From e530ccdc31883d73643d99e2599abc234e3133e9 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Wed, 8 Mar 2023 15:58:09 +0100 Subject: [PATCH 1/6] Replace metadata --- galaxy.yml | 2 +- molecule/requirements.yml | 3 +-- playbooks/rhsso.yml | 7 +++---- requirements.yml | 3 +-- 4 files changed, 6 insertions(+), 9 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index 29d1d00..3eec4c8 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -22,7 +22,7 @@ tags: - authentication - java dependencies: - "middleware_automation.redhat_csp_download": ">=1.2.1" + "middleware_automation.common": ">=1.0.0" "ansible.posix": ">=1.4.0" repository: https://github.com/ansible-middleware/keycloak documentation: https://ansible-middleware.github.io/keycloak diff --git a/molecule/requirements.yml b/molecule/requirements.yml index 0aed172..2e0ae56 100644 --- a/molecule/requirements.yml +++ b/molecule/requirements.yml @@ -1,7 +1,6 @@ --- collections: - - name: middleware_automation.redhat_csp_download - version: ">=1.2.1" + - name: middleware_automation.common - name: community.general - name: ansible.posix - name: community.docker diff --git a/playbooks/rhsso.yml b/playbooks/rhsso.yml index c8dbc44..25e4bae 100644 --- a/playbooks/rhsso.yml +++ b/playbooks/rhsso.yml @@ -1,9 +1,8 @@ --- -- name: Playbook for Keycloak Hosts - hosts: keycloak +- name: Playbook for Red Hat SSO Hosts + hosts: sso vars: keycloak_admin_password: "remembertochangeme" sso_enable: True roles: - - middleware_automation.redhat_csp_download.redhat_csp_download - - middleware_automation.keycloak.keycloak + - redhat.sso.sso diff --git a/requirements.yml b/requirements.yml index dae1d95..3f6feef 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,5 +1,4 @@ --- collections: - - name: middleware_automation.redhat_csp_download - version: ">=1.2.1" + - name: middleware_automation.common - name: ansible.posix From ccf773057b5e7ab50bf229b6d12cb130f8ee7c94 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Wed, 8 Mar 2023 15:58:25 +0100 Subject: [PATCH 2/6] Replace main download --- roles/keycloak/README.md | 7 ++++- roles/keycloak/meta/argument_specs.yml | 22 +++----------- roles/keycloak/meta/main.yml | 3 +- roles/keycloak/tasks/install.yml | 42 ++++++++++++++++++++------ roles/keycloak_realm/meta/main.yml | 1 - 5 files changed, 46 insertions(+), 29 deletions(-) diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 06f9b47..5aadcb9 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -19,7 +19,12 @@ Dependencies The roles depends on: -* the `redhat_csp_download` role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection if Red Hat Single Sign-on zip have to be downloaded from RHN. +* [middleware_automation.common](https://github.com/ansible-middleware/common) +* [ansible-posix](https://docs.ansible.com/ansible/latest/collections/ansible/posix/index.html) + +To install all the dependencies via galaxy: + + ansible-galaxy collection install -r requirements.yml Versions diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 382bf70..8601d1e 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -300,10 +300,6 @@ argument_specs: default: "7.6.0" description: "Red Hat Single Sign-On version" type: "str" - sso_rhn_id: - default: "104539" - description: "Customer Portal product ID for Red Hat SSO" - type: "str" sso_archive: default: "rh-sso-{{ sso_version }}-server-dist.zip" description: "Red Hat SSO install archive filename" @@ -316,14 +312,6 @@ argument_specs: default: "{{ sso_dest }}/rh-sso-{{ sso_version.split('.')[0] }}.{{ sso_version.split('.')