diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6e5a542..d8905f0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,7 +4,7 @@ on: push: branches: - main - pull_request: + pull_request_target: schedule: - cron: '0 6 * * *' diff --git a/README.md b/README.md index 30d6d9e..2c04254 100644 --- a/README.md +++ b/README.md @@ -66,11 +66,11 @@ For full service configuration details, refer to the [keycloak role README](http #### Install from controller node (offline) -Making the keycloak zip archive available to the playbook working directory, and setting `keycloak_offline_install` to `True`, allows to skip +Making the keycloak zip archive available to the playbook working directory, and setting `keycloak_offline_install` to `true`, allows to skip the download tasks. The local path for the archive does match the downloaded archive path, so that it is also used as a cache when multiple hosts are provisioned in a cluster. ```yaml -keycloak_offline_install: True +keycloak_offline_install: true ``` diff --git a/meta/runtime.yml b/meta/runtime.yml index 47dc0fb..ce6befd 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,2 +1,2 @@ --- -requires_ansible: ">=2.14.0" \ No newline at end of file +requires_ansible: ">=2.14.0" diff --git a/playbooks/keycloak_federation.yml b/playbooks/keycloak_federation.yml index f6de6c1..49cb6c0 100644 --- a/playbooks/keycloak_federation.yml +++ b/playbooks/keycloak_federation.yml @@ -55,14 +55,14 @@ - TestClient1Admin - TestClient1User realm: "{{ keycloak_realm }}" - public_client: True + public_client: true web_origins: - http://testclient1origin/application - http://testclient1origin/other users: - - username: TestUser - password: password - client_roles: - - client: TestClient1 - role: TestClient1User - realm: "{{ keycloak_realm }}" + - username: TestUser + password: password + client_roles: + - client: TestClient1 + role: TestClient1User + realm: "{{ keycloak_realm }}" diff --git a/playbooks/keycloak_quarkus.yml b/playbooks/keycloak_quarkus.yml index 5b1122a..13bbce5 100644 --- a/playbooks/keycloak_quarkus.yml +++ b/playbooks/keycloak_quarkus.yml @@ -7,7 +7,7 @@ keycloak_quarkus_port: 8443 keycloak_quarkus_http_relative_path: '' keycloak_quarkus_log: file - keycloak_quarkus_https_key_file_enabled: True + keycloak_quarkus_https_key_file_enabled: true keycloak_quarkus_key_file: conf/key.pem keycloak_quarkus_cert_file: conf/cert.pem roles: diff --git a/playbooks/keycloak_realm.yml b/playbooks/keycloak_realm.yml index f03edab..99b2ef8 100644 --- a/playbooks/keycloak_realm.yml +++ b/playbooks/keycloak_realm.yml @@ -10,17 +10,17 @@ - TestClient1Admin - TestClient1User realm: TestRealm - public_client: True + public_client: true web_origins: - http://testclient1origin/application - http://testclient1origin/other users: - - username: TestUser - password: password - client_roles: - - client: TestClient1 - role: TestClient1User - realm: TestRealm + - username: TestUser + password: password + client_roles: + - client: TestClient1 + role: TestClient1User + realm: TestRealm roles: - role: middleware_automation.keycloak.keycloak_realm keycloak_realm: TestRealm diff --git a/playbooks/rhsso.yml b/playbooks/rhsso.yml index ea67158..ea61f66 100644 --- a/playbooks/rhsso.yml +++ b/playbooks/rhsso.yml @@ -3,6 +3,6 @@ hosts: sso vars: keycloak_admin_password: "remembertochangeme" - sso_enable: True + sso_enable: true roles: - middleware_automation.keycloak.keycloak diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 17149f7..c4dfedc 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -39,7 +39,7 @@ Versions Patching -------- -When variable `keycloak_rhsso_apply_patches` is `True` (default: `False`), the role will automatically apply the latest cumulative patch for the selected base version. +When variable `keycloak_rhsso_apply_patches` is `true` (default: `false`), the role will automatically apply the latest cumulative patch for the selected base version. | RH-SSO VERSION | Release Date | RH-SSO LATEST CP | Notes | |:---------------|:------------------|:-----------------|:----------------| @@ -55,7 +55,7 @@ Role Defaults | Variable | Description | Default | |:---------|:------------|:---------| |`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` | -|`keycloak_ha_discovery`| Discovery protocol for HA cluster members | `JDBC_PING` if keycloak_db_enabled else `TCPPING` | +|`keycloak_ha_discovery`| Discovery protocol for HA cluster members | `JDBC_PING` if `keycloak_db_enabled` else `TCPPING` | |`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` | |`keycloak_remote_cache_enabled`| Enable remote cache store when in clustered ha configurations | `True` if `keycloak_ha_enabled` else `False` | |`keycloak_admin_user`| Administration console user account | `admin` | @@ -68,19 +68,19 @@ Role Defaults |`keycloak_jgroups_port`| jgroups cluster tcp port | `7600` | |`keycloak_management_http_port`| Management port | `9990` | |`keycloak_management_https_port`| TLS management port | `9993` | -|`keycloak_prefer_ipv4`| Prefer IPv4 stack and addresses for port binding | `True` | +|`keycloak_prefer_ipv4`| Prefer IPv4 stack and addresses for port binding | `true` | |`keycloak_config_standalone_xml`| filename for configuration | `keycloak.xml` | |`keycloak_service_user`| posix account username | `keycloak` | |`keycloak_service_group`| posix account group | `keycloak` | -|`keycloak_service_restart_always`| systemd restart always behavior activation | `False` -|`keycloak_service_restart_on_failure`| systemd restart on-failure behavior activation | `False` +|`keycloak_service_restart_always`| systemd restart always behavior activation | `False` | +|`keycloak_service_restart_on_failure`| systemd restart on-failure behavior activation | `False` | |`keycloak_service_startlimitintervalsec`| systemd StartLimitIntervalSec | `300` | |`keycloak_service_startlimitburst`| systemd StartLimitBurst | `5` | |`keycloak_service_restartsec`| systemd RestartSec | `10s` | |`keycloak_service_pidfile`| pid file path for service | `/run/keycloak/keycloak.pid` | |`keycloak_features` | List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]` | `[]` |`keycloak_jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-headless` | -|`keycloak_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path | `None` | +|`keycloak_java_home`| `JAVA_HOME` of installed JRE, leave empty for using RPM path at `keycloak_jvm_package` | `None` | |`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` | @@ -88,12 +88,12 @@ Role Defaults | Variable | Description | Default | |:---------|:------------|:---------| -|`keycloak_offline_install` | perform an offline install | `False`| +|`keycloak_offline_install` | perform an offline install | `false`| |`keycloak_download_url`| Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download//`| |`keycloak_version`| keycloak.org package version | `18.0.2` | |`keycloak_dest`| Installation root path | `/opt/keycloak` | |`keycloak_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}` | -|`keycloak_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `False` | +|`keycloak_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `false` | * Miscellaneous configuration @@ -110,13 +110,13 @@ Role Defaults |`keycloak_config_override_template` | Path to custom template for standalone.xml configuration | `''` | |`keycloak_auth_realm` | Name for rest authentication realm | `master` | |`keycloak_auth_client` | Authentication client for configuration REST calls | `admin-cli` | -|`keycloak_force_install` | Remove pre-existing versions of service | `False` | +|`keycloak_force_install` | Remove pre-existing versions of service | `false` | |`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port + keycloak_jboss_port_offset }}` | |`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port + keycloak_jboss_port_offset }}` | -|`keycloak_frontend_url_force` | Force backend requests to use the frontend URL | `False` | -|`keycloak_db_background_validation` | Enable background validation of database connection | `False` | +|`keycloak_frontend_url_force` | Force backend requests to use the frontend URL | `false` | +|`keycloak_db_background_validation` | Enable background validation of database connection | `false` | |`keycloak_db_background_validation_millis`| How frequenly the connection pool is validated in the background | `10000` if background validation enabled | -|`keycloak_db_background_validate_on_match` | Enable validate on match for database connections | `False` | +|`keycloak_db_background_validate_on_match` | Enable validate on match for database connections | `false` | |`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` | |`keycloak_log_target`| Set the destination of the keycloak log folder link | `/var/log/keycloak` | @@ -132,7 +132,7 @@ The following are a set of _required_ variables for the role: |`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` | -The following parameters are _required_ only when `keycloak_ha_enabled` is True: +The following parameters are _required_ only when `keycloak_ha_enabled` is true: | Variable | Description | Default | |:---------|:------------|:--------| @@ -150,7 +150,7 @@ The following parameters are _required_ only when `keycloak_ha_enabled` is True: |`keycloak_infinispan_trust_store_password`| Password for opening truststore | `changeit` | -The following parameters are _required_ only when `keycloak_db_enabled` is True: +The following parameters are _required_ only when `keycloak_db_enabled` is true: | Variable | Description | Default | |:---------|:------------|:---------| @@ -196,7 +196,7 @@ Example Playbook name: keycloak vars: keycloak_admin_password: "remembertochangeme" - keycloak_offline_install: True + keycloak_offline_install: true # This should be the filename of keycloak archive on Ansible node: keycloak-16.1.0.zip ``` diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index 2b5cc35..7ffaec6 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -5,7 +5,7 @@ keycloak_archive: "keycloak-legacy-{{ keycloak_version }}.zip" keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}" keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}" keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" -keycloak_offline_install: False +keycloak_offline_install: false ### Install location and service settings keycloak_jvm_package: java-1.8.0-openjdk-headless @@ -26,13 +26,13 @@ keycloak_service_name: keycloak keycloak_service_desc: Keycloak keycloak_service_start_delay: 10 keycloak_service_start_retries: 25 -keycloak_service_restart_always: False -keycloak_service_restart_on_failure: False +keycloak_service_restart_always: false +keycloak_service_restart_on_failure: false keycloak_service_startlimitintervalsec: "300" keycloak_service_startlimitburst: "5" keycloak_service_restartsec: "10s" -keycloak_configure_firewalld: False +keycloak_configure_firewalld: false ### administrator console password keycloak_admin_password: '' @@ -49,11 +49,11 @@ keycloak_management_port_bind_address: 127.0.0.1 keycloak_management_http_port: 9990 keycloak_management_https_port: 9993 keycloak_java_opts: "-Xms1024m -Xmx2048m" -keycloak_prefer_ipv4: True +keycloak_prefer_ipv4: true keycloak_features: [] ### Enable configuration for database backend, clustering and remote caches on infinispan -keycloak_ha_enabled: False +keycloak_ha_enabled: false ### Enable database configuration, must be enabled when HA is configured keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}" ### Discovery protocol for ha cluster members, valus [ 'JDBC_PING', 'TCPPING' ] @@ -66,7 +66,7 @@ keycloak_admin_user: admin keycloak_auth_realm: master keycloak_auth_client: admin-cli -keycloak_force_install: False +keycloak_force_install: false ### mod_cluster reverse proxy list keycloak_modcluster_enabled: "{{ True if keycloak_ha_enabled else False }}" @@ -78,7 +78,7 @@ keycloak_modcluster_urls: ### keycloak frontend url keycloak_frontend_url: http://localhost:8080/auth/ -keycloak_frontend_url_force: False +keycloak_frontend_url_force: false keycloak_admin_url: ### infinispan remote caches access (hotrod) @@ -86,7 +86,7 @@ keycloak_infinispan_user: supervisor keycloak_infinispan_pass: supervisor keycloak_infinispan_url: localhost keycloak_infinispan_sasl_mechanism: SCRAM-SHA-512 -keycloak_infinispan_use_ssl: False +keycloak_infinispan_use_ssl: false # if ssl is enabled, import ispn server certificate here keycloak_infinispan_trust_store_path: /etc/pki/java/cacerts keycloak_infinispan_trust_store_password: changeit @@ -97,9 +97,9 @@ keycloak_jdbc_engine: postgres keycloak_db_user: keycloak-user keycloak_db_pass: keycloak-pass ## connection validation -keycloak_db_background_validation: False +keycloak_db_background_validation: false keycloak_db_background_validation_millis: "{{ 10000 if keycloak_db_background_validation else 0 }}" -keycloak_db_background_validate_on_match: False +keycloak_db_background_validate_on_match: false keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}" keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}" # override the variables above, following defaults show minimum supported versions @@ -114,7 +114,7 @@ keycloak_default_jdbc: url: 'jdbc:sqlserver://localhost:1433;databaseName=keycloak;' version: 12.2.0 # role specific vars -keycloak_no_log: True +keycloak_no_log: true ### logging configuration keycloak_log_target: /var/log/keycloak diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 2e93667..acdb309 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -214,7 +214,7 @@ argument_specs: description: "Frontend URL for keycloak endpoints when a reverse proxy is used" type: "str" keycloak_frontend_url_force: - default: False + default: false description: "Force backend requests to use the frontend URL" type: "bool" keycloak_infinispan_user: @@ -337,7 +337,7 @@ argument_specs: description: "Enable remote cache store when in clustered ha configurations" type: "bool" keycloak_db_background_validation: - default: False + default: false description: "Enable background validation of database connection" type: "bool" keycloak_db_background_validation_millis: @@ -345,19 +345,19 @@ argument_specs: description: "How frequenly the connection pool is validated in the background" type: 'int' keycloak_db_background_validate_on_match: - default: False + default: false description: "Enable validate on match for database connections" type: "bool" keycloak_db_valid_conn_sql: - required: False + required: false description: "Override the default database connection validation query sql" type: "str" keycloak_admin_url: - required: False + required: false description: "Override the default administration endpoint URL" type: "str" keycloak_jgroups_subnet: - required: False + required: false description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration" type: "str" keycloak_log_target: @@ -383,15 +383,15 @@ argument_specs: description: "Installation path for Red Hat SSO" type: "str" sso_apply_patches: - default: False + default: false description: "Install Red Hat SSO most recent cumulative patch" type: "bool" sso_enable: - default: True + default: true description: "Enable Red Hat Single Sign-on installation" type: "str" sso_offline_install: - default: False + default: false description: "Perform an offline install" type: "bool" sso_service_name: @@ -403,7 +403,7 @@ argument_specs: description: "systemd description for Red Hat Single Sign-On" type: "str" sso_patch_version: - required: False + required: false description: "Red Hat Single Sign-On latest cumulative patch version to apply; defaults to latest version when sso_apply_patches is True" type: "str" sso_patch_bundle: diff --git a/roles/keycloak/meta/main.yml b/roles/keycloak/meta/main.yml index 5a121ba..a70e9f1 100644 --- a/roles/keycloak/meta/main.yml +++ b/roles/keycloak/meta/main.yml @@ -15,9 +15,9 @@ galaxy_info: min_ansible_version: "2.14" platforms: - - name: EL - versions: - - "8" + - name: EL + versions: + - "8" galaxy_tags: - keycloak diff --git a/roles/keycloak/tasks/fastpackages.yml b/roles/keycloak/tasks/fastpackages.yml index cfd9025..c9085f8 100644 --- a/roles/keycloak/tasks/fastpackages.yml +++ b/roles/keycloak/tasks/fastpackages.yml @@ -2,15 +2,15 @@ - name: "Check if packages are already installed" # noqa command-instead-of-module this runs faster ansible.builtin.command: "rpm -q {{ packages_list | join(' ') }}" register: rpm_info - changed_when: False - failed_when: False + changed_when: false + failed_when: false - name: "Add missing packages to the yum install list" ansible.builtin.set_fact: packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}" - name: "Install packages: {{ packages_to_install }}" - become: True + become: true ansible.builtin.yum: name: "{{ packages_to_install }}" state: present diff --git a/roles/keycloak/tasks/firewalld.yml b/roles/keycloak/tasks/firewalld.yml index 0cf4ee3..f48f580 100644 --- a/roles/keycloak/tasks/firewalld.yml +++ b/roles/keycloak/tasks/firewalld.yml @@ -6,19 +6,19 @@ - firewalld - name: Enable and start the firewalld service - become: yes + become: true ansible.builtin.systemd: name: firewalld - enabled: yes + enabled: true state: started -- name: "Configure firewall for {{ keycloak.service_name }} ports" - become: yes +- name: "Configure firewall ports for {{ keycloak.service_name }}" + become: true ansible.posix.firewalld: port: "{{ item }}" permanent: true state: enabled - immediate: yes + immediate: true loop: - "{{ keycloak_http_port }}/tcp" - "{{ keycloak_https_port }}/tcp" diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index a2467d3..67b98cd 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -11,7 +11,7 @@ quiet: true - name: Check for an existing deployment - become: yes + become: true ansible.builtin.stat: path: "{{ keycloak_jboss_home }}" register: existing_deploy @@ -20,32 +20,32 @@ when: existing_deploy.stat.exists and keycloak_force_install | bool block: - name: "Stop the old {{ keycloak.service_name }} service" - become: yes - ignore_errors: yes + become: true + failed_when: false ansible.builtin.systemd: name: keycloak state: stopped - name: "Remove the old {{ keycloak.service_name }} deployment" - become: yes + become: true ansible.builtin.file: path: "{{ keycloak_jboss_home }}" state: absent - name: Check for an existing deployment after possible forced removal - become: yes + become: true ansible.builtin.stat: path: "{{ keycloak_jboss_home }}" -- name: "Create {{ keycloak.service_name }} service user/group" - become: yes +- name: "Create service user/group for {{ keycloak.service_name }}" + become: true ansible.builtin.user: name: "{{ keycloak_service_user }}" home: /opt/keycloak system: yes create_home: no -- name: "Create {{ keycloak.service_name }} install location" - become: yes +- name: "Create install location for {{ keycloak.service_name }}" + become: true ansible.builtin.file: dest: "{{ keycloak_dest }}" state: directory @@ -54,7 +54,7 @@ mode: 0750 - name: Create pidfile folder - become: yes + become: true ansible.builtin.file: dest: "{{ keycloak_service_pidfile | dirname }}" state: directory @@ -68,7 +68,7 @@ archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}" - name: Check download archive path - become: yes + become: true ansible.builtin.stat: path: "{{ archive }}" register: archive_path @@ -86,7 +86,7 @@ dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" mode: 0644 delegate_to: localhost - run_once: yes + run_once: true when: - archive_path is defined - archive_path.stat is defined @@ -96,7 +96,7 @@ - name: Perform download from RHN using JBoss Network API delegate_to: localhost - run_once: yes + run_once: true when: - archive_path is defined - archive_path.stat is defined @@ -114,13 +114,13 @@ register: rhn_products no_log: "{{ omit_rhn_output | default(true) }}" delegate_to: localhost - run_once: yes + run_once: true - name: Determine install zipfile from search results ansible.builtin.set_fact: rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + sso_archive + '$') }}" delegate_to: localhost - run_once: yes + run_once: true - name: Download Red Hat Single Sign-On middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user @@ -130,7 +130,7 @@ dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" no_log: "{{ omit_rhn_output | default(true) }}" delegate_to: localhost - run_once: yes + run_once: true - name: Download rhsso archive from alternate location ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user @@ -138,7 +138,7 @@ dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" mode: 0644 delegate_to: localhost - run_once: yes + run_once: true when: - archive_path is defined - archive_path.stat is defined @@ -166,23 +166,23 @@ - not archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists - become: yes + become: true - name: "Check target directory: {{ keycloak.home }}" ansible.builtin.stat: path: "{{ keycloak.home }}" register: path_to_workdir - become: yes + become: true - name: "Extract {{ keycloak_service_desc }} archive on target" ansible.builtin.unarchive: - remote_src: yes + remote_src: true src: "{{ archive }}" dest: "{{ keycloak_dest }}" creates: "{{ keycloak.home }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" - become: yes + become: true when: - new_version_downloaded.changed or not path_to_workdir.stat.exists notify: @@ -200,13 +200,13 @@ owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" recurse: true - become: yes + become: true changed_when: false - name: Ensure permissions are correct on existing deploy ansible.builtin.command: chown -R "{{ keycloak_service_user }}:{{ keycloak_service_group }}" "{{ keycloak.home }}" when: keycloak_service_runas - become: yes + become: true changed_when: false # driver and configuration @@ -215,7 +215,7 @@ when: keycloak_jdbc[keycloak_jdbc_engine].enabled - name: "Deploy custom {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak_config_override_template }}" - become: yes + become: true ansible.builtin.template: src: "templates/{{ keycloak_config_override_template }}" dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -227,7 +227,7 @@ when: keycloak_config_override_template | length > 0 - name: "Deploy standalone {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" - become: yes + become: true ansible.builtin.template: src: templates/standalone.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -255,7 +255,7 @@ when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING' - name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" - become: yes + become: true ansible.builtin.template: src: templates/standalone-ha.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -270,7 +270,7 @@ - keycloak_config_override_template | length == 0 - name: "Deploy HA {{ keycloak.service_name }} config with infinispan remote cache store to {{ keycloak_config_path_to_standalone_xml }}" - become: yes + become: true ansible.builtin.template: src: templates/standalone-infinispan.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -285,7 +285,7 @@ - keycloak_config_override_template | length == 0 - name: "Deploy profile.properties file to {{ keycloak_config_path_to_properties }}" - become: yes + become: true ansible.builtin.template: src: keycloak-profile.properties.j2 dest: "{{ keycloak_config_path_to_properties }}" diff --git a/roles/keycloak/tasks/jdbc_driver.yml b/roles/keycloak/tasks/jdbc_driver.yml index 7dfaabc..1b0a1ec 100644 --- a/roles/keycloak/tasks/jdbc_driver.yml +++ b/roles/keycloak/tasks/jdbc_driver.yml @@ -3,17 +3,17 @@ ansible.builtin.stat: path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}" register: dest_path - become: yes + become: true - name: "Set up module dir for JDBC Driver {{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" ansible.builtin.file: path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}" state: directory - recurse: yes + recurse: true owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" mode: 0750 - become: yes + become: true when: - not dest_path.stat.exists @@ -24,7 +24,7 @@ group: "{{ keycloak_service_group }}" owner: "{{ keycloak_service_user }}" mode: 0640 - become: yes + become: true - name: "Deploy module.xml for JDBC Driver" ansible.builtin.template: @@ -33,4 +33,4 @@ group: "{{ keycloak_service_group }}" owner: "{{ keycloak_service_user }}" mode: 0640 - become: yes + become: true diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 7fe0222..cba503b 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -35,7 +35,7 @@ state: link src: "{{ keycloak_jboss_home }}/standalone/log" dest: "{{ keycloak_log_target }}" - become: yes + become: true - name: Set admin credentials and restart if not already created block: @@ -44,7 +44,7 @@ url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token" method: POST body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password" - validate_certs: no + validate_certs: false register: keycloak_auth_response until: keycloak_auth_response.status == 200 retries: 2 @@ -58,8 +58,8 @@ - "-rmaster" - "-u{{ keycloak_admin_user }}" - "-p{{ keycloak_admin_password }}" - changed_when: yes - become: yes + changed_when: true + become: true - name: "Restart {{ keycloak.service_name }}" ansible.builtin.include_tasks: tasks/restart_keycloak.yml - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" diff --git a/roles/keycloak/tasks/prereqs.yml b/roles/keycloak/tasks/prereqs.yml index 02370c7..aad814b 100644 --- a/roles/keycloak/tasks/prereqs.yml +++ b/roles/keycloak/tasks/prereqs.yml @@ -3,7 +3,7 @@ ansible.builtin.assert: that: - keycloak_admin_password | length > 12 - quiet: True + quiet: true fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 12+ char long string" success_msg: "{{ 'Console administrator password OK' }}" @@ -11,7 +11,7 @@ ansible.builtin.assert: that: - (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled) - quiet: True + quiet: true fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_db_enabled" success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}" @@ -20,7 +20,7 @@ that: - (rhn_username is defined and sso_enable is defined and sso_enable) or not sso_enable is defined or not sso_enable or keycloak_offline_install - (rhn_password is defined and sso_enable is defined and sso_enable) or not sso_enable is defined or not sso_enable or keycloak_offline_install - quiet: True + quiet: true fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined" success_msg: "Installing {{ keycloak_service_desc }}" @@ -31,7 +31,7 @@ - keycloak_jdbc_url | length > 0 - keycloak_db_user | length > 0 - keycloak_db_pass | length > 0 - quiet: True + quiet: true fail_msg: "Configuration for the JDBC persistence is invalid or incomplete" success_msg: "Configuring JDBC persistence using {{ keycloak_jdbc_engine }} database" when: keycloak_db_enabled diff --git a/roles/keycloak/tasks/restart_keycloak.yml b/roles/keycloak/tasks/restart_keycloak.yml index a0ae41f..bae91cd 100644 --- a/roles/keycloak/tasks/restart_keycloak.yml +++ b/roles/keycloak/tasks/restart_keycloak.yml @@ -2,11 +2,12 @@ - name: "Restart and enable {{ keycloak.service_name }} service" ansible.builtin.systemd: name: keycloak - enabled: yes + enabled: true state: restarted - become: yes + daemon_reload: true + become: true delegate_to: "{{ ansible_play_hosts | first }}" - run_once: True + run_once: true - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" ansible.builtin.uri: @@ -14,7 +15,7 @@ register: keycloak_status until: keycloak_status.status == 200 delegate_to: "{{ ansible_play_hosts | first }}" - run_once: True + run_once: true retries: "{{ keycloak_service_start_retries }}" delay: "{{ keycloak_service_start_delay }}" @@ -23,5 +24,5 @@ name: keycloak enabled: yes state: restarted - become: yes + become: true when: inventory_hostname != ansible_play_hosts | first diff --git a/roles/keycloak/tasks/rhsso_patch.yml b/roles/keycloak/tasks/rhsso_patch.yml index b03b55c..b0e04da 100644 --- a/roles/keycloak/tasks/rhsso_patch.yml +++ b/roles/keycloak/tasks/rhsso_patch.yml @@ -12,11 +12,11 @@ path: "{{ patch_archive }}" register: patch_archive_path when: sso_patch_version is defined - become: yes + become: true - name: Perform patch download from RHN via JBossNetwork API delegate_to: localhost - run_once: yes + run_once: true when: - sso_enable is defined and sso_enable - not keycloak_offline_install @@ -32,21 +32,21 @@ register: rhn_products no_log: "{{ omit_rhn_output | default(true) }}" delegate_to: localhost - run_once: yes + run_once: true - name: Determine patch versions list ansible.builtin.set_fact: - filtered_versions: "{{ rhn_products.results | map(attribute='file_path') | select('match', '^[^/]*/rh-sso-.*[0-9]*[.][0-9]*[.][0-9]*.*$') | map('regex_replace','[^/]*/rh-sso-([0-9]*[.][0-9]*[.][0-9]*)-.*','\\1' ) | list | unique }}" + filtered_versions: "{{ rhn_products.results | map(attribute='file_path') | select('match', '^[^/]*/rh-sso-.*[0-9]*[.][0-9]*[.][0-9]*.*$') | map('regex_replace', '[^/]*/rh-sso-([0-9]*[.][0-9]*[.][0-9]*)-.*', '\\1') | list | unique }}" when: sso_patch_version is not defined or sso_patch_version | length == 0 delegate_to: localhost - run_once: yes + run_once: true - name: Determine latest version ansible.builtin.set_fact: sso_latest_version: "{{ filtered_versions | middleware_automation.common.version_sort | last }}" when: sso_patch_version is not defined or sso_patch_version | length == 0 delegate_to: localhost - run_once: yes + run_once: true - name: Determine install zipfile from search results ansible.builtin.set_fact: @@ -55,7 +55,7 @@ patch_version: "{{ sso_latest_version }}" when: sso_patch_version is not defined or sso_patch_version | length == 0 delegate_to: localhost - run_once: yes + run_once: true - name: "Determine selected patch from supplied version: {{ sso_patch_version }}" ansible.builtin.set_fact: @@ -64,7 +64,7 @@ patch_version: "{{ sso_patch_version }}" when: sso_patch_version is defined delegate_to: localhost - run_once: yes + run_once: true - name: Download Red Hat Single Sign-On patch middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user @@ -74,7 +74,7 @@ dest: "{{ local_path.stat.path }}/{{ patch_bundle }}" no_log: "{{ omit_rhn_output | default(true) }}" delegate_to: localhost - run_once: yes + run_once: true - name: Set download patch archive path ansible.builtin.set_fact: @@ -84,7 +84,7 @@ ansible.builtin.stat: path: "{{ patch_archive }}" register: patch_archive_path - become: yes + become: true ## copy and unpack - name: Copy patch archive to target nodes @@ -99,7 +99,7 @@ - not patch_archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists - become: yes + become: true - name: "Check installed patches" ansible.builtin.include_tasks: rhsso_cli.yml @@ -107,7 +107,7 @@ query: "patch info" args: apply: - become: yes + become: true become_user: "{{ keycloak_service_user }}" - name: "Perform patching" @@ -122,7 +122,7 @@ query: "patch apply {{ patch_archive }}" args: apply: - become: yes + become: true become_user: "{{ keycloak_service_user }}" - name: "Restart server to ensure patch content is running" @@ -133,7 +133,7 @@ - cli_result.rc == 0 args: apply: - become: yes + become: true become_user: "{{ keycloak_service_user }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" @@ -150,7 +150,7 @@ query: "patch info" args: apply: - become: yes + become: true become_user: "{{ keycloak_service_user }}" - name: "Verify installed patch version" diff --git a/roles/keycloak/tasks/start_keycloak.yml b/roles/keycloak/tasks/start_keycloak.yml index 524df80..5aed248 100644 --- a/roles/keycloak/tasks/start_keycloak.yml +++ b/roles/keycloak/tasks/start_keycloak.yml @@ -2,9 +2,10 @@ - name: "Start {{ keycloak.service_name }} service" ansible.builtin.systemd: name: keycloak - enabled: yes + enabled: true state: started - become: yes + daemon_reload: true + become: true - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" ansible.builtin.uri: diff --git a/roles/keycloak/tasks/stop_keycloak.yml b/roles/keycloak/tasks/stop_keycloak.yml index fd87802..7f30433 100644 --- a/roles/keycloak/tasks/stop_keycloak.yml +++ b/roles/keycloak/tasks/stop_keycloak.yml @@ -2,6 +2,6 @@ - name: "Stop {{ keycloak.service_name }}" ansible.builtin.systemd: name: keycloak - enabled: yes + enabled: true state: stopped - become: yes + become: true diff --git a/roles/keycloak/tasks/systemd.yml b/roles/keycloak/tasks/systemd.yml index 4b24822..cd58345 100644 --- a/roles/keycloak/tasks/systemd.yml +++ b/roles/keycloak/tasks/systemd.yml @@ -1,6 +1,6 @@ --- - name: "Configure {{ keycloak.service_name }} service script wrapper" - become: yes + become: true ansible.builtin.template: src: keycloak-service.sh.j2 dest: "{{ keycloak_dest }}/keycloak-service.sh" @@ -15,7 +15,7 @@ rpm_java_home: "/etc/alternatives/jre_{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}" - name: "Configure sysconfig file for {{ keycloak.service_name }} service" - become: yes + become: true ansible.builtin.template: src: keycloak-sysconfig.j2 dest: /etc/sysconfig/keycloak @@ -34,20 +34,14 @@ owner: root group: root mode: 0644 - become: yes + become: true register: systemdunit notify: - restart keycloak -- name: Reload systemd - become: yes - ansible.builtin.systemd: - daemon_reload: yes - when: systemdunit.changed - - name: "Start and wait for {{ keycloak.service_name }} service (first node db)" ansible.builtin.include_tasks: start_keycloak.yml - run_once: yes + run_once: true when: keycloak_db_enabled - name: "Start and wait for {{ keycloak.service_name }} service (remaining nodes)" @@ -56,7 +50,7 @@ - name: Check service status ansible.builtin.command: "systemctl status keycloak" register: keycloak_service_status - changed_when: False + changed_when: false - name: Verify service status ansible.builtin.assert: diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index 51ca792..adf918d 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -6,7 +6,7 @@ keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/do keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}" # whether to install from local archive -keycloak_quarkus_offline_install: False +keycloak_quarkus_offline_install: false ### Install location and service settings keycloak_quarkus_jvm_package: java-17-openjdk-headless @@ -14,11 +14,11 @@ keycloak_quarkus_java_home: keycloak_quarkus_dest: /opt/keycloak keycloak_quarkus_home: "{{ keycloak_quarkus_installdir }}" keycloak_quarkus_config_dir: "{{ keycloak_quarkus_home }}/conf" -keycloak_quarkus_start_dev: False +keycloak_quarkus_start_dev: false keycloak_quarkus_service_user: keycloak keycloak_quarkus_service_group: keycloak keycloak_quarkus_service_pidfile: "/run/keycloak/keycloak.pid" -keycloak_quarkus_configure_firewalld: False +keycloak_quarkus_configure_firewalld: false ### administrator console password keycloak_quarkus_admin_user: admin @@ -30,7 +30,7 @@ keycloak_quarkus_bind_address: 0.0.0.0 keycloak_quarkus_host: localhost keycloak_quarkus_port: -1 keycloak_quarkus_path: -keycloak_quarkus_http_enabled: True +keycloak_quarkus_http_enabled: true keycloak_quarkus_http_port: 8080 keycloak_quarkus_https_port: 8443 keycloak_quarkus_ajp_port: 8009 @@ -38,20 +38,20 @@ keycloak_quarkus_jgroups_port: 7600 keycloak_quarkus_java_opts: "-Xms1024m -Xmx2048m" ### TLS/HTTPS configuration -keycloak_quarkus_https_key_file_enabled: False +keycloak_quarkus_https_key_file_enabled: false keycloak_quarkus_key_file: "{{ keycloak.home }}/conf/server.key.pem" keycloak_quarkus_cert_file: "{{ keycloak.home }}/conf/server.crt.pem" #### key store configuration -keycloak_quarkus_https_key_store_enabled: False +keycloak_quarkus_https_key_store_enabled: false keycloak_quarkus_key_store_file: "{{ keycloak.home }}/conf/key_store.p12" keycloak_quarkus_key_store_password: '' ##### trust store configuration -keycloak_quarkus_https_trust_store_enabled: False +keycloak_quarkus_https_trust_store_enabled: false keycloak_quarkus_trust_store_file: "{{ keycloak.home }}/conf/trust_store.p12" keycloak_quarkus_trust_store_password: '' ### Enable configuration for database backend, clustering and remote caches on infinispan -keycloak_quarkus_ha_enabled: False +keycloak_quarkus_ha_enabled: false ### Enable database configuration, must be enabled when HA is configured keycloak_quarkus_db_enabled: "{{ True if keycloak_quarkus_ha_enabled else False }}" @@ -67,17 +67,17 @@ keycloak_quarkus_http_relative_path: / keycloak_quarkus_proxy_mode: edge # disable xa transactions -keycloak_quarkus_transaction_xa_enabled: True +keycloak_quarkus_transaction_xa_enabled: true -keycloak_quarkus_metrics_enabled: False -keycloak_quarkus_health_enabled: True +keycloak_quarkus_metrics_enabled: false +keycloak_quarkus_health_enabled: true ### infinispan remote caches access (hotrod) keycloak_quarkus_ispn_user: supervisor keycloak_quarkus_ispn_pass: supervisor keycloak_quarkus_ispn_url: localhost keycloak_quarkus_ispn_sasl_mechanism: SCRAM-SHA-512 -keycloak_quarkus_ispn_use_ssl: False +keycloak_quarkus_ispn_use_ssl: false # if ssl is enabled, import ispn server certificate here keycloak_quarkus_ispn_trust_store_path: /etc/pki/java/cacerts keycloak_quarkus_ispn_trust_store_password: changeit diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml index d260910..89163aa 100644 --- a/roles/keycloak_quarkus/meta/argument_specs.yml +++ b/roles/keycloak_quarkus/meta/argument_specs.yml @@ -138,12 +138,12 @@ argument_specs: type: "bool" keycloak_quarkus_trust_store_file: default: "{{ keycloak.home }}/conf/trust_store.p12" - description: "The file pat to the trust store" + description: "The file path to the trust store" type: "str" keycloak_quarkus_trust_store_password: - default: "" - description: "Password for the trust store" - type: "str" + default: "" + description: "Password for the trust store" + type: "str" keycloak_quarkus_https_port: # line 30 of defaults/main.yml default: 8443 @@ -281,10 +281,10 @@ argument_specs: type: "str" description: "The proxy address forwarding mode if the server is behind a reverse proxy. Set to 'none' if not using a proxy" keycloak_quarkus_start_dev: - default: False + default: false type: "bool" description: "Whether to start the service in development mode (start-dev)" keycloak_quarkus_transaction_xa_enabled: - default: True + default: true type: "bool" description: "Enable or disable XA transactions which may not be supported by some DBMS" diff --git a/roles/keycloak_quarkus/meta/main.yml b/roles/keycloak_quarkus/meta/main.yml index 2a6acf8..469a71d 100644 --- a/roles/keycloak_quarkus/meta/main.yml +++ b/roles/keycloak_quarkus/meta/main.yml @@ -11,9 +11,9 @@ galaxy_info: min_ansible_version: "2.14" platforms: - - name: EL - versions: - - "8" + - name: EL + versions: + - "8" galaxy_tags: - keycloak diff --git