ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-08-16 02:51:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

AMW-365 Keycloak collection GitHub action molecule pipelines are breaking because of sudo permission issue

Browse source
This commit is contained in:
Ranabir Chakraborty 2025-02-14 22:03:26 +05:30
commit e8bed51fb9
34 changed files with 100 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/keycloak/tasks/fastpackages.yml
View file

@ -13,7 +13,7 @@
when: ansible_facts.os_family == "RedHat"
- name: "Install packages: {{ packages_to_install }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.dnf:
name: "{{ packages_to_install }}"
state: present
@ -22,7 +22,7 @@
- ansible_facts.os_family == "RedHat"
- name: "Install packages: {{ packages_list }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.package:
name: "{{ packages_list }}"
state: present

4
roles/keycloak/tasks/firewalld.yml
View file

@ -6,14 +6,14 @@
- firewalld
- name: Enable and start the firewalld service
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.systemd:
name: firewalld
enabled: true
state: started
- name: "Configure firewall ports for {{ keycloak.service_name }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true

36
roles/keycloak/tasks/install.yml
View file

@ -11,7 +11,7 @@
quiet: true
- name: Check for an existing deployment
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.stat:
path: "{{ keycloak_jboss_home }}"
register: existing_deploy
@ -20,24 +20,24 @@
when: existing_deploy.stat.exists and keycloak_force_install | bool
block:
- name: "Stop the old {{ keycloak.service_name }} service"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
failed_when: false
ansible.builtin.systemd:
name: keycloak
state: stopped
- name: "Remove the old {{ keycloak.service_name }} deployment"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.file:
path: "{{ keycloak_jboss_home }}"
state: absent
- name: Check for an existing deployment after possible forced removal
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.stat:
path: "{{ keycloak_jboss_home }}"
- name: "Create service user/group for {{ keycloak.service_name }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.user:
name: "{{ keycloak_service_user }}"
home: /opt/keycloak
@ -45,7 +45,7 @@
create_home: false
- name: "Create install location for {{ keycloak.service_name }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.file:
dest: "{{ keycloak_dest }}"
state: directory
@ -54,7 +54,7 @@
mode: '0750'
- name: Create pidfile folder
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.file:
dest: "{{ keycloak_service_pidfile | dirname }}"
state: directory
@ -68,7 +68,7 @@
archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}"
- name: Check download archive path
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.stat:
path: "{{ archive }}"
register: archive_path
@ -166,13 +166,13 @@
- not archive_path.stat.exists
- local_archive_path.stat is defined
- local_archive_path.stat.exists
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
- name: "Check target directory: {{ keycloak.home }}"
ansible.builtin.stat:
path: "{{ keycloak.home }}"
register: path_to_workdir
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
- name: "Extract {{ keycloak_service_desc }} archive on target"
ansible.builtin.unarchive:
@ -182,7 +182,7 @@
creates: "{{ keycloak.home }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
when:
- new_version_downloaded.changed or not path_to_workdir.stat.exists
notify:
@ -200,13 +200,13 @@
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
recurse: true
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
changed_when: false
- name: Ensure permissions are correct on existing deploy
ansible.builtin.command: chown -R "{{ keycloak_service_user }}:{{ keycloak_service_group }}" "{{ keycloak.home }}"
when: keycloak_service_runas
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
changed_when: false
# driver and configuration
@ -215,7 +215,7 @@
when: keycloak_jdbc[keycloak_jdbc_engine].enabled
- name: "Deploy custom {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak_config_override_template }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.template:
src: "templates/{{ keycloak_config_override_template }}"
dest: "{{ keycloak_config_path_to_standalone_xml }}"
@ -227,7 +227,7 @@
when: keycloak_config_override_template | length > 0
- name: "Deploy standalone {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.template:
src: templates/standalone.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}"
@ -255,7 +255,7 @@
when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING'
- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.template:
src: templates/standalone-ha.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}"
@ -270,7 +270,7 @@
- keycloak_config_override_template | length == 0
- name: "Deploy HA {{ keycloak.service_name }} config with infinispan remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.template:
src: templates/standalone-infinispan.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}"
@ -285,7 +285,7 @@
- keycloak_config_override_template | length == 0
- name: "Deploy profile.properties file to {{ keycloak_config_path_to_properties }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.template:
src: keycloak-profile.properties.j2
dest: "{{ keycloak_config_path_to_properties }}"

2
roles/keycloak/tasks/iptables.yml
View file

@ -6,7 +6,7 @@
- iptables
- name: "Configure firewall ports for {{ keycloak.service_name }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.iptables:
destination_port: "{{ item }}"
action: "insert"

