From 623db426e0ebfea43724dcb136a67766740c2f30 Mon Sep 17 00:00:00 2001 From: Helmut Wolf Date: Wed, 31 May 2023 16:41:57 +0200 Subject: [PATCH] Keycloak: add feature enabling/disabling --- roles/keycloak/README.md | 1 + roles/keycloak/defaults/main.yml | 2 ++ roles/keycloak/meta/argument_specs.yml | 9 +++++++-- roles/keycloak/tasks/install.yml | 12 ++++++++++++ .../templates/keycloak-profile.properties.j2 | 3 +++ roles/keycloak/vars/main.yml | 1 + 6 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 roles/keycloak/templates/keycloak-profile.properties.j2 diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 3fc8a61..adbc4cd 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -77,6 +77,7 @@ Role Defaults |`keycloak_service_startlimitburst`| systemd StartLimitBurst | `5` if `keycloak_service_restart_on_failure` else `` | |`keycloak_service_restartsec`| systemd RestartSec | `10s` if `keycloak_service_restart_on_failure` else `` | |`keycloak_service_pidfile`| pid file path for service | `/run/keycloak.pid` | +|`keycloak_features` | List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]` | `[]` |`keycloak_jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-headless` | |`keycloak_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path | `None` | |`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` | diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index aa52d74..78b626d 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -16,6 +16,7 @@ keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration" keycloak_config_standalone_xml: "keycloak.xml" keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}" keycloak_config_override_template: '' +keycloak_config_path_to_properties: "{{ keycloak_jboss_home }}/standalone/configuration/profile.properties" keycloak_service_user: keycloak keycloak_service_group: keycloak keycloak_service_pidfile: "/run/keycloak.pid" @@ -45,6 +46,7 @@ keycloak_management_http_port: 9990 keycloak_management_https_port: 9993 keycloak_java_opts: "-Xms1024m -Xmx2048m" keycloak_prefer_ipv4: True +keycloak_features: [] ### Enable configuration for database backend, clustering and remote caches on infinispan keycloak_ha_enabled: False diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 0dc4cb3..1c03cbd 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -89,6 +89,11 @@ argument_specs: default: "/run/keycloak.pid" description: "PID file path for service" type: "str" + keycloak_features: + # line 17 of keycloak/defaults/main.yml + default: "[]" + description: "List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]`" + type: "list" keycloak_bind_address: # line 34 of keycloak/defaults/main.yml default: "0.0.0.0" @@ -96,7 +101,7 @@ argument_specs: type: "str" keycloak_management_port_bind_address: default: "127.0.0.1" - description: "Address for binding the managemnt ports" + description: "Address for binding the management ports" type: "str" keycloak_host: # line 35 of keycloak/defaults/main.yml @@ -318,7 +323,7 @@ argument_specs: default: "{{ True if keycloak_ha_enabled else False }}" description: "Enable remote cache store when in clustered ha configurations" type: "bool" - keycloak_db_background_validation: + keycloak_db_background_validation: default: False description: "Enable background validation of database connection" type: "bool" diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index f9c9028..b3294f4 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -268,3 +268,15 @@ - keycloak_ha_enabled - keycloak_remote_cache_enabled - keycloak_config_override_template | length == 0 + +- name: "Deploy profile.properties file to {{ keycloak_config_path_to_properties }}" + become: yes + ansible.builtin.template: + src: keycloak-profile.properties.j2 + dest: "{{ keycloak_config_path_to_properties }}" + owner: "{{ keycloak_service_user }}" + group: "{{ keycloak_service_group }}" + mode: 0640 + notify: + - restart keycloak + when: keycloak_features | length > 0 diff --git a/roles/keycloak/templates/keycloak-profile.properties.j2 b/roles/keycloak/templates/keycloak-profile.properties.j2 new file mode 100644 index 0000000..c618dc2 --- /dev/null +++ b/roles/keycloak/templates/keycloak-profile.properties.j2 @@ -0,0 +1,3 @@ +{% for feature in keycloak.features %} +feature.{{ feature.name }}={{ feature.status | default('enabled') }} +{% endfor %} \ No newline at end of file diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml index 638ed3d..4798545 100644 --- a/roles/keycloak/vars/main.yml +++ b/roles/keycloak/vars/main.yml @@ -14,6 +14,7 @@ keycloak: health_url: "{{ keycloak_management_url }}/health" cli_path: "{{ keycloak_jboss_home }}/bin/jboss-cli.sh" config_template_source: "{{ keycloak_config_override_template if keycloak_config_override_template | length > 0 else 'standalone-ha.xml.j2' if keycloak_remote_cache_enabled else 'standalone.xml.j2' }}" + features: "{{ keycloak_features }}" # database keycloak_jdbc: