From 0b2f2786dd34f8e73735a6611aff7983da3c0e2a Mon Sep 17 00:00:00 2001 From: Ranabir Chakraborty Date: Wed, 20 May 2026 23:51:34 +0530 Subject: [PATCH] AMW-528 Deployment fails in keycloak_quarkus due to missing escalation variables --- molecule/https_revproxy/prepare.yml | 4 +-- molecule/quarkus/prepare.yml | 6 ++-- molecule/quarkus/verify.yml | 6 ++-- molecule/quarkus_devmode/prepare.yml | 4 +-- molecule/quarkus_ha/prepare.yml | 6 ++-- molecule/quarkus_ha/verify.yml | 2 +- molecule/quarkus_ha_26.4_below/prepare.yml | 6 ++-- molecule/quarkus_ha_26.4_below/verify.yml | 2 +- molecule/quarkus_ha_remote/prepare.yml | 6 ++-- molecule/quarkus_ha_remote/verify.yml | 2 +- molecule/quarkus_upgrade/prepare.yml | 2 +- roles/keycloak/tasks/fastpackages.yml | 4 +-- roles/keycloak/tasks/firewalld.yml | 4 +-- roles/keycloak/tasks/install.yml | 36 +++++++++---------- roles/keycloak/tasks/iptables.yml | 2 +- roles/keycloak/tasks/jdbc_driver.yml | 8 ++--- roles/keycloak/tasks/main.yml | 4 +-- roles/keycloak/tasks/restart_keycloak.yml | 4 +-- roles/keycloak/tasks/rhsso_patch.yml | 14 ++++---- roles/keycloak/tasks/start_keycloak.yml | 2 +- roles/keycloak/tasks/stop_keycloak.yml | 2 +- roles/keycloak/tasks/systemd.yml | 6 ++-- roles/keycloak_quarkus/tasks/bootstrapped.yml | 2 +- roles/keycloak_quarkus/tasks/config_store.yml | 6 ++-- roles/keycloak_quarkus/tasks/fastpackages.yml | 4 +-- roles/keycloak_quarkus/tasks/firewalld.yml | 6 ++-- roles/keycloak_quarkus/tasks/install.yml | 36 +++++++++---------- .../tasks/invalidate_theme_cache.yml | 2 +- roles/keycloak_quarkus/tasks/iptables.yml | 2 +- roles/keycloak_quarkus/tasks/jdbc_driver.yml | 2 +- roles/keycloak_quarkus/tasks/main.yml | 8 ++--- .../keycloak_quarkus/tasks/rebuild_config.yml | 2 +- roles/keycloak_quarkus/tasks/restart.yml | 2 +- .../tasks/restart/serial_then_parallel.yml | 2 +- roles/keycloak_quarkus/tasks/start.yml | 2 +- roles/keycloak_quarkus/tasks/systemd.yml | 4 +-- 36 files changed, 106 insertions(+), 106 deletions(-) diff --git a/molecule/https_revproxy/prepare.yml b/molecule/https_revproxy/prepare.yml index 8d81958..8d9e827 100644 --- a/molecule/https_revproxy/prepare.yml +++ b/molecule/https_revproxy/prepare.yml @@ -43,11 +43,11 @@ src: "{{ item.name }}" dest: "{{ item.dest }}" mode: 0444 - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" loop: - { name: 'cert.pem', dest: '/etc/nginx/tls/certificate.crt' } - { name: 'key.pem', dest: '/etc/nginx/tls/certificate.key' } - name: Update CA trust ansible.builtin.command: update-ca-trust changed_when: false - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" diff --git a/molecule/quarkus/prepare.yml b/molecule/quarkus/prepare.yml index 90163d9..5118ecb 100644 --- a/molecule/quarkus/prepare.yml +++ b/molecule/quarkus/prepare.yml @@ -19,7 +19,7 @@ changed_when: false - name: Create vault directory - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.file: state: directory path: "/opt/keycloak/vault" @@ -30,7 +30,7 @@ ansible.builtin.package: name: java-21-openjdk-headless state: present - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" failed_when: false - name: Create vault keystore @@ -43,7 +43,7 @@ failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 - name: Copy certificates and vault - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.copy: src: keystore.p12 dest: /opt/keycloak/vault/keystore.p12 diff --git a/molecule/quarkus/verify.yml b/molecule/quarkus/verify.yml index 65b220f..f414951 100644 --- a/molecule/quarkus/verify.yml +++ b/molecule/quarkus/verify.yml @@ -58,7 +58,7 @@ fail_msg: "Service log symlink not correctly created" - name: Check log file - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: /tmp/keycloak/keycloak.log register: keycloak_log_file @@ -70,7 +70,7 @@ - not keycloak_log_file.stat.isdir - name: Check default log folder - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: /var/log/keycloak register: keycloak_default_log_folder @@ -82,7 +82,7 @@ - not keycloak_default_log_folder.stat.exists - name: Verify vault SPI in logfile - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.shell: | set -o pipefail zgrep 'Configured KeystoreVaultProviderFactory with the keystore file' /opt/keycloak/keycloak-*/data/log/keycloak.log*zip diff --git a/molecule/quarkus_devmode/prepare.yml b/molecule/quarkus_devmode/prepare.yml index fe423e6..8ad1f5d 100644 --- a/molecule/quarkus_devmode/prepare.yml +++ b/molecule/quarkus_devmode/prepare.yml @@ -17,7 +17,7 @@ ansible.builtin.include_tasks: ../prepare.yml - name: Install JDK17 - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.yum: name: - java-17-openjdk-headless @@ -26,7 +26,7 @@ - ansible_facts.os_family == 'RedHat' - name: Link default logs directory - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.file: state: link src: "{{ item }}" diff --git a/molecule/quarkus_ha/prepare.yml b/molecule/quarkus_ha/prepare.yml index f47f837..0047f5f 100644 --- a/molecule/quarkus_ha/prepare.yml +++ b/molecule/quarkus_ha/prepare.yml @@ -19,7 +19,7 @@ changed_when: False - name: Create vault directory - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.file: state: directory path: "/opt/keycloak/vault" @@ -30,7 +30,7 @@ ansible.builtin.package: name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}" state: present - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" failed_when: false - name: Create vault keystore @@ -41,7 +41,7 @@ failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 - name: Copy certificates and vault - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.copy: src: keystore.p12 dest: /opt/keycloak/vault/keystore.p12 diff --git a/molecule/quarkus_ha/verify.yml b/molecule/quarkus_ha/verify.yml index f45df6c..ddb2423 100644 --- a/molecule/quarkus_ha/verify.yml +++ b/molecule/quarkus_ha/verify.yml @@ -19,7 +19,7 @@ hera_home: "{{ lookup('env', 'HERA_HOME') }}" - name: Check log file - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: /var/log/keycloak/keycloak.log register: keycloak_log_file diff --git a/molecule/quarkus_ha_26.4_below/prepare.yml b/molecule/quarkus_ha_26.4_below/prepare.yml index f47f837..0047f5f 100644 --- a/molecule/quarkus_ha_26.4_below/prepare.yml +++ b/molecule/quarkus_ha_26.4_below/prepare.yml @@ -19,7 +19,7 @@ changed_when: False - name: Create vault directory - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.file: state: directory path: "/opt/keycloak/vault" @@ -30,7 +30,7 @@ ansible.builtin.package: name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}" state: present - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" failed_when: false - name: Create vault keystore @@ -41,7 +41,7 @@ failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 - name: Copy certificates and vault - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.copy: src: keystore.p12 dest: /opt/keycloak/vault/keystore.p12 diff --git a/molecule/quarkus_ha_26.4_below/verify.yml b/molecule/quarkus_ha_26.4_below/verify.yml index f45df6c..ddb2423 100644 --- a/molecule/quarkus_ha_26.4_below/verify.yml +++ b/molecule/quarkus_ha_26.4_below/verify.yml @@ -19,7 +19,7 @@ hera_home: "{{ lookup('env', 'HERA_HOME') }}" - name: Check log file - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: /var/log/keycloak/keycloak.log register: keycloak_log_file diff --git a/molecule/quarkus_ha_remote/prepare.yml b/molecule/quarkus_ha_remote/prepare.yml index ea8cac0..198155e 100644 --- a/molecule/quarkus_ha_remote/prepare.yml +++ b/molecule/quarkus_ha_remote/prepare.yml @@ -19,7 +19,7 @@ changed_when: False - name: Create vault directory - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.file: state: directory path: "/opt/keycloak/vault" @@ -30,7 +30,7 @@ ansible.builtin.package: name: "{{ 'java-17-openjdk-headless' if hera_home | length > 0 else 'openjdk-17-jdk-headless' }}" state: present - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" failed_when: false - name: Create vault keystore @@ -43,7 +43,7 @@ failed_when: not 'already exists' in keytool_cmd.stdout and keytool_cmd.rc != 0 - name: Copy certificates and vault - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.copy: src: keystore.p12 dest: /opt/keycloak/vault/keystore.p12 diff --git a/molecule/quarkus_ha_remote/verify.yml b/molecule/quarkus_ha_remote/verify.yml index f45df6c..ddb2423 100644 --- a/molecule/quarkus_ha_remote/verify.yml +++ b/molecule/quarkus_ha_remote/verify.yml @@ -19,7 +19,7 @@ hera_home: "{{ lookup('env', 'HERA_HOME') }}" - name: Check log file - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: /var/log/keycloak/keycloak.log register: keycloak_log_file diff --git a/molecule/quarkus_upgrade/prepare.yml b/molecule/quarkus_upgrade/prepare.yml index cd4bd3c..26c345b 100644 --- a/molecule/quarkus_upgrade/prepare.yml +++ b/molecule/quarkus_upgrade/prepare.yml @@ -56,4 +56,4 @@ ansible.builtin.file: path: /etc/ansible/facts.d/keycloak.fact state: absent - become: "{{ molecule_prepare_require_privilege_escalation }}" + become: "{{ molecule_prepare_require_privilege_escalation | default(true) }}" diff --git a/roles/keycloak/tasks/fastpackages.yml b/roles/keycloak/tasks/fastpackages.yml index ab34dbb..6c1c9ea 100644 --- a/roles/keycloak/tasks/fastpackages.yml +++ b/roles/keycloak/tasks/fastpackages.yml @@ -13,7 +13,7 @@ when: ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_to_install }}" - become: "{{ keycloak_fastpackages_require_privilege_escalation }}" + become: "{{ keycloak_fastpackages_require_privilege_escalation | default(true) }}" ansible.builtin.dnf: name: "{{ packages_to_install }}" state: present @@ -22,7 +22,7 @@ - ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_list }}" - become: "{{ keycloak_fastpackages_require_privilege_escalation }}" + become: "{{ keycloak_fastpackages_require_privilege_escalation | default(true) }}" ansible.builtin.package: name: "{{ packages_list }}" state: present diff --git a/roles/keycloak/tasks/firewalld.yml b/roles/keycloak/tasks/firewalld.yml index 9697cae..da45cb0 100644 --- a/roles/keycloak/tasks/firewalld.yml +++ b/roles/keycloak/tasks/firewalld.yml @@ -6,14 +6,14 @@ - firewalld - name: Enable and start the firewalld service - become: "{{ keycloak_firewalld_require_privilege_escalation }}" + become: "{{ keycloak_firewalld_require_privilege_escalation | default(true) }}" ansible.builtin.systemd: name: firewalld enabled: true state: started - name: "Configure firewall ports for {{ keycloak.service_name }}" - become: "{{ keycloak_firewalld_require_privilege_escalation }}" + become: "{{ keycloak_firewalld_require_privilege_escalation | default(true) }}" ansible.posix.firewalld: port: "{{ item }}" permanent: true diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 9879c8a..b0488ba 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -11,7 +11,7 @@ quiet: true - name: Check for an existing deployment - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: "{{ keycloak_jboss_home }}" register: existing_deploy @@ -20,24 +20,24 @@ when: existing_deploy.stat.exists and keycloak_force_install | bool block: - name: "Stop the old {{ keycloak.service_name }} service" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" failed_when: false ansible.builtin.systemd: name: keycloak state: stopped - name: "Remove the old {{ keycloak.service_name }} deployment" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.file: path: "{{ keycloak_jboss_home }}" state: absent - name: Check for an existing deployment after possible forced removal - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: "{{ keycloak_jboss_home }}" - name: "Create service user/group for {{ keycloak.service_name }}" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.user: name: "{{ keycloak_service_user }}" home: /opt/keycloak @@ -45,7 +45,7 @@ create_home: false - name: "Create install location for {{ keycloak.service_name }}" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.file: dest: "{{ keycloak_dest }}" state: directory @@ -54,7 +54,7 @@ mode: '0750' - name: Create pidfile folder - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.file: dest: "{{ keycloak_service_pidfile | dirname }}" state: directory @@ -68,7 +68,7 @@ archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}" - name: Check download archive path - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: "{{ archive }}" register: archive_path @@ -168,13 +168,13 @@ - not archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" - name: "Check target directory: {{ keycloak.home }}" ansible.builtin.stat: path: "{{ keycloak.home }}" register: path_to_workdir - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" - name: "Extract {{ keycloak_service_desc }} archive on target" ansible.builtin.unarchive: @@ -184,7 +184,7 @@ creates: "{{ keycloak.home }}" owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" when: - new_version_downloaded.changed or not path_to_workdir.stat.exists notify: @@ -202,13 +202,13 @@ owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" recurse: true - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" changed_when: false - name: Ensure permissions are correct on existing deploy ansible.builtin.command: chown -R "{{ keycloak_service_user }}:{{ keycloak_service_group }}" "{{ keycloak.home }}" when: keycloak_service_runas - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" changed_when: false # driver and configuration @@ -217,7 +217,7 @@ when: keycloak_jdbc[keycloak_jdbc_engine].enabled - name: "Deploy custom {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak_config_override_template }}" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.template: src: "templates/{{ keycloak_config_override_template }}" dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -229,7 +229,7 @@ when: keycloak_config_override_template | length > 0 - name: "Deploy standalone {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.template: src: templates/standalone.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -257,7 +257,7 @@ when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING' - name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.template: src: templates/standalone-ha.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -272,7 +272,7 @@ - keycloak_config_override_template | length == 0 - name: "Deploy HA {{ keycloak.service_name }} config with infinispan remote cache store to {{ keycloak_config_path_to_standalone_xml }}" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.template: src: templates/standalone-infinispan.xml.j2 dest: "{{ keycloak_config_path_to_standalone_xml }}" @@ -287,7 +287,7 @@ - keycloak_config_override_template | length == 0 - name: "Deploy profile.properties file to {{ keycloak_config_path_to_properties }}" - become: "{{ keycloak_install_require_privilege_escalation }}" + become: "{{ keycloak_install_require_privilege_escalation | default(true) }}" ansible.builtin.template: src: keycloak-profile.properties.j2 dest: "{{ keycloak_config_path_to_properties }}" diff --git a/roles/keycloak/tasks/iptables.yml b/roles/keycloak/tasks/iptables.yml index c157e25..9b34ae4 100644 --- a/roles/keycloak/tasks/iptables.yml +++ b/roles/keycloak/tasks/iptables.yml @@ -6,7 +6,7 @@ - iptables - name: "Configure firewall ports for {{ keycloak.service_name }}" - become: "{{ keycloak_iptables_require_privilege_escalation }}" + become: "{{ keycloak_iptables_require_privilege_escalation | default(true) }}" ansible.builtin.iptables: destination_port: "{{ item }}" action: "insert" diff --git a/roles/keycloak/tasks/jdbc_driver.yml b/roles/keycloak/tasks/jdbc_driver.yml index 8f84e49..a86db66 100644 --- a/roles/keycloak/tasks/jdbc_driver.yml +++ b/roles/keycloak/tasks/jdbc_driver.yml @@ -3,7 +3,7 @@ ansible.builtin.stat: path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}" register: dest_path - become: "{{ keycloak_jdbc_driver_require_privilege_escalation }}" + become: "{{ keycloak_jdbc_driver_require_privilege_escalation | default(true) }}" - name: "Set up module dir for JDBC Driver {{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" ansible.builtin.file: @@ -13,7 +13,7 @@ owner: "{{ keycloak_service_user }}" group: "{{ keycloak_service_group }}" mode: '0750' - become: "{{ keycloak_jdbc_driver_require_privilege_escalation }}" + become: "{{ keycloak_jdbc_driver_require_privilege_escalation | default(true) }}" when: - not dest_path.stat.exists - name: "Verify valid parameters for download credentials when specified" @@ -34,7 +34,7 @@ url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}" validate_certs: "{{ keycloak_jdbc_download_validate_certs | default(omit) }}" mode: '0640' - become: "{{ keycloak_jdbc_driver_require_privilege_escalation }}" + become: "{{ keycloak_jdbc_driver_require_privilege_escalation | default(true) }}" - name: "Deploy module.xml for JDBC Driver" ansible.builtin.template: @@ -43,4 +43,4 @@ group: "{{ keycloak_service_group }}" owner: "{{ keycloak_service_user }}" mode: '0640' - become: "{{ keycloak_jdbc_driver_require_privilege_escalation }}" + become: "{{ keycloak_jdbc_driver_require_privilege_escalation | default(true) }}" diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index d128511..31d2f36 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -51,7 +51,7 @@ state: link src: "{{ keycloak_jboss_home }}/standalone/log" dest: "{{ keycloak_log_target }}" - become: "{{ keycloak_require_privilege_escalation }}" + become: "{{ keycloak_require_privilege_escalation | default(true) }}" - name: Set admin credentials and restart if not already created block: @@ -75,7 +75,7 @@ - "-u{{ keycloak_admin_user }}" - "-p{{ keycloak_admin_password }}" changed_when: true - become: "{{ keycloak_require_privilege_escalation }}" + become: "{{ keycloak_require_privilege_escalation | default(true) }}" - name: "Restart {{ keycloak.service_name }}" ansible.builtin.include_tasks: tasks/restart_keycloak.yml - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" diff --git a/roles/keycloak/tasks/restart_keycloak.yml b/roles/keycloak/tasks/restart_keycloak.yml index b6add67..87560bc 100644 --- a/roles/keycloak/tasks/restart_keycloak.yml +++ b/roles/keycloak/tasks/restart_keycloak.yml @@ -5,7 +5,7 @@ enabled: true state: restarted daemon_reload: true - become: "{{ keycloak_restart_require_privilege_escalation }}" + become: "{{ keycloak_restart_require_privilege_escalation | default(true) }}" delegate_to: "{{ ansible_play_hosts | first }}" run_once: true @@ -24,5 +24,5 @@ name: keycloak enabled: true state: restarted - become: "{{ keycloak_restart_require_privilege_escalation }}" + become: "{{ keycloak_restart_require_privilege_escalation | default(true) }}" when: inventory_hostname != ansible_play_hosts | first diff --git a/roles/keycloak/tasks/rhsso_patch.yml b/roles/keycloak/tasks/rhsso_patch.yml index f028211..3f4e253 100644 --- a/roles/keycloak/tasks/rhsso_patch.yml +++ b/roles/keycloak/tasks/rhsso_patch.yml @@ -12,7 +12,7 @@ path: "{{ patch_archive }}" register: patch_archive_path when: sso_patch_version is defined - become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" + become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}" - name: Perform patch download from RHN via JBossNetwork API delegate_to: localhost @@ -86,7 +86,7 @@ ansible.builtin.stat: path: "{{ patch_archive }}" register: patch_archive_path - become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" + become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}" ## copy and unpack - name: Copy patch archive to target nodes @@ -101,7 +101,7 @@ - not patch_archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists - become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" + become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}" - name: "Check installed patches" ansible.builtin.include_tasks: rhsso_cli.yml @@ -109,7 +109,7 @@ cli_query: "patch info" args: apply: - become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" + become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}" become_user: "{{ keycloak_service_user }}" - name: "Perform patching" @@ -124,7 +124,7 @@ cli_query: "patch apply {{ patch_archive }}" args: apply: - become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" + become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}" become_user: "{{ keycloak_service_user }}" - name: "Restart server to ensure patch content is running" @@ -135,7 +135,7 @@ - cli_result.rc == 0 args: apply: - become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" + become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}" become_user: "{{ keycloak_service_user }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" @@ -152,7 +152,7 @@ cli_query: "patch info" args: apply: - become: "{{ keycloak_rhsso_patch_require_privilege_escalation }}" + become: "{{ keycloak_rhsso_patch_require_privilege_escalation | default(true) }}" become_user: "{{ keycloak_service_user }}" - name: "Verify installed patch version" diff --git a/roles/keycloak/tasks/start_keycloak.yml b/roles/keycloak/tasks/start_keycloak.yml index 06be6a2..c445da6 100644 --- a/roles/keycloak/tasks/start_keycloak.yml +++ b/roles/keycloak/tasks/start_keycloak.yml @@ -5,7 +5,7 @@ enabled: true state: started daemon_reload: true - become: "{{ keycloak_start_require_privilege_escalation }}" + become: "{{ keycloak_start_require_privilege_escalation | default(true) }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" ansible.builtin.uri: diff --git a/roles/keycloak/tasks/stop_keycloak.yml b/roles/keycloak/tasks/stop_keycloak.yml index 96dc0a5..a112df6 100644 --- a/roles/keycloak/tasks/stop_keycloak.yml +++ b/roles/keycloak/tasks/stop_keycloak.yml @@ -4,4 +4,4 @@ name: keycloak enabled: true state: stopped - become: "{{ keycloak_stop_require_privilege_escalation }}" + become: "{{ keycloak_stop_require_privilege_escalation | default(true) }}" diff --git a/roles/keycloak/tasks/systemd.yml b/roles/keycloak/tasks/systemd.yml index 0ebbe62..e40bba8 100644 --- a/roles/keycloak/tasks/systemd.yml +++ b/roles/keycloak/tasks/systemd.yml @@ -1,6 +1,6 @@ --- - name: "Configure {{ keycloak.service_name }} service script wrapper" - become: "{{ keycloak_systemd_require_privilege_escalation }}" + become: "{{ keycloak_systemd_require_privilege_escalation | default(true) }}" ansible.builtin.template: src: keycloak-service.sh.j2 dest: "{{ keycloak_dest }}/keycloak-service.sh" @@ -11,7 +11,7 @@ - restart keycloak - name: "Configure sysconfig file for {{ keycloak.service_name }} service" - become: "{{ keycloak_systemd_require_privilege_escalation }}" + become: "{{ keycloak_systemd_require_privilege_escalation | default(true) }}" ansible.builtin.template: src: keycloak-sysconfig.j2 dest: "{{ keycloak_sysconf_file }}" @@ -28,7 +28,7 @@ owner: root group: root mode: '0644' - become: "{{ keycloak_systemd_require_privilege_escalation }}" + become: "{{ keycloak_systemd_require_privilege_escalation | default(true) }}" register: systemdunit notify: - restart keycloak diff --git a/roles/keycloak_quarkus/tasks/bootstrapped.yml b/roles/keycloak_quarkus/tasks/bootstrapped.yml index 4a888a8..c77c33d 100644 --- a/roles/keycloak_quarkus/tasks/bootstrapped.yml +++ b/roles/keycloak_quarkus/tasks/bootstrapped.yml @@ -1,6 +1,6 @@ --- - name: Save ansible custom facts - become: "{{ keycloak_quarkus_bootstrapped_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_bootstrapped_require_privilege_escalation | default(true) }}" ansible.builtin.template: src: keycloak.fact.j2 dest: /etc/ansible/facts.d/keycloak.fact diff --git a/roles/keycloak_quarkus/tasks/config_store.yml b/roles/keycloak_quarkus/tasks/config_store.yml index bb723d0..ee17e3e 100644 --- a/roles/keycloak_quarkus/tasks/config_store.yml +++ b/roles/keycloak_quarkus/tasks/config_store.yml @@ -6,7 +6,7 @@ value: "{{ keycloak_quarkus_db_pass }}" - name: "Initialize empty configuration key store" - become: "{{ keycloak_quarkus_config_store_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_config_store_require_privilege_escalation | default(true) }}" # keytool doesn't allow creating an empty key store, so this is a hacky way around it ansible.builtin.shell: | # noqa blocked_modules shell is necessary here set -o nounset # abort on unbound variable @@ -38,7 +38,7 @@ echo {{ item.value | quote }} | keytool -noprompt -importpass -alias {{ item.key | quote }} -keystore {{ keycloak_quarkus_config_key_store_file | quote }} -storepass {{ keycloak_quarkus_config_key_store_password | quote }} -storetype PKCS12 loop: "{{ store_items }}" no_log: true - become: "{{ keycloak_quarkus_config_store_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_config_store_require_privilege_escalation | default(true) }}" changed_when: true notify: - restart keycloak @@ -49,4 +49,4 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0400' - become: "{{ keycloak_quarkus_config_store_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_config_store_require_privilege_escalation | default(true) }}" diff --git a/roles/keycloak_quarkus/tasks/fastpackages.yml b/roles/keycloak_quarkus/tasks/fastpackages.yml index 998ef3c..6c5db05 100644 --- a/roles/keycloak_quarkus/tasks/fastpackages.yml +++ b/roles/keycloak_quarkus/tasks/fastpackages.yml @@ -13,7 +13,7 @@ when: ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_to_install }}" - become: "{{ keycloak_quarkus_fastpackages_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_fastpackages_require_privilege_escalation | default(true) }}" ansible.builtin.dnf: name: "{{ packages_to_install }}" state: present @@ -22,7 +22,7 @@ - ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_list }}" - become: "{{ keycloak_quarkus_fastpackages_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_fastpackages_require_privilege_escalation | default(true) }}" ansible.builtin.package: name: "{{ packages_list }}" state: present diff --git a/roles/keycloak_quarkus/tasks/firewalld.yml b/roles/keycloak_quarkus/tasks/firewalld.yml index daefcf4..2fe594b 100644 --- a/roles/keycloak_quarkus/tasks/firewalld.yml +++ b/roles/keycloak_quarkus/tasks/firewalld.yml @@ -6,14 +6,14 @@ - firewalld - name: Enable and start the firewalld service - become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation | default(true) }}" ansible.builtin.systemd: name: firewalld enabled: true state: started - name: "Configure firewall for {{ keycloak.service_name }} http port" - become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation | default(true) }}" ansible.posix.firewalld: port: "{{ item }}" permanent: true @@ -24,7 +24,7 @@ when: keycloak_quarkus_http_enabled | bool - name: "Configure firewall for {{ keycloak.service_name }} ports" - become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_firewalld_require_privilege_escalation | default(true) }}" ansible.posix.firewalld: port: "{{ item }}" permanent: true diff --git a/roles/keycloak_quarkus/tasks/install.yml b/roles/keycloak_quarkus/tasks/install.yml index 64a492f..28409eb 100644 --- a/roles/keycloak_quarkus/tasks/install.yml +++ b/roles/keycloak_quarkus/tasks/install.yml @@ -12,7 +12,7 @@ quiet: true - name: Check for an existing deployment - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: "{{ keycloak.home }}" register: existing_deploy @@ -21,25 +21,25 @@ when: existing_deploy.stat.exists and keycloak_quarkus_force_install | bool block: - name: "Stop the old {{ keycloak.service_name }} service" - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" failed_when: false ansible.builtin.systemd: name: keycloak state: stopped - name: "Remove the old {{ keycloak.service_name }} deployment" - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" ansible.builtin.file: path: "{{ keycloak_quarkus_home }}" state: absent - name: Check for an existing deployment after possible forced removal - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: "{{ keycloak_quarkus_home }}" register: existing_deploy - name: "Create {{ keycloak.service_name }} service user/group" - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" ansible.builtin.user: name: "{{ keycloak.service_user }}" home: /opt/keycloak @@ -47,7 +47,7 @@ create_home: false - name: "Create {{ keycloak.service_name }} install location" - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" ansible.builtin.file: dest: "{{ keycloak_quarkus_dest }}" state: directory @@ -56,7 +56,7 @@ mode: '0750' - name: Create directory for ansible custom facts - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" ansible.builtin.file: state: directory recurse: true @@ -68,7 +68,7 @@ archive: "{{ keycloak_quarkus_dest }}/{{ keycloak.bundle }}" - name: Check download archive path - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" ansible.builtin.stat: path: "{{ archive }}" register: archive_path @@ -172,13 +172,13 @@ - not archive_path.stat.exists - local_archive_path.stat is defined - local_archive_path.stat.exists - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" - name: "Check target directory: {{ keycloak.home }}/bin/" ansible.builtin.stat: path: "{{ keycloak.home }}/bin/" register: path_to_workdir - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" - name: "Extract Keycloak archive on target" # noqa no-handler need to run this here ansible.builtin.unarchive: @@ -188,7 +188,7 @@ creates: "{{ keycloak.home }}/bin/" owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" when: - (not path_to_workdir.stat.exists) or new_version_downloaded.changed notify: @@ -207,7 +207,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0640' - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" when: - keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled - keycloak_quarkus_key_file_copy_enabled is defined and keycloak_quarkus_key_file_copy_enabled @@ -220,7 +220,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0644' - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" when: - keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled - keycloak_quarkus_cert_file_copy_enabled is defined and keycloak_quarkus_cert_file_copy_enabled @@ -240,7 +240,7 @@ group: "{{ keycloak.service_group }}" mode: '0640' checksum: "{{ item.checksum | default(omit) }}" - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" loop: "{{ keycloak_quarkus_providers }}" when: item.url is defined and item.url | length > 0 notify: "{{ ['invalidate keycloak theme cache', 'rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or item.restart else [] }}" @@ -269,7 +269,7 @@ group: "{{ keycloak.service_group }}" mode: '0640' checksum: "{{ item.checksum | default(omit) }}" - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" loop: "{{ keycloak_quarkus_providers }}" when: item.maven is defined no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}" @@ -283,7 +283,7 @@ group: "{{ keycloak.service_group }}" mode: '0640' remote_src: "{{ item.remote | default(false) }}" - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" loop: "{{ keycloak_quarkus_providers }}" when: item.local_path is defined notify: "{{ ['invalidate keycloak theme cache', 'rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or item.restart else [] }}" @@ -295,7 +295,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0750' - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" loop: "{{ keycloak_quarkus_supported_policy_types }}" - name: "Install custom policies" @@ -305,7 +305,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0640' - become: "{{ keycloak_quarkus_install_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_install_require_privilege_escalation | default(true) }}" loop: "{{ keycloak_quarkus_policies }}" when: item.url is defined and item.url | length > 0 notify: "restart keycloak" diff --git a/roles/keycloak_quarkus/tasks/invalidate_theme_cache.yml b/roles/keycloak_quarkus/tasks/invalidate_theme_cache.yml index fd1966f..dbcaeba 100644 --- a/roles/keycloak_quarkus/tasks/invalidate_theme_cache.yml +++ b/roles/keycloak_quarkus/tasks/invalidate_theme_cache.yml @@ -8,4 +8,4 @@ ansible.builtin.file: path: "{{ keycloak.home }}/data/tmp/kc-gzip-cache" state: absent - become: "{{ keycloak_quarkus_invalidate_theme_cache_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_invalidate_theme_cache_require_privilege_escalation | default(true) }}" diff --git a/roles/keycloak_quarkus/tasks/iptables.yml b/roles/keycloak_quarkus/tasks/iptables.yml index 1f29628..42265ea 100644 --- a/roles/keycloak_quarkus/tasks/iptables.yml +++ b/roles/keycloak_quarkus/tasks/iptables.yml @@ -6,7 +6,7 @@ - iptables - name: "Configure firewall ports for {{ keycloak.service_name }}" - become: "{{ keycloak_quarkus_iptables_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_iptables_require_privilege_escalation | default(true) }}" ansible.builtin.iptables: destination_port: "{{ item }}" action: "insert" diff --git a/roles/keycloak_quarkus/tasks/jdbc_driver.yml b/roles/keycloak_quarkus/tasks/jdbc_driver.yml index f948a30..e75570b 100644 --- a/roles/keycloak_quarkus/tasks/jdbc_driver.yml +++ b/roles/keycloak_quarkus/tasks/jdbc_driver.yml @@ -17,6 +17,6 @@ url_password: "{{ keycloak_quarkus_jdbc_download_pass | default(omit) }}" validate_certs: "{{ keycloak_quarkus_jdbc_download_validate_certs | default(omit) }}" mode: '0640' - become: "{{ keycloak_quarkus_jdbc_driver_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_jdbc_driver_require_privilege_escalation | default(true) }}" notify: - restart keycloak diff --git a/roles/keycloak_quarkus/tasks/main.yml b/roles/keycloak_quarkus/tasks/main.yml index 26ef4f6..7dc4051 100644 --- a/roles/keycloak_quarkus/tasks/main.yml +++ b/roles/keycloak_quarkus/tasks/main.yml @@ -82,7 +82,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0640' - become: "{{ keycloak_quarkus_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_require_privilege_escalation | default(true) }}" loop: "{{ keycloak_quarkus_config_files }}" notify: - rebuild keycloak config @@ -95,7 +95,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0775' - become: "{{ keycloak_quarkus_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_require_privilege_escalation | default(true) }}" - name: Ensure tmp-directory exists ansible.builtin.file: @@ -104,7 +104,7 @@ owner: "{{ keycloak.service_user }}" group: "{{ keycloak.service_group }}" mode: '0755' - become: "{{ keycloak_quarkus_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_require_privilege_escalation | default(true) }}" - name: Flush pending handlers ansible.builtin.meta: flush_handlers @@ -118,7 +118,7 @@ src: "{{ keycloak.log.file | dirname }}" dest: "{{ keycloak_quarkus_log_target }}" force: true - become: "{{ keycloak_quarkus_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_require_privilege_escalation | default(true) }}" - name: Check service status ansible.builtin.systemd_service: diff --git a/roles/keycloak_quarkus/tasks/rebuild_config.yml b/roles/keycloak_quarkus/tasks/rebuild_config.yml index 0f64c38..5676365 100644 --- a/roles/keycloak_quarkus/tasks/rebuild_config.yml +++ b/roles/keycloak_quarkus/tasks/rebuild_config.yml @@ -3,5 +3,5 @@ - name: "Rebuild {{ keycloak.service_name }} config" ansible.builtin.shell: | # noqa blocked_modules shell is necessary here env -i bash -c "set -a ; source {{ keycloak_quarkus_sysconf_file }} ; {{ keycloak.home }}/bin/kc.sh build " - become: "{{ keycloak_quarkus_rebuild_config_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_rebuild_config_require_privilege_escalation | default(true) }}" changed_when: true diff --git a/roles/keycloak_quarkus/tasks/restart.yml b/roles/keycloak_quarkus/tasks/restart.yml index 66f3e0c..ae38d46 100644 --- a/roles/keycloak_quarkus/tasks/restart.yml +++ b/roles/keycloak_quarkus/tasks/restart.yml @@ -5,7 +5,7 @@ enabled: true state: restarted daemon_reload: true - become: "{{ keycloak_quarkus_restart_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_restart_require_privilege_escalation | default(true) }}" - name: "Wait until {{ keycloak.service_name }} service becomes active {{ keycloak.health_url }}" ansible.builtin.uri: diff --git a/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml b/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml index a5ea7e6..01855f1 100644 --- a/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml +++ b/roles/keycloak_quarkus/tasks/restart/serial_then_parallel.yml @@ -16,5 +16,5 @@ enabled: true state: restarted daemon_reload: true - become: "{{ keycloak_quarkus_restart_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_restart_require_privilege_escalation | default(true) }}" when: inventory_hostname != ansible_play_hosts | first diff --git a/roles/keycloak_quarkus/tasks/start.yml b/roles/keycloak_quarkus/tasks/start.yml index 4fc63bd..4d0be43 100644 --- a/roles/keycloak_quarkus/tasks/start.yml +++ b/roles/keycloak_quarkus/tasks/start.yml @@ -5,7 +5,7 @@ enabled: true state: started daemon_reload: true - become: "{{ keycloak_quarkus_start_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_start_require_privilege_escalation | default(true) }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" ansible.builtin.uri: diff --git a/roles/keycloak_quarkus/tasks/systemd.yml b/roles/keycloak_quarkus/tasks/systemd.yml index 6d6168a..e0cdc27 100644 --- a/roles/keycloak_quarkus/tasks/systemd.yml +++ b/roles/keycloak_quarkus/tasks/systemd.yml @@ -1,6 +1,6 @@ --- - name: "Configure sysconfig file for {{ keycloak.service_name }} service" - become: "{{ keycloak_quarkus_systemd_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_systemd_require_privilege_escalation | default(true) }}" ansible.builtin.template: src: keycloak-sysconfig.j2 dest: "{{ keycloak_quarkus_sysconf_file }}" @@ -20,7 +20,7 @@ owner: root group: root mode: '0644' - become: "{{ keycloak_quarkus_systemd_require_privilege_escalation }}" + become: "{{ keycloak_quarkus_systemd_require_privilege_escalation | default(true) }}" register: systemdunit notify: - rebuild keycloak config