From 41caa49cfcb1114be8ae36ab004b273cd8ecc006 Mon Sep 17 00:00:00 2001 From: Xabier Davila Date: Thu, 30 Jun 2022 16:22:58 +0200 Subject: [PATCH 1/2] Use absolute path for certificate files --- roles/keycloak_quarkus/README.md | 4 ++-- roles/keycloak_quarkus/defaults/main.yml | 4 ++-- roles/keycloak_quarkus/meta/argument_specs.yml | 4 ++-- roles/keycloak_quarkus/templates/keycloak.conf.j2 | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md index ed4fae3..769e2f7 100644 --- a/roles/keycloak_quarkus/README.md +++ b/roles/keycloak_quarkus/README.md @@ -37,8 +37,8 @@ Role Defaults |`keycloak_quarkus_http_relative_path` | Service context path | `auth` | |`keycloak_quarkus_http_enabled`| Enable listener on HTTP port | `True` | |`keycloak_quarkus_https_enabled`| Enable listener on HTTPS port | `False` | -|`keycloak_quarkus_key_file`| The file path to a private key in PEM format | `conf/server.key.pem` | -|`keycloak_quarkus_cert_file`| The file path to a server certificate or certificate chain in PEM format | `conf/server.crt.pem` | +|`keycloak_quarkus_key_file`| The file path to a private key in PEM format | `{{ keycloak.home }}/conf/server.key.pem` | +|`keycloak_quarkus_cert_file`| The file path to a server certificate or certificate chain in PEM format | `{{ keycloak.home }}/conf/server.crt.pem` | * Database configuration diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index 7d58fe3..a54a8ec 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -36,8 +36,8 @@ keycloak_quarkus_java_opts: "-Xms1024m -Xmx2048m" ### TLS/HTTPS configuration keycloak_quarkus_https_enabled: False -keycloak_quarkus_key_file: conf/server.key.pem -keycloak_quarkus_cert_file: conf/server.crt.pem +keycloak_quarkus_key_file: "{{ keycloak.home }}/conf/server.key.pem" +keycloak_quarkus_cert_file: "{{ keycloak.home }}/conf/server.crt.pem" ### Enable configuration for database backend, clustering and remote caches on infinispan keycloak_quarkus_ha_enabled: False diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml index 19fb8df..a0214a5 100644 --- a/roles/keycloak_quarkus/meta/argument_specs.yml +++ b/roles/keycloak_quarkus/meta/argument_specs.yml @@ -108,11 +108,11 @@ argument_specs: description: "Enable listener on HTTPS port" type: "bool" keycloak_quarkus_key_file: - default: "conf/server.key.pem" + default: "{{ keycloak.home }}/conf/server.key.pem" description: "The file path to a private key in PEM format" type: "str" keycloak_quarkus_cert_file: - default: "conf/server.crt.pem" + default: "{{ keycloak.home }}/conf/server.crt.pem" description: "The file path to a server certificate or certificate chain in PEM format" type: "str" keycloak_quarkus_https_port: diff --git a/roles/keycloak_quarkus/templates/keycloak.conf.j2 b/roles/keycloak_quarkus/templates/keycloak.conf.j2 index 63fcae1..c02dbae 100644 --- a/roles/keycloak_quarkus/templates/keycloak.conf.j2 +++ b/roles/keycloak_quarkus/templates/keycloak.conf.j2 @@ -19,8 +19,8 @@ http-port={{ keycloak_quarkus_http_port }} # HTTPS https-port={{ keycloak_quarkus_https_port }} {% if keycloak_quarkus_https_enabled %} -https-certificate-file={{ keycloak.home }}/{{ keycloak_quarkus_cert_file}} -https-certificate-key-file={{ keycloak.home }}/{{ keycloak_quarkus_key_file }} +https-certificate-file={{ keycloak_quarkus_cert_file}} +https-certificate-key-file={{ keycloak_quarkus_key_file }} {% endif %} # Hostname for the Keycloak server. From adb0a4da45643b39cd52d33af6f810553e844e9e Mon Sep 17 00:00:00 2001 From: Xabier Davila Date: Mon, 4 Jul 2022 08:31:10 +0200 Subject: [PATCH 2/2] Fix molecule tests --- molecule/quarkus/converge.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml index fd40a44..cb84edb 100644 --- a/molecule/quarkus/converge.yml +++ b/molecule/quarkus/converge.yml @@ -9,8 +9,8 @@ keycloak_quarkus_http_relative_path: '' keycloak_quarkus_log: file keycloak_quarkus_https_enabled: True - keycloak_quarkus_key_file: conf/key.pem - keycloak_quarkus_cert_file: conf/cert.pem + keycloak_quarkus_key_file: "{{ keycloak.home }}/conf/key.pem" + keycloak_quarkus_cert_file: "{{ keycloak.home }}/conf/cert.pem" roles: - role: keycloak_quarkus - role: keycloak_realm