diff --git a/README.md b/README.md index a25bead..7f6ff00 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,23 @@ collections: ### Install Playbook -`playbooks/keycloak.yml` installs the keycloak or Red Hat Single Sign-On based on the defined variables. +`playbooks/keycloak.yml` installs the keycloak or Red Hat Single Sign-On(RHSSO) based on the defined variables. -### Choosing between Red Hat products and upstream project +### Choosing between Red Hat products and upstream(Keycloak) project -The roles supports installing Red Hat Single Sign-On from the Customer Portal, when the following variables are defined: +The roles supports installing Keycloak or Red Hat Single Sign-On in following ways + +#### Install upstream from remote source + +This is default way, no need to define any additional variables. + +#### Install upstream from local source when the following variable is defined + +``` +keycloak_zip_file_local_path: +``` + +#### Install RHSSO from the Customer Portal, when the following variables are defined ``` rhn_username: '' @@ -45,6 +57,12 @@ rhsso_rhn_id: '' where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_) +#### Install RHSSO from local source when the following variable is defined + +``` +rhsso_zip_file_local_path: +``` + ### Install role * [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service. _Requires: python3-netaddr_ diff --git a/playbooks/keycloak-local.yml b/playbooks/keycloak-local.yml new file mode 100644 index 0000000..a6fe705 --- /dev/null +++ b/playbooks/keycloak-local.yml @@ -0,0 +1,10 @@ +--- +- name: Playbook for Keycloak Hosts + hosts: keycloak + tasks: + - name: Keycloak Role + include_role: + name: keycloak + vars: + keycloak_admin_password: "changeme" + rhsso_zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip" # This should be local path of rhsso zip file \ No newline at end of file diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 3f3c269..d9e98e2 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -66,20 +66,25 @@ The following variables are _required_ only when `keycloak_db_enabled` is True: |`keycloak_db_user` | username for connecting to postgres | `keycloak-user` | |`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` | +The following variables can be used to install Keycloak or Red Hat Single Sign-On from local path: +| Variable | Description | Default | +|:---------|:------------|:---------| +|`rhsso_zip_file_local_path` | Full local path of Red Hat Single Sign-On zip file | `tmp/rhsso/rh-sso-7.5-server-dist.zip` | +|`keycloak_zip_file_local_path` | Full local path of Keycloak zip file | `/tmp/keycloak/keycloak-16.1.0.zip` | Dependencies ------------ The roles depends on: -* the `redhat_csp_download` role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection -* the `wildfly_driver` role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection +* the redhat_csp_download role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection if Red Hat Single Sign-on zip have to be downloaded from RHN. +* the wildfly_driver role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection Example Playbook ---------------- -The following is an example playbook that makes use of the role to install keycloak +The following is an example playbook that makes use of the role to install keycloak from remote ```yaml --- @@ -94,6 +99,55 @@ The following is an example playbook that makes use of the role to install keycl keycloak_admin_password: "changeme" ``` +The following is an example playbook that makes use of the role to install keycloak from local path + +```yaml +--- +- hosts: ... + collections: + - middleware_automation.keycloak + tasks: + - name: Include keycloak role + include_role: + name: keycloak + vars: + keycloak_admin_password: "changeme" + keycloak_zip_file_local_path: "/tmp/keycloak/keycloak-16.1.0.zip" # This should be local path of keycloak zip file +``` + +The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN + +```yaml +--- +- name: Playbook for Keycloak Hosts + hosts: keycloak + collections: + - middleware_automation.redhat_csp_download + roles: + - redhat_csp_download + tasks: + - name: Keycloak Role + include_role: + name: keycloak + vars: + keycloak_admin_password: "changeme" +``` + +The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from local path + +```yaml +--- +- hosts: keycloak + tasks: + - name: Keycloak Role + include_role: + name: keycloak + vars: + keycloak_admin_password: "changeme" + rhsso_zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip" # This should be local path of rhsso zip file +``` + + License ------- diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index b2f45e8..3a4656e 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -6,7 +6,7 @@ keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" ### Configuration specific to Red Hat Single Sing-On -keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}" +keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined else False }}" keycloak_rhsso_version: 7.5 keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}" @@ -15,7 +15,7 @@ keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/soft ### Install location and service settings jvm_package: java-1.8.0-openjdk-devel keycloak_dest: /opt/keycloak -keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined else keycloak_installdir }}" +keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined else keycloak_installdir }}" keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration" keycloak_config_standalone_xml: "keycloak.xml" diff --git a/roles/keycloak/tasks/download_from_rhn.yml b/roles/keycloak/tasks/download_from_rhn.yml index 6ac9029..3ed54e6 100644 --- a/roles/keycloak/tasks/download_from_rhn.yml +++ b/roles/keycloak/tasks/download_from_rhn.yml @@ -2,9 +2,7 @@ - assert: that: - zipfile_dest is defined - - rhn_id_file is defined - - rhn_username is defined - - rhn_password is defined + - (rhn_username is defined and rhn_password is defined and rhn_id_file is defined) or rhsso_zip_file_local_path is defined quiet: true - set_fact: @@ -26,11 +24,25 @@ - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists + - not rhsso_zip_file_local_path is defined + +- name: "Copy zipfile from local source: {{ rhsso_zip_file_local_path }}" + ansible.builtin.copy: + src: "{{ rhsso_zip_file_local_path }}" + dest: "{{ zipfile_dest }}" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0750 + when: + - archive_path is defined + - archive_path.stat is defined + - not archive_path.stat.exists + - rhsso_zip_file_local_path is defined - name: "Check zipfile dest directory {{ zipfile_dest }}" stat: path: "{{ zipfile_dest }}" - register: path_to_downloaded_artefact + register: path_to_downloaded_artifact - block: - file: @@ -68,8 +80,8 @@ when: - target_dir_state.stat.exists when: - - path_to_downloaded_artefact is defined - - path_to_downloaded_artefact.stat is defined - - path_to_downloaded_artefact.stat.exists + - path_to_downloaded_artifact is defined + - path_to_downloaded_artifact.stat is defined + - path_to_downloaded_artifact.stat.exists - target_dir is defined - work_dir is defined diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 88a0ab4..7b687af 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -74,6 +74,20 @@ - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists + - not keycloak_zip_file_local_path is defined + + - name: "Copy zipfile from local source: {{ keycloak_zip_file_local_path }}" + ansible.builtin.copy: + src: "{{ keycloak_zip_file_local_path }}" + dest: "{{ keycloak_dest }}" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0750 + when: + - archive_path is defined + - archive_path.stat is defined + - not archive_path.stat.exists + - keycloak_zip_file_local_path is defined - name: extract Keycloak archive on target unarchive: @@ -91,9 +105,9 @@ - block: - assert: that: - - rhsso_rhn_id is defined + - rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined quiet: true - fail_msg: "Can't install RHSSO without RHN ID." + fail_msg: "Can't install RHSSO without either RHN ID or RHSSO zip file local path" - name: create download directory file: @@ -105,7 +119,7 @@ - include_tasks: download_from_rhn.yml vars: - rhn_id_file: "{{ rhsso_rhn_id }}" + rhn_id_file: "{{ rhsso_rhn_id | default(None) }}" zipfile_dest: "{{ keycloak_dest }}/{{ keycloak_rhsso_archive }}" work_dir: "{{ keycloak_dest }}" target_dir: "{{ keycloak_jboss_home }}"