[1] }}" description: "Installation path for Red Hat SSO" type: "str" - sso_rhn_url: - default: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=' - description: "Base download URI for customer portal" - type: "str" - sso_download_url: - default: "{{ sso_rhn_url }}{{ sso_rhn_id }}" - description: "Full download URI for Red Hat SSO" - type: "str" sso_apply_patches: default: False description: "Install Red Hat SSO most recent cumulative patch" @@ -333,7 +321,7 @@ argument_specs: description: "Enable Red Hat Single Sign-on installation" type: "str" sso_offline_install: - default: True + default: False description: "Perform an offline install" type: "bool" sso_service_name: @@ -352,7 +340,7 @@ argument_specs: default: "rh-sso-{{ sso_patch_version }}-patch.zip" description: "Red Hat SSO patch archive filename" type: "str" - sso_patch_rhn_id: - default: "104867" - description: "Customer Portal product ID for Red Hat SSO latest cumulative patch" - type: "str" + sso_product_category: + default: "core.service.rhsso" + description: "JBossNetwork API category for Single Sign-On" + type: "str" diff --git a/roles/keycloak/meta/main.yml b/roles/keycloak/meta/main.yml index fce67b7..5816039 100644 --- a/roles/keycloak/meta/main.yml +++ b/roles/keycloak/meta/main.yml @@ -1,6 +1,7 @@ --- collections: - - middleware_automation.redhat_csp_download + - middleware_automation.common + - ansible.posix galaxy_info: role_name: keycloak diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 35054ec..c4d72f4 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -77,6 +77,7 @@ dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" mode: 0644 delegate_to: localhost + run_once: yes when: - archive_path is defined - archive_path.stat is defined @@ -84,21 +85,43 @@ - not sso_enable is defined or not sso_enable - not keycloak_offline_install -- name: Perform download from RHN - middleware_automation.redhat_csp_download.redhat_csp_download: - url: "{{ keycloak_rhsso_download_url }}" - dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" - username: "{{ rhn_username }}" - password: "{{ rhn_password }}" - no_log: "{{ omit_rhn_output | default(true) }}" +- name: Perform download from RHN using JBoss Network API delegate_to: localhost + run_once: yes when: - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists - sso_enable is defined and sso_enable - not keycloak_offline_install - - keycloak_rhn_url in keycloak_download_url + block: + - name: Retrieve product download using JBoss Network API + middleware_automation.common.product_search: + client_id: "{{ rhn_username }}" + client_secret: "{{ rhn_password }}" + product_type: DISTRIBUTION + product_version: "{{ sso_version }}" + product_category: "{{ sso_product_category }}" + register: rhn_products + no_log: "{{ omit_rhn_output | default(true) }}" + delegate_to: localhost + run_once: yes + + - name: Determine install zipfile from search results + ansible.builtin.set_fact: + rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/{{ sso_archive }}$') }}" + delegate_to: localhost + run_once: yes + + - name: Download Red Hat Single Sign-On + middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user + client_id: "{{ rhn_username }}" + client_secret: "{{ rhn_password }}" + product_id: "{{ (rhn_filtered_products | first).id }}" + dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + no_log: "{{ omit_rhn_output | default(true) }}" + delegate_to: localhost + run_once: yes - name: Download rhsso archive from alternate location ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user @@ -106,13 +129,14 @@ dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" mode: 0644 delegate_to: localhost + run_once: yes when: - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists - sso_enable is defined and sso_enable - not keycloak_offline_install - - not keycloak_rhn_url in keycloak_download_url + - keycloak_rhsso_download_url is defined - name: Check downloaded archive ansible.builtin.stat: diff --git a/roles/keycloak_realm/meta/main.yml b/roles/keycloak_realm/meta/main.yml index 4ce1b73..5dd7a21 100644 --- a/roles/keycloak_realm/meta/main.yml +++ b/roles/keycloak_realm/meta/main.yml @@ -19,5 +19,4 @@ galaxy_info: - keycloak - redhat - rhel - - rhn - sso From 527d3eb2641531bb96756f071ad7fc5192aa7573 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Wed, 8 Mar 2023 16:02:54 +0100 Subject: [PATCH 3/6] Fix typo --- roles/keycloak/meta/argument_specs.yml | 6 +++--- roles/keycloak/tasks/install.