From f980d4d1e1dc2e911bfaaa245937acfdde268746 Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Tue, 7 Mar 2023 12:21:50 +0100
Subject: [PATCH] Provide config for multiple modcluster proxies

---
 roles/keycloak/README.md                             |  4 +++-
 roles/keycloak/defaults/main.yml                     |  6 +++++-
 roles/keycloak/meta/argument_specs.yml               | 12 ++++++++++++
 roles/keycloak/tasks/main.yml                        |  1 -
 .../keycloak/templates/standalone-infinispan.xml.j2  |  8 +++++---
 roles/keycloak/templates/standalone.xml.j2           |  8 +++++---
 roles/keycloak/vars/main.yml                         |  2 +-
 7 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
index 5af0957..0104d75 100644
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -116,7 +116,9 @@ The following variables are _required_ only when `keycloak_ha_enabled` is True:
 
 | Variable | Description | Default |
 |:---------|:------------|:---------|
-|`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` |
+|`keycloak_modcluster_url` | _deprecated_ Host for the modcluster reverse proxy | `localhost` |
+|`keycloak_modcluster_port` | _deprecated_ Port for the modcluster reverse proxy | `6666` |
+|`keycloak_modcluster_urls` | List of {host,port} dicts for the modcluster reverse proxies | `[ { localhost:6666 } ]` |
 |`keycloak_jdbc_engine` | backend database engine when db is enabled: [ postgres, mariadb ] | `postgres` |
 |`keycloak_infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
 |`keycloak_infinispan_user` | username for connecting to infinispan | `supervisor` |
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 88ff001..67414cf 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -54,8 +54,12 @@ keycloak_auth_client: admin-cli
 
 keycloak_force_install: False
 
-### mod_cluster reverse proxy
+### mod_cluster reverse proxy list
 keycloak_modcluster_url: localhost
+keycloak_modcluster_port: 6666
+keycloak_modcluster_urls:
+  - host: "{{ keycloak_modcluster_url }}"
+    port: "{{ keycloak_modcluster_port }}"
 
 ### keycloak frontend url
 keycloak_frontend_url: http://localhost:8080/auth
diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml
index f58b1d4..74115e8 100644
--- a/roles/keycloak/meta/argument_specs.yml
+++ b/roles/keycloak/meta/argument_specs.yml
@@ -178,6 +178,18 @@ argument_specs:
                 default: "localhost"
                 description: "URL for the modcluster reverse proxy"
                 type: "str"
+                removed_in_version: "1.4.0"
+                removed_from_collection: "middleware_automation.keycloak"
+            keycloak_modcluster_port:
+                default: 6666
+                description: "Port for the modcluster reverse proxy"
+                type: "int"
+                removed_in_version: "1.4.0"
+                removed_from_collection: "middleware_automation.keycloak"
+            keycloak_modcluster_urls:
+                default: "[ { host: 'localhost', port: 6666 } ]"
+                description: "List of modproxy node URLs in the format { host, port } for the modcluster reverse proxy"
+                type: "list"
             keycloak_frontend_url:
                 # line 59 of keycloak/defaults/main.yml
                 default: "http://localhost"
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 316c033..32aca04 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -1,6 +1,5 @@
 ---
 # tasks file for keycloak
-
 - name: Check prerequisites
   ansible.builtin.include_tasks: prereqs.yml
   tags:
diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2
index bd71b75..eabae24 100644
--- a/roles/keycloak/templates/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/standalone-infinispan.xml.j2
@@ -617,7 +617,7 @@
         <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
 {% if keycloak_modcluster.enabled %}    
         <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
-            <proxy name="default" advertise="false" listener="ajp" proxies="proxy1">
+            <proxy name="default" advertise="false" listener="ajp" proxies="{{ ['proxy_'] | product(keycloak_modcluster.reverse_proxy_urls | map(attribute='host')) | map('join') | list | join(',') }}">
                 <dynamic-load-provider>
                     <load-metric type="cpu"/>
                 </dynamic-load-provider>
@@ -705,9 +705,11 @@
             <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
         </outbound-socket-binding>
 {% if keycloak_modcluster.enabled %}
-        <outbound-socket-binding name="proxy1">
-            <remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
+    {% for modcluster in keycloak_modcluster.reverse_proxy_urls %}
+        <outbound-socket-binding name="proxy_{{ modcluster.host }}">
+            <remote-destination host="{{ modcluster.host }}" port="{{ modcluster.port }}"/>
         </outbound-socket-binding>
+    {% endfor %}
 {% endif %}
         <outbound-socket-binding name="remote-cache">
             <remote-destination host="{{ keycloak_remotecache.server_name | default('localhost') }}" port="${remote.cache.port:11222}"/>
diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2
index 15c141a..812990b 100644
--- a/roles/keycloak/templates/standalone.xml.j2
+++ b/roles/keycloak/templates/standalone.xml.j2
@@ -530,7 +530,7 @@
         <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
 {% if keycloak_modcluster.enabled %}        
         <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
-            <proxy name="default" advertise="false" listener="ajp" proxies="proxy1">
+            <proxy name="default" advertise="false" listener="ajp" proxies="{{ ['proxy_'] | product(keycloak_modcluster.reverse_proxy_urls | map(attribute='host')) | map('join') | list | join(',') }}">
                 <dynamic-load-provider>
                     <load-metric type="cpu"/>
                 </dynamic-load-provider>
@@ -605,9 +605,11 @@
             <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
         </outbound-socket-binding>
 {% if keycloak_modcluster.enabled %}        
-        <outbound-socket-binding name="proxy1">
-            <remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
+    {% for modcluster in keycloak_modcluster.reverse_proxy_urls %}
+        <outbound-socket-binding name="proxy_{{ modcluster.host }}">
+            <remote-destination host="{{ modcluster.host }}" port="{{ modcluster.port }}"/>
         </outbound-socket-binding>
+    {% endfor %}
 {% endif %}        
     </socket-binding-group>
 </server>
diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml
index 0a1ad7a..52598bf 100644
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -60,7 +60,7 @@ keycloak_jdbc:
 # reverse proxy mod_cluster
 keycloak_modcluster:
   enabled: "{{ keycloak_ha_enabled }}"
-  reverse_proxy_url: "{{ keycloak_modcluster_url }}"
+  reverse_proxy_urls: "{{ keycloak_modcluster_urls }}"
   frontend_url: "{{ keycloak_frontend_url }}"
 
 # infinispan