diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index de65d72..7b11bb1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,9 +11,10 @@ on: jobs: ci: - uses: ansible-middleware/github-actions/.github/workflows/ci.yml@main + uses: ansible-middleware/github-actions/.github/workflows/ci.yml@rootperm secrets: inherit with: fqcn: 'middleware_automation/keycloak' + root_permission_varname: 'keycloak_install_requires_become' molecule_tests: >- [ "default", "overridexml", "https_revproxy", "quarkus", "quarkus-devmode", "quarkus_upgrade", "debian", "quarkus_ha" ] diff --git a/molecule/https_revproxy/prepare.yml b/molecule/https_revproxy/prepare.yml index 44018be..a2e4425 100644 --- a/molecule/https_revproxy/prepare.yml +++ b/molecule/https_revproxy/prepare.yml @@ -39,11 +39,11 @@ src: "{{ item.name }}" dest: "{{ item.dest }}" mode: 0444 - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" loop: - { name: 'cert.pem', dest: '/etc/nginx/tls/certificate.crt' } - { name: 'key.pem', dest: '/etc/nginx/tls/certificate.key' } - name: Update CA trust ansible.builtin.command: update-ca-trust changed_when: false - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" diff --git a/molecule/prepare.yml b/molecule/prepare.yml index 27486a3..1b0ab85 100644 --- a/molecule/prepare.yml +++ b/molecule/prepare.yml @@ -25,7 +25,7 @@ fail_msg: "sudo is not installed on target system" - name: "Install iproute" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.yum: name: - iproute diff --git a/molecule/quarkus-devmode/prepare.yml b/molecule/quarkus-devmode/prepare.yml index 9ce721e..da0f850 100644 --- a/molecule/quarkus-devmode/prepare.yml +++ b/molecule/quarkus-devmode/prepare.yml @@ -15,7 +15,7 @@ ansible.builtin.include_tasks: ../prepare.yml - name: Install JDK17 - become: yes + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.yum: name: - java-17-openjdk-headless @@ -24,7 +24,7 @@ - ansible_facts.os_family == 'RedHat' - name: Link default logs directory - become: yes + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.file: state: link src: "{{ item }}" diff --git a/molecule/quarkus/prepare.yml b/molecule/quarkus/prepare.yml index 21a0f30..39314f2 100644 --- a/molecule/quarkus/prepare.yml +++ b/molecule/quarkus/prepare.yml @@ -15,7 +15,7 @@ changed_when: false - name: Create vault directory - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.file: state: directory path: "/opt/keycloak/vault" @@ -26,7 +26,7 @@ ansible.builtin.package: name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}" state: present - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" failed_when: false - name: Create vault keystore @@ -37,7 +37,7 @@ failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 - name: Copy certificates and vault - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.copy: src: keystore.p12 dest: /opt/keycloak/vault/keystore.p12 diff --git a/molecule/quarkus/verify.yml b/molecule/quarkus/verify.yml index 63769dc..7d292cd 100644 --- a/molecule/quarkus/verify.yml +++ b/molecule/quarkus/verify.yml @@ -55,7 +55,7 @@ fail_msg: "Service log symlink not correctly created" - name: Check log file - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.stat: path: /tmp/keycloak/keycloak.log register: keycloak_log_file @@ -67,7 +67,7 @@ - not keycloak_log_file.stat.isdir - name: Check default log folder - become: yes + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.stat: path: /var/log/keycloak register: keycloak_default_log_folder @@ -79,7 +79,7 @@ - not keycloak_default_log_folder.stat.exists - name: Verify vault SPI in logfile - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.shell: | set -o pipefail zgrep 'Configured KeystoreVaultProviderFactory with the keystore file' /opt/keycloak/keycloak-*/data/log/keycloak.log*zip diff --git a/molecule/quarkus_ha/prepare.yml b/molecule/quarkus_ha/prepare.yml index dff1821..be05a1a 100644 --- a/molecule/quarkus_ha/prepare.yml +++ b/molecule/quarkus_ha/prepare.yml @@ -15,7 +15,7 @@ changed_when: False - name: Create vault directory - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.file: state: directory path: "/opt/keycloak/vault" @@ -26,7 +26,7 @@ ansible.builtin.package: name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}" state: present - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" failed_when: false - name: Create vault keystore @@ -37,7 +37,7 @@ failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 - name: Copy certificates and vault - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.copy: src: keystore.p12 dest: /opt/keycloak/vault/keystore.p12 diff --git a/molecule/quarkus_ha/verify.yml b/molecule/quarkus_ha/verify.yml index c1a2fb9..e9432db 