diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 73d6b26..3588b86 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -34,7 +34,7 @@ Versions Patching -------- -When variable `keycloak_rhsso_apply_patches` is `True` (default: `True`), the role will automatically apply the latest cumulative patch for the selected base version. +When variable `keycloak_rhsso_apply_patches` is `True` (default: `False`), the role will automatically apply the latest cumulative patch for the selected base version. | RH-SSO VERSION | Release Date | RH-SSO LATEST CP | Notes | |:---------------|:------------------|:-----------------|:----------------| @@ -79,7 +79,7 @@ Role Defaults |`keycloak_rhsso_download_url`| Download URL for RHSSO | `https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=`| |`keycloak_version`| keycloak.org package version | `15.0.2` | |`keycloak_rhsso_version`| RHSSO version | `7.5.0` | -|`keycloak_rhsso_apply_patches`| Install RHSSO more recent cumulative patch | `True` | +|`keycloak_rhsso_apply_patches`| Install RHSSO more recent cumulative patch | `False` | |`keycloak_dest`| Installation root path | `/opt/keycloak` | |`keycloak_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}` | |`keycloak_rhn_url` | Base download URI for customer portal | `https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=` | @@ -114,7 +114,7 @@ The following are a set of _required_ variables for the role: | Variable | Description | |:---------|:------------| -|`keycloak_admin_password`| Password for the administration console user account | +|`keycloak_admin_password`| Password for the administration console user account (minimum 12 characters) | |`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth` | @@ -154,14 +154,12 @@ _NOTE_: use ansible vaults or other security systems for storing credentials. ```yaml --- - hosts: ... + vars: + keycloak_admin_password: "remembertochangeme" collections: - middleware_automation.keycloak - tasks: - - name: Include keycloak role - include_role: - name: keycloak - vars: - keycloak_admin_password: "changeme" + roles: + - middleware_automation.keycloak.keycloak ``` * The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN: @@ -179,7 +177,7 @@ _NOTE_: use ansible vaults or other security systems for storing credentials. include_role: name: keycloak vars: - keycloak_admin_password: "changeme" + keycloak_admin_password: "remembertochangeme" keycloak_rhsso_enable: True rhn_username: '' rhn_password: '' @@ -198,7 +196,7 @@ _NOTE_: use ansible vaults or other security systems for storing credentials. include_role: name: keycloak vars: - keycloak_admin_password: "changeme" + keycloak_admin_password: "remembertochangeme" keycloak_offline_install: True # This should be the filename of keycloak archive on Ansible node: keycloak-16.1.0.zip ``` @@ -216,14 +214,14 @@ _NOTE_: use ansible vaults or other security systems for storing credentials. include_role: name: keycloak vars: - keycloak_admin_password: "changeme" + keycloak_admin_password: "remembertochangeme" keycloak_rhsso_enable: True keycloak_rhsso_download_url: "" # This should be the full of remote source rhsso zip file and can contain basic authentication credentials ``` -* The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from the controller node: +* The following is an example playbook that makes use of the role to install Red Hat Single Sign-On offline from the controller node, and apply latest cumulative patch: ```yaml --- @@ -235,9 +233,10 @@ _NOTE_: use ansible vaults or other security systems for storing credentials. include_role: name: keycloak vars: - keycloak_admin_password: "changeme" + keycloak_admin_password: "remembertochangeme" keycloak_rhsso_enable: True keycloak_offline_install: True + keycloak_rhsso_apply_patches: True # This should be the filename of rhsso zip file on Ansible node: rh-sso-7.5-server-dist.zip ``` diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index cfa80fd..c9d8d29 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -13,7 +13,7 @@ keycloak_rhsso_archive: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip" keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}" keycloak_rhn_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=' keycloak_rhsso_download_url: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}" -keycloak_rhsso_apply_patches: True +keycloak_rhsso_apply_patches: False ### keycloak/rhsso choice: by default install rhsso if rhn credentials are defined keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}" diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index ba2ecdd..3c428c9 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -48,7 +48,7 @@ argument_specs: type: "str" keycloak_rhsso_apply_patches: # line 16 of keycloak/defaults/main.yml - default: true + default: false description: "Install RHSSO more recent cumulative patch" type: "bool" keycloak_rhsso_installdir: