From 19f1750a33c5460d06ad2ace0a5f415113a11e1f Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Thu, 25 May 2023 11:47:19 +0200 Subject: [PATCH] Add db pool validation configuration --- roles/keycloak/README.md | 18 ++++++++++++++---- roles/keycloak/defaults/main.yml | 6 ++++++ roles/keycloak/meta/argument_specs.yml | 16 ++++++++++++++++ roles/keycloak/templates/standalone-ha.xml.j2 | 6 ++++++ .../templates/standalone-infinispan.xml.j2 | 6 ++++++ roles/keycloak/templates/standalone.xml.j2 | 6 ++++++ roles/keycloak/vars/main.yml | 3 +++ 7 files changed, 57 insertions(+), 4 deletions(-) diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 5c882cc..19f0ed9 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -111,6 +111,11 @@ Role Defaults |`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port }}` | |`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port }}` | |`keycloak_frontend_url_force` | Force backend requests to use the frontend URL | `False` | +|`keycloak_db_background_validation` | Enable background validation of database connection | `False` | +|`keycloak_db_background_validation_millis`| How frequenly the connection pool is validated in the background | `10000` if background validation enabled | +|`keycloak_db_background_validate_on_match` Enable validate on match for database connections | `False` | +|`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` | + Role Variables -------------- @@ -123,7 +128,7 @@ The following are a set of _required_ variables for the role: |`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` | -The following variables are _required_ only when `keycloak_ha_enabled` is True: +The following parameters are _required_ only when `keycloak_ha_enabled` is True: | Variable | Description | Default | |:---------|:------------|:--------| @@ -141,7 +146,7 @@ The following variables are _required_ only when `keycloak_ha_enabled` is True: |`keycloak_infinispan_trust_store_password`| Password for opening truststore | `changeit` | -The following variables are _required_ only when `keycloak_db_enabled` is True: +The following parameters are _required_ only when `keycloak_db_enabled` is True: | Variable | Description | Default | |:---------|:------------|:---------| @@ -151,6 +156,13 @@ The following variables are _required_ only when `keycloak_db_enabled` is True: |`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` | +The following variables are _optional_: + +| Variable | Description | +|:---------|:------------| +|`keycloak_db_valid_conn_sql` | Override the default database connection validation query sql | + + Example Playbook ----------------- @@ -161,8 +173,6 @@ Example Playbook - hosts: ... vars: keycloak_admin_password: "remembertochangeme" - collections: - - middleware_automation.keycloak roles: - middleware_automation.keycloak.keycloak ``` diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index 025a815..68e473b 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -89,6 +89,12 @@ keycloak_jdbc_engine: postgres ### database backend credentials keycloak_db_user: keycloak-user keycloak_db_pass: keycloak-pass +## connection validation +keycloak_db_background_validation: False +keycloak_db_background_validation_millis: "{{ 10000 if keycloak_db_background_validation else 0 }}" +keycloak_db_background_validate_on_match: False +# variable to override database connection validation query +keycloak_db_valid_conn_sql: keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}" keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}" # override the variables above, following defaults show minimum supported versions diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 3a7572a..9441fff 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -318,6 +318,22 @@ argument_specs: default: "{{ True if keycloak_ha_enabled else False }}" description: "Enable remote cache store when in clustered ha configurations" type: "bool" + keycloak_db_background_validation: + default: False + description: "Enable background validation of database connection" + type: "bool" + keycloak_db_background_validation_millis: + default: "{{ 10000 if keycloak_db_background_validation else 0 }}" + description: "How frequenly the connection pool is validated in the background" + type: 'int' + keycloak_db_background_validate_on_match: + default: False + description: "Enable validate on match for database connections" + type: "bool" + keycloak_db_valid_conn_sql: + required: False + description: "Override the default database connection validation query sql" + type: "str" downstream: options: sso_version: diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2 index 14a6e3a..ca9f4f9 100644 --- a/roles/keycloak/templates/standalone-ha.xml.j2 +++ b/roles/keycloak/templates/standalone-ha.xml.j2 @@ -136,6 +136,12 @@ {{ keycloak_jdbc[keycloak_jdbc_engine].db_user }} {{ keycloak_jdbc[keycloak_jdbc_engine].db_password }} + + {{ keycloak_jdbc[keycloak_jdbc_engine].validate_query }} + {{ keycloak_db_background_validate_on_match }} + {{ keycloak_db_background_validation }} + {{ keycloak_db_background_validation_millis }} + {% else %} jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE h2 diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index 5f0ea5b..ba75cd2 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -136,6 +136,12 @@ {{ keycloak_jdbc[keycloak_jdbc_engine].db_user }} {{ keycloak_jdbc[keycloak_jdbc_engine].db_password }} + + {{ keycloak_jdbc[keycloak_jdbc_engine].validate_query }} + {{ keycloak_db_background_validate_on_match }} + {{ keycloak_db_background_validation }} + {{ keycloak_db_background_validation_millis }} + {% else %} jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE h2 diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2 index 6ba9efd..4f538d0 100644 --- a/roles/keycloak/templates/standalone.xml.j2 +++ b/roles/keycloak/templates/standalone.xml.j2 @@ -123,6 +123,12 @@ {{ keycloak_jdbc[keycloak_jdbc_engine].db_user }} {{ keycloak_jdbc[keycloak_jdbc_engine].db_password }} + + {{ keycloak_jdbc[keycloak_jdbc_engine].validate_query }} + {{ keycloak_db_background_validate_on_match }} + {{ keycloak_db_background_validation }} + {{ keycloak_db_background_validation_millis }} + {% else %} jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE h2 diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml index cffbac3..993e841 100644 --- a/roles/keycloak/vars/main.yml +++ b/roles/keycloak/vars/main.yml @@ -29,6 +29,7 @@ keycloak_jdbc: connection_url: "{{ keycloak_jdbc_url }}" db_user: "{{ keycloak_db_user }}" db_password: "{{ keycloak_db_pass }}" + validate_query: "{{ keycloak_db_valid_conn_sql | default('select 1') }}" initialize_db: > CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, @@ -48,6 +49,7 @@ keycloak_jdbc: connection_url: "{{ keycloak_jdbc_url }}" db_user: "{{ keycloak_db_user }}" db_password: "{{ keycloak_db_pass }}" + validate_query: "{{ keycloak_db_valid_conn_sql | default('select 1') }}" initialize_db: > CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, @@ -68,6 +70,7 @@ keycloak_jdbc: connection_url: "{{ keycloak_jdbc_url }}" db_user: "{{ keycloak_db_user }}" db_password: "{{ keycloak_db_pass }}" + validate_query: "{{ keycloak_db_valid_conn_sql | default('select 1') }}" initialize_db: > IF NOT EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[JGROUPSPING]') AND type in (N'U')) BEGIN