). Installing on a vm using keycloak_frontend_url: "http://{{inventory_hostname}}:8080/auth/" also has the console in order, given the hostname resolve correctly.

chrisvanmeer commented 1 year ago

Thanks for clarifying @guidograzioli