downstream: more updates to custom xml

2025-04-05 02:10:29 -07:00 · 2024-03-14 11:41:52 +01:00 · 2024-03-14 11:41:52 +01:00 · 1cecf51f37
commit 1cecf51f37
parent 0cea03dfc0
2 changed files with 27 additions and 3 deletions
--- a/molecule/overridexml/templates/custom.xml.j2
+++ b/molecule/overridexml/templates/custom.xml.j2
@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='UTF-8'?>
-{{ ansible_managed | comment('xml') }}
+<!-- this is a custom file -->
 <server xmlns="urn:jboss:domain:16.0">
    <extensions>
        <extension module="org.jboss.as.clustering.infinispan"/>
@ -481,7 +481,7 @@
                <default-provider>default</default-provider>
                <provider name="default" enabled="true">
                    <properties>
-                        <property name="frontendUrl" value="localhost"/>
+                        <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
                        <property name="forceBackendUrlToFrontendUrl" value="false"/>
                    </properties>
                </provider>
@ -520,7 +520,8 @@
        <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
            <buffer-cache name="default"/>
            <server name="default-server">
-                <http-listener name="default" socket-binding="http" />
+                <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
+                <https-listener name="https" socket-binding="https" ssl-context="applicationSSC" enable-http2="true"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <http-invoker http-authentication-factory="application-http-authentication"/>
@ -549,7 +550,9 @@
    </interfaces>
    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
        <socket-binding name="http" port="8081"/>
+        <socket-binding name="https" port="8443"/>
        <socket-binding name="management-http" interface="management" port="19990"/>
+        <socket-binding name="management-https" interface="management" port="19991"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>
        <outbound-socket-binding name="mail-smtp">
--- a/molecule/overridexml/verify.yml
+++ b/molecule/overridexml/verify.yml
@ -1,6 +1,10 @@
 ---
 - name: Verify
  hosts: all
+  vars:
+    keycloak_uri: "http://localhost:8081"
+    keycloak_management_port: "http://localhost:19990"
+    keycloak_admin_password: "remembertochangeme"
  tasks:
    - name: Populate service facts
      ansible.builtin.service_facts:
@ -9,3 +13,20 @@
        that:
          - ansible_facts.services["keycloak.service"]["state"] == "running"
          - ansible_facts.services["keycloak.service"]["status"] == "enabled"
+    - name: Verify we are running on requested jvm # noqa blocked_modules command-instead-of-module
+      ansible.builtin.shell: |
+        set -o pipefail
+        ps -ef | grep '/etc/alternatives/jre_1.8.0/' | grep -v grep
+      args:
+        executable: /bin/bash
+      changed_when: no
+    - name: Verify token api call
+      ansible.builtin.uri:
+        url: "{{ keycloak_uri }}/auth/realms/master/protocol/openid-connect/token"
+        method: POST
+        body: "client_id=admin-cli&username=admin&password={{ keycloak_admin_password }}&grant_type=password"
+        validate_certs: no
+      register: keycloak_auth_response
+      until: keycloak_auth_response.status == 200
+      retries: 2
+      delay: 2