diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3764e8f..92b530f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,7 @@ jobs: - name: Install yamllint, ansible and molecule run: | python -m pip install --upgrade pip - pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous + pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint==6.17.0 voluptuous pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt - name: Create default collection path diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 620d281..566fc60 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -6,6 +6,15 @@ middleware_automation.keycloak Release Notes This changelog describes changes after version 0.2.6. +v1.2.7 +====== + +Minor Changes +------------- + +- Allow to override jgroups subnet `#93 `_ +- keycloak-quarkus: update keycloakx to v21.1.1 `#92 `_ + v1.2.6 ====== diff --git a/README.md b/README.md index 608d253..7c54a51 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,8 @@ [![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml) +If you are Red Hat customer, install `redhat.sso` from [Automation Hub](https://console.redhat.com/ansible/ansible-dashboard) as the certified version of this collection. + Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on). diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 203f4f2..b6e6bd1 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -247,3 +247,16 @@ releases: - 89.yaml - 90.yaml release_date: '2023-06-07' + 1.2.7: + changes: + minor_changes: + - 'Allow to override jgroups subnet `#93 `_ + + ' + - 'keycloak-quarkus: update keycloakx to v21.1.1 `#92 `_ + + ' + fragments: + - 92.yaml + - 93.yaml + release_date: '2023-06-19' diff --git a/galaxy.yml b/galaxy.yml index d6ed1ac..a2eeccb 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,7 +1,7 @@ --- namespace: middleware_automation name: keycloak -version: "1.2.6" +version: "1.2.8" readme: README.md authors: - Romain Pelisse diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 6f3b9c7..81dee05 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -34,6 +34,7 @@ provisioner: ansible_python_interpreter: "{{ ansible_playbook_python }}" env: ANSIBLE_FORCE_COLOR: "true" + ANSIBLE_VERBOSITY: 3 verifier: name: ansible scenario: diff --git a/molecule/quarkus/prepare.yml b/molecule/quarkus/prepare.yml index 4b85c14..f18574b 100644 --- a/molecule/quarkus/prepare.yml +++ b/molecule/quarkus/prepare.yml @@ -30,13 +30,13 @@ - name: Create conf directory # risky-file-permissions in test user account does not exist yet ansible.builtin.file: state: directory - path: /opt/keycloak/keycloak-18.0.0/conf/ + path: /opt/keycloak/keycloak-21.1.1/conf/ mode: 0755 - name: Copy certificates ansible.builtin.copy: src: "{{ item }}" - dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}" + dest: "/opt/keycloak/keycloak-21.1.1/conf/{{ item }}" mode: 0444 loop: - cert.pem diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index ef6cc01..f25420f 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -165,7 +165,7 @@ The following variables are _optional_: |:---------|:------------| |`keycloak_db_valid_conn_sql` | Override the default database connection validation query sql | |`keycloak_admin_url` | Override the default administration endpoint URL | - +|`keycloak_jgroups_subnet`| Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration | Example Playbook ----------------- diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index 4a1fda3..a139d92 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -42,6 +42,7 @@ keycloak_http_port: 8080 keycloak_https_port: 8443 keycloak_ajp_port: 8009 keycloak_jgroups_port: 7600 +keycloak_jgroups_subnet: keycloak_management_port_bind_address: 127.0.0.1 keycloak_management_http_port: 9990 keycloak_management_https_port: 9993 diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 8e05939..5392cfc 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -347,6 +347,10 @@ argument_specs: required: False description: "Override the default administration endpoint URL" type: "str" + keycloak_jgroups_subnet: + required: False + description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration" + type: "str" downstream: options: sso_version: diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index b3294f4..581db9f 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -239,7 +239,7 @@ loop: "{{ ansible_play_batch }}" when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING' -- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak.config_template_source }}" +- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" become: yes ansible.builtin.template: src: templates/standalone-ha.xml.j2 diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2 index f108d2d..98e26f6 100644 --- a/roles/keycloak/templates/standalone-ha.xml.j2 +++ b/roles/keycloak/templates/standalone-ha.xml.j2 @@ -662,7 +662,9 @@ -{% if ansible_default_ipv4 is defined %} +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet is not none and keycloak_jgroups_subnet | string | length > 0 %} + +{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %} diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index 0d052ed..38fbfec 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -700,7 +700,9 @@ -{% if ansible_default_ipv4 is defined %} +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet is not none and keycloak_jgroups_subnet | string | length > 0 %} + +{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %} diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md index ab98d4a..7460130 100644 --- a/roles/keycloak_quarkus/README.md +++ b/roles/keycloak_quarkus/README.md @@ -1,7 +1,7 @@ keycloak_quarkus ================ -Install [keycloak](https://keycloak.org/) >= 17.0.0 (quarkus) server configurations. +Install [keycloak](https://keycloak.org/) >= 21.1.1 (quarkus) server configurations. Role Defaults @@ -11,7 +11,7 @@ Role Defaults | Variable | Description | Default | |:---------|:------------|:--------| -|`keycloak_quarkus_version`| keycloak.org package version | `17.0.1` | +|`keycloak_quarkus_version`| keycloak.org package version | `21.1.1` | * Service configuration @@ -71,7 +71,7 @@ Role Defaults |:---------|:------------|:---------| |`keycloak_quarkus_offline_install` | Perform an offline install | `False`| |`keycloak_quarkus_download_url`| Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download//`| -|`keycloak_quarkus_version`| keycloak.org package version | `17.0.1` | +|`keycloak_quarkus_version`| keycloak.org package version | `21.1.1` | |`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` | |`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` | |`keycloak_quarkus_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `False` | diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index 371180e..063863f 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -1,6 +1,6 @@ --- ### Configuration specific to keycloak -keycloak_quarkus_version: 18.0.0 +keycloak_quarkus_version: 21.1.1 keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip" keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}" keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}" diff --git a/roles/keycloak_quarkus/templates/keycloak.service.j2 b/roles/keycloak_quarkus/templates/keycloak.service.j2 index 14e7542..f7ffc1c 100644 --- a/roles/keycloak_quarkus/templates/keycloak.service.j2 +++ b/roles/keycloak_quarkus/templates/keycloak.service.j2 @@ -10,7 +10,7 @@ PIDFile={{ keycloak_quarkus_service_pidfile }} {% if keycloak_quarkus_start_dev %} ExecStart={{ keycloak.home }}/bin/kc.sh start-dev {% else %} -ExecStart={{ keycloak.home }}/bin/kc.sh start --auto-build --log={{ keycloak_quarkus_log }} +ExecStart={{ keycloak.home }}/bin/kc.sh start --log={{ keycloak_quarkus_log }} {% endif %} User={{ keycloak.service_user }}