Add mariadb default, add config validation

2021-12-17 14:56:28 +01:00 · 2021-12-17 14:56:28 +01:00 · 9c97baf03b
parent 78adb450b2
commit 9c97baf03b
3 changed files with 38 additions and 9 deletions
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@ -36,6 +36,7 @@ keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
 keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
 # enable auto configuration for database backend, clustering and remote caches on infinispan
 keycloak_ha_enabled: False
+keycloak_db_enabled: False

 # keycloak administration console user
 keycloak_admin_user: admin
@ -58,9 +59,10 @@ keycloak_remotecache:
  trust_store_path: /path/to/jks/keystore
  trust_store_password: changeme

+keycloak_jdbc_engine: postgres
 keycloak_jdbc:
  postgres:
-    enabled: "{{ keycloak_ha_enabled }}"
+    enabled: "{{ keycloak_ha_enabled and keycloak_jdbc_engine == 'postgres' }}"
    driver_module_name: "org.postgresql"
    driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/postgresql/main"
    driver_version: 9.4.1212
@ -69,3 +71,13 @@ keycloak_jdbc:
    connection_url: "{{ postgres_jdbc_url | default('jdbc:postgresql://localhost:5432/keycloak') }}"
    db_user: "{{ postgres_db_user | default('keycloak-user') }}"
    db_password: "{{ postgres_db_pass | default('keycloak-pass') }}"
+  mariadb:
+    enabled: "{{ keycloak_ha_enabled and keycloak_jdbc_engine == 'mariadb' }}"
+    driver_module_name: "org.mariadb"
+    driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/mariadb/main"
+    driver_version: 2.7.4
+    driver_jar_filename: "mariadb-java-client-2.7.4.jar"
+    driver_jar_url: "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/2.7.4/mariadb-java-client-2.7.4.jar"
+    connection_url: "{{ mariadb_jdbc_url | default('jdbc:mariadb://localhost:3306/keycloak') }}"
+    db_user: "{{ mariadb_db_user | default('keycloak-user') }}"
+    db_password: "{{ mariadb_db_pass | default('keycloak-pass') }}"
--- a/roles/keycloak/tasks/install.yml
+++ b/roles/keycloak/tasks/install.yml
@ -112,19 +112,19 @@
  become: yes
  when: keycloak_rhsso_enable

- name: "Install Postresql driver"
+- name: "Install {{ keycloak_jdbc_engine }} driver"
  include_role:
    name: wildfly_driver
    tasks_from: jdbc_driver.yml
  vars:
      wildfly_user: "{{ keycloak_service_user }}"
-      jdbc_driver_module_dir: "{{ keycloak_jdbc.postgres.driver_module_dir }}"
-      jdbc_driver_version: "{{ keycloak_jdbc.postgres.driver_version }}"
-      jdbc_driver_jar_filename: "{{ keycloak_jdbc.postgres.driver_jar_filename }}"
-      jdbc_driver_jar_url: "{{ keycloak_jdbc.postgres.driver_jar_url }}"
-      jdbc_driver_jar_installation_path: "{{ keycloak_jdbc.postgres.driver_module_dir }}/{{ keycloak_jdbc.postgres.driver_jar_filename }}"
-      jdbc_driver_module_name: "{{ keycloak_jdbc.postgres.driver_module_name }}"
-  when: keycloak_jdbc.postgres.enabled
+      jdbc_driver_module_dir: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
+      jdbc_driver_version: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_version }}"
+      jdbc_driver_jar_filename: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
+      jdbc_driver_jar_url: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}"
+      jdbc_driver_jar_installation_path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
+      jdbc_driver_module_name: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}"
+  when: keycloak_jdbc[keycloak_jdbc_engine].enabled

 - name: "Deploy Keycloak's standalone.xml"
  become: yes
--- a/roles/keycloak/tasks/prereqs.yml
+++ b/roles/keycloak/tasks/prereqs.yml
@ -1,4 +1,21 @@
 ---
+- name: "Validate configuration"
+  assert:
+    that:
+      - (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled)
+    quiet: True
+    fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_ha_enabled"
+    success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"
+
+- name: "Validate credentials"
+  assert:
+    that:
+      - (rhn_username is defined and rhsso_rhn_id is defined) or rhsso_rhn_id is not defined
+      - (rhn_password is defined and rhsso_rhn_id is defined) or rhsso_rhn_id is not defined
+    quiet: True
+    fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined"
+    success_msg: "{{ 'Installing Red Hat Single Sign-On' if rhsso_rhn_id is defined else 'Installing keycloak.org' }}"
+
 - set_fact:
    required_packages:
    - "{{ jvm_package | default('java-1.8.0-openjdk-devel') }}"