--- ## check remote patch archive - name: Set download patch archive path ansible.builtin.set_fact: patch_archive: "{{ keycloak_dest }}/{{ sso_patch_bundle }}" - name: Check download patch archive path ansible.builtin.stat: path: "{{ patch_archive }}" register: patch_archive_path - name: Perform download from RHN middleware_automation.redhat_csp_download.redhat_csp_download: url: "{{ keycloak_rhn_url }}{{ sso_rhn_ids[keycloak_version].latest_cp.id }}" dest: "{{ local_path.stat.path }}/{{ sso_patch_bundle }}" username: "{{ rhn_username }}" password: "{{ rhn_password }}" no_log: "{{ omit_rhn_output | default(true) }}" delegate_to: localhost when: - patch_archive_path is defined - patch_archive_path.stat is defined - not patch_archive_path.stat.exists - sso_enable is defined and sso_enable - not keycloak_offline_install ## copy and unpack - name: Copy patch archive to target nodes ansible.builtin.copy: src: "{{ local_path.stat.path }}/{{ sso_patch_bundle }}" dest: "{{ patch_archive }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" mode: 0640 register: new_version_downloaded when: - not patch_archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists become: yes - name: "Check installed patches" ansible.builtin.include_tasks: rhsso_cli.yml vars: query: "patch info" - name: "Perform patching" when: - cli_result is defined - cli_result.stdout is defined - sso_rhn_ids[keycloak_version].latest_cp.v not in cli_result.stdout block: - name: "Apply patch {{ sso_rhn_ids[keycloak_version].latest_cp.v }} to server" ansible.builtin.include_tasks: rhsso_cli.yml vars: query: "patch apply {{ patch_archive }}" - name: "Restart server to ensure patch content is running" ansible.builtin.include_tasks: rhsso_cli.yml vars: query: "shutdown --restart" when: - cli_result.rc == 0 - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" ansible.builtin.uri: url: "{{ keycloak.health_url }}" register: keycloak_status until: keycloak_status.status == 200 retries: 25 delay: 10 - name: "Query installed patch after restart" ansible.builtin.include_tasks: rhsso_cli.yml vars: query: "patch info" - name: "Verify installed patch version" ansible.builtin.assert: that: - sso_rhn_ids[keycloak_version].latest_cp.v not in cli_result.stdout fail_msg: "Patch installation failed" success_msg: "Patch installation successful" - name: "Skipping patch" ansible.builtin.debug: msg: "Latest cumulative patch {{ sso_rhn_ids[keycloak_version].latest_cp.v }} already installed, skipping patch installation."