100644 --- a/molecule/quarkus_ha/verify.yml +++ b/molecule/quarkus_ha/verify.yml @@ -17,7 +17,7 @@ hera_home: "{{ lookup('env', 'HERA_HOME') }}" - name: Check log file - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.stat: path: /var/log/keycloak/keycloak.log register: keycloak_log_file diff --git a/molecule/quarkus_upgrade/prepare.yml b/molecule/quarkus_upgrade/prepare.yml index bebfc68..6f3ce1f 100644 --- a/molecule/quarkus_upgrade/prepare.yml +++ b/molecule/quarkus_upgrade/prepare.yml @@ -49,4 +49,4 @@ ansible.builtin.file: path: /etc/ansible/facts.d/keycloak.fact state: absent - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" diff --git a/roles/keycloak/tasks/fastpackages.yml b/roles/keycloak/tasks/fastpackages.yml index a89f7f6..644ecd3 100644 --- a/roles/keycloak/tasks/fastpackages.yml +++ b/roles/keycloak/tasks/fastpackages.yml @@ -13,7 +13,7 @@ when: ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_to_install }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.dnf: name: "{{ packages_to_install }}" state: present @@ -22,7 +22,7 @@ - ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_list }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.package: name: "{{ packages_list }}" state: present diff --git a/roles/keycloak/tasks/firewalld.yml b/roles/keycloak/tasks/firewalld.yml index f48f580..d371cf4 100644 --- a/roles/keycloak/tasks/firewalld.yml +++ b/roles/keycloak/tasks/firewalld.yml @@ -6,14 +6,14 @@ - firewalld - name: Enable and start the firewalld service - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.systemd: name: firewalld enabled: true state: started - name: "Configure firewall ports for {{ keycloak.service_name }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.posix.firewalld: port: "{{ item }}" permanent: true diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index b620b03..db1212c 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -11,7 +11,7 @@ quiet: true - name: Check for an existing deployment - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.stat: path: "{{ keycloak_jboss_home }}" register: existing_deploy @@ -20,24 +20,24 @@ when: existing_deploy.stat.exists and keycloak_force_install | bool block: - name: "Stop the old {{ keycloak.service_name }} service" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" failed_when: false ansible.builtin.systemd: name: keycloak state: stopped - name: "Remove the old {{ keycloak.service_name }} deployment" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.file: path: "{{ keycloak_jboss_home }}" state: absent - name: Check for an existing deployment after possible forced removal - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.stat: path: "{{ keycloak_jboss_home }}" - name: "Create service user/group for {{ keycloak.service_name }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.user: name: "{{ keycloak_service_user }}" home: /opt/keycloak @@ -45,7 +45,7 @@ create_home: false - name: "Create install location for {{ keycloak.service_name }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.file: dest: "{{ keycloak_dest }}" state: directory @@ -54,7 +54,7 @@ mode: '0750' - name: Create pidfile folder - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.file: dest: "{{ keycloak_service_pidfile | dirname }}" state: directory @@ -68,7 +68,7 @@ archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}" - name: Check download archive path - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.stat: path: "{{ archive }}" register: archive_path @@ -166,13 +166,13 @@ - not archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Check target directory: {{ keycloak.home }}" ansible.builtin.stat: path: "{{ keycloak.home }}" register: path_to_workdir - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Extract {{ keycloak_service_desc }} archive on target" ansible.builtin.unarchive: @@ -182,7 +182,7 @@ creates: "{{ keycloak.home }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" when: - new_version_downloaded.changed or not path_to_workdir.stat.exists notify: @@ -200,13 +200,13 @@ owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" recurse: true - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" changed_when: false - name: Ensure permissions are correct on existing deploy ansible.builtin.command: chown -R "{{ keycloak_service_user }}:{{ keycloak_service_group }}" "{{ keycloak.home }}" when: keycloak_service_runas - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" changed_when: false # driver and configuration @@ -215,7 +215,7 @@ when: keycloak_jdbc[keycloak_jdbc_engine].enabled - name: "Deploy custom {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak_config_override_template }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.template: src: "templates/{{ keycloak_config_override_template }}" dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -227,7 +227,7 @@ when: keycloak_config_override_template | length > 0 - name: "Deploy standalone {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.template: src: templates/standalone.