Code review comments

main
root 2022-01-14 13:54:10 -06:00
parent 7b376e0681
commit ce26ceeed0
7 changed files with 65 additions and 44 deletions

View File

@ -31,25 +31,32 @@ collections:
### Install Playbook ### Install Playbook
`playbooks/keycloak.yml` installs the keycloak or Red Hat Single Sign-On(RHSSO) based on the defined variables. `playbooks/keycloak.yml` installs the upstream(Keycloak) based on the defined variables.
`playbooks/rhsso.yml` installs Red Hat Single Sign-On(RHSSO) based on defined variables.
### Choosing between Red Hat products and upstream (Keycloak) project ### Choosing between upstream(Keycloak) project and Red Hat Single Sign-On(RHSSO)
The roles supports installing Keycloak or Red Hat Single Sign-On in the following ways The roles supports installing upstream(Keycloak) or Red Hat Single Sign-On in the following ways
#### Install upstream from remote source #### Install upstream(Keycloak) from remote source
This is default way, no need to define any additional variables. This is default approach, there is one required variable
#### Install upstream from local source when the following variable is defined
``` ```
keycloak_zip_file_local_path: <local path of keycloak zip file> keycloak_admin_password: "<changeme>"
``` ```
#### Install RHSSO from the Customer Support Portal, when the following variables are defined #### Install upstream(Keycloak) from local source when the following variable is defined
``` ```
keycloak_admin_password: "<changeme>"
zip_file_local_path: <keycloak zip file on Ansible control node local path>
```
#### Install RHSSO from the Red Hat Customer Support Portal, when the following variables are defined
```
keycloak_admin_password: "<changeme>"
rhn_username: '<customer_portal_username>' rhn_username: '<customer_portal_username>'
rhn_password: '<customer_portal_password>' rhn_password: '<customer_portal_password>'
rhsso_rhn_id: '<sso_product_id>' rhsso_rhn_id: '<sso_product_id>'
@ -60,15 +67,17 @@ where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version
#### Install RHSSO from remote sources like Nexus etc, when the following variables are defined #### Install RHSSO from remote sources like Nexus etc, when the following variables are defined
``` ```
rhsso_source_download_url: '<url to downloand RHSSO zip file>' keycloak_admin_password: "<changeme>"
keycloak_rhsso_enable: True
rhsso_source_download_url: '<url to download RHSSO zip file>'
``` ```
where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_)
#### Install RHSSO from local source when the following variable is defined #### Install RHSSO from local source when the following variable is defined
``` ```
rhsso_zip_file_local_path: <local path of rhsso zip file> keycloak_admin_password: "<changeme>"
keycloak_rhsso_enable: True
zip_file_local_path: <rhsso zip file on Ansible control node local path>
``` ```
### Install role ### Install role

View File

@ -2,11 +2,9 @@
- name: Playbook for Keycloak Hosts - name: Playbook for Keycloak Hosts
hosts: keycloak hosts: keycloak
collections: collections:
- middleware_automation.redhat_csp_download - middleware_automation.keycloak
roles:
- redhat_csp_download
tasks: tasks:
- name: Keycloak Role - name: Include keycloak role
include_role: include_role:
name: keycloak name: keycloak
vars: vars:

View File

@ -1,10 +1,14 @@
--- ---
- name: Playbook for Keycloak Hosts - name: Playbook for Keycloak Hosts
hosts: keycloak hosts: keycloak
collections:
- middleware_automation.redhat_csp_download
roles:
- redhat_csp_download
tasks: tasks:
- name: Keycloak Role - name: Keycloak Role
include_role: include_role:
name: keycloak name: keycloak
vars: vars:
keycloak_admin_password: "changeme" keycloak_admin_password: "changeme"
rhsso_zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip" # This should be local path of rhsso zip file keycloak_rhsso_enable: True

View File

@ -18,6 +18,7 @@ Role Defaults
| Variable | Description | Default | | Variable | Description | Default |
|:---------|:------------|:---------| |:---------|:------------|:---------|
|`keycloak_rhsso_enable`| Enable Red Hat Single Sign-on installation | `False` |
|`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` | |`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
|`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` | |`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` |
|`keycloak_admin_user`| Administration console user account | `admin` | |`keycloak_admin_user`| Administration console user account | `admin` |
@ -66,16 +67,15 @@ The following variables are _required_ only when `keycloak_db_enabled` is True:
|`keycloak_db_user` | username for connecting to postgres | `keycloak-user` | |`keycloak_db_user` | username for connecting to postgres | `keycloak-user` |