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 8601d1e..a464bc9 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -333,11 +333,11 @@ argument_specs: description: "systemd description for Red Hat Single Sign-On" type: "str" sso_patch_version: - default: "7.6.1" - description: "Red Hat Single Sign-On latest cumulative patch version" + required: False + description: "Red Hat Single Sign-On latest cumulative patch version to apply; default to latest version when sso_apply_patches is True" type: "str" sso_patch_bundle: - default: "rh-sso-{{ sso_patch_version }}-patch.zip" + default: "rh-sso-{{ sso_patch_version | default('') }}-patch.zip" description: "Red Hat SSO patch archive filename" type: "str" sso_product_category: diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index c4d72f4..5973e9a 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -109,7 +109,7 @@ - name: Determine install zipfile from search results ansible.builtin.set_fact: - rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/{{ sso_archive }}$') }}" + rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + sso_archive + '$') }}"  delegate_to: localhost  run_once: yes  From d15324c1c8c1aed4eecbc7e28021b8d484f29062 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Wed, 8 Mar 2023 17:00:38 +0100 Subject: [PATCH 4/6] fix indent typo --- roles/keycloak/tasks/install.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 5973e9a..e7283e7 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -98,10 +98,10 @@ - name: Retrieve product download using JBoss Network API middleware_automation.common.product_search: client_id: "{{ rhn_username }}" - client_secret: "{{ rhn_password }}" - product_type: DISTRIBUTION + client_secret: "{{ rhn_password }}" + product_type: DISTRIBUTION product_version: "{{ sso_version }}" - product_category: "{{ sso_product_category }}" + product_category: "{{ sso_product_category }}" register: rhn_products no_log: "{{ omit_rhn_output | default(true) }}" delegate_to: localhost @@ -110,18 +110,18 @@ - name: Determine install zipfile from search results ansible.builtin.set_fact: rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + sso_archive + '$') }}" - delegate_to: localhost - run_once: yes - + delegate_to: localhost + run_once: yes + - name: Download Red Hat Single Sign-On middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user - client_id: "{{ rhn_username }}" - client_secret: "{{ rhn_password }}" - product_id: "{{ (rhn_filtered_products | first).id }}" - dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" - no_log: "{{ omit_rhn_output | default(true) }}" - delegate_to: localhost - run_once: yes + client_id: "{{ rhn_username }}" + client_secret: "{{ rhn_password }}" + product_id: "{{ (rhn_filtered_products | first).id }}" + dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + no_log: "{{ omit_rhn_output | default(true) }}" + delegate_to: localhost + run_once: yes - name: Download rhsso archive from alternate location ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user From ce18c91b67156768d1a75033acb2df287b297e5e Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Wed, 8 Mar 2023 17:32:32 +0100 Subject: [PATCH 5/6] revert downstream playbook rename --- playbooks/rhsso.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/rhsso.yml b/playbooks/rhsso.yml index 25e4bae..ea67158 100644 --- a/playbooks/rhsso.yml +++ b/playbooks/rhsso.yml @@ -5,4 +5,4 @@ keycloak_admin_password: "remembertochangeme" sso_enable: True roles: - - redhat.sso.sso + - middleware_automation.keycloak.keycloak From 7c9cc7ce366ba9ff2b5b74f3721e8a0756788e7e Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Wed, 8 Mar 2023 17:40:03 +0100 Subject: [PATCH 6/6] remove non-printing chars from arg_specs --- roles/keycloak/meta/argument_specs.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index a464bc9..6693c30 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -341,6 +341,6 @@ argument_specs: description: "Red Hat SSO patch archive filename" type: "str" sso_product_category: - default: "core.service.rhsso" - description: "JBossNetwork API category for Single Sign-On" - type: "str" + default: "core.service.rhsso" + description: "JBossNetwork API category for Single Sign-On" + type: "str"