diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 06f9b47..5aadcb9 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -19,7 +19,12 @@ Dependencies The roles depends on: -* the `redhat_csp_download` role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection if Red Hat Single Sign-on zip have to be downloaded from RHN. +* [middleware_automation.common](https://github.com/ansible-middleware/common) +* [ansible-posix](https://docs.ansible.com/ansible/latest/collections/ansible/posix/index.html) + +To install all the dependencies via galaxy: + + ansible-galaxy collection install -r requirements.yml Versions diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 382bf70..8601d1e 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -300,10 +300,6 @@ argument_specs: default: "7.6.0" description: "Red Hat Single Sign-On version" type: "str" - sso_rhn_id: - default: "104539" - description: "Customer Portal product ID for Red Hat SSO" - type: "str" sso_archive: default: "rh-sso-{{ sso_version }}-server-dist.zip" description: "Red Hat SSO install archive filename" @@ -316,14 +312,6 @@ argument_specs: default: "{{ sso_dest }}/rh-sso-{{ sso_version.split('.')[0] }}.{{ sso_version.split('.')[1] }}" description: "Installation path for Red Hat SSO" type: "str" - sso_rhn_url: - default: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=' - description: "Base download URI for customer portal" - type: "str" - sso_download_url: - default: "{{ sso_rhn_url }}{{ sso_rhn_id }}" - description: "Full download URI for Red Hat SSO" - type: "str" sso_apply_patches: default: False description: "Install Red Hat SSO most recent cumulative patch" @@ -333,7 +321,7 @@ argument_specs: description: "Enable Red Hat Single Sign-on installation" type: "str" sso_offline_install: - default: True + default: False description: "Perform an offline install" type: "bool" sso_service_name: @@ -352,7 +340,7 @@ argument_specs: default: "rh-sso-{{ sso_patch_version }}-patch.zip" description: "Red Hat SSO patch archive filename" type: "str" - sso_patch_rhn_id: - default: "104867" - description: "Customer Portal product ID for Red Hat SSO latest cumulative patch" - type: "str" + sso_product_category: + default: "core.service.rhsso" + description: "JBossNetwork API category for Single Sign-On" + type: "str" diff --git a/roles/keycloak/meta/main.yml b/roles/keycloak/meta/main.yml index fce67b7..5816039 100644 --- a/roles/keycloak/meta/main.yml +++ b/roles/keycloak/meta/main.yml @@ -1,6 +1,7 @@ --- collections: - - middleware_automation.redhat_csp_download + - middleware_automation.common + - ansible.posix galaxy_info: role_name: keycloak diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 35054ec..c4d72f4 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -77,6 +77,7 @@ dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" mode: 0644 delegate_to: localhost + run_once: yes when: - archive_path is defined - archive_path.stat is defined @@ -84,21 +85,43 @@ - not sso_enable is defined or not sso_enable - not keycloak_offline_install -- name: Perform download from RHN - middleware_automation.redhat_csp_download.redhat_csp_download: - url: "{{ keycloak_rhsso_download_url }}" - dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" - username: "{{ rhn_username }}" - password: "{{ rhn_password }}" - no_log: "{{ omit_rhn_output | default(true) }}" +- name: Perform download from RHN using JBoss Network API delegate_to: localhost + run_once: yes when: - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists - sso_enable is defined and sso_enable - not keycloak_offline_install - - keycloak_rhn_url in keycloak_download_url + block: + - name: Retrieve product download using JBoss Network API + middleware_automation.common.product_search: + client_id: "{{ rhn_username }}" + client_secret: "{{ rhn_password }}" + product_type: DISTRIBUTION + product_version: "{{ sso_version }}" + product_category: "{{ sso_product_category }}" + register: rhn_products + no_log: "{{ omit_rhn_output | default(true) }}" + delegate_to: localhost + run_once: yes + + - name: Determine install zipfile from search results + ansible.builtin.set_fact: + rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/{{ sso_archive }}$') }}" + delegate_to: localhost + run_once: yes + + - name: Download Red Hat Single Sign-On + middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user + client_id: "{{ rhn_username }}" + client_secret: "{{ rhn_password }}" + product_id: "{{ (rhn_filtered_products | first).id }}" + dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + no_log: "{{ omit_rhn_output | default(true) }}" + delegate_to: localhost + run_once: yes - name: Download rhsso archive from alternate location ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user @@ -106,13 +129,14 @@ dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" mode: 0644 delegate_to: localhost + run_once: yes when: - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists - sso_enable is defined and sso_enable - not keycloak_offline_install - - not keycloak_rhn_url in keycloak_download_url + - keycloak_rhsso_download_url is defined - name: Check downloaded archive ansible.builtin.stat: diff --git a/roles/keycloak_realm/meta/main.yml b/roles/keycloak_realm/meta/main.yml index 4ce1b73..5dd7a21 100644 --- a/roles/keycloak_realm/meta/main.yml +++ b/roles/keycloak_realm/meta/main.yml @@ -19,5 +19,4 @@ galaxy_info: - keycloak - redhat - rhel - - rhn - sso