a/roles/keycloak_quarkus/tasks/fastpackages.yml b/roles/keycloak_quarkus/tasks/fastpackages.yml index cfd9025..c9085f8 100644 --- a/roles/keycloak_quarkus/tasks/fastpackages.yml +++ b/roles/keycloak_quarkus/tasks/fastpackages.yml @@ -2,15 +2,15 @@ - name: "Check if packages are already installed" # noqa command-instead-of-module this runs faster ansible.builtin.command: "rpm -q {{ packages_list | join(' ') }}" register: rpm_info - changed_when: False - failed_when: False + changed_when: false + failed_when: false - name: "Add missing packages to the yum install list" ansible.builtin.set_fact: packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}" - name: "Install packages: {{ packages_to_install }}" - become: True + become: true ansible.builtin.yum: name: "{{ packages_to_install }}" state: present diff --git a/roles/keycloak_quarkus/tasks/firewalld.yml b/roles/keycloak_quarkus/tasks/firewalld.yml index 6c81021..2c3ef74 100644 --- a/roles/keycloak_quarkus/tasks/firewalld.yml +++ b/roles/keycloak_quarkus/tasks/firewalld.yml @@ -6,19 +6,19 @@ - firewalld - name: Enable and start the firewalld service - become: yes + become: true ansible.builtin.systemd: name: firewalld - enabled: yes + enabled: true state: started - name: "Configure firewall for {{ keycloak.service_name }} ports" - become: yes + become: true ansible.posix.firewalld: port: "{{ item }}" permanent: true state: enabled - immediate: yes + immediate: true loop: - "{{ keycloak_quarkus_http_port }}/tcp" - "{{ keycloak_quarkus_https_port }}/tcp" diff --git a/roles/keycloak_quarkus/tasks/install.yml b/roles/keycloak_quarkus/tasks/install.yml index b1ea1ee..887aa31 100644 --- a/roles/keycloak_quarkus/tasks/install.yml +++ b/roles/keycloak_quarkus/tasks/install.yml @@ -11,21 +11,21 @@ quiet: true - name: Check for an existing deployment - become: yes + become: true ansible.builtin.stat: path: "{{ keycloak.home }}" register: existing_deploy - name: "Create {{ keycloak.service_name }} service user/group" - become: yes + become: true ansible.builtin.user: name: "{{ keycloak.service_user }}" home: /opt/keycloak - system: yes + system: true create_home: no - name: "Create {{ keycloak.service_name }} install location" - become: yes + become: true ansible.builtin.file: dest: "{{ keycloak_quarkus_dest }}" state: directory @@ -39,7 +39,7 @@ archive: "{{ keycloak_quarkus_dest }}/{{ keycloak.bundle }}" - name: Check download archive path - become: yes + become: true ansible.builtin.stat: path: "{{ archive }}" register: archive_path @@ -82,23 +82,23 @@ - not archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists - become: yes + become: true - name: "Check target directory: {{ keycloak.home }}/bin/" ansible.builtin.stat: path: "{{ keycloak.home }}/bin/" register: path_to_workdir - become: yes + become: true - name: "Extract Keycloak archive on target" ansible.builtin.unarchive: - remote_src: yes + remote_src: true src: "{{ archive }}" dest: "{{ keycloak_quarkus_dest }}" creates: "{{ keycloak.home }}/bin/" owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" - become: yes + become: true when: - (not path_to_workdir.stat.exists) or new_version_downloaded.changed notify: diff --git a/roles/keycloak_quarkus/tasks/main.yml b/roles/keycloak_quarkus/tasks/main.yml index 43cbb38..93a68c0 100644 --- a/roles/keycloak_quarkus/tasks/main.yml +++ b/roles/keycloak_quarkus/tasks/main.yml @@ -28,7 +28,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: 0644 - become: yes + become: true notify: - restart keycloak @@ -39,7 +39,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: 0644 - become: yes + become: true notify: - restart keycloak @@ -50,7 +50,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: 0775 - become: yes + become: true - name: Flush pending handlers ansible.builtin.meta: flush_handlers @@ -61,12 +61,12 @@ - name: Check service status ansible.builtin.command: "systemctl status keycloak" register: keycloak_service_status - changed_when: False + changed_when: false - name: Link default logs directory ansible.builtin.file: state: link src: "{{ keycloak.log.file | dirname }}" dest: "{{ keycloak_quarkus_log_target }}" - force: yes - become: yes + force: true + become: true diff --git a/roles/keycloak_quarkus/tasks/prereqs.yml b/roles/keycloak_quarkus/tasks/prereqs.yml index be807df..ee2abca 100644 --- a/roles/keycloak_quarkus/tasks/prereqs.yml +++ b/roles/keycloak_quarkus/tasks/prereqs.yml @@ -3,7 +3,7 @@ ansible.builtin.assert: that: - keycloak_quarkus_admin_pass | length > 12 - quiet: True + quiet: true fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass variable to a 12+ char long string" success_msg: "{{ 'Console administrator password OK' }}" @@ -11,7 +11,7 @@ ansible.builtin.assert: that: - keycloak_quarkus_http_relative_path is regex('^/.*') - quiet: True + quiet: true fail_msg: "the relative path must begin with /" success_msg: "{{ 'relative path OK' }}" @@ -19,7 +19,7 @@ ansible.builtin.assert: that: - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled) - quiet: True + quiet: true fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled" success_msg: "{{ 'Configuring HA' if keycloak_quarkus_ha_enabled else 'Configuring standalone' }}" diff --git a/roles/keycloak_quarkus/tasks/restart.yml b/roles/keycloak_quarkus/tasks/restart.yml index eff9ddf..f709f75 100644 --- a/roles/keycloak_quarkus/tasks/restart.yml +++ b/roles/keycloak_quarkus/tasks/restart.yml @@ -2,6 +2,7 @@ - name: "Restart and enable {{ keycloak.service_name }} service" ansible.builtin.systemd: name: keycloak - enabled: yes + enabled: true state: restarted - become: yes + daemon_reload: true + become: true diff --git a/roles/keycloak_quarkus/tasks/start.yml b/roles/keycloak_quarkus/tasks/start.yml index bdf42f9..7ccc1b9 100644 --- a/roles/keycloak_quarkus/tasks/start.yml +++ b/roles/keycloak_quarkus/tasks/start.yml @@ -2,9 +2,10 @@ - name: "Start {{ keycloak.service_name }} service" ansible.builtin.systemd: name: keycloak - enabled: yes + enabled: true state: started - become: yes + daemon_reload: true + become: true - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" ansible.builtin.uri: diff --git a/roles/keycloak_quarkus/tasks/systemd.yml b/roles/keycloak_quarkus/tasks/systemd.yml index c0be72b..3d59b3f 100644 --- a/roles/keycloak_quarkus/tasks/systemd.yml +++ b/roles/keycloak_quarkus/tasks/systemd.yml @@ -4,7 +4,7 @@ rpm_java_home: "/etc/alternatives/jre_{{ keycloak_quarkus_jvm_package | regex_search('(?<=java-)[0-9.]+') }}" - name: "Configure sysconfig file for keycloak service" - become: yes + become: true ansible.builtin.template: src: keycloak-sysconfig.j2 dest: /etc/sysconfig/keycloak @@ -23,13 +23,7 @@ owner: root group: root mode: 0644 - become: yes + become: true register: systemdunit notify: - restart keycloak - -- name: Reload systemd - become: yes - ansible.builtin.systemd: - daemon_reload: yes - when: systemdunit.changed diff --git a/roles/keycloak_realm/defaults/main.yml b/roles/keycloak_realm/defaults/main.yml index 17112d5..c396481 100644 --- a/roles/keycloak_realm/defaults/main.yml +++ b/roles/keycloak_realm/defaults/main.yml @@ -40,7 +40,7 @@ keycloak_clients: [] keycloak_client_default_roles: [] # if True, create a public client; otherwise, a confidetial client -keycloak_client_public: True +keycloak_client_public: true # allowed web origins for the client keycloak_client_web_origins: '+' diff --git a/roles/keycloak_realm/meta/argument_specs.yml b/roles/keycloak_realm/meta/argument_specs.yml index da3eca1..bc606ba 100644 --- a/roles/keycloak_realm/meta/argument_specs.yml +++ b/roles/keycloak_realm/meta/argument_specs.yml @@ -94,7 +94,7 @@ argument_specs: downstream: options: sso_version: - default: "7.5.0" + default: "7.6.0" description: "Red Hat Single Sign-On version" type: "str" sso_dest: @@ -106,10 +106,10 @@ argument_specs: description: "Installation path for Red Hat SSO" type: "str" sso_apply_patches: - default: False + default: false description: "Install Red Hat SSO most recent cumulative patch" type: "bool" sso_enable: - default: True + default: true description: "Enable Red Hat Single Sign-on installation" type: "str" diff --git a/roles/keycloak_realm/meta/main.yml b/roles/keycloak_realm/meta/main.yml index 8dfefcd..915f62c 100644 --- a/roles/keycloak_realm/meta/main.yml +++ b/roles/keycloak_realm/meta/main.yml @@ -11,9 +11,9 @@ galaxy_info: min_ansible_version: "2.14" platforms: - - name: EL - versions: - - "8" + - name: EL + versions: + - "8" galaxy_tags: - keycloak diff --git a/roles/keycloak_realm/tasks/main.yml b/roles/keycloak_realm/tasks/main.yml index c137270..c1f66bc 100644 --- a/roles/keycloak_realm/tasks/main.yml +++ b/roles/keycloak_realm/tasks/main.yml @@ -4,7 +4,7 @@ url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token" method: POST body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password" - validate_certs: no + validate_certs: false no_log: "{{ keycloak_no_log | default('True') }}" register: keycloak_auth_response until: keycloak_auth_response.status == 200 @@ -28,7 +28,7 @@ url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms" method: POST body: "{{ lookup('template', 'realm.json.j2') }}" - validate_certs: no + validate_certs: false body_format: json headers: Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" @@ -59,7 +59,7 @@ - item.name is defined and item.name | length > 0 - (item.client_id is defined and item.client_id | length > 0) or (item.id is defined and item.id | length > 0) fail_msg: "For each keycloak client, attributes `name` and either `id` or `client_id` is required" - quiet: True + quiet: true loop: "{{ keycloak_clients | flatten }}" loop_control: label: "{{ item.name | default('unnamed client') }}" diff --git a/roles/keycloak_realm/tasks/manage_user.yml b/roles/keycloak_realm/tasks/manage_user.yml index 840c738..1f9f7bd 100644 --- a/roles/keycloak_realm/tasks/manage_user.yml +++ b/roles/keycloak_realm/tasks/manage_user.yml @@ -2,7 +2,7 @@ - name: "Check if User Already Exists" ansible.builtin.uri: url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}" - validate_certs: no + validate_certs: false headers: Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" register: keycloak_user_search_result @@ -18,7 +18,7 @@ email: "{{ user.email | default(omit) }}" firstName: "{{ user.firstName | default(omit) }}" lastName: "{{ user.lastName | default(omit) }}" - validate_certs: no + validate_certs: false body_format: json headers: Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" @@ -28,7 +28,7 @@ - name: "Get User" ansible.builtin.uri: url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}" - validate_certs: no + validate_certs: false headers: Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" register: keycloak_user @@ -41,7 +41,7 @@ type: password temporary: false value: "{{ user.password }}" - validate_certs: no + validate_certs: false body_format: json status_code: - 200 diff --git a/roles/keycloak_realm/tasks/manage_user_client_roles.yml b/roles/keycloak_realm/tasks/manage_user_client_roles.yml index 5369094..85de09a 100644 --- a/roles/keycloak_realm/tasks/manage_user_client_roles.yml +++ b/roles/keycloak_realm/tasks/manage_user_client_roles.yml @@ -31,7 +31,7 @@ containerId: "{{ item.containerId }}" name: "{{ item.name }}" composite: "{{ item.composite }}" - validate_certs: False + validate_certs: false body_format: json headers: Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" diff --git a/roles/keycloak_realm/tasks/manage_user_roles.yml b/roles/keycloak_realm/tasks/manage_user_roles.yml index ff803a2..dc74477 100644 --- a/roles/keycloak_realm/tasks/manage_user_roles.yml +++ b/roles/keycloak_realm/tasks/manage_user_roles.yml @@ -3,7 +3,7 @@ ansible.builtin.uri: url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}" headers: - validate_certs: no + validate_certs: false Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" register: keycloak_user @@ -12,7 +12,7 @@ url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token" method: POST body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password" - validate_certs: no + validate_certs: false register: keycloak_auth_response no_log: "{{ keycloak_no_log | default('True') }}" until: keycloak_auth_response.status == 200 diff --git a/roles/keycloak_realm/vars/main.yml b/roles/keycloak_realm/vars/main.yml index cbb9435..7664f8c 100644 --- a/roles/keycloak_realm/vars/main.yml +++ b/roles/keycloak_realm/vars/main.yml @@ -5,5 +5,5 @@ keycloak_realm: # other settings -keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port + ( keycloak_jboss_port_offset | default(0) ) }}" -keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + ( keycloak_jboss_port_offset | default(0) ) }}" +keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port + (keycloak_jboss_port_offset | default(0)) }}" +keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + (keycloak_jboss_port_offset | default(0)) }}"