address review reqs

2025-04-11 13:20:29 -07:00 · 2024-05-15 15:58:21 +02:00 · 2024-05-15 15:58:21 +02:00 · c22389c86f
commit c22389c86f
parent 2d573c2b62
6 changed files with 26 additions and 11 deletions
--- a/roles/keycloak_quarkus/README.md
+++ b/roles/keycloak_quarkus/README.md
@ -101,6 +101,9 @@ Role Defaults
 |`keycloak_quarkus_systemd_wait_for_log` | Whether systemd unit should wait for service to be up in logs | `false` |
 |`keycloak_quarkus_systemd_wait_for_timeout`| How long to wait for service to be alive (seconds) | `60` |
 |`keycloak_quarkus_systemd_wait_for_delay`| Activation delay for service systemd unit (seconds) | `10` |
+|`keycloak_quarkus_restart_strategy`| Strategy task file for restarting in HA (one of provided restart/['serial.yml','none.yml','serial_then_parallel.yml']) or path to file when providing custom strategy | `restart/serial.yml` |
+|`keycloak_quarkus_restart_health_check`| Whether to wait for successful health check after restart | `{{ keycloak_quarkus_ha_enabled }}` |
+|`keycloak_quarkus_restart_pause`| Seconds to wait between restarts in HA strategy | `15` |


 #### Hostname configuration
--- a/roles/keycloak_quarkus/defaults/main.yml
+++ b/roles/keycloak_quarkus/defaults/main.yml
@ -154,7 +154,7 @@ keycloak_quarkus_providers: []
 keycloak_quarkus_policies: []
 keycloak_quarkus_supported_policy_types: ['password-blacklists']

-# files in restart directory (one of [ 'serial', 'none', 'verify_first' ]), or path to file when providing custom strategy
+# files in restart directory (one of [ 'serial', 'none', 'serial_then_parallel' ]), or path to file when providing custom strategy
 keycloak_quarkus_restart_strategy: restart/serial.yml
 keycloak_quarkus_restart_health_check: "{{ keycloak_quarkus_ha_enabled }}"
 keycloak_quarkus_restart_pause: 15
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@ -433,12 +433,12 @@ argument_specs:
                type: "bool"
            keycloak_quarkus_restart_health_check:
                default: "{{ keycloak_quarkus_ha_enabled }}"
-                description: "Whether to wait on successful health check after restart"
+                description: "Whether to wait for successful health check after restart"
                type: "bool"
            keycloak_quarkus_restart_strategy:
                description: >
-                  Strategy task file for restarting in HA, one of [ 'serial', 'none', 'verify_first' ] below, or path to
-                  file when providing custom strategy
+                  Strategy task file for restarting in HA, one of restart/[ 'serial', 'none', 'serial_then_parallel' ].yml, or path to
+                  file when providing custom strategy; when keycloak_quarkus_ha_enabled and keycloak_quarkus_restart_health_check == true
                default: "restart/serial.yml"
                type: "str"
            keycloak_quarkus_restart_pause:
--- a/roles/keycloak_quarkus/tasks/restart.yml
+++ b/roles/keycloak_quarkus/tasks/restart.yml
@ -15,3 +15,9 @@
  retries: 25
  delay: 10
  when: keycloak_quarkus_restart_health_check
+
+- name: Pause to give distributed ispn caches time to (re-)replicate back onto first host
+  ansible.builtin.pause:
+    seconds: "{{ keycloak_quarkus_restart_pause }}"
+  when:
+    - keycloak_quarkus_ha_enabled
--- a/roles/keycloak_quarkus/tasks/restart/serial.yml
+++ b/roles/keycloak_quarkus/tasks/restart/serial.yml
@ -3,6 +3,9 @@
  throttle: 1
  loop: "{{ ansible_play_hosts }}"
  block:
-    - name: "Restart and enable {{ keycloak.service_name }} service on first host"
-      ansible.builtin.include_tasks: ../restart.yml
-      delegate_to: "{{ item }}"
+    - name: "Restart and enable {{ keycloak.service_name }} service on {{ item }}"
+      ansible.builtin.include_tasks:
+        file: ../restart.yml
+        apply:
+          delegate_to: "{{ item }}"
+          run_once: true
--- a/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml
+++ b/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml
@ -1,5 +1,5 @@
 ---
- name: Verify first restarted service with health URL, then rest in parallel
+- name: Verify first restarted service with health URL, then rest restart in parallel
  block:
    - name: "Restart and enable {{ keycloak.service_name }} service on first host"
      ansible.builtin.systemd:
@ -28,7 +28,10 @@
        - keycloak_quarkus_ha_enabled

    - name: "Restart and enable {{ keycloak.service_name }} service on other hosts"
-      ansible.builtin.include_tasks: ../restart.yml
-      delegate_to: "{{ item }}"
-      loop: "{{ ansible_play_hosts }}"
+      ansible.builtin.systemd:
+        name: "{{ keycloak.service_name }}"
+        enabled: true
+        state: restarted
+        daemon_reload: true
+      become: true
      when: inventory_hostname != ansible_play_hosts | first