downstream: add rhbk bits

2025-04-06 02:40:30 -07:00 · 2023-12-05 20:28:24 +01:00 · 2023-12-05 20:28:24 +01:00 · 89944a6cd1
commit 89944a6cd1
parent 33e6d428b5
3 changed files with 92 additions and 1 deletions
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@ -292,3 +292,53 @@ argument_specs:
                default: true
                type: "bool"
                description: "Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless proxy verifies the Host header."
+    downstream:
+        options:
+            rhbk_version:
+                default: "22.0.6"
+                description: "Red Hat Build of Keycloak version"
+                type: "str"
+            rhbk_archive:
+                default: "rhbk-{{ rhbk_version }}.zip"
+                description: "Red Hat Build of Keycloak install archive filename"
+                type: "str"
+            rhbk_dest:
+                default: "/opt/rhbk"
+                description: "Root installation directory"
+                type: "str"
+            rhbk_installdir:
+                default: "{{ rhbk_dest }}/rhbk-{{ rhbk_version.split('.')[0] }}.{{ rhbk_version.split('.')[1] }}"
+                description: "Installation path for Red Hat Build of Keycloak"
+                type: "str"
+            rhbk_apply_patches:
+                default: false
+                description: "Install Red Hat Build of Keycloak most recent cumulative patch"
+                type: "bool"
+            rhbk_enable:
+                default: true
+                description: "Enable Red Hat Build of Keycloak installation"
+                type: "str"
+            rhbk_offline_install:
+                default: false
+                description: "Perform an offline install"
+                type: "bool"
+            rhbk_service_name:
+                default: "rhbk"
+                description: "systemd service name for Red Hat Build of Keycloak"
+                type: "str"
+            rhbk_service_desc:
+                default: "Red Hat Build of Keycloak"
+                description: "systemd description for Red Hat Build of Keycloak"
+                type: "str"
+            rhbk_patch_version:
+                required: false
+                description: "Red Hat Build of Keycloak latest cumulative patch version to apply; defaults to latest version when rhbk_apply_patches is True"
+                type: "str"
+            rhbk_patch_bundle:
+                default: "rhbk-{{ rhbk_patch_version | default('[0-9]+[.][0-9]+[.][0-9]+') }}-patch.zip"
+                description: "Red Hat Build of Keycloak patch archive filename"
+                type: "str"
+            rhbk_product_category:
+                default: "rhbk"
+                description: "JBossNetwork API category for Red Hat Build of Keycloak"
+                type: "str"
--- a/roles/keycloak_quarkus/meta/main.yml
+++ b/roles/keycloak_quarkus/meta/main.yml
@ -24,3 +24,4 @@ galaxy_info:
    - authentication
    - identity
    - security
+    - rhbk
--- a/roles/keycloak_quarkus/tasks/install.yml
+++ b/roles/keycloak_quarkus/tasks/install.yml
@ -57,11 +57,51 @@
    dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
    mode: 0640
  delegate_to: localhost
+  run_once: true
  when:
    - archive_path is defined
    - archive_path.stat is defined
    - not archive_path.stat.exists
    - not keycloak.offline_install
+    - not rhbk_enable is defined or not rhbk_enable
+
+- name: Perform download from RHN using JBoss Network API
+  delegate_to: localhost
+  run_once: true
+  when:
+    - archive_path is defined
+    - archive_path.stat is defined
+    - not archive_path.stat.exists
+    - rhbk_enable is defined and rhbk_enable
+    - not keycloak.offline_install
+  block:
+    - name: Retrieve product download using JBoss Network API
+      middleware_automation.common.product_search:
+        client_id: "{{ rhn_username }}"
+        client_secret: "{{ rhn_password }}"
+        product_type: DISTRIBUTION
+        product_version: "{{ rhbk_version }}"
+        product_category: "{{ rhbk_product_category }}"
+      register: rhn_products
+      no_log: "{{ omit_rhn_output | default(true) }}"
+      delegate_to: localhost
+      run_once: true
+
+    - name: Determine install zipfile from search results
+      ansible.builtin.set_fact:
+        rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + rhbk_archive + '$') }}"
+      delegate_to: localhost
+      run_once: true
+
+    - name: Download Red Hat Build of Keycloak
+      middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user
+        client_id: "{{ rhn_username }}"
+        client_secret: "{{ rhn_password }}"
+        product_id: "{{ (rhn_filtered_products | first).id }}"
+        dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+      no_log: "{{ omit_rhn_output | default(true) }}"
+      delegate_to: localhost
+      run_once: true

 - name: Check downloaded archive
  ansible.builtin.stat:
@ -76,7 +116,7 @@
    dest: "{{ archive }}"
    owner: "{{ keycloak.service_user }}"
    group: "{{ keycloak.service_group }}"
-    mode: 0750
+    mode: 0640
  register: new_version_downloaded
  when:
    - not archive_path.stat.exists