diff --git a/galaxy.yml b/galaxy.yml index 29d1d00..3eec4c8 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -22,7 +22,7 @@ tags: - authentication - java dependencies: - "middleware_automation.redhat_csp_download": ">=1.2.1" + "middleware_automation.common": ">=1.0.0" "ansible.posix": ">=1.4.0" repository: https://github.com/ansible-middleware/keycloak documentation: https://ansible-middleware.github.io/keycloak diff --git a/molecule/requirements.yml b/molecule/requirements.yml index 0aed172..2e0ae56 100644 --- a/molecule/requirements.yml +++ b/molecule/requirements.yml @@ -1,7 +1,6 @@ --- collections: - - name: middleware_automation.redhat_csp_download - version: ">=1.2.1" + - name: middleware_automation.common - name: community.general - name: ansible.posix - name: community.docker diff --git a/playbooks/rhsso.yml b/playbooks/rhsso.yml index c8dbc44..ea67158 100644 --- a/playbooks/rhsso.yml +++ b/playbooks/rhsso.yml @@ -1,9 +1,8 @@ --- -- name: Playbook for Keycloak Hosts - hosts: keycloak +- name: Playbook for Red Hat SSO Hosts + hosts: sso vars: keycloak_admin_password: "remembertochangeme" sso_enable: True roles: - - middleware_automation.redhat_csp_download.redhat_csp_download - middleware_automation.keycloak.keycloak diff --git a/requirements.yml b/requirements.yml index dae1d95..3f6feef 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,5 +1,4 @@ --- collections: - - name: middleware_automation.redhat_csp_download - version: ">=1.2.1" + - name: middleware_automation.common - name: ansible.posix diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 06f9b47..5aadcb9 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -19,7 +19,12 @@ Dependencies The roles depends on: -* the `redhat_csp_download` role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection if Red Hat Single Sign-on zip have to be downloaded from RHN. +* [middleware_automation.common](https://github.com/ansible-middleware/common) +* [ansible-posix](https://docs.ansible.com/ansible/latest/collections/ansible/posix/index.html) + +To install all the dependencies via galaxy: + + ansible-galaxy collection install -r requirements.yml Versions diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 382bf70..6693c30 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -300,10 +300,6 @@ argument_specs: default: "7.6.0" description: "Red Hat Single Sign-On version" type: "str" - sso_rhn_id: - default: "104539" - description: "Customer Portal product ID for Red Hat SSO" - type: "str" sso_archive: default: "rh-sso-{{ sso_version }}-server-dist.zip" description: "Red Hat SSO install archive filename" @@ -316,14 +312,6 @@ argument_specs: default: "{{ sso_dest }}/rh-sso-{{ sso_version.split('.')[0] }}.{{ sso_version.split('.')[1] }}" description: "Installation path for Red Hat SSO" type: "str" - sso_rhn_url: - default: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=' - description: "Base download URI for customer portal" - type: "str" - sso_download_url: - default: "{{ sso_rhn_url }}{{ sso_rhn_id }}" - description: "Full download URI for Red Hat SSO" - type: "str" sso_apply_patches: default: False description: "Install Red Hat SSO most recent cumulative patch" @@ -333,7 +321,7 @@ argument_specs: description: "Enable Red Hat Single Sign-on installation" type: "str" sso_offline_install: - default: True + default: False description: "Perform an offline install" type: "bool" sso_service_name: @@ -345,14 +333,14 @@ argument_specs: description: "systemd description for Red Hat Single Sign-On" type: "str" sso_patch_version: - default: "7.6.1" - description: "Red Hat Single Sign-On latest cumulative patch version" + required: False + description: "Red Hat Single Sign-On latest cumulative patch version to apply; default to latest version when sso_apply_patches is True" type: "str" sso_patch_bundle: - default: "rh-sso-{{ sso_patch_version }}-patch.zip" + default: "rh-sso-{{ sso_patch_version | default('') }}-patch.zip" description: "Red Hat SSO patch archive filename" type: "str" - sso_patch_rhn_id: - default: "104867" - description: "Customer Portal product ID for Red Hat SSO latest cumulative patch" + sso_product_category: + default: "core.service.rhsso" + description: "JBossNetwork API category for Single Sign-On" type: "str" diff --git a/roles/keycloak/meta/main.yml b/roles/keycloak/meta/main.yml index fce67b7..5816039 100644 --- a/roles/keycloak/meta/main.yml +++ b/roles/keycloak/meta/main.yml @@ -1,6 +1,7 @@ --- collections: - - middleware_automation.redhat_csp_download + - middleware_automation.common + - ansible.posix galaxy_info: role_name: keycloak diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml index 35054ec..e7283e7 100644 --- a/roles/keycloak/tasks/install.yml +++ b/roles/keycloak/tasks/install.yml @@ -77,6 +77,7 @@ dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" mode: 0644 delegate_to: localhost + run_once: yes when: - archive_path is defined - archive_path.stat is defined @@ -84,21 +85,43 @@ - not sso_enable is defined or not sso_enable - not keycloak_offline_install -- name: Perform download from RHN - middleware_automation.redhat_csp_download.redhat_csp_download: - url: "{{ keycloak_rhsso_download_url }}" - dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" - username: "{{ rhn_username }}" - password: "{{ rhn_password }}" - no_log: "{{ omit_rhn_output | default(true) }}" +- name: Perform download from RHN using JBoss Network API delegate_to: localhost + run_once: yes when: - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists - sso_enable is defined and sso_enable - not keycloak_offline_install - - keycloak_rhn_url in keycloak_download_url + block: + - name: Retrieve product download using JBoss Network API + middleware_automation.common.product_search: + client_id: "{{ rhn_username }}" + client_secret: "{{ rhn_password }}" + product_type: DISTRIBUTION + product_version: "{{ sso_version }}" + product_category: "{{ sso_product_category }}" + register: rhn_products + no_log: "{{ omit_rhn_output | default(true) }}" + delegate_to: localhost + run_once: yes + + - name: Determine install zipfile from search results + ansible.builtin.set_fact: + rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + sso_archive + '$') }}" + delegate_to: localhost + run_once: yes + + - name: Download Red Hat Single Sign-On + middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user + client_id: "{{ rhn_username }}" + client_secret: "{{ rhn_password }}" + product_id: "{{ (rhn_filtered_products | first).id }}" + dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" + no_log: "{{ omit_rhn_output | default(true) }}" + delegate_to: localhost + run_once: yes - name: Download rhsso archive from alternate location ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user @@ -106,13 +129,14 @@ dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" mode: 0644 delegate_to: localhost + run_once: yes when: - archive_path is defined - archive_path.stat is defined - not archive_path.stat.exists - sso_enable is defined and sso_enable - not keycloak_offline_install - - not keycloak_rhn_url in keycloak_download_url + - keycloak_rhsso_download_url is defined - name: Check downloaded archive ansible.builtin.stat: diff --git a/roles/keycloak_realm/meta/main.yml b/roles/keycloak_realm/meta/main.yml index 4ce1b73..5dd7a21 100644 --- a/roles/keycloak_realm/meta/main.yml +++ b/roles/keycloak_realm/meta/main.yml @@ -19,5 +19,4 @@ galaxy_info: - keycloak - redhat - rhel - - rhn - sso