From 1dd579a6d1b52f64179140d842194fc07fd683b4 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Sat, 10 Jun 2023 16:31:19 +0200 Subject: [PATCH 1/4] Allow to override jgroups subnet --- roles/keycloak/README.md | 2 +- roles/keycloak/defaults/main.yml | 1 + roles/keycloak/meta/argument_specs.yml | 4 ++++ roles/keycloak/templates/standalone-ha.xml.j2 | 4 +++- roles/keycloak/templates/standalone-infinispan.xml.j2 | 4 +++- 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index ef6cc01..f25420f 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -165,7 +165,7 @@ The following variables are _optional_: |:---------|:------------| |`keycloak_db_valid_conn_sql` | Override the default database connection validation query sql | |`keycloak_admin_url` | Override the default administration endpoint URL | - +|`keycloak_jgroups_subnet`| Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration | Example Playbook ----------------- diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index d0137a8..da98d24 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -42,6 +42,7 @@ keycloak_http_port: 8080 keycloak_https_port: 8443 keycloak_ajp_port: 8009 keycloak_jgroups_port: 7600 +keycloak_jgroups_subnet: keycloak_management_port_bind_address: 127.0.0.1 keycloak_management_http_port: 9990 keycloak_management_https_port: 9993 diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 8e05939..5392cfc 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -347,6 +347,10 @@ argument_specs: required: False description: "Override the default administration endpoint URL" type: "str" + keycloak_jgroups_subnet: + required: False + description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration" + type: "str" downstream: options: sso_version: diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2 index f108d2d..f3ca185 100644 --- a/roles/keycloak/templates/standalone-ha.xml.j2 +++ b/roles/keycloak/templates/standalone-ha.xml.j2 @@ -662,7 +662,9 @@ -{% if ansible_default_ipv4 is defined %} +{% keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} + +{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %} diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index 0d052ed..304b0fd 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -700,7 +700,9 @@ -{% if ansible_default_ipv4 is defined %} +{% keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} + +{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %} From 8f697f6a536c5253a9bd6a62720b12181f711b05 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Sat, 10 Jun 2023 16:45:13 +0200 Subject: [PATCH 2/4] Bump to 1.2.7 --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index d6ed1ac..f69fa39 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,7 +1,7 @@ --- namespace: middleware_automation name: keycloak -version: "1.2.6" +version: "1.2.7" readme: README.md authors: - Romain Pelisse From 14e7b402b792cb5e12ad5cb9cbd4948f4649c542 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Sat, 10 Jun 2023 18:37:58 +0200 Subject: [PATCH 3/4] fix typo in templates --- roles/keycloak/templates/standalone-ha.xml.j2 | 2 +- roles/keycloak/templates/standalone-infinispan.xml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2 index f3ca185..226da6e 100644 --- a/roles/keycloak/templates/standalone-ha.xml.j2 +++ b/roles/keycloak/templates/standalone-ha.xml.j2 @@ -662,7 +662,7 @@ -{% keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index 304b0fd..f7df743 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -700,7 +700,7 @@ -{% keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} From 7ec695ee15e2df488528fda5062d79213a7d469e Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Sat, 10 Jun 2023 19:26:46 +0200 Subject: [PATCH 4/4] Fix wrong task message --- roles/keycloak/tasks/install.yml | 2 +- roles/keycloak/templates/standalone-ha.xml.j2 | 4 ++-- roles/keycloak/templates/standalone-infinispan.xml.j2 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index b3294f4..581db9f 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -239,7 +239,7 @@ loop: "{{ ansible_play_batch }}" when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING' -- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak.config_template_source }}" +- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" become: yes ansible.builtin.template: src: templates/standalone-ha.xml.j2 diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2 index 226da6e..893ec0d 100644 --- a/roles/keycloak/templates/standalone-ha.xml.j2 +++ b/roles/keycloak/templates/standalone-ha.xml.j2 @@ -662,8 +662,8 @@ -{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} - +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | string | length > 0 %} + {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %} diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index f7df743..a030de0 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -700,8 +700,8 @@ -{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} - +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | string | length > 0 %} + {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %}