From 9ab97bcf04241769b5d60b0d2def2dd29bb66cba Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 5 Oct 2021 17:32:01 +0200
Subject: [PATCH] ansible/roles/keycloak#1 Remove admin user from
 docker-composer.yml and create a specific script instead which only needs to
 be executed once after first installation

---
 tasks/keycloak.yml           | 9 +++++++++
 templates/docker-compose.yml | 2 --
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/tasks/keycloak.yml b/tasks/keycloak.yml
index 526ecd5..88429d6 100644
--- a/tasks/keycloak.yml
+++ b/tasks/keycloak.yml
@@ -50,3 +50,12 @@
   with_items: '{{ keycloak_settings }}'
   tags:
     - cron
+
+- name: Add script to create admin user
+  copy:
+    content: docker exec keycloak_keycloak_1 /opt/jboss/keycloak/bin/add-user-keycloak.sh -u {{ item.admin.username }} -p '{{ item.admin.password }}'
+    dest: /mnt/{{ item.id }}/create-admin-user
+    owner: root
+    group: root
+    mode: 0755
+  with_items: '{{ keycloak_settings }}'
diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml
index aa6d98d..e085c34 100644
--- a/templates/docker-compose.yml
+++ b/templates/docker-compose.yml
@@ -24,8 +24,6 @@ services:
       DB_USER: keycloak
       DB_SCHEMA: public
       DB_PASSWORD: password
-      KEYCLOAK_USER: '{{ item.admin.username }}'
-      KEYCLOAK_PASSWORD: '{{ item.admin.password }}'
       PROXY_ADDRESS_FORWARDING: 'true'
       KEYCLOAK_ALWAYS_HTTPS: 'true'
     restart: always
-- 
GitLab