From 6e9a17bbf5ff32502e2f482cb446171baa55989d Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Wed, 8 Mar 2023 09:23:34 +0100
Subject: [PATCH 1/3] initial tcpping support

---
 roles/keycloak/README.md                         |  1 +
 roles/keycloak/defaults/main.yml                 |  2 ++
 roles/keycloak/meta/argument_specs.yml           |  4 ++++
 roles/keycloak/tasks/install.yml                 | 13 +++++++++++++
 .../templates/standalone-infinispan.xml.j2       | 16 +++++++++++++++-
 5 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
index 53b8969..06f9b47 100644
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -50,6 +50,7 @@ Role Defaults
 | Variable | Description | Default |
 |:---------|:------------|:---------|
 |`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
+|`keycloak_ha_discovery`| Discovery protocol for HA cluster members | `JDBC_PING` if keycloak_db_enabled else `TCPPING` |
 |`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` |
 |`keycloak_admin_user`| Administration console user account | `admin` |
 |`keycloak_bind_address`| Address for binding service ports | `0.0.0.0` |
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 06320a1..3cfe827 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -46,6 +46,8 @@ keycloak_prefer_ipv4: True
 keycloak_ha_enabled: False
 ### Enable database configuration, must be enabled when HA is configured
 keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}"
+### Discovery protocol for ha cluster members, valus [ 'JDBC_PING', 'TCPPING' ]
+keycloak_ha_discovery: "{{ 'JDBC_PING' if keycloak_db_enabled else 'TCPPING' }}"
 
 ### Keycloak administration console user
 keycloak_admin_user: admin
diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml
index 1f6f10f..382bf70 100644
--- a/roles/keycloak/meta/argument_specs.yml
+++ b/roles/keycloak/meta/argument_specs.yml
@@ -148,6 +148,10 @@ argument_specs:
                 default: false
                 description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
                 type: "bool"
+            keycloak_ha_discovery:
+                default: "{{ 'JDBC_PING' if keycloak_db_enabled else 'TCPPING' }}"
+                description: "Discovery protocol for HA cluster members"
+                type: "str"
             keycloak_db_enabled:
                 # line 48 of keycloak/defaults/main.yml
                 default: "{{ True if keycloak_ha_enabled else False }}"
diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml
index e60e0aa..7c3d44b 100644
--- a/roles/keycloak/tasks/install.yml
+++ b/roles/keycloak/tasks/install.yml
@@ -187,6 +187,19 @@
     - restart keycloak
   when: not keycloak_remotecache.enabled or keycloak_config_override_template | length > 0
 
+- name: Create cluster node list
+  ansible.builtin.set_fact:
+    keycloak_cluster_nodes: >
+      {{ keycloak_cluster_nodes | default([]) + [
+        {
+          "name": item,
+          "address": 'jgroups-' + item,
+          "inventory_host": hostvars[item].ansible_default_ipv4.address | default(item) + '[' + keycloak_jgroups_port + ']',
+          "value": hostvars[item].ansible_default_ipv4.address | default(item)
+        }
+      ] }}
+     loop: "{{ ansible_play_batch }}"
+
 - name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
   become: yes
   ansible.builtin.template:
diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2
index 91eefa8..e326924 100644
--- a/roles/keycloak/templates/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/standalone-infinispan.xml.j2
@@ -488,7 +488,7 @@
             <stacks>
                 <stack name="tcp">
                     <transport site="${jboss.node.name}" type="TCP" socket-binding="jgroups-tcp"/>
-{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
+{% if keycloak_ha_discovery == 'JDBC_PING' and keycloak_jdbc[keycloak_jdbc_engine].enabled %}
                     <protocol type="JDBC_PING">
                         <property name="datasource_jndi_name">java:jboss/datasources/KeycloakDS</property>
                         <property name="initialize_sql">{{ keycloak_jdbc[keycloak_jdbc_engine].initialize_db }}</property>
@@ -496,6 +496,13 @@
                         <property name="delete_single_sql">DELETE FROM JGROUPSPING WHERE own_addr=? AND cluster_name=?</property>
                         <property name="select_all_pingdata_sql">SELECT ping_data FROM JGROUPSPING WHERE cluster_name=?</property>
                     </protocol>
+{% elif keycloak_ha_discovery == 'TCPPING' %}
+                    <protocol type="TCPPING">
+                        <property name="initial_hosts">{{ keycloak_cluster_nodes | map(attribute='inventory_host') | join (',') }}</property>
+                        <property name="port_range">0</property>
+                        <property name="timeout">3000</property>
+                        <property name="num_initial_members">2</property>
+                    </protocol>
 {% endif %}
                     <protocol type="MERGE3"/>
                     <protocol type="FD_SOCK"/>
@@ -710,6 +717,13 @@
             <remote-destination host="{{ modcluster.host }}" port="{{ modcluster.port }}"/>
         </outbound-socket-binding>
 {% endfor %}
+{% endif %}
+{% if keycloak_ha_discovery == 'TCPPING' %}
+{% for node in keycloak_cluster_nodes %}
+        <outbound-socket-binding name="jgroups_{{ node.address }}">
+            <remote-destination host="{{ node.value }}" port="{{ keycloak_jgroups_port }}"/>
+        </outbound-socket-binding>
+{% endfor %}
 {% endif %}
         <outbound-socket-binding name="remote-cache">
             <remote-destination host="{{ keycloak_remotecache.server_name | default('localhost') }}" port="${remote.cache.port:11222}"/>

From a7c9304c6862b0b7028825afe9ec3746c1f6fe8d Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Wed, 8 Mar 2023 11:06:01 +0100
Subject: [PATCH 2/3] fix typo

---
 roles/keycloak/tasks/install.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml
index 7c3d44b..a0b3102 100644
--- a/roles/keycloak/tasks/install.yml
+++ b/roles/keycloak/tasks/install.yml
@@ -198,7 +198,7 @@
           "value": hostvars[item].ansible_default_ipv4.address | default(item)
         }
       ] }}
-     loop: "{{ ansible_play_batch }}"
+    loop: "{{ ansible_play_batch }}"
 
 - name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
   become: yes

From 68bcff36f694f5af4237f146b91148b89e6d886d Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Wed, 8 Mar 2023 14:59:55 +0100
Subject: [PATCH 3/3] only try to create cluster node list when tcpping is
 selected

---
 roles/keycloak/tasks/install.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml
index a0b3102..35054ec 100644
--- a/roles/keycloak/tasks/install.yml
+++ b/roles/keycloak/tasks/install.yml
@@ -187,7 +187,7 @@
     - restart keycloak
   when: not keycloak_remotecache.enabled or keycloak_config_override_template | length > 0
 
-- name: Create cluster node list
+- name: Create tcpping cluster node list
   ansible.builtin.set_fact:
     keycloak_cluster_nodes: >
       {{ keycloak_cluster_nodes | default([]) + [
@@ -199,6 +199,7 @@
         }
       ] }}
     loop: "{{ ansible_play_batch }}"
+  when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING'
 
 - name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
   become: yes