From 8341416ee0da322648f65a574fdc0c726ef5b086 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Mon, 9 May 2022 15:57:12 +0200 Subject: [PATCH] keycloak: default jvm to headless variant, add jdbc validation --- roles/keycloak/README.md | 2 +- roles/keycloak/meta/argument_specs.yml | 2 +- roles/keycloak/tasks/prereqs.yml | 14 +++++++++++++- roles/keycloak/tasks/systemd.yml | 1 + 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index c63085b..71787b1 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -65,7 +65,7 @@ Role Defaults |`keycloak_service_user`| posix account username | `keycloak` | |`keycloak_service_group`| posix account group | `keycloak` | |`keycloak_service_pidfile`| pid file path for service | `/run/keycloak.pid` | -|`keycloak_jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-devel` | +|`keycloak_jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-headless` | |`keycloak_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path | `None` | |`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` | diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 24b644c..983d59d 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -78,7 +78,7 @@ argument_specs: type: "bool" keycloak_jvm_package: # line 23 of keycloak/defaults/main.yml - default: "java-1.8.0-openjdk-devel" + default: "java-1.8.0-openjdk-headless" description: "RHEL java package runtime rpm" type: "str" keycloak_java_home: diff --git a/roles/keycloak/tasks/prereqs.yml b/roles/keycloak/tasks/prereqs.yml index c84dccb..4df0d96 100644 --- a/roles/keycloak/tasks/prereqs.yml +++ b/roles/keycloak/tasks/prereqs.yml @@ -4,7 +4,7 @@ that: - keycloak_admin_password | length > 12 quiet: True - fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 16+ char long string" + fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 12+ char long string" success_msg: "{{ 'Console administrator password OK' }}" - name: Validate configuration @@ -24,6 +24,18 @@ fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined" success_msg: "{{ 'Installing Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Installing keycloak.org' }}" +- name: Validate persistence configuration + ansible.builtin.assert: + that: + - keycloak_jdbc_engine is defined and keycloak_jdbc_engine in [ 'postgres', 'mariadb' ] + - keycloak_jdbc_url | length > 0 + - keycloak_db_user | length > 0 + - keycloak_db_pass | length > 0 + quiet: True + when: keycloak_db_enabled + fail_msg: "Configuration for the JDBC persistence is invalid or incomplete" + success_msg: "Configuring JDBC persistence using {{ keycloak_jdbc_engine }} database" + - name: Ensure required packages are installed ansible.builtin.include_tasks: fastpackages.yml vars: diff --git a/roles/keycloak/tasks/systemd.yml b/roles/keycloak/tasks/systemd.yml index 77f7d7c..871180f 100644 --- a/roles/keycloak/tasks/systemd.yml +++ b/roles/keycloak/tasks/systemd.yml @@ -1,3 +1,4 @@ +--- - name: "Configure {{ keycloak.service_name }} service script wrapper" become: yes ansible.builtin.template: