From 18e60daa93496ffdfb65944155d9a42116d9e5d4 Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Sat, 10 Jun 2023 15:16:58 +0200 Subject: [PATCH 01/14] Update Keycloakx to v21.1.1 Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- roles/keycloak_quarkus/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index 371180e..063863f 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -1,6 +1,6 @@ --- ### Configuration specific to keycloak -keycloak_quarkus_version: 18.0.0 +keycloak_quarkus_version: 21.1.1 keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip" keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}" keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}" From 33404281942d0220cb44408b311dacf1442d98cb Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Sat, 10 Jun 2023 15:18:31 +0200 Subject: [PATCH 02/14] =?UTF-8?q?Remove=20the=20"--auto-build"=20flag=20?= =?UTF-8?q?=E2=80=93=20it's=20deprecated?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- roles/keycloak_quarkus/templates/keycloak.service.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/keycloak_quarkus/templates/keycloak.service.j2 b/roles/keycloak_quarkus/templates/keycloak.service.j2 index 14e7542..f7ffc1c 100644 --- a/roles/keycloak_quarkus/templates/keycloak.service.j2 +++ b/roles/keycloak_quarkus/templates/keycloak.service.j2 @@ -10,7 +10,7 @@ PIDFile={{ keycloak_quarkus_service_pidfile }} {% if keycloak_quarkus_start_dev %} ExecStart={{ keycloak.home }}/bin/kc.sh start-dev {% else %} -ExecStart={{ keycloak.home }}/bin/kc.sh start --auto-build --log={{ keycloak_quarkus_log }} +ExecStart={{ keycloak.home }}/bin/kc.sh start --log={{ keycloak_quarkus_log }} {% endif %} User={{ keycloak.service_user }} From 1dd579a6d1b52f64179140d842194fc07fd683b4 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Sat, 10 Jun 2023 16:31:19 +0200 Subject: [PATCH 03/14] Allow to override jgroups subnet --- roles/keycloak/README.md | 2 +- roles/keycloak/defaults/main.yml | 1 + roles/keycloak/meta/argument_specs.yml | 4 ++++ roles/keycloak/templates/standalone-ha.xml.j2 | 4 +++- roles/keycloak/templates/standalone-infinispan.xml.j2 | 4 +++- 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index ef6cc01..f25420f 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -165,7 +165,7 @@ The following variables are _optional_: |:---------|:------------| |`keycloak_db_valid_conn_sql` | Override the default database connection validation query sql | |`keycloak_admin_url` | Override the default administration endpoint URL | - +|`keycloak_jgroups_subnet`| Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration | Example Playbook ----------------- diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index d0137a8..da98d24 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -42,6 +42,7 @@ keycloak_http_port: 8080 keycloak_https_port: 8443 keycloak_ajp_port: 8009 keycloak_jgroups_port: 7600 +keycloak_jgroups_subnet: keycloak_management_port_bind_address: 127.0.0.1 keycloak_management_http_port: 9990 keycloak_management_https_port: 9993 diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 8e05939..5392cfc 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -347,6 +347,10 @@ argument_specs: required: False description: "Override the default administration endpoint URL" type: "str" + keycloak_jgroups_subnet: + required: False + description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration" + type: "str" downstream: options: sso_version: diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2 index f108d2d..f3ca185 100644 --- a/roles/keycloak/templates/standalone-ha.xml.j2 +++ b/roles/keycloak/templates/standalone-ha.xml.j2 @@ -662,7 +662,9 @@ -{% if ansible_default_ipv4 is defined %} +{% keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} + +{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %} diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index 0d052ed..304b0fd 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -700,7 +700,9 @@ -{% if ansible_default_ipv4 is defined %} +{% keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} + +{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %} From 8f697f6a536c5253a9bd6a62720b12181f711b05 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Sat, 10 Jun 2023 16:45:13 +0200 Subject: [PATCH 04/14] Bump to 1.2.7 --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index d6ed1ac..f69fa39 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,7 +1,7 @@ --- namespace: middleware_automation name: keycloak -version: "1.2.6" +version: "1.2.7" readme: README.md authors: - Romain Pelisse From 14e7b402b792cb5e12ad5cb9cbd4948f4649c542 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Sat, 10 Jun 2023 18:37:58 +0200 Subject: [PATCH 05/14] fix typo in templates --- roles/keycloak/templates/standalone-ha.xml.j2 | 2 +- roles/keycloak/templates/standalone-infinispan.xml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2 index f3ca185..226da6e 100644 --- a/roles/keycloak/templates/standalone-ha.xml.j2 +++ b/roles/keycloak/templates/standalone-ha.xml.j2 @@ -662,7 +662,7 @@ -{% keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index 304b0fd..f7df743 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -700,7 +700,7 @@ -{% keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} From 7ec695ee15e2df488528fda5062d79213a7d469e Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Sat, 10 Jun 2023 19:26:46 +0200 Subject: [PATCH 06/14] Fix wrong task message --- roles/keycloak/tasks/install.yml | 2 +- roles/keycloak/templates/standalone-ha.xml.j2 | 4 ++-- roles/keycloak/templates/standalone-infinispan.xml.j2 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index b3294f4..581db9f 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -239,7 +239,7 @@ loop: "{{ ansible_play_batch }}" when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING' -- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak.config_template_source }}" +- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" become: yes ansible.builtin.template: src: templates/standalone-ha.xml.j2 diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2 index 226da6e..893ec0d 100644 --- a/roles/keycloak/templates/standalone-ha.xml.j2 +++ b/roles/keycloak/templates/standalone-ha.xml.j2 @@ -662,8 +662,8 @@ -{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} - +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | string | length > 0 %} + {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %} diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index f7df743..a030de0 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -700,8 +700,8 @@ -{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | length > 0 %} - +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | string | length > 0 %} + {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} {% else %} From 83525dbed0a5ee71ab74a33366dac232b8747179 Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Fri, 16 Jun 2023 10:15:59 +0200 Subject: [PATCH 07/14] Update the Keycloakx version in Molecule --- molecule/quarkus/prepare.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/quarkus/prepare.yml b/molecule/quarkus/prepare.yml index 4b85c14..f18574b 100644 --- a/molecule/quarkus/prepare.yml +++ b/molecule/quarkus/prepare.yml @@ -30,13 +30,13 @@ - name: Create conf directory # risky-file-permissions in test user account does not exist yet ansible.builtin.file: state: directory - path: /opt/keycloak/keycloak-18.0.0/conf/ + path: /opt/keycloak/keycloak-21.1.1/conf/ mode: 0755 - name: Copy certificates ansible.builtin.copy: src: "{{ item }}" - dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}" + dest: "/opt/keycloak/keycloak-21.1.1/conf/{{ item }}" mode: 0444 loop: - cert.pem From fc6e00974dfcc00482b9e9e7073be336480194ce Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Fri, 16 Jun 2023 10:19:31 +0200 Subject: [PATCH 08/14] Define the varbosity of Ansible in Molecule --- molecule/default/molecule.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 6f3b9c7..81dee05 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -34,6 +34,7 @@ provisioner: ansible_python_interpreter: "{{ ansible_playbook_python }}" env: ANSIBLE_FORCE_COLOR: "true" + ANSIBLE_VERBOSITY: 3 verifier: name: ansible scenario: From 5f1f8b57623939b5d46e71872d85ce9075a4149e Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Sat, 17 Jun 2023 12:47:27 +0200 Subject: [PATCH 09/14] [CI] Use ansible-lint in v6.17.0 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3764e8f..92b530f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,7 @@ jobs: - name: Install yamllint, ansible and molecule run: | python -m pip install --upgrade pip - pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous + pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint==6.17.0 voluptuous pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt - name: Create default collection path From 926353f395fa48a57db5c816e002e7abb5e43ef6 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Mon, 19 Jun 2023 16:41:35 +0200 Subject: [PATCH 10/14] add certified collection notice --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 608d253..7c54a51 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,8 @@ [![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml) +If you are Red Hat customer, install `redhat.sso` from [Automation Hub](https://console.redhat.com/ansible/ansible-dashboard) as the certified version of this collection. + Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on). From cebec9c717b6fc55402d9098d53236de15f3b164 Mon Sep 17 00:00:00 2001 From: github-actions Date: Mon, 19 Jun 2023 15:23:06 +0000 Subject: [PATCH 11/14] Update changelog for release 1.2.7 --- CHANGELOG.rst | 9 +++++++++ changelogs/changelog.yaml | 13 +++++++++++++ 2 files changed, 22 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 620d281..566fc60 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -6,6 +6,15 @@ middleware_automation.keycloak Release Notes This changelog describes changes after version 0.2.6. +v1.2.7 +====== + +Minor Changes +------------- + +- Allow to override jgroups subnet `#93 `_ +- keycloak-quarkus: update keycloakx to v21.1.1 `#92 `_ + v1.2.6 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 203f4f2..b6e6bd1 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -247,3 +247,16 @@ releases: - 89.yaml - 90.yaml release_date: '2023-06-07' + 1.2.7: + changes: + minor_changes: + - 'Allow to override jgroups subnet `#93 `_ + + ' + - 'keycloak-quarkus: update keycloakx to v21.1.1 `#92 `_ + + ' + fragments: + - 92.yaml + - 93.yaml + release_date: '2023-06-19' From a82e654cc4243d380832e7cec3a00f87bcff70ed Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Mon, 19 Jun 2023 17:26:15 +0200 Subject: [PATCH 12/14] Bump to 1.2.8 --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index f69fa39..a2eeccb 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,7 +1,7 @@ --- namespace: middleware_automation name: keycloak -version: "1.2.7" +version: "1.2.8" readme: README.md authors: - Romain Pelisse From fae30797514a1533c650ab28bd103eb04829d27b Mon Sep 17 00:00:00 2001 From: Helmut Wolf Date: Fri, 23 Jun 2023 11:40:15 +0200 Subject: [PATCH 13/14] Fix #97 - proper checks for keycloak_jgroups_subnet --- roles/keycloak/templates/standalone-ha.xml.j2 | 2 +- roles/keycloak/templates/standalone-infinispan.xml.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2 index 893ec0d..98e26f6 100644 --- a/roles/keycloak/templates/standalone-ha.xml.j2 +++ b/roles/keycloak/templates/standalone-ha.xml.j2 @@ -662,7 +662,7 @@ -{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | string | length > 0 %} +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet is not none and keycloak_jgroups_subnet | string | length > 0 %} {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2 index a030de0..38fbfec 100644 --- a/roles/keycloak/templates/standalone-infinispan.xml.j2 +++ b/roles/keycloak/templates/standalone-infinispan.xml.j2 @@ -700,7 +700,7 @@ -{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | string | length > 0 %} +{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet is not none and keycloak_jgroups_subnet | string | length > 0 %} {% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %} From 26a9249d0787806e821d5018b740a8015f022c99 Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Fri, 23 Jun 2023 12:32:35 +0200 Subject: [PATCH 14/14] Update the Keycloakx version in the README --- roles/keycloak_quarkus/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md index ab98d4a..7460130 100644 --- a/roles/keycloak_quarkus/README.md +++ b/roles/keycloak_quarkus/README.md @@ -1,7 +1,7 @@ keycloak_quarkus ================ -Install [keycloak](https://keycloak.org/) >= 17.0.0 (quarkus) server configurations. +Install [keycloak](https://keycloak.org/) >= 21.1.1 (quarkus) server configurations. Role Defaults @@ -11,7 +11,7 @@ Role Defaults | Variable | Description | Default | |:---------|:------------|:--------| -|`keycloak_quarkus_version`| keycloak.org package version | `17.0.1` | +|`keycloak_quarkus_version`| keycloak.org package version | `21.1.1` | * Service configuration @@ -71,7 +71,7 @@ Role Defaults |:---------|:------------|:---------| |`keycloak_quarkus_offline_install` | Perform an offline install | `False`| |`keycloak_quarkus_download_url`| Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download//`| -|`keycloak_quarkus_version`| keycloak.org package version | `17.0.1` | +|`keycloak_quarkus_version`| keycloak.org package version | `21.1.1` | |`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` | |`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` | |`keycloak_quarkus_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `False` |