From bcd82a5ae5758e94c8bf79af85ca79bfb048e1c5 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Thu, 13 Jan 2022 17:38:11 +0100 Subject: [PATCH 01/10] Add variable for frontendUrl (for revproxy scenario) --- roles/keycloak/README.md | 1 + roles/keycloak/defaults/main.yml | 1 + roles/keycloak/tasks/systemd.yml | 6 +++--- roles/keycloak/templates/standalone-infinispan.xml.j2 | 4 ++-- roles/keycloak/templates/standalone-rhsso-jdg.xml.j2 | 4 ++-- roles/keycloak/templates/standalone-rhsso.xml.j2 | 4 ++-- roles/keycloak/templates/standalone.xml.j2 | 4 ++-- roles/keycloak/vars/main.yml | 1 + 8 files changed, 14 insertions(+), 11 deletions(-) diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 3f3c269..6b0bbd9 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -47,6 +47,7 @@ The following variables are _required_ only when `keycloak_ha_enabled` is True: | Variable | Description | Default | |:---------|:------------|:---------| |`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` | +|`keycloak_frontend_url` | frontend URL for keycloak endpoints when a reverse proxy is used | `localhost` | |`keycloak_jdbc_engine` | backend database flavour when db is enabled: [ postgres, mariadb ] | `postgres` | |`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` | |`infinispan_user` | username for connecting to infinispan | `supervisor` | diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index b2f45e8..f04c2eb 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -50,6 +50,7 @@ keycloak_force_install: False ### mod_cluster reverse proxy keycloak_modcluster_url: localhost +keycloak_frontend_url: localhost ### infinispan remote caches access (hotrod) infinispan_user: supervisor diff --git a/roles/keycloak/tasks/systemd.yml b/roles/keycloak/tasks/systemd.yml index 3cf1479..858f5d7 100644 --- a/roles/keycloak/tasks/systemd.yml +++ b/roles/keycloak/tasks/systemd.yml @@ -38,6 +38,9 @@ daemon_reload: yes when: systemdunit.changed +- set_fact: + health_url: "{{ keycloak_management_url }}/health" + - name: start keycloak systemd: name: keycloak @@ -56,9 +59,6 @@ - meta: flush_handlers -- set_fact: - health_url: "{{ keycloak_management_url }}/health" - - name: "Wait until Keycloak becomes active {{ health_url }}" uri: url: "{{ health_url }}" diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index e7d2a8c..2b2842b 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -609,8 +609,8 @@ default - - + + diff --git a/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2 b/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2 index 09884b5..e73bf19 100644 --- a/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2 +++ b/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2 @@ -606,8 +606,8 @@ default - - + + diff --git a/roles/keycloak/templates/standalone-rhsso.xml.j2 b/roles/keycloak/templates/standalone-rhsso.xml.j2 index 95eb4e0..b48883a 100644 --- a/roles/keycloak/templates/standalone-rhsso.xml.j2 +++ b/roles/keycloak/templates/standalone-rhsso.xml.j2 @@ -505,8 +505,8 @@ default - - + + diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2 index bf3ce0a..823357f 100644 --- a/roles/keycloak/templates/standalone.xml.j2 +++ b/roles/keycloak/templates/standalone.xml.j2 @@ -583,8 +583,8 @@ default - - + + diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml index f135d99..cf1d6cc 100644 --- a/roles/keycloak/vars/main.yml +++ b/roles/keycloak/vars/main.yml @@ -55,6 +55,7 @@ keycloak_jdbc: keycloak_modcluster: enabled: "{{ keycloak_ha_enabled }}" reverse_proxy_url: "{{ keycloak_modcluster_url }}" + frontend_url: "{{ keycloak_frontend_url }}" # infinispan keycloak_remotecache: From 42947462633664a5e909b5985b0d5617569bf637 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Thu, 13 Jan 2022 17:52:21 +0100 Subject: [PATCH 02/10] Update molecule dependency task to force correct path --- molecule/default/molecule.yml | 3 ++- molecule/default/requirements.yml | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 molecule/default/requirements.