Close #182, #221: improve restart handler logic

roles/keycloak_quarkus/tasks/restart.yml

@@ -1,9 +1,38 @@
 ---
-- name: "Restart and enable {{ keycloak.service_name }} service"
+- name: Ensure only one service at a time gets rebooted, to ensure replication of distributed ispn caches
   throttle: 1
-  ansible.builtin.systemd:
+  block:
-    name: keycloak
+    - name: "Restart and enable {{ keycloak.service_name }} service on first host"
-    enabled: true
+      ansible.builtin.systemd:
-    state: restarted
+        name: "{{ keycloak.service_name }}"
-    daemon_reload: true
+        enabled: true
-  become: true
+        state: restarted
+        daemon_reload: true
+      become: true
+      delegate_to: "{{ ansible_play_hosts | first }}"
+      run_once: true
+
+    - name: "Wait until {{ keycloak.service_name }} service becomes active {{ keycloak.health_url }}"
+      ansible.builtin.uri:
+        url: "{{ keycloak.health_url }}"
+      register: keycloak_status
+      until: keycloak_status.status == 200
+      retries: 25
+      delay: 10
+      delegate_to: "{{ ansible_play_hosts | first }}"
+      run_once: true
+
+    - name: Pause to give distributed ispn caches time to (re-)replicate back onto first host
+      ansible.builtin.pause:
+        seconds: 15
+      when:
+        - rhbk_ha_enabled
+
+    - name: "Restart and enable {{ keycloak.service_name }} service on all other hosts"
+      ansible.builtin.systemd:
+        name: "{{ keycloak.service_name }}"
+        enabled: true
+        state: restarted
+        daemon_reload: true
+      become: true
+      when: inventory_hostname != ansible_play_hosts | first

roles/keycloak_quarkus/vars/main.yml

@@ -4,7 +4,7 @@ keycloak: # noqa var-naming this is an internal dict of interpolated values
   config_dir: "{{ keycloak_quarkus_config_dir }}"
   bundle: "{{ keycloak_quarkus_archive }}"
   service_name: "keycloak"
-  health_url: "http://{{ keycloak_quarkus_host }}:{{ keycloak_quarkus_http_port }}{{ keycloak_quarkus_http_relative_path }}{{ '/' \
+  health_url: "{{ 'https' if keycloak_quarkus_http_enabled == False else 'http' }}://{{ keycloak_quarkus_host }}:{{ keycloak_quarkus_https_port if keycloak_quarkus_http_enabled == False else keycloak_quarkus_http_port }}{{ keycloak_quarkus_http_relative_path }}{{ '/' \
                if keycloak_quarkus_http_relative_path | length > 1 else '' }}realms/master/.well-known/openid-configuration"
   cli_path: "{{ keycloak_quarkus_home }}/bin/kcadm.sh"
   service_user: "{{ keycloak_quarkus_service_user }}"