simplify download logic, merge remaining install tasks

roles/keycloak/tasks/install.yml

@@ -1,5 +1,6 @@
 ---
-- assert:
+- name: Validate parameters
+  assert:
     that:
       - keycloak_jboss_home is defined
       - keycloak_service_user is defined
@@ -9,20 +10,20 @@
       - keycloak_version is defined
     quiet: true
 
-- name: check for an existing deployment
+- name: Check for an existing deployment
   become: yes
   stat:
     path: "{{ keycloak_jboss_home }}"
   register: existing_deploy
 
 - block:
-    - name: stop the old keycloak service
+    - name: Stop the old keycloak service
       become: yes
       ignore_errors: yes
       systemd:
         name: keycloak
         state: stopped
-    - name: remove the old Keycloak deployment
+    - name: Remove the old Keycloak deployment
       become: yes
       file:
         path: "{{ keycloak_jboss_home }}"
@@ -51,75 +52,121 @@
     group: "{{ keycloak_service_group }}"
     mode: 0750
 
-- block:
+## check remote archive
-    - set_fact:
+- name: Set download archive path
-        archive: "{{ keycloak_dest }}/{{ keycloak_archive }}"
+  set_fact:
-    - name: "Check archive directory {{ archive }}"
+    archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}"
+
+- name: Check download archive path
   stat:
     path: "{{ archive }}"
   register: archive_path
 
-    - name: download Keycloak archive to target
+## download to controller
+- name: Check load download archive path
+  stat:
+    path: "{{ lookup('env', 'PWD') }}"
+  register: local_path
+  delegate_to: localhost
+
+- name: Download keycloak archive
   get_url:
     url: "{{ keycloak_download_url }}"
-        dest: "{{ keycloak_dest }}"
+    dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
-        owner: "{{ keycloak_service_user }}"
+  delegate_to: localhost
-        group: "{{ keycloak_service_group }}"
   when:
     - archive_path is defined
     - archive_path.stat is defined
     - not archive_path.stat.exists
-        - not keycloak_rhsso_enable and not zip_file_local_path is defined
+    - not keycloak_rhsso_enable
+    - not keycloak_offline_install
 
-    - name: "Copy zipfile from local source: {{ zip_file_local_path }}"
+- name: Performing download from RHN
-      ansible.builtin.copy:
+  redhat_csp_download:
-        src: "{{ zip_file_local_path }}"
+    url: "{{ keycloak_rhsso_download_url }}"
-        dest: "{{ keycloak_dest }}"
+    dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+    username: "{{ rhn_username }}"
+    password: "{{ rhn_password }}"
+  no_log: "{{ omit_rhn_output | default(true) }}"
+  delegate_to: localhost
+  when:
+    - archive_path is defined
+    - archive_path.stat is defined
+    - not archive_path.stat.exists
+    - keycloak_rhsso_enable
+    - not keycloak_offline_install
+    - keycloak_rhsso_download_url is match(keycloak_rhn_url+".*")
+
+- name: Download rhsso archive from alternate location
+  get_url:
+    url: "{{ keycloak_rhsso_download_url }}"
+    dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+  delegate_to: localhost
+  when:
+    - archive_path is defined
+    - archive_path.stat is defined
+    - not archive_path.stat.exists
+    - keycloak_rhsso_enable
+    - not keycloak_offline_install
+    - not keycloak_rhsso_download_url is match(keycloak_rhn_url+".*")
+
+## copy and unpack
+- name: Copy archive to target nodes
+  copy:
+    src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+    dest: "{{ archive }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
     mode: 0750
-      when:
+  register: new_version_downloaded
-        - archive_path is defined
-        - archive_path.stat is defined
-        - not archive_path.stat.exists
-        - not keycloak_rhsso_enable and zip_file_local_path is defined
-
-    - name: extract Keycloak archive on target
-      unarchive:
-        remote_src: yes
-        src: "{{ archive }}"
-        dest: "{{ keycloak_dest }}"
-        creates: "{{ keycloak_jboss_home }}"
-        owner: "{{ keycloak_service_user }}"
-        group: "{{ keycloak_service_group }}"
-      notify:
-        - restart keycloak
   become: yes
-  when: not keycloak_rhsso_enable
 
-- block:
+- name: "Check work directory: {{ keycloak_dest }}"
-    - assert:
+  stat:
-        that:
+    path: "{{ keycloak_dest }}"
-          - rhsso_rhn_id is defined or zip_file_local_path is defined
+  register: path_to_workdir
-        quiet: true
+  become: yes
-        fail_msg: "Can't install RHSSO without either RHN ID or RHSSO zip file located on Ansible node"
 
-    - name: create download directory
+- name: "Create work directory {{ keycloak_dest }}"
   file:
-        path: /opt/apps
+    path: "{{ keycloak_dest }}"
     state: directory
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
     mode: 0750
-
-    - include_tasks: get_rhsso.yml
-      vars:
-        zipfile_dest: "{{ keycloak_dest }}/{{ keycloak_rhsso_archive }}"
-        work_dir: "{{ keycloak_dest }}"
-        target_dir: "{{ keycloak_jboss_home }}"
   become: yes
-  when: keycloak_rhsso_enable
+  when: not path_to_workdir.stat.exists
 
+- name: "Extract {{ 'Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Keycloak' }} archive on target"
+  unarchive:
+    remote_src: yes
+    src: "{{ archive }}"
+    dest: "{{ keycloak_dest }}"
+    creates: "{{ keycloak.home }}"
+    owner: "{{ keycloak_service_user }}"
+    group: "{{ keycloak_service_group }}"
+  become: yes
+  when:
+    - new_version_downloaded.changed or not path_to_workdir.stat.exists
+  notify:
+    - restart keycloak
+
+- name: Inform decompression was not executed
+  debug:
+    msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
+  when:
+    - not new_version_downloaded.changed and path_to_workdir.stat.exists
+
+- name: "Reown installation directory to {{ keycloak_service_user }}"
+  file:
+    path: "{{ keycloak.home }}"
+    owner: "{{ keycloak_service_user }}"
+    group: "{{ keycloak_service_group }}"
+    recurse: true
+  become: yes
+  changed_when: false
+
+# driver and configuration
 - name: "Install {{ keycloak_jdbc_engine }} driver"
   include_role:
     name: wildfly_driver
@@ -134,7 +181,7 @@
       jdbc_driver_module_name: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}"
   when: keycloak_jdbc[keycloak_jdbc_engine].enabled
 
-- name: "Deploy Keycloak's standalone.xml"
+- name: "Deploy {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
   become: yes
   template:
     src: templates/standalone.xml.j2
@@ -146,7 +193,7 @@
     - restart keycloak
   when: not keycloak_remotecache.enabled
 
-- name: "Deploy Keycloak's standalone.xml with remote cache store"
+- name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
   become: yes
   template:
     src: templates/standalone-infinispan.xml.j2

roles/keycloak/vars/main.yml

@@ -17,7 +17,7 @@ keycloak:
   home: "{{ keycloak_jboss_home }}"
   config_dir: "{{ keycloak_config_dir }}"
   bundle: "{{ keycloak_rhsso_archive if keycloak_rhsso_enable else keycloak_archive }}"
-  service_name: "{{ 'rhsso' if keycloak_rhsso_enable else 'keycloak') }}"
+  service_name: "{{ 'rhsso' if keycloak_rhsso_enable else 'keycloak' }}"
   health_url: "{{ keycloak_management_url }}/health"
 
 # database