ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-06 10:50:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'ansible-middleware:main' into main

Browse source
This commit is contained in:
Massimo Schiavon 2023-07-03 09:54:47 +02:00 committed by GitHub
commit d45071bf58
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 47 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/ci.yml vendored
View file

@ -32,7 +32,7 @@ jobs:
- name: Install yamllint, ansible and molecule - name: Install yamllint, ansible and molecule
run: | run: |
python -m pip install --upgrade pip python -m pip install --upgrade pip
pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint==6.17.0 voluptuous
pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt
- name: Create default collection path - name: Create default collection path

9
CHANGELOG.rst
View file

@ -6,6 +6,15 @@ middleware_automation.keycloak Release Notes
This changelog describes changes after version 0.2.6. This changelog describes changes after version 0.2.6.
v1.2.7
======
Minor Changes
-------------
- Allow to override jgroups subnet `#93 <https://github.com/ansible-middleware/keycloak/pull/93>`_
- keycloak-quarkus: update keycloakx to v21.1.1 `#92 <https://github.com/ansible-middleware/keycloak/pull/92>`_
v1.2.6 v1.2.6
====== ======

2
README.md
View file

@ -3,6 +3,8 @@
<!--start build_status --> <!--start build_status -->
[![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml) [![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml)
If you are Red Hat customer, install `redhat.sso` from [Automation Hub](https://console.redhat.com/ansible/ansible-dashboard) as the certified version of this collection.
<!--end build_status --> <!--end build_status -->
Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on). Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on).

13
changelogs/changelog.yaml
View file

@ -247,3 +247,16 @@ releases:
- 89.yaml - 89.yaml
- 90.yaml - 90.yaml
release_date: '2023-06-07' release_date: '2023-06-07'
1.2.7:
changes:
minor_changes:
- 'Allow to override jgroups subnet `#93 <https://github.com/ansible-middleware/keycloak/pull/93>`_
'
- 'keycloak-quarkus: update keycloakx to v21.1.1 `#92 <https://github.com/ansible-middleware/keycloak/pull/92>`_
'
fragments:
- 92.yaml
- 93.yaml
release_date: '2023-06-19'

2
galaxy.yml
View file

@ -1,7 +1,7 @@
--- ---
namespace: middleware_automation namespace: middleware_automation
name: keycloak name: keycloak
version: "1.2.6" version: "1.2.8"
readme: README.md readme: README.md
authors: authors:
- Romain Pelisse <rpelisse@redhat.com> - Romain Pelisse <rpelisse@redhat.com>

1
molecule/default/molecule.yml
View file

@ -34,6 +34,7 @@ provisioner:
ansible_python_interpreter: "{{ ansible_playbook_python }}" ansible_python_interpreter: "{{ ansible_playbook_python }}"
env: env:
ANSIBLE_FORCE_COLOR: "true" ANSIBLE_FORCE_COLOR: "true"
ANSIBLE_VERBOSITY: 3
verifier: verifier:
name: ansible name: ansible
scenario: scenario:

4
molecule/quarkus/prepare.yml
View file

@ -30,13 +30,13 @@
- name: Create conf directory # risky-file-permissions in test user account does not exist yet - name: Create conf directory # risky-file-permissions in test user account does not exist yet
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
path: /opt/keycloak/keycloak-18.0.0/conf/ path: /opt/keycloak/keycloak-21.1.1/conf/
mode: 0755 mode: 0755
- name: Copy certificates - name: Copy certificates
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}" dest: "/opt/keycloak/keycloak-21.1.1/conf/{{ item }}"
mode: 0444 mode: 0444
loop: loop:
- cert.pem - cert.pem

2
roles/keycloak/README.md
View file

@ -165,7 +165,7 @@ The following variables are _optional_:
|:---------|:------------| |:---------|:------------|
|`keycloak_db_valid_conn_sql` | Override the default database connection validation query sql | |`keycloak_db_valid_conn_sql` | Override the default database connection validation query sql |
|`keycloak_admin_url` | Override the default administration endpoint URL | |`keycloak_admin_url` | Override the default administration endpoint URL |
|`keycloak_jgroups_subnet`| Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration |
Example Playbook Example Playbook
----------------- -----------------

1
roles/keycloak/defaults/main.yml
View file

@ -42,6 +42,7 @@ keycloak_http_port: 8080
keycloak_https_port: 8443 keycloak_https_port: 8443
keycloak_ajp_port: 8009 keycloak_ajp_port: 8009
keycloak_jgroups_port: 7600 keycloak_jgroups_port: 7600
keycloak_jgroups_subnet:
keycloak_management_port_bind_address: 127.0.0.1 keycloak_management_port_bind_address: 127.0.0.1
keycloak_management_http_port: 9990 keycloak_management_http_port: 9990
keycloak_management_https_port: 9993 keycloak_management_https_port: 9993

4
roles/keycloak/meta/argument_specs.yml
View file

@ -347,6 +347,10 @@ argument_specs:
required: False required: False
description: "Override the default administration endpoint URL" description: "Override the default administration endpoint URL"
type: "str" type: "str"
keycloak_jgroups_subnet:
required: False
description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration"
type: "str"
downstream: downstream:
options: options:
sso_version: sso_version:

2
roles/keycloak/tasks/install.yml
View file

@ -239,7 +239,7 @@
loop: "{{ ansible_play_batch }}" loop: "{{ ansible_play_batch }}"
when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING' when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING'
- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak.config_template_source }}" - name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
become: yes become: yes
ansible.builtin.template: ansible.builtin.template:
src: templates/standalone-ha.xml.j2 src: templates/standalone-ha.xml.j2

4
roles/keycloak/templates/standalone-ha.xml.j2
View file

@ -662,7 +662,9 @@
<inet-address value="{{ keycloak_management_port_bind_address }}"/> <inet-address value="{{ keycloak_management_port_bind_address }}"/>
</interface> </interface>
<interface name="jgroups"> <interface name="jgroups">
{% if ansible_default_ipv4 is defined %} {% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet is not none and keycloak_jgroups_subnet | string | length > 0 %}
<subnet-match value="{{ keycloak_jgroups_subnet | string }}"/>
{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %}
<subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}"/> <subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}"/>
{% else %} {% else %}
<any-address /> <any-address />

4
roles/keycloak/templates/standalone-infinispan.xml.j2
View file

@ -700,7 +700,9 @@
<inet-address value="{{ keycloak_management_port_bind_address }}"/> <inet-address value="{{ keycloak_management_port_bind_address }}"/>
</interface> </interface>
<interface name="jgroups"> <interface name="jgroups">
{% if ansible_default_ipv4 is defined %} {% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet is not none and keycloak_jgroups_subnet | string | length > 0 %}
<subnet-match value="{{ keycloak_jgroups_subnet | string }}"/>
{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %}
<subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}"/> <subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}"/>
{% else %} {% else %}
<any-address /> <any-address />

6
roles/keycloak_quarkus/README.md
View file

@ -1,7 +1,7 @@
keycloak_quarkus keycloak_quarkus
================ ================
Install [keycloak](https://keycloak.org/) >= 17.0.0 (quarkus) server configurations. Install [keycloak](https://keycloak.org/) >= 21.1.1 (quarkus) server configurations.
Role Defaults Role Defaults
@ -11,7 +11,7 @@ Role Defaults
| Variable | Description | Default | | Variable | Description | Default |
|:---------|:------------|:--------| |:---------|:------------|:--------|
|`keycloak_quarkus_version`| keycloak.org package version | `17.0.1` | |`keycloak_quarkus_version`| keycloak.org package version | `21.1.1` |
* Service configuration * Service configuration
@ -71,7 +71,7 @@ Role Defaults
|:---------|:------------|:---------| |:---------|:------------|:---------|
|`keycloak_quarkus_offline_install` | Perform an offline install | `False`| |`keycloak_quarkus_offline_install` | Perform an offline install | `False`|
|`keycloak_quarkus_download_url`| Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/<version>/<archive>`| |`keycloak_quarkus_download_url`| Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/<version>/<archive>`|
|`keycloak_quarkus_version`| keycloak.org package version | `17.0.1` | |`keycloak_quarkus_version`| keycloak.org package version | `21.1.1` |
|`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` | |`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` |
|`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` | |`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` |
|`keycloak_quarkus_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `False` | |`keycloak_quarkus_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `False` |

2
roles/keycloak_quarkus/defaults/main.yml
View file

@ -1,6 +1,6 @@
--- ---
### Configuration specific to keycloak ### Configuration specific to keycloak
keycloak_quarkus_version: 18.0.0 keycloak_quarkus_version: 21.1.1
keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip" keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip"
keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}" keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"
keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}" keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"

2
roles/keycloak_quarkus/templates/keycloak.service.j2
View file

@ -10,7 +10,7 @@ PIDFile={{ keycloak_quarkus_service_pidfile }}
{% if keycloak_quarkus_start_dev %} {% if keycloak_quarkus_start_dev %}
ExecStart={{ keycloak.home }}/bin/kc.sh start-dev ExecStart={{ keycloak.home }}/bin/kc.sh start-dev
{% else %} {% else %}
ExecStart={{ keycloak.home }}/bin/kc.sh start --auto-build --log={{ keycloak_quarkus_log }} ExecStart={{ keycloak.home }}/bin/kc.sh start --log={{ keycloak_quarkus_log }}
{% endif %} {% endif %}
User={{ keycloak.service_user }} User={{ keycloak.service_user }}