Code review comments
This commit is contained in:
		
							parent
							
								
									7b376e0681
								
							
						
					
					
						commit
						ce26ceeed0
					
				
							
								
								
									
										35
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										35
									
								
								README.md
									
									
									
									
									
								
							| @ -31,25 +31,32 @@ collections: | ||||
| 
 | ||||
| ### Install Playbook | ||||
| 
 | ||||
| `playbooks/keycloak.yml` installs the keycloak or Red Hat Single Sign-On(RHSSO) based on the defined variables. | ||||
| `playbooks/keycloak.yml` installs the upstream(Keycloak) based on the defined variables. | ||||
| `playbooks/rhsso.yml` installs Red Hat Single Sign-On(RHSSO) based on defined variables. | ||||
| 
 | ||||
| ### Choosing between Red Hat products and upstream (Keycloak) project | ||||
| ### Choosing between upstream(Keycloak) project and Red Hat Single Sign-On(RHSSO) | ||||
| 
 | ||||
| The roles supports installing Keycloak or Red Hat Single Sign-On in the following ways | ||||
| The roles supports installing upstream(Keycloak) or Red Hat Single Sign-On in the following ways | ||||
| 
 | ||||
| #### Install upstream from remote source | ||||
| #### Install upstream(Keycloak) from remote source | ||||
| 
 | ||||
| This is default way, no need to define any additional variables. | ||||
| 
 | ||||
| #### Install upstream from local source when the following variable is defined | ||||
| This is default approach, there is one required variable | ||||
| 
 | ||||
| ``` | ||||
| keycloak_zip_file_local_path: <local path of keycloak zip file> | ||||
| keycloak_admin_password: "<changeme>" | ||||
| ``` | ||||
| 
 | ||||
| #### Install RHSSO from the Customer Support Portal, when the following variables are defined | ||||
| #### Install upstream(Keycloak) from local source when the following variable is defined | ||||
| 
 | ||||
| ``` | ||||
| keycloak_admin_password: "<changeme>" | ||||
| zip_file_local_path: <keycloak zip file on Ansible control node local path> | ||||
| ``` | ||||
| 
 | ||||
| #### Install RHSSO from the Red Hat Customer Support Portal, when the following variables are defined | ||||
| 
 | ||||
| ``` | ||||
| keycloak_admin_password: "<changeme>" | ||||
| rhn_username: '<customer_portal_username>' | ||||
| rhn_password: '<customer_portal_password>' | ||||
| rhsso_rhn_id: '<sso_product_id>' | ||||
| @ -60,15 +67,17 @@ where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version | ||||
| #### Install RHSSO from remote sources like Nexus etc, when the following variables are defined | ||||
| 
 | ||||
| ``` | ||||
| rhsso_source_download_url: '<url to downloand RHSSO zip file>' | ||||
| keycloak_admin_password: "<changeme>" | ||||
| keycloak_rhsso_enable: True | ||||
| rhsso_source_download_url: '<url to download RHSSO zip file>' | ||||
| ``` | ||||
| 
 | ||||
| where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_) | ||||
| 
 | ||||
| #### Install RHSSO from local source when the following variable is defined | ||||
| 
 | ||||
| ``` | ||||
| rhsso_zip_file_local_path: <local path of rhsso zip file> | ||||
| keycloak_admin_password: "<changeme>" | ||||
| keycloak_rhsso_enable: True | ||||
| zip_file_local_path: <rhsso zip file on Ansible control node local path> | ||||
| ``` | ||||
| 
 | ||||
| ### Install role | ||||
|  | ||||
| @ -2,11 +2,9 @@ | ||||
| - name: Playbook for Keycloak Hosts | ||||
|   hosts: keycloak | ||||
|   collections: | ||||
|     - middleware_automation.redhat_csp_download | ||||
|   roles: | ||||
|     - redhat_csp_download | ||||
|     - middleware_automation.keycloak | ||||
|   tasks: | ||||
|     - name: Keycloak Role | ||||
|     - name: Include keycloak role | ||||
|       include_role: | ||||
|         name: keycloak | ||||
|       vars: | ||||
|  | ||||
| @ -1,10 +1,14 @@ | ||||
| --- | ||||
| - name: Playbook for Keycloak Hosts | ||||
|   hosts: keycloak | ||||
|   collections: | ||||
|     - middleware_automation.redhat_csp_download | ||||
|   roles: | ||||
|     - redhat_csp_download | ||||
|   tasks: | ||||
|     - name: Keycloak Role | ||||
|       include_role: | ||||
|         name: keycloak | ||||
|       vars: | ||||
|         keycloak_admin_password: "changeme" | ||||
|         rhsso_zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip" # This should be local path of rhsso zip file | ||||
|         keycloak_rhsso_enable: True | ||||
| @ -18,6 +18,7 @@ Role Defaults | ||||
| 
 | ||||
| | Variable | Description | Default | | ||||
| |:---------|:------------|:---------| | ||||
| |`keycloak_rhsso_enable`| Enable Red Hat Single Sign-on installation  | `False` | | ||||
| |`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` | | ||||
| |`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` | | ||||
| |`keycloak_admin_user`| Administration console user account | `admin` | | ||||
| @ -66,16 +67,15 @@ The following variables are _required_ only when `keycloak_db_enabled` is True: | ||||
| |`keycloak_db_user` | username for connecting to postgres | `keycloak-user` | | ||||
| |`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` | | ||||
| 
 | ||||
| The following variables can be used to install Keycloak or Red Hat Single Sign-On from local path: | ||||
| | Variable | Description | Default | | ||||
| The following variable can be used to install Keycloak or Red Hat Single Sign-On from local path: | ||||
| | Variable | Description | Example | | ||||
| |:---------|:------------|:---------| | ||||
| |`rhsso_zip_file_local_path` | Full local path of Red Hat Single Sign-On zip file  | `tmp/rhsso/rh-sso-7.5-server-dist.zip` | | ||||
| |`keycloak_zip_file_local_path` | Full local path of Keycloak zip file  | `/tmp/keycloak/keycloak-16.1.0.zip` | | ||||
| |`zip_file_local_path` | Full local path of upstream(Keycloak) or Red Hat Single Sign-On zip file on Ansible control plane | `tmp/rhsso/rh-sso-7.5-server-dist.zip` | | ||||
| 
 | ||||
| The following variable can be used to install Red Hat Single Sign-On from source via url, auth support is not added right now. | ||||
| | Variable | Description | Default | | ||||
| | Variable | Description | Example | | ||||
| |:---------|:------------|:---------| | ||||
| |`rhsso_source_download_url` | URL to download Red Hat Single Sign-On zip file from | `http://localhost:8081/nexus/rhsso/rh-sso-7.5-server-dist.zip` | | ||||
| |`rhsso_source_download_url` | URL to download Red Hat Single Sign-On zip file from source | `http://localhost:8081/nexus/rhsso/rh-sso-7.5-server-dist.zip` | | ||||
| 
 | ||||
| Dependencies | ||||
| ------------ | ||||
| @ -104,7 +104,7 @@ The following is an example playbook that makes use of the role to install keycl | ||||
|             keycloak_admin_password: "changeme" | ||||
| ``` | ||||
| 
 | ||||
| The following is an example playbook that makes use of the role to install keycloak from local path | ||||
| The following is an example playbook that makes use of the role to install keycloak from local path on Ansible node | ||||
| 
 | ||||
| ```yaml | ||||
| --- | ||||
| @ -117,14 +117,14 @@ The following is an example playbook that makes use of the role to install keycl | ||||
|             name: keycloak | ||||
|           vars: | ||||
|             keycloak_admin_password: "changeme" | ||||
|             keycloak_zip_file_local_path: "/tmp/keycloak/keycloak-16.1.0.zip" # This should be local path of keycloak zip file | ||||
|             zip_file_local_path: "/tmp/keycloak/keycloak-16.1.0.zip"  # This should be local path on Ansible node of upstream(keycloak) zip file | ||||
| ``` | ||||
| 
 | ||||
| The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN | ||||
| 
 | ||||
| ```yaml | ||||
| --- | ||||
| - name: Playbook for Keycloak Hosts | ||||
| - name: Playbook for RHSSO | ||||
|   hosts: keycloak | ||||
|   collections: | ||||
|     - middleware_automation.redhat_csp_download | ||||
| @ -136,6 +136,7 @@ The following is an example playbook that makes use of the role to install Red H | ||||
|         name: keycloak | ||||
|       vars: | ||||
|         keycloak_admin_password: "changeme" | ||||
|         keycloak_rhsso_enable: True | ||||
| ``` | ||||
| 
 | ||||
| The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from source url | ||||
| @ -143,27 +144,33 @@ The following is an example playbook that makes use of the role to install Red H | ||||
| ```yaml | ||||
| --- | ||||
| - hosts: keycloak | ||||
|   collections: | ||||
|     - middleware_automation.keycloak | ||||
|   tasks: | ||||
|     - name: Keycloak Role | ||||
|       include_role: | ||||
|         name: keycloak | ||||
|       vars: | ||||
|         keycloak_admin_password: "changeme" | ||||
|         keycloak_rhsso_enable: True | ||||
|         rhsso_source_download_url: "<REPLACE with - Source download url>" # This should be the full of remote source rhsso zip file | ||||
| ``` | ||||
| 
 | ||||
| The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from local path | ||||
| The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from local path on Ansible node | ||||
| 
 | ||||
| ```yaml | ||||
| --- | ||||
| - hosts: keycloak | ||||
|   collections: | ||||
|     - middleware_automation.keycloak | ||||
|   tasks: | ||||
|     - name: Keycloak Role | ||||
|       include_role: | ||||
|         name: keycloak | ||||
|       vars: | ||||
|         keycloak_admin_password: "changeme" | ||||
|         rhsso_zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip" # This should be local path of rhsso zip file | ||||
|         keycloak_rhsso_enable: True | ||||
|         zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip"  # This should be local path on Ansible node of rhsso zip file | ||||
| ``` | ||||
| 
 | ||||
| License | ||||
|  | ||||
| @ -6,7 +6,7 @@ keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version | ||||
| keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" | ||||
| 
 | ||||
| ### Configuration specific to Red Hat Single Sing-On | ||||
| keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined  or rhsso_source_download_url is defined else False }}" | ||||
| keycloak_rhsso_enable: False | ||||
| keycloak_rhsso_version: 7.5 | ||||
| keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip | ||||
| keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}" | ||||
| @ -15,7 +15,7 @@ keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/soft | ||||
| ### Install location and service settings | ||||
| jvm_package: java-1.8.0-openjdk-devel | ||||
| keycloak_dest: /opt/keycloak | ||||
| keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined else keycloak_installdir }}" | ||||
| keycloak_jboss_home: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}" | ||||
| keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration" | ||||
| 
 | ||||
| keycloak_config_standalone_xml: "keycloak.xml" | ||||
|  | ||||
| @ -2,11 +2,13 @@ | ||||
| - assert: | ||||
|     that: | ||||
|       - zipfile_dest is defined | ||||
|       - (rhn_username is defined and rhn_password is defined and rhn_id_file is defined) or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined | ||||
|       - keycloak_rhsso_enable | ||||
|     quiet: true | ||||
| 
 | ||||
| - set_fact: | ||||
|     rhn_download_url: "{{ keycloak_rhsso_base_url }}{{ rhn_id_file }}" | ||||
