Replace yum with apt for Debian support

.ansible-lint

@@ -26,6 +26,7 @@ warn_list:
   - jinja[spacing]
   - jinja[invalid]
   - meta-no-tags
+  - name[template]
 
 skip_list:
   - vars_should_not_be_used

roles/keycloak/README.md

@@ -52,6 +52,7 @@ Role Defaults
 |`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` |
 |`keycloak_admin_user`| Administration console user account | `admin` |
 |`keycloak_bind_address`| Address for binding service ports | `0.0.0.0` |
+|`keycloak_management_port_bind_address`| Address for binding management ports | `127.0.0.1` |
 |`keycloak_host`| hostname | `localhost` |
 |`keycloak_http_port`| HTTP port | `8080` |
 |`keycloak_https_port`| TLS HTTP port | `8443` |

roles/keycloak/defaults/main.yml

@@ -8,7 +8,7 @@ keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
 keycloak_offline_install: False
 
 ### Install location and service settings
-keycloak_jvm_package: java-1.8.0-openjdk-headless
+keycloak_jvm_package: openjdk-17-jdk-headless
 keycloak_java_home:
 keycloak_dest: /opt/keycloak
 keycloak_jboss_home: "{{ keycloak_installdir }}"
@@ -34,6 +34,7 @@ keycloak_http_port: 8080
 keycloak_https_port: 8443
 keycloak_ajp_port: 8009
 keycloak_jgroups_port: 7600
+keycloak_management_port_bind_address: 127.0.0.1
 keycloak_management_http_port: 9990
 keycloak_management_https_port: 9993
 keycloak_java_opts: "-Xms1024m -Xmx2048m"

roles/keycloak/meta/argument_specs.yml

@@ -94,6 +94,10 @@ argument_specs:
                 default: "0.0.0.0"
                 description: "Address for binding service ports"
                 type: "str"
+            keycloak_management_port_bind_address:
+                default: "127.0.0.1"
+                description: "Address for binding the managemnt ports"
+                type: "str"
             keycloak_host:
                 # line 35 of keycloak/defaults/main.yml
                 default: "localhost"

roles/keycloak/tasks/fastpackages.yml

@@ -2,21 +2,21 @@
 - name: Check packages to be installed
   block:
   - name: "Check if packages are already installed"
-    ansible.builtin.command: "rpm -q {{ packages_list | join(' ') }}"
+    ansible.builtin.command: "dpkg -s {{ packages_list | join(' ') }}"
     args:
       warn: no
-    register: rpm_info
+    register: dpkg_info
-    changed_when: rpm_info.failed
+    changed_when: dpkg_info.failed
 
   rescue:
-    - name: "Add missing packages to the yum install list"
+    - name: "Add missing packages to the apt install list"
       ansible.builtin.set_fact:
-        packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | flatten }}"
+        packages_to_install: "{{ packages_to_install | default([]) + dpkg_info.stdout_lines | map('regex_findall', 'package (.+) is not installed and no information is available$') | flatten }}"
       when: rpm_info.failed
 
-- name: "Install packages: {{ packages_to_install }}"
+- name: Install packages
   become: yes
-  ansible.builtin.yum:
+  ansible.builtin.apt:
     name: "{{ packages_to_install }}"
     state: present
-  when: packages_to_install | default([]) | length > 0
+  when: packages_to_install | default([]) | length > 0

roles/keycloak/tasks/jdbc_driver.yml

@@ -18,7 +18,7 @@
     - not dest_path.stat.exists
 
 - name: "Retrieve JDBC Driver from {{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}"
-  ansible.builtin.uri:
+  ansible.builtin.get_url:
     url: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}"
     dest: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
     group: "{{ keycloak_service_group }}"

roles/keycloak/tasks/restart_keycloak.yml

@@ -5,3 +5,23 @@
     enabled: yes
     state: restarted
   become: yes
+  delegate_to: "{{ ansible_play_hosts | first }}"
+  run_once: True
+
+- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
+  ansible.builtin.uri:
+    url: "{{ keycloak.health_url }}"
+  register: keycloak_status
+  until: keycloak_status.status == 200
+  delegate_to: "{{ ansible_play_hosts | first }}"
+  run_once: True
+  retries: 25
+  delay: 10
+
+- name: "Restart and enable {{ keycloak.service_name }} service"
+  ansible.builtin.systemd:
+    name: keycloak
+    enabled: yes
+    state: restarted
+  become: yes
+  when: inventory_hostname != ansible_play_hosts | first

roles/keycloak/templates/standalone-infinispan.xml.j2

@@ -724,7 +724,7 @@
     </profile>
     <interfaces>
         <interface name="management">
-            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
+            <inet-address value="{{ keycloak_management_port_bind_address }}"/>
         </interface>
         <interface name="jgroups">
 {% if ansible_default_ipv4 is defined %}
@@ -734,7 +734,7 @@
 {% endif %}
         </interface>
         <interface name="public">
-            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
+            <inet-address value="{{ keycloak_bind_address }}"/>
         </interface>
     </interfaces>
     <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

roles/keycloak/templates/standalone.xml.j2

@@ -632,10 +632,10 @@
     </profile>
     <interfaces>
         <interface name="management">
-            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
+            <inet-address value="{{ keycloak_management_port_bind_address }}"/>
         </interface>
         <interface name="public">
-            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
+            <inet-address value="{{ keycloak_bind_address }}"/>
         </interface>
     </interfaces>
     <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">