|`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` | |`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` |
The following variables can be used to install Keycloak or Red Hat Single Sign-On from local path: The following variable can be used to install Keycloak or Red Hat Single Sign-On from local path:
| Variable | Description | Default | | Variable | Description | Example |
|:---------|:------------|:---------| |:---------|:------------|:---------|
|`rhsso_zip_file_local_path` | Full local path of Red Hat Single Sign-On zip file | `tmp/rhsso/rh-sso-7.5-server-dist.zip` | |`zip_file_local_path` | Full local path of upstream(Keycloak) or Red Hat Single Sign-On zip file on Ansible control plane | `tmp/rhsso/rh-sso-7.5-server-dist.zip` |
|`keycloak_zip_file_local_path` | Full local path of Keycloak zip file | `/tmp/keycloak/keycloak-16.1.0.zip` |
The following variable can be used to install Red Hat Single Sign-On from source via url, auth support is not added right now. The following variable can be used to install Red Hat Single Sign-On from source via url, auth support is not added right now.
| Variable | Description | Default | | Variable | Description | Example |
|:---------|:------------|:---------| |:---------|:------------|:---------|
|`rhsso_source_download_url` | URL to download Red Hat Single Sign-On zip file from | `http://localhost:8081/nexus/rhsso/rh-sso-7.5-server-dist.zip` | |`rhsso_source_download_url` | URL to download Red Hat Single Sign-On zip file from source | `http://localhost:8081/nexus/rhsso/rh-sso-7.5-server-dist.zip` |
Dependencies Dependencies
------------ ------------
@ -104,7 +104,7 @@ The following is an example playbook that makes use of the role to install keycl
keycloak_admin_password: "changeme" keycloak_admin_password: "changeme"
``` ```
The following is an example playbook that makes use of the role to install keycloak from local path The following is an example playbook that makes use of the role to install keycloak from local path on Ansible node
```yaml ```yaml
--- ---
@ -117,14 +117,14 @@ The following is an example playbook that makes use of the role to install keycl
name: keycloak name: keycloak
vars: vars:
keycloak_admin_password: "changeme" keycloak_admin_password: "changeme"
keycloak_zip_file_local_path: "/tmp/keycloak/keycloak-16.1.0.zip" # This should be local path of keycloak zip file zip_file_local_path: "/tmp/keycloak/keycloak-16.1.0.zip" # This should be local path on Ansible node of upstream(keycloak) zip file
``` ```
The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN
```yaml ```yaml
--- ---
- name: Playbook for Keycloak Hosts - name: Playbook for RHSSO
hosts: keycloak hosts: keycloak
collections: collections:
- middleware_automation.redhat_csp_download - middleware_automation.redhat_csp_download
@ -136,6 +136,7 @@ The following is an example playbook that makes use of the role to install Red H
name: keycloak name: keycloak
vars: vars:
keycloak_admin_password: "changeme" keycloak_admin_password: "changeme"
keycloak_rhsso_enable: True
``` ```
The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from source url The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from source url
@ -143,27 +144,33 @@ The following is an example playbook that makes use of the role to install Red H
```yaml ```yaml
--- ---
- hosts: keycloak - hosts: keycloak
collections:
- middleware_automation.keycloak
tasks: tasks:
- name: Keycloak Role - name: Keycloak Role
include_role: include_role:
name: keycloak name: keycloak
vars: vars:
keycloak_admin_password: "changeme" keycloak_admin_password: "changeme"
keycloak_rhsso_enable: True
rhsso_source_download_url: "<REPLACE with - Source download url>" # This should be the full of remote source rhsso zip file rhsso_source_download_url: "<REPLACE with - Source download url>" # This should be the full of remote source rhsso zip file
``` ```
The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from local path The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from local path on Ansible node
```yaml ```yaml
--- ---
- hosts: keycloak - hosts: keycloak
collections:
- middleware_automation.keycloak
tasks: tasks:
- name: Keycloak Role - name: Keycloak Role
include_role: include_role:
name: keycloak name: keycloak
vars: vars:
keycloak_admin_password: "changeme" keycloak_admin_password: "changeme"
rhsso_zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip" # This should be local path of rhsso zip file keycloak_rhsso_enable: True
zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip" # This should be local path on Ansible node of rhsso zip file
``` ```
License License