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 3c54d4a..68adf70 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,6 +1,7 @@ --- dependency: - name: galaxy + name: shell + command: ansible-galaxy collection install -r molecule/default/requirements.yml -p $HOME/.ansible/collections --force-with-deps driver: name: docker platforms: diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml new file mode 100644 index 0000000..ca255ec --- /dev/null +++ b/molecule/default/requirements.yml @@ -0,0 +1,10 @@ +--- +collections: + - name: middleware_automation.redhat_csp_download + version: ">=1.2.1" + - name: middleware_automation.jcliff + version: ">=0.0.19" + - name: community.general + - name: community.docker + version: ">=1.9.1" + From 8a9cb79fa4867c879d43a95760a9d17c7d0ab1be Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Thu, 13 Jan 2022 20:08:41 +0100 Subject: [PATCH 03/10] Update CI ansible collection download path --- .github/workflows/ci.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9034acc..89fd1bc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,8 +15,6 @@ jobs: steps: - name: Check out code uses: actions/checkout@v2 - with: - path: ansible_collections/middleware_automation/keycloak - name: Set up Python ${{ matrix.python_version }} uses: actions/setup-python@v1 @@ -28,18 +26,15 @@ jobs: python -m pip install --upgrade pip pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous - - name: Create default collection path symlink + - name: Create default collection path run: | - mkdir -p /home/runner/.ansible - ln -s /home/runner/work/middleware_automation/keycloak /home/runner/.ansible/collections + mkdir -p /home/runner/.ansible/collections/ansible_collections - name: Run sanity tests run: ansible-test sanity --docker -v --color --python ${{ matrix.python_version }} - working-directory: ./ansible_collections/middleware_automation/keycloak - name: Run molecule test run: molecule test --all - working-directory: ./ansible_collections/middleware_automation/keycloak env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' From 1b44b47d1c8aab5d65edc38958744a563a5bdf94 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Thu, 13 Jan 2022 20:16:44 +0100 Subject: [PATCH 04/10] Revert layout for collection sanity checks --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 89fd1bc..d2ceab8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,6 +15,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v2 + with: + path: ansible_collections/middleware_automation/keycloak - name: Set up Python ${{ matrix.python_version }} uses: actions/setup-python@v1 @@ -32,9 +34,12 @@ jobs: - name: Run sanity tests run: ansible-test sanity --docker -v --color --python ${{ matrix.python_version }} + working-directory: ./ansible_collections/middleware_automation/keycloak - name: Run molecule test run: molecule test --all + working-directory: ./ansible_collections/middleware_automation/keycloak + env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' From 5fa9243bcd7c987ba1730bb15ecee9915be01bd8 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Fri, 14 Jan 2022 09:54:26 +0100 Subject: [PATCH 05/10] fix: keycloak_frontend_url needs scheme --- molecule/default/molecule.yml | 2 +- molecule/default/prepare.yml | 4 +++- roles/keycloak/README.md | 2 +- roles/keycloak/defaults/main.yml | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 68adf70..c59579c 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -3,7 +3,7 @@ dependency: name: shell command: ansible-galaxy collection install -r molecule/default/requirements.yml -p $HOME/.ansible/collections --force-with-deps driver: - name: docker + name: podman platforms: - name: instance image: registry.access.redhat.com/ubi8/ubi-init:latest diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index a0fd601..425c16d 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -2,7 +2,9 @@ - name: Prepare hosts: all tasks: + - name: Disable beta repos + command: yum config-manager --disable '*beta*' - name: Install sudo yum: name: sudo - state: present \ No newline at end of file + state: present diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 6b0bbd9..745c5d3 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -47,7 +47,7 @@ The following variables are _required_ only when `keycloak_ha_enabled` is True: | Variable | Description | Default | |:---------|:------------|:---------| |`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` | -|`keycloak_frontend_url` | frontend URL for keycloak endpoints when a reverse proxy is used | `localhost` | +|`keycloak_frontend_url` | frontend URL for keycloak endpoints when a reverse proxy is used | `http://localhost` | |`keycloak_jdbc_engine` | backend database flavour when db is enabled: [ postgres, mariadb ] | `postgres` | |`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` | |`infinispan_user` | username for connecting to infinispan | `supervisor` | diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index f04c2eb..a75fc70 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -50,7 +50,7 @@ keycloak_force_install: False ### mod_cluster reverse proxy keycloak_modcluster_url: localhost -keycloak_frontend_url: localhost +keycloak_frontend_url: http://localhost ### infinispan remote caches access (hotrod) infinispan_user: supervisor From 7a989f777187f09c8946d4514e19405f41c0b4fe Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Fri, 14 Jan 2022 10:06:43 +0100 Subject: [PATCH 06/10] Move former templates and update docs --- roles/keycloak/README.md | 8 ++++++++ roles/keycloak/defaults/main.yml | 2 +- .../templates/{ => 9.0.2}/standalone-infinispan.xml.j2 | 0 roles/keycloak/templates/{ => 9.0.2}/standalone.xml.j2 | 0 4 files changed, 9 insertions(+), 1 deletion(-) rename roles/keycloak/templates/{ => 9.0.2}/standalone-infinispan.xml.j2 (100%) rename roles/keycloak/templates/{ => 9.0.2}/standalone.xml.j2 (100%) diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 745c5d3..a89320a 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -13,6 +13,14 @@ This role requires the `python3-netaddr` library installed on the controller nod * or via pip: `pip install netaddr==0.8.0` +Versions +-------- + +| RH-SSO VERSION | Release Date | Keycloak Version | EAP Version | Notes | +|:---------------|:------------------|:-----------------|:------------|:----------------| +|`7.5.0 GA` |September 20, 2021 |`15.0.2` | `7.4.0` |[Release Notes](https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/index)| + + Role Defaults ------------- diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index a75fc70..5046fb4 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -1,6 +1,6 @@ --- ### Configuration specific to keycloak -keycloak_version: 9.0.2 +keycloak_version: 15.0.2 keycloak_archive: keycloak-{{ keycloak_version }}.zip keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }} keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/9.0.2/standalone-infinispan.xml.j2 similarity index 100% rename from roles/keycloak/templates/standalone-infinispan.xml.j2 rename to roles/keycloak/templates/9.0.2/standalone-infinispan.xml.j2 diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/9.0.2/standalone.xml.j2 similarity index 100% rename from roles/keycloak/templates/standalone.xml.j2 rename to roles/keycloak/templates/9.0.2/standalone.xml.j2 From 94aecfcd87f2ffc0f3c3f75aafda54a05d494d73 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Fri, 14 Jan 2022 10:09:10 +0100 Subject: [PATCH 07/10] Rename/merge templates and update install task --- roles/keycloak/tasks/install.yml | 4 ++-- ...andalone-rhsso-jdg.xml.j2 => standalone-infinispan.xml.j2} | 0 .../templates/{standalone-rhsso.xml.j2 => standalone.xml.j2} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename roles/keycloak/templates/{standalone-rhsso-jdg.xml.j2 => standalone-infinispan.xml.j2} (100%) rename roles/keycloak/templates/{standalone-rhsso.xml.j2 => standalone.xml.j2} (100%) diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 88a0ab4..3044347 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -129,7 +129,7 @@ - name: "Deploy Keycloak's standalone.xml" become: yes template: - src: "{{ 'templates/standalone-rhsso.xml.j2' if keycloak_rhsso_enable else 'templates/standalone.xml.j2' }}" + src: templates/standalone.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" @@ -141,7 +141,7 @@ - name: "Deploy Keycloak's standalone.xml with remote cache store" become: yes template: - src: "{{ 'templates/standalone-rhsso-jdg.xml.j2' if keycloak_rhsso_enable else 'templates/standalone-infinispan.xml.j2' }}" + src: templates/standalone-infinispan.