Load envvars in kc rebuild

molecule/quarkus/converge.yml

@@ -23,6 +23,9 @@
     keycloak_quarkus_systemd_wait_for_delay: 2
     keycloak_quarkus_systemd_wait_for_log: true
     keycloak_quarkus_restart_health_check: false # would fail because of self-signed cert
+    keycloak_quarkus_additional_env_vars:
+      - key: KC_FEATURES_DISABLED
+        value: impersonation,kerberos
     keycloak_quarkus_providers:
       - id: http-client
         spi: connections

roles/keycloak_quarkus/tasks/rebuild_config.yml

@@ -2,9 +2,6 @@
 # cf. https://www.keycloak.org/server/configuration#_optimize_the_keycloak_startup
 - name: "Rebuild {{ keycloak.service_name }} config"
   ansible.builtin.shell: | # noqa blocked_modules shell is necessary here
-    {{ keycloak.home }}/bin/kc.sh build
-  environment:
-    PATH: "{{ keycloak_quarkus_java_home | default(keycloak_quarkus_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-    JAVA_HOME: "{{ keycloak_quarkus_java_home | default(keycloak_quarkus_pkg_java_home, true) }}"
+    env -i bash -c "set -a ; source {{ keycloak_quarkus_sysconf_file }} ; {{ keycloak.home }}/bin/kc.sh build "
   become: true
   changed_when: true

roles/keycloak_quarkus/tasks/systemd.yml

@@ -22,4 +22,5 @@
   become: true
   register: systemdunit
   notify:
+    - rebuild keycloak config
     - restart keycloak

roles/keycloak_quarkus/templates/keycloak-sysconfig.j2

@@ -7,7 +7,7 @@ KC_BOOTSTRAP_ADMIN_PASSWORD='{{ keycloak_quarkus_bootstrap_admin_password }}'
 {% endif %}
 PATH={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 JAVA_HOME={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}
-JAVA_OPTS={{ keycloak_quarkus_java_opts }}
+JAVA_OPTS='{{ keycloak_quarkus_java_opts }}'
 
 # Custom ENV variables
 {% for env in keycloak_quarkus_additional_env_vars %}