View File

@ -6,7 +6,7 @@ keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version
keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
### Configuration specific to Red Hat Single Sing-On ### Configuration specific to Red Hat Single Sing-On
keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined else False }}" keycloak_rhsso_enable: False
keycloak_rhsso_version: 7.5 keycloak_rhsso_version: 7.5
keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip
keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}" keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}"
@ -15,7 +15,7 @@ keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/soft
### Install location and service settings ### Install location and service settings
jvm_package: java-1.8.0-openjdk-devel jvm_package: java-1.8.0-openjdk-devel
keycloak_dest: /opt/keycloak keycloak_dest: /opt/keycloak
keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined else keycloak_installdir }}" keycloak_jboss_home: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}"
keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration" keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
keycloak_config_standalone_xml: "keycloak.xml" keycloak_config_standalone_xml: "keycloak.xml"

View File

@ -2,11 +2,13 @@
- assert: - assert:
that: that:
- zipfile_dest is defined - zipfile_dest is defined
- (rhn_username is defined and rhn_password is defined and rhn_id_file is defined) or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined - keycloak_rhsso_enable
quiet: true quiet: true
- set_fact: - set_fact:
rhn_download_url: "{{ keycloak_rhsso_base_url }}{{ rhn_id_file }}" rhn_download_url: "{{ keycloak_rhsso_base_url }}{{ rhsso_rhn_id }}"
when:
- rhsso_rhn_id is defined
- name: "Check zipfile dest directory {{ zipfile_dest }}" - name: "Check zipfile dest directory {{ zipfile_dest }}"
stat: stat:
@ -24,6 +26,8 @@
- archive_path is defined - archive_path is defined
- archive_path.stat is defined - archive_path.stat is defined
- not archive_path.stat.exists - not archive_path.stat.exists
- rhn_username is defined
- rhn_password is defined
- rhsso_rhn_id is defined - rhsso_rhn_id is defined
- name: "Copy zipfile from source like Nexus etc : {{ rhsso_source_download_url }}" - name: "Copy zipfile from source like Nexus etc : {{ rhsso_source_download_url }}"
@ -39,9 +43,9 @@
- not archive_path.stat.exists - not archive_path.stat.exists
- rhsso_source_download_url is defined - rhsso_source_download_url is defined
- name: "Copy zipfile from local source: {{ rhsso_zip_file_local_path }}" - name: "Copy zipfile from local source: {{ zip_file_local_path }}"
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ rhsso_zip_file_local_path }}" src: "{{ zip_file_local_path }}"
dest: "{{ zipfile_dest }}" dest: "{{ zipfile_dest }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
@ -50,7 +54,7 @@
- archive_path is defined - archive_path is defined
- archive_path.stat is defined - archive_path.stat is defined
- not archive_path.stat.exists - not archive_path.stat.exists
- rhsso_zip_file_local_path is defined - zip_file_local_path is defined
- name: "Check zipfile dest directory {{ zipfile_dest }}" - name: "Check zipfile dest directory {{ zipfile_dest }}"
stat: stat:

View File

@ -74,11 +74,11 @@
- archive_path is defined - archive_path is defined
- archive_path.stat is defined - archive_path.stat is defined
- not archive_path.stat.exists - not archive_path.stat.exists
- not keycloak_zip_file_local_path is defined - not keycloak_rhsso_enable and not zip_file_local_path is defined
- name: "Copy zipfile from local source: {{ keycloak_zip_file_local_path }}" - name: "Copy zipfile from local source: {{ zip_file_local_path }}"
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ keycloak_zip_file_local_path }}" src: "{{ zip_file_local_path }}"
dest: "{{ keycloak_dest }}" dest: "{{ keycloak_dest }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
@ -87,7 +87,7 @@
- archive_path is defined - archive_path is defined
- archive_path.stat is defined - archive_path.stat is defined
- not archive_path.stat.exists - not archive_path.stat.exists
- keycloak_zip_file_local_path is defined - not keycloak_rhsso_enable and zip_file_local_path is defined
- name: extract Keycloak archive on target - name: extract Keycloak archive on target
unarchive: unarchive:
@ -105,9 +105,9 @@
- block: - block:
- assert: - assert:
that: that:
- rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined - rhsso_rhn_id is defined or zip_file_local_path is defined
quiet: true quiet: true
fail_msg: "Can't install RHSSO without either RHN ID or RHSSO zip file local path" fail_msg: "Can't install RHSSO without either RHN ID or RHSSO zip file located on Ansible node"
- name: create download directory - name: create download directory
file: file:
@ -117,9 +117,8 @@
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0750 mode: 0750
- include_tasks: download_from_rhn.yml - include_tasks: get_rhsso.yml
vars: vars:
rhn_id_file: "{{ rhsso_rhn_id | default(None) }}"
zipfile_dest: "{{ keycloak_dest }}/{{ keycloak_rhsso_archive }}" zipfile_dest: "{{ keycloak_dest }}/{{ keycloak_rhsso_archive }}"
work_dir: "{{ keycloak_dest }}" work_dir: "{{ keycloak_dest }}"
target_dir: "{{ keycloak_jboss_home }}" target_dir: "{{ keycloak_jboss_home }}"