88 lines
2.8 KiB
YAML
88 lines
2.8 KiB
YAML
|
---
|
||
|
## check remote patch archive
|
||
|
- name: Set download patch archive path
|
||
|
ansible.builtin.set_fact:
|
||
|
patch_archive: "{{ keycloak_dest }}/{{ keycloak.patch_bundle }}"
|
||
|
|
||
|
- name: Check download patch archive path
|
||
|
ansible.builtin.stat:
|
||
|
path: "{{ patch_archive }}"
|
||
|
register: patch_archive_path
|
||
|
|
||
|
- name: Perform download from RHN
|
||
|
middleware_automation.redhat_csp_download.redhat_csp_download:
|
||
|
url: "{{ keycloak_rhn_url }}{{ rhsso_rhn_ids[keycloak_rhsso_version].latest_cp.id }}"
|
||
|
dest: "{{ local_path.stat.path }}/{{ keycloak.patch_bundle }}"
|
||
|
username: "{{ rhn_username }}"
|
||
|
password: "{{ rhn_password }}"
|
||
|
no_log: "{{ omit_rhn_output | default(true) }}"
|
||
|
delegate_to: localhost
|
||
|
when:
|
||
|
- patch_archive_path is defined
|
||
|
- patch_archive_path.stat is defined
|
||
|
- not patch_archive_path.stat.exists
|
||
|
- keycloak_rhsso_enable
|
||
|
- not keycloak_offline_install
|
||
|
|
||
|
## copy and unpack
|
||
|
- name: Copy patch archive to target nodes
|
||
|
ansible.builtin.copy:
|
||
|
src: "{{ local_path.stat.path }}/{{ keycloak.patch_bundle }}"
|
||
|
dest: "{{ patch_archive }}"
|
||
|
owner: "{{ keycloak_service_user }}"
|
||
|
group: "{{ keycloak_service_group }}"
|
||
|
mode: 0750
|
||
|
register: new_version_downloaded
|
||
|
when:
|
||
|
- not patch_archive_path.stat.exists
|
||
|
- local_archive_path.stat is defined
|
||
|
- local_archive_path.stat.exists
|
||
|
become: yes
|
||
|
|
||
|
- name: "Check installed patches"
|
||
|
ansible.builtin.include_tasks: rhsso_cli.yml
|
||
|
vars:
|
||
|
query: "patch info"
|
||
|
|
||
|
- name: "Perform patching"
|
||
|
when:
|
||
|
- cli_result is defined
|
||
|
- cli_result.stdout is defined
|
||
|
- rhsso_rhn_ids[keycloak_rhsso_version].latest_cp.v not in cli_result.stdout
|
||
|
block:
|
||
|
- name: "Apply patch {{ rhsso_rhn_ids[keycloak_rhsso_version].latest_cp.v }} to server"
|
||
|
ansible.builtin.include_tasks: rhsso_cli.yml
|
||
|
vars:
|
||
|
query: "patch apply {{ patch_archive }}"
|
||
|
|
||
|
- name: "Restart server to ensure patch content is running"
|
||
|
ansible.builtin.include_tasks: rhsso_cli.yml
|
||
|
vars:
|
||
|
query: "shutdown --restart"
|
||
|
when:
|
||
|
- cli_result.rc == 0
|
||
|
|
||
|
- name: "Wait until Keycloak becomes active {{ keycloak.health_url }}"
|
||
|
ansible.builtin.uri:
|
||
|
url: "{{ keycloak.health_url }}"
|
||
|
register: keycloak_status
|
||
|
until: keycloak_status.status == 200
|
||
|
retries: 25
|
||
|
delay: 10
|
||
|
|
||
|
- name: "Query installed patch after restart"
|
||
|
ansible.builtin.include_tasks: rhsso_cli.yml
|
||
|
vars:
|
||
|
query: "patch info"
|
||
|
|
||
|
- name: "Verify installed patch version"
|
||
|
ansible.builtin.assert:
|
||
|
that:
|
||
|
- rhsso_rhn_ids[keycloak_rhsso_version].latest_cp.v not in cli_result.stdout
|
||
|
fail_msg: "Patch installation failed"
|
||
|
success_msg: "Patch installation successful"
|
||
|
|
||
|
- name: "Skipping patch"
|
||
|
debug:
|
||
|
msg: "Latest cumulative patch {{ rhsso_rhn_ids[keycloak_rhsso_version].latest_cp.v }} already installed, skipping patch installation."
|