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -255,7 +255,7 @@ when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING' - name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.template: src: templates/standalone-ha.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -270,7 +270,7 @@ - keycloak_config_override_template | length == 0 - name: "Deploy HA {{ keycloak.service_name }} config with infinispan remote cache store to {{ keycloak_config_path_to_standalone_xml }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.template: src: templates/standalone-infinispan.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -285,7 +285,7 @@ - keycloak_config_override_template | length == 0 - name: "Deploy profile.properties file to {{ keycloak_config_path_to_properties }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.template: src: keycloak-profile.properties.j2 dest: "{{ keycloak_config_path_to_properties }}" diff --git a/roles/keycloak/tasks/iptables.yml b/roles/keycloak/tasks/iptables.yml index 8ebc16e..90c3ca1 100644 --- a/roles/keycloak/tasks/iptables.yml +++ b/roles/keycloak/tasks/iptables.yml @@ -6,7 +6,7 @@ - iptables - name: "Configure firewall ports for {{ keycloak.service_name }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.iptables: destination_port: "{{ item }}" action: "insert" diff --git a/roles/keycloak/tasks/jdbc_driver.yml b/roles/keycloak/tasks/jdbc_driver.yml index bec80e3..543fca3 100644 --- a/roles/keycloak/tasks/jdbc_driver.yml +++ b/roles/keycloak/tasks/jdbc_driver.yml @@ -3,7 +3,7 @@ ansible.builtin.stat: path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}" register: dest_path - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Set up module dir for JDBC Driver {{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" ansible.builtin.file: @@ -13,7 +13,7 @@ owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" mode: '0750' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" when: - not dest_path.stat.exists - name: "Verify valid parameters for download credentials when specified" @@ -34,7 +34,7 @@ url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}" validate_certs: "{{ keycloak_jdbc_download_validate_certs | default(omit) }}" mode: '0640' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Deploy module.xml for JDBC Driver" ansible.builtin.template: @@ -43,4 +43,4 @@ group: "{{ keycloak_service_group }}" owner: "{{ keycloak_service_user }}" mode: '0640' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index a21f359..19924d5 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -35,7 +35,7 @@ state: link src: "{{ keycloak_jboss_home }}/standalone/log" dest: "{{ keycloak_log_target }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: Set admin credentials and restart if not already created block: @@ -59,7 +59,7 @@ - "-u{{ keycloak_admin_user }}" - "-p{{ keycloak_admin_password }}" changed_when: true - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Restart {{ keycloak.service_name }}" ansible.builtin.include_tasks: tasks/restart_keycloak.yml - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" diff --git a/roles/keycloak/tasks/restart_keycloak.yml b/roles/keycloak/tasks/restart_keycloak.yml index 7284bd0..28b9622 100644 --- a/roles/keycloak/tasks/restart_keycloak.yml +++ b/roles/keycloak/tasks/restart_keycloak.yml @@ -5,7 +5,7 @@ enabled: true state: restarted daemon_reload: true - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" delegate_to: "{{ ansible_play_hosts | first }}" run_once: true @@ -24,5 +24,5 @@ name: keycloak enabled: true state: restarted - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" when: inventory_hostname != ansible_play_hosts | first diff --git a/roles/keycloak/tasks/rhsso_patch.yml b/roles/keycloak/tasks/rhsso_patch.yml index e7ac3f0..abf42cd 100644 --- a/roles/keycloak/tasks/rhsso_patch.yml +++ b/roles/keycloak/tasks/rhsso_patch.yml @@ -12,7 +12,7 @@ path: "{{ patch_archive }}" register: patch_archive_path when: sso_patch_version is defined - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: Perform patch download from RHN via JBossNetwork API delegate_to: localhost @@ -86,7 +86,7 @@ ansible.builtin.stat: path: "{{ patch_archive }}" register: patch_archive_path - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ## copy and unpack - name: Copy patch archive to target nodes @@ -101,15 +101,15 @@ - not patch_archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Check installed patches" ansible.builtin.include_tasks: rhsso_cli.yml vars: - query: "patch info" + patch_query: "patch info" args: apply: - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" become_user: "{{ keycloak_service_user }}" - name: "Perform patching" @@ -121,21 +121,21 @@ - name: "Apply patch {{ patch_version }} to server" ansible.builtin.include_tasks: rhsso_cli.yml vars: - query: "patch apply {{ patch_archive }}" + patch_query: "patch apply {{ patch_archive }}" args: apply: - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" become_user: "{{ keycloak_service_user }}" - name: "Restart server to ensure patch content is running" ansible.builtin.include_tasks: rhsso_cli.yml vars: - query: "shutdown --restart" + patch_query: "shutdown --restart" when: - cli_result.rc == 0 args: apply: - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" become_user: "{{ keycloak_service_user }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" @@ -149,10 +149,10 @@ - name: "Query installed patch after restart" ansible.builtin.include_tasks: rhsso_cli.yml vars: - query: "patch info" + patch_query: "patch info" args: apply: - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" become_user: "{{ keycloak_service_user }}" - name: "Verify installed patch version" diff --git a/roles/keycloak/tasks/start_keycloak.yml b/roles/keycloak/tasks/start_keycloak.yml index 5aed248..2c54c1c 100644 --- a/roles/keycloak/tasks/start_keycloak.yml +++ b/roles/keycloak/tasks/start_keycloak.yml @@ -5,7 +5,7 @@ enabled: true state: started daemon_reload: true - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" ansible.builtin.uri: diff --git a/roles/keycloak/tasks/stop_keycloak.yml b/roles/keycloak/tasks/stop_keycloak.yml index 7f30433..ab86f3b 100644 --- a/roles/keycloak/tasks/stop_keycloak.yml +++ b/roles/keycloak/tasks/stop_keycloak.yml @@ -4,4 +4,4 @@ name: keycloak enabled: true state: stopped - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" diff --git a/roles/keycloak/tasks/systemd.yml b/roles/keycloak/tasks/systemd.yml index 1653406..3be5d60 100644 --- a/roles/keycloak/tasks/systemd.yml +++ b/roles/keycloak/tasks/systemd.yml @@ -1,6 +1,6 @@ --- - name: "Configure {{ keycloak.service_name }} service script wrapper" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.template: src: keycloak-service.sh.j2 dest: "{{ keycloak_dest }}/keycloak-service.sh" @@ -11,7 +11,7 @@ - restart keycloak - name: "Configure sysconfig file for {{ keycloak.service_name }} service" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.template: src: keycloak-sysconfig.j2 dest: "{{ keycloak_sysconf_file }}" @@ -28,7 +28,7 @@ owner: root group: root mode: '0644' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" register: systemdunit notify: - restart keycloak diff --git a/roles/keycloak_quarkus/tasks/bootstrapped.yml b/roles/keycloak_quarkus/tasks/bootstrapped.yml index 3cbc5c4..d0e83e3 100644 --- a/roles/keycloak_quarkus/tasks/bootstrapped.yml +++ b/roles/keycloak_quarkus/tasks/bootstrapped.yml @@ -1,6 +1,6 @@ --- - name: Save ansible custom facts - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.template: src: keycloak.fact.j2 dest: /etc/ansible/facts.d/keycloak.fact diff --git a/roles/keycloak_quarkus/tasks/config_store.yml b/roles/keycloak_quarkus/tasks/config_store.yml index 2d8b39e..2972793 100644 --- a/roles/keycloak_quarkus/tasks/config_store.yml +++ b/roles/keycloak_quarkus/tasks/config_store.yml @@ -6,7 +6,7 @@ value: "{{ keycloak_quarkus_db_pass }}" - name: "Initialize empty configuration key store" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" # keytool doesn't allow creating an empty key store, so this is a hacky way around it ansible.builtin.shell: | # noqa blocked_modules shell is necessary here set -o nounset # abort on unbound variable @@ -38,7 +38,7 @@ echo {{ item.value | quote }} | keytool -noprompt -importpass -alias {{ item.key | quote }} -keystore {{ keycloak_quarkus_config_key_store_file | quote }} -storepass {{ keycloak_quarkus_config_key_store_password | quote }} -storetype PKCS12 loop: "{{ store_items }}" no_log: true - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" changed_when: true notify: - restart keycloak @@ -49,4 +49,4 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0400' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" diff --git a/roles/keycloak_quarkus/tasks/fastpackages.yml b/roles/keycloak_quarkus/tasks/fastpackages.yml index 9dc1621..d7ee7fe 100644 --- a/roles/keycloak_quarkus/tasks/fastpackages.yml +++ b/roles/keycloak_quarkus/tasks/fastpackages.yml @@ -13,7 +13,7 @@ when: ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_to_install }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.dnf: name: "{{ packages_to_install }}" state: present @@ -22,7 +22,7 @@ - ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_list }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.package: name: "{{ packages_list }}" state: present diff --git a/roles/keycloak_quarkus/tasks/firewalld.yml b/roles/keycloak_quarkus/tasks/firewalld.yml index 2c3ef74..8feadbe 100644 --- a/roles/keycloak_quarkus/tasks/firewalld.yml +++ b/roles/keycloak_quarkus/tasks/firewalld.yml @@ -6,14 +6,14 @@ - firewalld - name: Enable and start the firewalld service - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.systemd: name: firewalld enabled: true state: started - name: "Configure firewall for {{ keycloak.service_name }} ports" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.posix.firewalld: port: "{{ item }}" permanent: true diff --git a/roles/keycloak_quarkus/tasks/install.yml b/roles/keycloak_quarkus/tasks/install.yml index c602d8c..a6b5fe7 100644 --- a/roles/keycloak_quarkus/tasks/install.yml +++ b/roles/keycloak_quarkus/tasks/install.yml @@ -12,13 +12,13 @@ quiet: true - name: Check for an existing deployment - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.stat: path: "{{ keycloak.home }}" register: existing_deploy - name: "Create {{ keycloak.service_name }} service user/group" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.user: name: "{{ keycloak.service_user }}" home: /opt/keycloak @@ -26,7 +26,7 @@ create_home: false - name: "Create {{ keycloak.service_name }} install location" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.file: dest: "{{ keycloak_quarkus_dest }}" state: directory @@ -35,7 +35,7 @@ mode: '0750' - name: Create directory for ansible custom facts - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.file: state: directory recurse: true @@ -47,7 +47,7 @@ archive: "{{ keycloak_quarkus_dest }}/{{ keycloak.bundle }}" - name: Check download archive path - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.stat: path: "{{ archive }}" register: archive_path @@ -148,13 +148,13 @@ - not archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Check target directory: {{ keycloak.home }}/bin/" ansible.builtin.stat: path: "{{ keycloak.home }}/bin/" register: path_to_workdir - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Extract Keycloak archive on target" # noqa no-handler need to run this here ansible.builtin.unarchive: @@ -164,7 +164,7 @@ creates: "{{ keycloak.home }}/bin/" owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" when: - (not path_to_workdir.stat.exists) or new_version_downloaded.changed notify: @@ -183,7 +183,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0640' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" when: - keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled - keycloak_quarkus_key_file_copy_enabled is defined and keycloak_quarkus_key_file_copy_enabled @@ -196,7 +196,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0644' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" when: - keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled - keycloak_quarkus_cert_file_copy_enabled is defined and keycloak_quarkus_cert_file_copy_enabled @@ -215,7 +215,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0640' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" loop: "{{ keycloak_quarkus_providers }}" when: item.url is defined and item.url | length > 0 notify: "{{ ['invalidate keycloak theme cache', 'rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or item.restart else [] }}" @@ -244,7 +244,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0640' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" loop: "{{ keycloak_quarkus_providers }}" when: item.maven is defined no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}" @@ -256,7 +256,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0640' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" loop: "{{ keycloak_quarkus_providers }}" when: item.local_path is defined notify: "{{ ['invalidate keycloak theme cache', 'rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or item.restart else [] }}" @@ -268,7 +268,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0750' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" loop: "{{ keycloak_quarkus_supported_policy_types }}" - name: "Install custom policies" @@ -278,7 +278,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0640' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" loop: "{{ keycloak_quarkus_policies }}" when: item.url is defined and item.url | length > 0 notify: "restart keycloak" diff --git a/roles/keycloak_quarkus/tasks/invalidate_theme_cache.yml b/roles/keycloak_quarkus/tasks/invalidate_theme_cache.yml index 90ff67f..b14ecec 100644 --- a/roles/keycloak_quarkus/tasks/invalidate_theme_cache.yml +++ b/roles/keycloak_quarkus/tasks/invalidate_theme_cache.yml @@ -8,4 +8,4 @@ ansible.builtin.file: path: "{{ keycloak.home }}/data/tmp/kc-gzip-cache" state: absent - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" diff --git a/roles/keycloak_quarkus/tasks/iptables.yml b/roles/keycloak_quarkus/tasks/iptables.yml index b487b89..a8fa1ee 100644 --- a/roles/keycloak_quarkus/tasks/iptables.yml +++ b/roles/keycloak_quarkus/tasks/iptables.yml @@ -6,7 +6,7 @@ - iptables - name: "Configure firewall ports for {{ keycloak.service_name }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.iptables: destination_port: "{{ item }}" action: "insert" diff --git a/roles/keycloak_quarkus/tasks/jdbc_driver.yml b/roles/keycloak_quarkus/tasks/jdbc_driver.yml index 880a915..c195205 100644 --- a/roles/keycloak_quarkus/tasks/jdbc_driver.yml +++ b/roles/keycloak_quarkus/tasks/jdbc_driver.yml @@ -17,6 +17,6 @@ url_password: "{{ keycloak_quarkus_jdbc_download_pass | default(omit) }}" validate_certs: "{{ keycloak_quarkus_jdbc_download_validate_certs | default(omit) }}" mode: '0640' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" notify: - restart keycloak diff --git a/roles/keycloak_quarkus/tasks/main.yml b/roles/keycloak_quarkus/tasks/main.yml index bb86b2c..b7ab3c3 100644 --- a/roles/keycloak_quarkus/tasks/main.yml +++ b/roles/keycloak_quarkus/tasks/main.yml @@ -53,7 +53,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0640' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" loop: - keycloak.conf - quarkus.properties @@ -69,7 +69,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0775' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: Flush pending handlers ansible.builtin.meta: flush_handlers @@ -83,7 +83,7 @@ src: "{{ keycloak.log.file | dirname }}" dest: "{{ keycloak_quarkus_log_target }}" force: true - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: Check service status ansible.builtin.systemd_service: diff --git a/roles/keycloak_quarkus/tasks/rebuild_config.yml b/roles/keycloak_quarkus/tasks/rebuild_config.yml index ac78504..8a8839d 100644 --- a/roles/keycloak_quarkus/tasks/rebuild_config.yml +++ b/roles/keycloak_quarkus/tasks/rebuild_config.yml @@ -6,5 +6,5 @@ environment: PATH: "{{ keycloak_quarkus_java_home | default(keycloak_quarkus_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" JAVA_HOME: "{{ keycloak_quarkus_java_home | default(keycloak_quarkus_pkg_java_home, true) }}" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" changed_when: true diff --git a/roles/keycloak_quarkus/tasks/restart.yml b/roles/keycloak_quarkus/tasks/restart.yml index 61356d5..2c4eefa 100644 --- a/roles/keycloak_quarkus/tasks/restart.yml +++ b/roles/keycloak_quarkus/tasks/restart.yml @@ -5,7 +5,7 @@ enabled: true state: restarted daemon_reload: true - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Wait until {{ keycloak.service_name }} service becomes active {{ keycloak.health_url }}" ansible.builtin.uri: diff --git a/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml b/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml index d883ff1..ec5de83 100644 --- a/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml +++ b/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml @@ -16,5 +16,5 @@ enabled: true state: restarted daemon_reload: true - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" when: inventory_hostname != ansible_play_hosts | first diff --git a/roles/keycloak_quarkus/tasks/start.yml b/roles/keycloak_quarkus/tasks/start.yml index a640e89..ce52b12 100644 --- a/roles/keycloak_quarkus/tasks/start.yml +++ b/roles/keycloak_quarkus/tasks/start.yml @@ -5,7 +5,7 @@ enabled: true state: started daemon_reload: true - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" ansible.builtin.uri: diff --git a/roles/keycloak_quarkus/tasks/systemd.yml b/roles/keycloak_quarkus/tasks/systemd.yml index 47f0570..dfa8b44 100644 --- a/roles/keycloak_quarkus/tasks/systemd.yml +++ b/roles/keycloak_quarkus/tasks/systemd.yml @@ -1,6 +1,6 @@ --- - name: "Configure sysconfig file for {{ keycloak.service_name }} service" - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" ansible.builtin.template: src: keycloak-sysconfig.j2 dest: "{{ keycloak_quarkus_sysconf_file }}" @@ -19,7 +19,7 @@ owner: root group: root mode: '0644' - become: true + become: "{{ keycloak_install_requires_become | default(true) }}" register: systemdunit notify: - restart keycloak