|     rhn_download_url: "{{ keycloak_rhsso_base_url }}{{ rhsso_rhn_id }}" | ||||
|   when: | ||||
|     - rhsso_rhn_id is defined | ||||
| 
 | ||||
| - name: "Check zipfile dest directory {{ zipfile_dest }}" | ||||
|   stat: | ||||
| @ -24,6 +26,8 @@ | ||||
|     - archive_path is defined | ||||
|     - archive_path.stat is defined | ||||
|     - not archive_path.stat.exists | ||||
|     - rhn_username is defined | ||||
|     - rhn_password is defined | ||||
|     - rhsso_rhn_id is defined | ||||
| 
 | ||||
| - name: "Copy zipfile from source like Nexus etc : {{ rhsso_source_download_url }}" | ||||
| @ -39,9 +43,9 @@ | ||||
|     - not archive_path.stat.exists | ||||
|     - rhsso_source_download_url is defined | ||||
| 
 | ||||
| - name: "Copy zipfile from local source: {{ rhsso_zip_file_local_path }}" | ||||
| - name: "Copy zipfile from local source: {{ zip_file_local_path }}" | ||||
|   ansible.builtin.copy: | ||||
|     src: "{{ rhsso_zip_file_local_path }}" | ||||
|     src: "{{ zip_file_local_path }}" | ||||
|     dest: "{{ zipfile_dest }}" | ||||
|     owner: "{{ keycloak_service_user }}" | ||||
|     group: "{{ keycloak_service_group }}" | ||||
| @ -50,7 +54,7 @@ | ||||
|     - archive_path is defined | ||||
|     - archive_path.stat is defined | ||||
|     - not archive_path.stat.exists | ||||
|     - rhsso_zip_file_local_path is defined | ||||
|     - zip_file_local_path is defined | ||||
|      | ||||
| - name: "Check zipfile dest directory {{ zipfile_dest }}" | ||||
|   stat: | ||||
| @ -74,11 +74,11 @@ | ||||
|         - archive_path is defined | ||||
|         - archive_path.stat is defined | ||||
|         - not archive_path.stat.exists | ||||
|         - not keycloak_zip_file_local_path is defined | ||||
|         - not keycloak_rhsso_enable and not zip_file_local_path is defined | ||||
| 
 | ||||
|     - name: "Copy zipfile from local source: {{ keycloak_zip_file_local_path }}" | ||||
|     - name: "Copy zipfile from local source: {{ zip_file_local_path }}" | ||||
|       ansible.builtin.copy: | ||||
|         src: "{{ keycloak_zip_file_local_path }}" | ||||
|         src: "{{ zip_file_local_path }}" | ||||
|         dest: "{{ keycloak_dest }}" | ||||
|         owner: "{{ keycloak_service_user }}" | ||||
|         group: "{{ keycloak_service_group }}" | ||||
| @ -87,7 +87,7 @@ | ||||
|         - archive_path is defined | ||||
|         - archive_path.stat is defined | ||||
|         - not archive_path.stat.exists | ||||
|         - keycloak_zip_file_local_path is defined | ||||
|         - not keycloak_rhsso_enable and zip_file_local_path is defined | ||||
| 
 | ||||
|     - name: extract Keycloak archive on target | ||||
|       unarchive: | ||||
| @ -105,9 +105,9 @@ | ||||
| - block: | ||||
|     - assert: | ||||
|         that: | ||||
|           - rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined | ||||
|           - rhsso_rhn_id is defined or zip_file_local_path is defined | ||||
|         quiet: true | ||||
|         fail_msg: "Can't install RHSSO without either RHN ID or RHSSO zip file local path" | ||||
|         fail_msg: "Can't install RHSSO without either RHN ID or RHSSO zip file located on Ansible node" | ||||
| 
 | ||||
|     - name: create download directory | ||||
|       file: | ||||
| @ -117,9 +117,8 @@ | ||||
|         group: "{{ keycloak_service_group }}" | ||||
|         mode: 0750 | ||||
| 
 | ||||
|     - include_tasks: download_from_rhn.yml | ||||
|     - include_tasks: get_rhsso.yml | ||||
|       vars: | ||||
|         rhn_id_file: "{{ rhsso_rhn_id | default(None) }}" | ||||
|         zipfile_dest: "{{ keycloak_dest }}/{{ keycloak_rhsso_archive }}" | ||||
|         work_dir: "{{ keycloak_dest }}" | ||||
|         target_dir: "{{ keycloak_jboss_home }}" | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 root
						root