Copying Key Material

Question

Copying Key Material

Footur opened this issue 7 months ago · 4 comments

SUMMARY

The default directory for certificates in keycloak_quarkus is "{{ keycloak_home }}/certs". This directory is not created by the role. Also, I am missing a task that copies the key material to "{{ keycloak_home }}/certs". This should be done before the first start of Keycloak.

ISSUE TYPE

Feature Idea

Answer 1 · 2024-05-03T10:26:05.000Z

Correct, at the moment the role expects the certificates to be already in place [1] (ideally, one would install them under /etc/pki/tls/ ). We could have a few tasks that manage to use local files or download them and copy them to target nodes.

[1] https://github.com/ansible-middleware/keycloak/blob/main/molecule/quarkus/prepare.yml#L39

Answer 2 · 2024-05-03T11:23:29.000Z

@guidograzioli What do you think about using the directories

/etc/pki/tls/private for the private key and
/etc/pki/tls/certs for the certificate
as default values?

Edit: Fix typo.

Answer 3 · 2024-05-03T12:44:38.000Z

Since what you're proposing is the default in Red Hat distributions, I without any doubt second that!

Answer 4 · 2024-05-06T07:45:11.000Z

@guidograzioli Can you create a new release please? 🙏