8
roles/keycloak/tasks/jdbc_driver.yml
View file

@ -3,7 +3,7 @@
ansible.builtin.stat:
path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
register: dest_path
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
- name: "Set up module dir for JDBC Driver {{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}"
ansible.builtin.file:
@ -13,7 +13,7 @@
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
mode: '0750'
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
when:
- not dest_path.stat.exists
- name: "Verify valid parameters for download credentials when specified"
@ -34,7 +34,7 @@
url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}"
validate_certs: "{{ keycloak_jdbc_download_validate_certs | default(omit) }}"
mode: '0640'
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
- name: "Deploy module.xml for JDBC Driver"
ansible.builtin.template:
@ -43,4 +43,4 @@
group: "{{ keycloak_service_group }}"
owner: "{{ keycloak_service_user }}"
mode: '0640'
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"

4
roles/keycloak/tasks/main.yml
View file

@ -35,7 +35,7 @@
state: link
src: "{{ keycloak_jboss_home }}/standalone/log"
dest: "{{ keycloak_log_target }}"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
- name: Set admin credentials and restart if not already created
block:
@ -59,7 +59,7 @@
- "-u{{ keycloak_admin_user }}"
- "-p{{ keycloak_admin_password }}"
changed_when: true
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
- name: "Restart {{ keycloak.service_name }}"
ansible.builtin.include_tasks: tasks/restart_keycloak.yml
- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"

4
roles/keycloak/tasks/restart_keycloak.yml
View file

@ -5,7 +5,7 @@
enabled: true
state: restarted
daemon_reload: true
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
delegate_to: "{{ ansible_play_hosts | first }}"
run_once: true
@ -24,5 +24,5 @@
name: keycloak
enabled: true
state: restarted
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
when: inventory_hostname != ansible_play_hosts | first

22
roles/keycloak/tasks/rhsso_patch.yml
View file

@ -12,7 +12,7 @@
path: "{{ patch_archive }}"
register: patch_archive_path
when: sso_patch_version is defined
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
- name: Perform patch download from RHN via JBossNetwork API
delegate_to: localhost
@ -86,7 +86,7 @@
ansible.builtin.stat:
path: "{{ patch_archive }}"
register: patch_archive_path
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
## copy and unpack
- name: Copy patch archive to target nodes
@ -101,15 +101,15 @@
- not patch_archive_path.stat.exists
- local_archive_path.stat is defined
- local_archive_path.stat.exists
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
- name: "Check installed patches"
ansible.builtin.include_tasks: rhsso_cli.yml
vars:
query: "patch info"
patch_query: "patch info"
args:
apply:
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
become_user: "{{ keycloak_service_user }}"
- name: "Perform patching"
@ -121,21 +121,21 @@
- name: "Apply patch {{ patch_version }} to server"
ansible.builtin.include_tasks: rhsso_cli.yml
vars:
query: "patch apply {{ patch_archive }}"
patch_query: "patch apply {{ patch_archive }}"
args:
apply:
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
become_user: "{{ keycloak_service_user }}"
- name: "Restart server to ensure patch content is running"
ansible.builtin.include_tasks: rhsso_cli.yml
vars:
query: "shutdown --restart"
patch_query: "shutdown --restart"
when:
- cli_result.rc == 0
args:
apply:
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
become_user: "{{ keycloak_service_user }}"
- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
@ -149,10 +149,10 @@
- name: "Query installed patch after restart"
ansible.builtin.include_tasks: rhsso_cli.yml
vars:
query: "patch info"
patch_query: "patch info"
args:
apply:
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
become_user: "{{ keycloak_service_user }}"
- name: "Verify installed patch version"

2
roles/keycloak/tasks/start_keycloak.yml
View file

@ -5,7 +5,7 @@
enabled: true
state: started
daemon_reload: true
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
ansible.builtin.uri:

2
roles/keycloak/tasks/stop_keycloak.yml
View file

@ -4,4 +4,4 @@
name: keycloak
enabled: true
state: stopped
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"

6
roles/keycloak/tasks/systemd.yml
View file

@ -1,6 +1,6 @@
---
- name: "Configure {{ keycloak.service_name }} service script wrapper"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.template:
src: keycloak-service.sh.j2
dest: "{{ keycloak_dest }}/keycloak-service.sh"
@ -11,7 +11,7 @@
- restart keycloak
- name: "Configure sysconfig file for {{ keycloak.service_name }} service"
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
ansible.builtin.template:
src: keycloak-sysconfig.j2
dest: "{{ keycloak_sysconf_file }}"
@ -28,7 +28,7 @@
owner: root
group: root
mode: '0644'
become: true
become: "{{ keycloak_install_requires_become | default(true) }}"
register: systemdunit
notify:
- restart keycloak