Merge pull request #283 from world-direct/feature/282

RHBK v26.2 (#282)
2025-07-29 08:01:33 -07:00 · 2025-05-19 18:37:01 +02:00 · 2025-05-19 18:37:01 +02:00 · f4a1798f26
commit f4a1798f26
parent d427a6b721 d23ae39c25
6 changed files with 26 additions and 14 deletions
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@ -18,7 +18,7 @@

    - name: Download keycloak archive to controller directory
      ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
-        url: https://github.com/keycloak/keycloak/releases/download/26.0.8/keycloak-26.0.8.zip
+        url: https://github.com/keycloak/keycloak/releases/download/26.2.4/keycloak-26.2.4.zip
        dest: /tmp/keycloak
        mode: '0640'
      delegate_to: localhost
--- a/molecule/quarkus/converge.yml
+++ b/molecule/quarkus/converge.yml
@ -23,7 +23,7 @@
    keycloak_quarkus_systemd_wait_for_delay: 2
    keycloak_quarkus_systemd_wait_for_log: true
    keycloak_quarkus_restart_health_check: false # would fail because of self-signed cert
-    keycloak_quarkus_version: 26.2.0
+    keycloak_quarkus_version: 26.2.4
    keycloak_quarkus_additional_env_vars:
      - key: KC_FEATURES_DISABLED
        value: impersonation,kerberos
@ -45,7 +45,7 @@
          repository_url: https://repo1.maven.org/maven2/ # https://mvnrepository.com/artifact/org.keycloak/keycloak-kerberos-federation/24.0.4
          group_id: org.keycloak
          artifact_id: keycloak-kerberos-federation
-          version: 26.0.7 # optional
+          version: 26.2.4 # optional
          # username: myUser # optional
          # password: myPAT # optional
      # - id: my-static-theme
--- a/roles/keycloak_quarkus/README.md
+++ b/roles/keycloak_quarkus/README.md
@ -33,7 +33,7 @@ Role Defaults

 | Variable | Description | Default |
 |:---------|:------------|:--------|
-|`keycloak_quarkus_version`| keycloak.org package version | `26.0.7` |
+|`keycloak_quarkus_version`| keycloak.org package version | `26.2.4` |
 |`keycloak_quarkus_offline_install` | Perform an offline install | `False`|
 |`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` |
 |`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` |
@ -77,7 +77,7 @@ Role Defaults
 | Variable | Description | Default |
 |:---------|:------------|:--------|
 |`keycloak_quarkus_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
-|`keycloak_quarkus_ha_discovery`| Discovery protocol for HA cluster members | `TCPPING` |
+|`keycloak_quarkus_ha_discovery`| Discovery protocol for HA cluster members | `JDBCPING` |
 |`keycloak_quarkus_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_quarkus_ha_enabled` is True, else `False` |
 |`keycloak_quarkus_jgroups_ip`| Host jgroups IP.  If changing this variable you must make sure it is always set for all hosts in your cluster. | `{{ ansible_default_ipv4.address }}` |
 |`keycloak_quarkus_jgroups_port`| jgroups cluster tcp port | `7800` |
--- a/roles/keycloak_quarkus/defaults/main.yml
+++ b/roles/keycloak_quarkus/defaults/main.yml
@ -1,6 +1,6 @@
 ---
 ### Configuration specific to keycloak
-keycloak_quarkus_version: 26.0.8
+keycloak_quarkus_version: 26.2.4
 keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip"
 keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"
 keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"
@ -70,7 +70,7 @@ keycloak_quarkus_config_key_store_password: ''

 ### Enable configuration for database backend, clustering and remote caches on infinispan
 keycloak_quarkus_ha_enabled: false
-keycloak_quarkus_ha_discovery: "TCPPING"
+keycloak_quarkus_ha_discovery: "JDBCPING"
 ### Enable database configuration, must be enabled when HA is configured
 keycloak_quarkus_db_enabled: "{{ keycloak_quarkus_ha_enabled }}"
 keycloak_quarkus_systemd_wait_for_port: "{{ keycloak_quarkus_ha_enabled }}"
@ -125,19 +125,19 @@ keycloak_quarkus_db_user: keycloak-user
 keycloak_quarkus_db_pass: keycloak-pass
 keycloak_quarkus_db_url: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_db_engine].url }}"
 keycloak_quarkus_db_driver_version: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_db_engine].version }}"
-# override the variables above, following defaults show minimum supported versions
+# override the variables above, following defaults show recommended version as per
+# https://access.redhat.com/articles/7033107
 keycloak_quarkus_default_jdbc:
  postgres:
    url: 'jdbc:postgresql://localhost:5432/keycloak'
-    version: 9.4.1212
+    version: 42.7.5
  mariadb:
    url: 'jdbc:mariadb://localhost:3306/keycloak'
-    version: 2.7.4
+    version: 3.5.2
  mssql:
    url: 'jdbc:sqlserver://localhost:1433;databaseName=keycloak;'
    version: 12.8.1
    driver_jar_url: "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.8.1.jre11/mssql-jdbc-12.8.1.jre11.jar"
-    # cf. https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/server_configuration_guide/index#db-installing-the-microsoft-sql-server-driver
 ### logging configuration
 keycloak_quarkus_log: file
 keycloak_quarkus_log_level: info
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@ -2,7 +2,7 @@ argument_specs:
    main:
        options:
            keycloak_quarkus_version:
-                default: "26.0.8"
+                default: "26.2.4"
                description: "keycloak.org package version"
                type: "str"
            keycloak_quarkus_archive:
@ -475,7 +475,7 @@ argument_specs:
    downstream:
        options:
            rhbk_version:
-                default: "26.0.11"
+                default: "26.2.4"
                description: "Red Hat Build of Keycloak version"
                type: "str"
            rhbk_archive:
--- a/roles/keycloak_quarkus/templates/cache-ispn.xml.j2
+++ b/roles/keycloak_quarkus/templates/cache-ispn.xml.j2
@ -22,7 +22,8 @@
        xmlns="urn:infinispan:config:15.0">

 {% set stack_expression='' %}
-{% if keycloak_quarkus_ha_enabled and keycloak_quarkus_ha_discovery == 'TCPPING' %}
+{% if keycloak_quarkus_ha_enabled %}
+{% if keycloak_quarkus_ha_discovery == 'TCPPING' %}
 {% set stack_expression='stack="tcpping"' %}
    <jgroups>
        <stack name="tcpping" extends="tcp">
@ -35,6 +36,9 @@
            />
        </stack>
    </jgroups>
+{% elif keycloak_quarkus_ha_discovery == 'JDBCPING' %}
+{% set stack_expression='stack="JDBC_PING2"' %}
+{% endif %}
 {% endif %}

    <cache-container name="keycloak">
@ -93,6 +97,14 @@
            <expiration max-idle="3600000"/>
            <memory max-count="1000"/>
        </local-cache>
+        <local-cache name="crl" simple-cache="true">
+            <encoding>
+                <key media-type="application/x-java-object"/>
+                <value media-type="application/x-java-object"/>
+            </encoding>
+            <expiration lifespan="-1"/>
+            <memory max-count="1000"/>
+        </local-cache>
        <distributed-cache name="actionTokens" owners="2">
            <encoding>
                <key media-type="application/x-java-object"/>