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" diff --git a/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 similarity index 100% rename from roles/keycloak/templates/standalone-rhsso-jdg.xml.j2 rename to roles/keycloak/templates/standalone-infinispan.xml.j2 diff --git a/roles/keycloak/templates/standalone-rhsso.xml.j2 b/roles/keycloak/templates/standalone.xml.j2 similarity index 100% rename from roles/keycloak/templates/standalone-rhsso.xml.j2 rename to roles/keycloak/templates/standalone.xml.j2 From d7597771cfe777d78b3d68e4915217a0c2fcbfd3 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Fri, 14 Jan 2022 10:14:24 +0100 Subject: [PATCH 08/10] Drop service logfile, symlink log directory instead --- roles/keycloak/tasks/main.yml | 12 ++++++++++-- roles/keycloak/templates/keycloak-service.sh.j2 | 3 +-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 66f56b3..bcf0c06 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -6,9 +6,17 @@ tags: - prereqs -- include_tasks: tasks/install.yml +- name: Include install tasks + include_tasks: tasks/install.yml -- include_tasks: tasks/systemd.yml +- name: Include systemd tasks + include_tasks: tasks/systemd.yml + +- name: Link default logs directory + file: + state: link + src: "{{keycloak_jboss_home}}/standalone/log" + dest: /var/log/keycloak - block: - name: Check admin credentials by generating a token diff --git a/roles/keycloak/templates/keycloak-service.sh.j2 b/roles/keycloak/templates/keycloak-service.sh.j2 index 422ccde..82e3a21 100755 --- a/roles/keycloak/templates/keycloak-service.sh.j2 +++ b/roles/keycloak/templates/keycloak-service.sh.j2 @@ -83,8 +83,7 @@ startKeycloak() { -Djboss.management.https.port=${KEYCLOAK_MANAGEMENT_HTTPS_PORT} \ -Djboss.node.name={{ inventory_hostname }} \ {% if keycloak_prefer_ipv4 %}-Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true {% endif %}\ - {% if keycloak_config_standalone_xml is defined %}--server-config={{ keycloak_config_standalone_xml }}{% endif %} \ - 2>&1 >> "${KEYCLOAK_LOGFILE}" & + {% if keycloak_config_standalone_xml is defined %}--server-config={{ keycloak_config_standalone_xml }}{% endif %} & while [ ! -f ${KEYCLOAK_PIDFILE} ]; do sleep 1; done fi } From d4634fcebc84959d72db11a6f64aaf2cb14e31d8 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Fri, 14 Jan 2022 10:29:48 +0100 Subject: [PATCH 09/10] update new download location --- molecule/default/molecule.yml | 2 +- molecule/default/prepare.yml | 2 ++ roles/keycloak/defaults/main.yml | 7 ++++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index c59579c..68adf70 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -3,7 +3,7 @@ dependency: name: shell command: ansible-galaxy collection install -r molecule/default/requirements.yml -p $HOME/.ansible/collections --force-with-deps driver: - name: podman + name: docker platforms: - name: instance image: registry.access.redhat.com/ubi8/ubi-init:latest diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 425c16d..8dbc48d 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -4,6 +4,8 @@ tasks: - name: Disable beta repos command: yum config-manager --disable '*beta*' + ignore_errors: yes + - name: Install sudo yum: name: sudo diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index 5046fb4..1baf784 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -1,14 +1,15 @@ --- ### Configuration specific to keycloak keycloak_version: 15.0.2 -keycloak_archive: keycloak-{{ keycloak_version }}.zip -keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }} +keycloak_archive: "keycloak-{{ keycloak_version }}.zip" +keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}" +keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}" keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" ### Configuration specific to Red Hat Single Sing-On keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}" keycloak_rhsso_version: 7.5 -keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip +keycloak_rhsso_archive: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip" keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}" keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=' From f1eec2596d0766653a36849bb69d9293ccf1835d Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Fri, 14 Jan 2022 14:14:38 +0100 Subject: [PATCH 10/10] Start work on v0.1.8 --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 5ebc6d4..4d325b4 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: middleware_automation name: keycloak -version: "0.1.7" +version: "0.1.8" readme: README.md authors: - Romain Pelisse