misc: switch default keycloak_rhsso_apply_patches to false

2022-03-25 10:11:22 +01:00 · 2022-03-25 10:11:22 +01:00 · f736ad5632
commit f736ad5632
parent b0a11013fa
3 changed files with 15 additions and 16 deletions
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@ -34,7 +34,7 @@ Versions
 Patching
 --------
-When variable `keycloak_rhsso_apply_patches` is `True` (default: `True`), the role will automatically apply the latest cumulative patch for the selected base version.
+When variable `keycloak_rhsso_apply_patches` is `True` (default: `False`), the role will automatically apply the latest cumulative patch for the selected base version.
 | RH-SSO VERSION | Release Date      | RH-SSO LATEST CP | Notes           |
 |:---------------|:------------------|:-----------------|:----------------|
@ -79,7 +79,7 @@ Role Defaults
 |`keycloak_rhsso_download_url`| Download URL for RHSSO | `https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=<productID>`|
 |`keycloak_version`| keycloak.org package version | `15.0.2` |
 |`keycloak_rhsso_version`| RHSSO version | `7.5.0` |
-|`keycloak_rhsso_apply_patches`| Install RHSSO more recent cumulative patch | `True` |
+|`keycloak_rhsso_apply_patches`| Install RHSSO more recent cumulative patch | `False` |
 |`keycloak_dest`| Installation root path | `/opt/keycloak` |
 |`keycloak_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}` |
 |`keycloak_rhn_url` | Base download URI for customer portal | `https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=` |
@ -114,7 +114,7 @@ The following are a set of _required_ variables for the role:
 | Variable | Description |
 |:---------|:------------|
-|`keycloak_admin_password`| Password for the administration console user account |
+|`keycloak_admin_password`| Password for the administration console user account (minimum 12 characters) |
 |`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth` |
@ -154,14 +154,12 @@ _NOTE_: use ansible vaults or other security systems for storing credentials.
 ```yaml
 ---
 - hosts: ...
      vars:
        keycloak_admin_password: "remembertochangeme"
      collections:
        - middleware_automation.keycloak
-      tasks:
+      roles:
-        - name: Include keycloak role
+        - middleware_automation.keycloak.keycloak
          include_role:
            name: keycloak
          vars:
            keycloak_admin_password: "changeme"
 ```
 * The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN:
@ -179,7 +177,7 @@ _NOTE_: use ansible vaults or other security systems for storing credentials.
      include_role:
        name: keycloak
      vars:
-        keycloak_admin_password: "changeme"
+        keycloak_admin_password: "remembertochangeme"
        keycloak_rhsso_enable: True
        rhn_username: '<customer portal username>'
        rhn_password: '<customer portal password>'
@ -198,7 +196,7 @@ _NOTE_: use ansible vaults or other security systems for storing credentials.
          include_role:
            name: keycloak
          vars:
-            keycloak_admin_password: "changeme"
+            keycloak_admin_password: "remembertochangeme"
            keycloak_offline_install: True
            # This should be the filename of keycloak archive on Ansible node: keycloak-16.1.0.zip
 ```
@ -216,14 +214,14 @@ _NOTE_: use ansible vaults or other security systems for storing credentials.
      include_role:
        name: keycloak
      vars:
-        keycloak_admin_password: "changeme"
+        keycloak_admin_password: "remembertochangeme"
        keycloak_rhsso_enable: True
        keycloak_rhsso_download_url: "<REPLACE with download url>"
        # This should be the full of remote source rhsso zip file and can contain basic authentication credentials
 ```
-* The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from the controller node:
+* The following is an example playbook that makes use of the role to install Red Hat Single Sign-On offline from the controller node, and apply latest cumulative patch:
 ```yaml
 ---
@ -235,9 +233,10 @@ _NOTE_: use ansible vaults or other security systems for storing credentials.
      include_role:
        name: keycloak
      vars:
-        keycloak_admin_password: "changeme"
+        keycloak_admin_password: "remembertochangeme"
        keycloak_rhsso_enable: True
        keycloak_offline_install: True
        keycloak_rhsso_apply_patches: True
        # This should be the filename of rhsso zip file on Ansible node: rh-sso-7.5-server-dist.zip
 ```
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@ -13,7 +13,7 @@ keycloak_rhsso_archive: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip"
 keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}"
 keycloak_rhn_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId='
 keycloak_rhsso_download_url: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}"
-keycloak_rhsso_apply_patches: True
+keycloak_rhsso_apply_patches: False
 ### keycloak/rhsso choice: by default install rhsso if rhn credentials are defined
 keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}"
--- a/roles/keycloak/meta/argument_specs.yml
+++ b/roles/keycloak/meta/argument_specs.yml
@ -48,7 +48,7 @@ argument_specs:
                type: "str"
            keycloak_rhsso_apply_patches:
                # line 16 of keycloak/defaults/main.yml
-                default: true
+                default: false
                description: "Install RHSSO more recent cumulative patch"
                type: "bool"
            keycloak_rhsso_installdir: