From a70aece0d9e1ac698d48221701a4d2754546544c Mon Sep 17 00:00:00 2001 From: Helmut Wolf Date: Mon, 19 May 2025 14:10:29 +0200 Subject: [PATCH 1/5] chore: RHBK v26.2: Update recommended JDBC driver versions --- roles/keycloak_quarkus/defaults/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index b4d5a37..8b7c16d 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -125,19 +125,19 @@ keycloak_quarkus_db_user: keycloak-user keycloak_quarkus_db_pass: keycloak-pass keycloak_quarkus_db_url: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_db_engine].url }}" keycloak_quarkus_db_driver_version: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_db_engine].version }}" -# override the variables above, following defaults show minimum supported versions +# override the variables above, following defaults show recommended version as per +# https://access.redhat.com/articles/7033107 keycloak_quarkus_default_jdbc: postgres: url: 'jdbc:postgresql://localhost:5432/keycloak' - version: 9.4.1212 + version: 42.7.5 mariadb: url: 'jdbc:mariadb://localhost:3306/keycloak' - version: 2.7.4 + version: 3.5.2 mssql: url: 'jdbc:sqlserver://localhost:1433;databaseName=keycloak;' version: 12.8.1 driver_jar_url: "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.8.1.jre11/mssql-jdbc-12.8.1.jre11.jar" - # cf. https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/server_configuration_guide/index#db-installing-the-microsoft-sql-server-driver ### logging configuration keycloak_quarkus_log: file keycloak_quarkus_log_level: info From 8093b1af2acea4dcc854f2164eefbb53c8c28089 Mon Sep 17 00:00:00 2001 From: Helmut Wolf Date: Mon, 19 May 2025 14:10:45 +0200 Subject: [PATCH 2/5] chore: RHBK v26.2: Bump RHBK version to v26.2.4 --- roles/keycloak_quarkus/meta/argument_specs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml index cdf280b..0f437b7 100644 --- a/roles/keycloak_quarkus/meta/argument_specs.yml +++ b/roles/keycloak_quarkus/meta/argument_specs.yml @@ -475,7 +475,7 @@ argument_specs: downstream: options: rhbk_version: - default: "26.0.11" + default: "26.2.4" description: "Red Hat Build of Keycloak version" type: "str" rhbk_archive: From f8c75de5d5f822cb0b3cfd6cccecd562ca658f92 Mon Sep 17 00:00:00 2001 From: Helmut Wolf Date: Mon, 19 May 2025 14:12:50 +0200 Subject: [PATCH 3/5] chore: RHBK v26.2: Bump KC version to v26.2.4 --- roles/keycloak_quarkus/README.md | 2 +- roles/keycloak_quarkus/defaults/main.yml | 2 +- roles/keycloak_quarkus/meta/argument_specs.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md index 7aedb45..2460674 100644 --- a/roles/keycloak_quarkus/README.md +++ b/roles/keycloak_quarkus/README.md @@ -33,7 +33,7 @@ Role Defaults | Variable | Description | Default | |:---------|:------------|:--------| -|`keycloak_quarkus_version`| keycloak.org package version | `26.0.7` | +|`keycloak_quarkus_version`| keycloak.org package version | `26.2.4` | |`keycloak_quarkus_offline_install` | Perform an offline install | `False`| |`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` | |`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` | diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index 8b7c16d..cbea292 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -1,6 +1,6 @@ --- ### Configuration specific to keycloak -keycloak_quarkus_version: 26.0.8 +keycloak_quarkus_version: 26.2.4 keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip" keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}" keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}" diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml index 0f437b7..95d42f4 100644 --- a/roles/keycloak_quarkus/meta/argument_specs.yml +++ b/roles/keycloak_quarkus/meta/argument_specs.yml @@ -2,7 +2,7 @@ argument_specs: main: options: keycloak_quarkus_version: - default: "26.0.8" + default: "26.2.4" description: "keycloak.org package version" type: "str" keycloak_quarkus_archive: From 8f95bcb9e67250ad0cf332fd3cbfa73d584c53b8 Mon Sep 17 00:00:00 2001 From: Helmut Wolf Date: Mon, 19 May 2025 14:38:45 +0200 Subject: [PATCH 4/5] feat(HA): Change default ispn discovery mechanism to JDBCPING as per v26.2.* (#282) --- roles/keycloak_quarkus/README.md | 2 +- roles/keycloak_quarkus/defaults/main.yml | 2 +- roles/keycloak_quarkus/templates/cache-ispn.xml.j2 | 14 +++++++++++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md index 2460674..0da7272 100644 --- a/roles/keycloak_quarkus/README.md +++ b/roles/keycloak_quarkus/README.md @@ -77,7 +77,7 @@ Role Defaults | Variable | Description | Default | |:---------|:------------|:--------| |`keycloak_quarkus_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` | -|`keycloak_quarkus_ha_discovery`| Discovery protocol for HA cluster members | `TCPPING` | +|`keycloak_quarkus_ha_discovery`| Discovery protocol for HA cluster members | `JDBCPING` | |`keycloak_quarkus_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_quarkus_ha_enabled` is True, else `False` | |`keycloak_quarkus_jgroups_ip`| Host jgroups IP. If changing this variable you must make sure it is always set for all hosts in your cluster. | `{{ ansible_default_ipv4.address }}` | |`keycloak_quarkus_jgroups_port`| jgroups cluster tcp port | `7800` | diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index cbea292..ee12214 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -70,7 +70,7 @@ keycloak_quarkus_config_key_store_password: '' ### Enable configuration for database backend, clustering and remote caches on infinispan keycloak_quarkus_ha_enabled: false -keycloak_quarkus_ha_discovery: "TCPPING" +keycloak_quarkus_ha_discovery: "JDBCPING" ### Enable database configuration, must be enabled when HA is configured keycloak_quarkus_db_enabled: "{{ keycloak_quarkus_ha_enabled }}" keycloak_quarkus_systemd_wait_for_port: "{{ keycloak_quarkus_ha_enabled }}" diff --git a/roles/keycloak_quarkus/templates/cache-ispn.xml.j2 b/roles/keycloak_quarkus/templates/cache-ispn.xml.j2 index e546ab8..2d745d5 100644 --- a/roles/keycloak_quarkus/templates/cache-ispn.xml.j2 +++ b/roles/keycloak_quarkus/templates/cache-ispn.xml.j2 @@ -22,7 +22,8 @@ xmlns="urn:infinispan:config:15.0"> {% set stack_expression='' %} -{% if keycloak_quarkus_ha_enabled and keycloak_quarkus_ha_discovery == 'TCPPING' %} +{% if keycloak_quarkus_ha_enabled %} +{% if keycloak_quarkus_ha_discovery == 'TCPPING' %} {% set stack_expression='stack="tcpping"' %} @@ -35,6 +36,9 @@ /> +{% elif keycloak_quarkus_ha_discovery == 'JDBCPING' %} +{% set stack_expression='stack="JDBC_PING2"' %} +{% endif %} {% endif %} @@ -93,6 +97,14 @@ + + + + + + + + From d23ae39c258989a88ca2474bdf74502612bb2cf4 Mon Sep 17 00:00:00 2001 From: Helmut Wolf Date: Mon, 19 May 2025 14:44:06 +0200 Subject: [PATCH 5/5] chore(molecule): RHBK v26.2 (#282) --- molecule/default/prepare.yml | 2 +- molecule/quarkus/converge.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 77a7723..44d4a91 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -18,7 +18,7 @@ - name: Download keycloak archive to controller directory ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user - url: https://github.com/keycloak/keycloak/releases/download/26.0.8/keycloak-26.0.8.zip + url: https://github.com/keycloak/keycloak/releases/download/26.2.4/keycloak-26.2.4.zip dest: /tmp/keycloak mode: '0640' delegate_to: localhost diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml index 65da7bd..1114478 100644 --- a/molecule/quarkus/converge.yml +++ b/molecule/quarkus/converge.yml @@ -23,7 +23,7 @@ keycloak_quarkus_systemd_wait_for_delay: 2 keycloak_quarkus_systemd_wait_for_log: true keycloak_quarkus_restart_health_check: false # would fail because of self-signed cert - keycloak_quarkus_version: 26.2.0 + keycloak_quarkus_version: 26.2.4 keycloak_quarkus_additional_env_vars: - key: KC_FEATURES_DISABLED value: impersonation,kerberos @@ -45,7 +45,7 @@ repository_url: https://repo1.maven.org/maven2/ # https://mvnrepository.com/artifact/org.keycloak/keycloak-kerberos-federation/24.0.4 group_id: org.keycloak artifact_id: keycloak-kerberos-federation - version: 26.0.7 # optional + version: 26.2.4 # optional # username: myUser # optional # password: myPAT # optional # - id: my-static-theme