ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-06 10:50:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

#158: support for TCPPING

Browse source
This commit is contained in:
Helmut Wolf 2024-01-22 09:28:00 +01:00
parent 63f83d7744
commit 4adab64dc0
7 changed files with 37 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
roles/keycloak_quarkus/README.md
View file

@ -19,6 +19,7 @@ Role Defaults
| Variable | Description | Default | | Variable | Description | Default |
|:---------|:------------|:--------| |:---------|:------------|:--------|
|`keycloak_quarkus_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` | |`keycloak_quarkus_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
|`keycloak_quarkus_ha_discovery`| Discovery protocol for HA cluster members | `TCPPING` |
|`keycloak_quarkus_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_quarkus_ha_enabled` is True, else `False` | |`keycloak_quarkus_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_quarkus_ha_enabled` is True, else `False` |
|`keycloak_quarkus_admin_user`| Administration console user account | `admin` | |`keycloak_quarkus_admin_user`| Administration console user account | `admin` |
|`keycloak_quarkus_bind_address`| Address for binding service ports | `0.0.0.0` | |`keycloak_quarkus_bind_address`| Address for binding service ports | `0.0.0.0` |
@ -28,7 +29,7 @@ Role Defaults
|`keycloak_quarkus_http_port`| HTTP listening port | `8080` | |`keycloak_quarkus_http_port`| HTTP listening port | `8080` |
|`keycloak_quarkus_https_port`| TLS HTTP listening port | `8443` | |`keycloak_quarkus_https_port`| TLS HTTP listening port | `8443` |
|`keycloak_quarkus_ajp_port`| AJP port | `8009` | |`keycloak_quarkus_ajp_port`| AJP port | `8009` |
|`keycloak_quarkus_jgroups_port`| jgroups cluster tcp port | `7600` | |`keycloak_quarkus_jgroups_port`| jgroups cluster tcp port | `7800` |
|`keycloak_quarkus_service_user`| Posix account username | `keycloak` | |`keycloak_quarkus_service_user`| Posix account username | `keycloak` |
|`keycloak_quarkus_service_group`| Posix account group | `keycloak` | |`keycloak_quarkus_service_group`| Posix account group | `keycloak` |
|`keycloak_quarkus_service_restart_always`| systemd restart always behavior activation | `False` | |`keycloak_quarkus_service_restart_always`| systemd restart always behavior activation | `False` |

3
roles/keycloak_quarkus/defaults/main.yml
View file

@ -37,7 +37,7 @@ keycloak_quarkus_http_enabled: true
keycloak_quarkus_http_port: 8080 keycloak_quarkus_http_port: 8080
keycloak_quarkus_https_port: 8443 keycloak_quarkus_https_port: 8443
keycloak_quarkus_ajp_port: 8009 keycloak_quarkus_ajp_port: 8009
keycloak_quarkus_jgroups_port: 7600 keycloak_quarkus_jgroups_port: 7800
keycloak_quarkus_java_opts: "-Xms1024m -Xmx2048m" keycloak_quarkus_java_opts: "-Xms1024m -Xmx2048m"
### TLS/HTTPS configuration ### TLS/HTTPS configuration
@ -55,6 +55,7 @@ keycloak_quarkus_trust_store_password: ''
### Enable configuration for database backend, clustering and remote caches on infinispan ### Enable configuration for database backend, clustering and remote caches on infinispan
keycloak_quarkus_ha_enabled: false keycloak_quarkus_ha_enabled: false
keycloak_quarkus_ha_discovery: "TCPPING"
### Enable database configuration, must be enabled when HA is configured ### Enable database configuration, must be enabled when HA is configured
keycloak_quarkus_db_enabled: "{{ True if keycloak_quarkus_ha_enabled else False }}" keycloak_quarkus_db_enabled: "{{ True if keycloak_quarkus_ha_enabled else False }}"

4
roles/keycloak_quarkus/handlers/main.yml
View file

@ -1,4 +1,8 @@
--- ---
# handler should be invoked anytime a [build configuration](https://www.keycloak.org/server/all-config?f=build) changes
- name: "Rebuild {{ keycloak.service_name }} config"
ansible.builtin.include_tasks: rebuild_config.yml
listen: "rebuild keycloak config"
- name: "Restart {{ keycloak.service_name }}" - name: "Restart {{ keycloak.service_name }}"
ansible.builtin.include_tasks: restart.yml ansible.builtin.include_tasks: restart.yml
listen: "restart keycloak" listen: "restart keycloak"

6
roles/keycloak_quarkus/meta/argument_specs.yml
View file

@ -168,7 +168,7 @@ argument_specs:
type: "int" type: "int"
keycloak_quarkus_jgroups_port: keycloak_quarkus_jgroups_port:
# line 32 of defaults/main.yml # line 32 of defaults/main.yml
default: 7600 default: 7800
description: "jgroups cluster tcp port" description: "jgroups cluster tcp port"
type: "int" type: "int"
keycloak_quarkus_java_opts: keycloak_quarkus_java_opts:
@ -181,6 +181,10 @@ argument_specs:
default: false default: false
description: "Enable auto configuration for database backend, clustering and remote caches on infinispan" description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
type: "bool" type: "bool"
keycloak_quarkus_ha_discovery:
default: "TCPPING"
description: "Discovery protocol for HA cluster members"
type: "str"
keycloak_quarkus_db_enabled: keycloak_quarkus_db_enabled:
# line 38 of defaults/main.yml # line 38 of defaults/main.yml
default: "{{ True if keycloak_quarkus_ha_enabled else False }}" default: "{{ True if keycloak_quarkus_ha_enabled else False }}"

16
roles/keycloak_quarkus/tasks/main.yml
View file

@ -30,6 +30,7 @@
mode: 0644 mode: 0644
become: true become: true
notify: notify:
- rebuild keycloak config
- restart keycloak - restart keycloak
- name: "Configure quarkus config for keycloak service" - name: "Configure quarkus config for keycloak service"
@ -43,6 +44,20 @@
notify: notify:
- restart keycloak - restart keycloak
- name: Create tcpping cluster node list
ansible.builtin.set_fact:
keycloak_quarkus_cluster_nodes: >
{{ keycloak_quarkus_cluster_nodes | default([]) + [
{
"name": item,
"address": 'jgroups-' + item,
"inventory_host": hostvars[item].ansible_default_ipv4.address | default(item) + '[' + (keycloak_quarkus_jgroups_port | string) + ']',
"value": hostvars[item].ansible_default_ipv4.address | default(item)
}
] }}
loop: "{{ ansible_play_batch }}"
when: keycloak_quarkus_ha_enabled and keycloak_quarkus_ha_discovery == 'TCPPING'
- name: "Configure infinispan config for keycloak service" - name: "Configure infinispan config for keycloak service"
ansible.builtin.template: ansible.builtin.template:
src: cache-ispn.xml src: cache-ispn.xml
@ -52,6 +67,7 @@
mode: 0644 mode: 0644
become: true become: true
notify: notify:
- rebuild keycloak config
- restart keycloak - restart keycloak
- name: Ensure logdirectory exists - name: Ensure logdirectory exists

7
roles/keycloak_quarkus/tasks/rebuild_config.yml Normal file
View file

@ -0,0 +1,7 @@
---
# cf. https://www.keycloak.org/server/configuration#_optimize_the_keycloak_startup
- name: "Rebuild {{ keycloak.service_name }} config"
ansible.builtin.shell: |
{{ keycloak.home }}/bin/kc.sh build
become: true
changed_when: true

2
roles/keycloak_quarkus/templates/keycloak.service.j2
View file

@ -10,7 +10,7 @@ PIDFile={{ keycloak_quarkus_service_pidfile }}
{% if keycloak_quarkus_start_dev %} {% if keycloak_quarkus_start_dev %}
ExecStart={{ keycloak.home }}/bin/kc.sh start-dev ExecStart={{ keycloak.home }}/bin/kc.sh start-dev
{% else %} {% else %}
ExecStart={{ keycloak.home }}/bin/kc.sh start --log={{ keycloak_quarkus_log }} ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized
{% endif %} {% endif %}
User={{ keycloak.service_user }} User={{ keycloak.service_user }}
Group={{ keycloak.service_group }} Group={{ keycloak.service_group }}