Add local download path

.ansible-lint

@@ -34,6 +34,7 @@ warn_list:
 skip_list:
   - vars_should_not_be_used
   - file_is_small_enough
+  - file_has_valid_name
   - name[template]
   - var-naming[no-role-prefix]
 

roles/keycloak_quarkus/README.md

@@ -37,6 +37,7 @@ Role Defaults
 |`keycloak_quarkus_offline_install` | Perform an offline install | `False`|
 |`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` |
 |`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` |
+|`keycloak_quarkus_download_path`| Path local to controller for offline/download of install archives | `{{ lookup('env', 'PWD') }}` |
 
 
 #### Service configuration

roles/keycloak_quarkus/defaults/main.yml

@@ -15,6 +15,7 @@ keycloak_quarkus_java_home:
 keycloak_quarkus_dest: /opt/keycloak
 keycloak_quarkus_home: "{{ keycloak_quarkus_installdir }}"
 keycloak_quarkus_config_dir: "{{ keycloak_quarkus_home }}/conf"
+keycloak_quarkus_download_path: "{{ lookup('env', 'PWD') }}"
 keycloak_quarkus_start_dev: false
 keycloak_quarkus_service_user: keycloak
 keycloak_quarkus_service_group: keycloak

roles/keycloak_quarkus/handlers/main.yml

@@ -10,7 +10,7 @@
   ansible.builtin.include_tasks:
     file: "{{ keycloak_quarkus_restart_strategy if keycloak_quarkus_ha_enabled else 'restart.yml' }}"
   listen: "restart keycloak"
-- name: "Print deprecation warning"
+- name: "Display deprecation warning"
   ansible.builtin.fail:
     msg: "Deprecation warning: you are using the deprecated variable '{{ deprecated_variable | d('NotSet') }}', check docs on how to upgrade."
   failed_when: false

roles/keycloak_quarkus/meta/argument_specs.yml

@@ -56,15 +56,15 @@ argument_specs:
                 default: false
                 description: "Ensure firewalld is running and configure keycloak ports"
                 type: "bool"
-            keycloak_service_restart_always:
+            keycloak_quarkus_service_restart_always:
                 default: false
                 description: "systemd restart always behavior of service; takes precedence over keycloak_service_restart_on_failure if true"
                 type: "bool"
-            keycloak_service_restart_on_failure:
+            keycloak_quarkus_service_restart_on_failure:
                 default: false
                 description: "systemd restart on-failure behavior of service"
                 type: "bool"
-            keycloak_service_restartsec:
+            keycloak_quarkus_service_restartsec:
                 default: "10s"
                 description: "systemd RestartSec for service"
                 type: "str"
@@ -457,6 +457,14 @@ argument_specs:
                 description: "Number of attempts for successful health check before failing"
                 default: 25
                 type: 'int'
+            keycloak_quarkus_show_deprecation_warnings:
+                default: true
+                description: "Whether or not deprecation warnings should be shown"
+                type: "bool"
+            keycloak_quarkus_download_path:
+                description: "Path local to controller for offline/download of install archives"
+                default: "{{ lookup('env', 'PWD') }}"
+                type: "str"
     downstream:
         options:
             rhbk_version:
@@ -487,10 +495,6 @@ argument_specs:
                 default: false
                 description: "Perform an offline install"
                 type: "bool"
-            keycloak_quarkus_show_deprecation_warnings:
-                default: true
-                description: "Whether deprecation warnings should be shown"
-                type: "bool"
             rhbk_service_name:
                 default: "rhbk"
                 description: "systemd service name for Red Hat Build of Keycloak"

roles/keycloak_quarkus/tasks/bootstrapped.yml

@@ -1,5 +1,5 @@
 ---
-- name: Write ansible custom facts
+- name: Save ansible custom facts
   become: true
   ansible.builtin.template:
     src: keycloak.fact.j2
@@ -8,7 +8,7 @@
   vars:
     bootstrapped: true
 
-- name: Re-read custom facts
+- name: Refresh custom facts
   ansible.builtin.setup:
     filter: ansible_local
 

roles/keycloak_quarkus/tasks/config_store.yml

@@ -8,7 +8,7 @@
 - name: "Initialize empty configuration key store"
   become: true
   # keytool doesn't allow creating an empty key store, so this is a hacky way around it
-  ansible.builtin.shell: |
+  ansible.builtin.shell: | # noqa blocked_modules shell is necessary here
     set -o nounset   # abort on unbound variable
     set -o pipefail  # do not hide errors within pipes
     set -o errexit   # abort on nonzero exit status
@@ -19,7 +19,7 @@
     creates: "{{ keycloak_quarkus_config_key_store_file }}"
 
 - name: "Set configuration key store using keytool"
-  ansible.builtin.shell: |
+  ansible.builtin.shell: | # noqa blocked_modules shell is necessary here
     set -o nounset   # abort on unbound variable
     set -o pipefail  # do not hide errors within pipes
 
@@ -36,7 +36,7 @@
     fi
 
     echo {{ item.value | quote }} | keytool -noprompt -importpass -alias {{ item.key | quote }} -keystore {{ keycloak_quarkus_config_key_store_file | quote }} -storepass {{ keycloak_quarkus_config_key_store_password | quote }} -storetype PKCS12
-  with_items: "{{ store_items }}"
+  loop: "{{ store_items }}"
   no_log: true
   become: true
   changed_when: true

roles/keycloak_quarkus/tasks/install.yml

@@ -8,6 +8,7 @@
       - keycloak_quarkus_archive is defined
       - keycloak_quarkus_download_url is defined
       - keycloak_quarkus_version is defined
+      - local_path is defined
     quiet: true
 
 - name: Check for an existing deployment
@@ -52,14 +53,6 @@
   register: archive_path
 
 ## download to controller
-- name: Check local download archive path
-  ansible.builtin.stat:
-    path: "{{ lookup('env', 'PWD') }}"
-  register: local_path
-  delegate_to: localhost
-  run_once: true
-  become: false
-
 - name: Download keycloak archive
   ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
     url: "{{ keycloak_quarkus_download_url }}"
@@ -244,7 +237,7 @@
   no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}"
   notify: "{{ ['rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or not item.restart else [] }}"
 
-- name: "Upload local maven providers"
+- name: "Copy maven providers"
   ansible.builtin.copy:
     src: "{{ local_path.stat.path }}/{{ item.id }}.jar"
     dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar"
@@ -256,7 +249,7 @@
   when: item.maven is defined
   no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}"
 
-- name: "Upload local providers"
+- name: "Copy providers"
   ansible.builtin.copy:
     src: "{{ item.local_path }}"
     dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar"

roles/keycloak_quarkus/tasks/main.yml

@@ -91,7 +91,7 @@
   register: keycloak_service_status
   changed_when: false
 
-- name: "Trigger bootstrapped notification: remove `keycloak_quarkus_admin_user[_pass]` env vars"
+- name: "Notify to remove `keycloak_quarkus_admin_user[_pass]` env vars"
   when:
     - not ansible_local.keycloak.general.bootstrapped | default(false) | bool # it was not bootstrapped prior to the current role's execution
     - keycloak_service_status.status.ActiveState == "active"                  # but it is now

roles/keycloak_quarkus/tasks/prereqs.yml

@@ -43,10 +43,50 @@
   vars:
     packages_list: "{{ keycloak_quarkus_prereq_package_list }}"
 
+- name: Check local download archive path
+  ansible.builtin.stat:
+    path: "{{ keycloak_quarkus_download_path }}"
+  register: local_path
+  delegate_to: localhost
+  run_once: true
+  become: false
+
+- name: Validate local download path
+  ansible.builtin.assert:
+    that:
+      - local_path.stat.exists
+      - local_path.stat.readable
+      - keycloak_quarkus_offline_install or local_path.stat.writeable
+    quiet: true
+    fail_msg: "Defined controller path for downloading resource is incorrect: {{ keycloak_quarkus_download_path }}"
+    success_msg: "Will download resource to controller path: {{ local_path.stat.path }}"
+  delegate_to: localhost
+  run_once: true
+
+- name: Check downloaded archive if offline
+  ansible.builtin.stat:
+    path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+  when: keycloak_quarkus_offline_install
+  register: local_archive_path_check
+  delegate_to: localhost
+  run_once: true
+
+- name: Validate local downloaded archive if offline
+  ansible.builtin.assert:
+    that:
+      - local_archive_path_check.stat.exists
+      - local_archive_path_check.stat.readable
+    quiet: true
+    fail_msg: "Configured for offline install but install archive not found at: {{ local_archive_path_check.stat.path }}"
+    success_msg: "Will install offline with expected archive: {{ local_archive_path_check.stat.path }}"
+  when: keycloak_quarkus_offline_install
+  delegate_to: localhost
+  run_once: true
+
 - name: "Validate keytool"
   when: keycloak_quarkus_config_key_store_password | length > 0
   block:
-    - name: "Attempt to run keytool"
+    - name: "Check run keytool"
       changed_when: false
       ansible.builtin.command: keytool -help
       register: keytool_check

roles/keycloak_quarkus/tasks/rebuild_config.yml

@@ -1,7 +1,7 @@
 ---
 # cf. https://www.keycloak.org/server/configuration#_optimize_the_keycloak_startup
 - name: "Rebuild {{ keycloak.service_name }} config"
-  ansible.builtin.shell: |
+  ansible.builtin.shell: | # noqa blocked_modules shell is necessary here
     {{ keycloak.home }}/bin/kc.sh build
   environment:
     PATH: "{{ keycloak_quarkus_java_home | default(keycloak_quarkus_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

roles/keycloak_quarkus/tasks/restart.yml

@@ -16,7 +16,7 @@
   delay: "{{ keycloak_quarkus_restart_health_check_delay }}"
   when: internal_force_health_check | default(keycloak_quarkus_restart_health_check)
 
-- name: Pause to give distributed ispn caches time to (re-)replicate back onto first host
+- name: Wait to give distributed ispn caches time to (re-)replicate back onto first host
   ansible.builtin.pause:
     seconds: "{{ keycloak_quarkus_restart_pause }}"
   when: