Update changelog for release 1.2.8

Signed-off-by: github-actions <ggraziol@redhat.com>

.github/workflows/ci.yml

@@ -5,54 +5,14 @@ on:
     branches:
       - main
   pull_request:
-
-env:
-  COLORTERM: 'yes'
-  TERM: 'xterm-256color'
-  PYTEST_ADDOPTS: '--color=yes'
+  schedule:
+    - cron: '0 6 * * *'
 
 jobs:
   ci:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python_version: ["3.10"]
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v2
-        with:
-          path: ansible_collections/middleware_automation/keycloak
-
-      - name: Set up Python ${{ matrix.python_version }}
-        uses: actions/setup-python@v4
-        with:
-          python-version: ${{ matrix.python_version }}
-          cache: 'pip'
-
-      - name: Install yamllint, ansible and molecule
-        run: |
-          python -m pip install --upgrade pip
-          pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous
-          pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt
-
-      - name: Create default collection path
-        run: |
-          mkdir -p /home/runner/.ansible/
-          ln -s /home/runner/work/keycloak/keycloak /home/runner/.ansible/collections
-
-      - name: Install ansible-lint custom rules
-        uses: actions/checkout@v2
-        with:
-          repository: ansible-middleware/ansible-lint-custom-rules
-          path: ansible_collections/ansible-lint-custom-rules/
-
-      - name: Run sanity tests
-        run: ansible-test sanity -v --color --python ${{ matrix.python_version }} --exclude changelogs/fragments/.gitignore --skip-test symlinks
-        working-directory: ./ansible_collections/middleware_automation/keycloak
-
-      - name: Run molecule test
-        run: molecule test --all
-        working-directory: ./ansible_collections/middleware_automation/keycloak
-        env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
+    uses: ansible-middleware/github-actions/.github/workflows/ci.yml@main
+    secrets: inherit
+    with:
+      fqcn: 'middleware_automation/keycloak'
+      molecule_tests: >-
+          [ "default", "quarkus", "overridexml" ]

.github/workflows/docs.yml

@@ -8,57 +8,10 @@ on:
       - "[0-9]+.[0-9]+.[0-9]+"
   workflow_dispatch:
 
-env:
-  COLORTERM: 'yes'
-  TERM: 'xterm-256color'
-  PYTEST_ADDOPTS: '--color=yes'
-
 jobs:
   docs:
-    runs-on: ubuntu-latest
-    if: github.repository == 'ansible-middleware/keycloak'
-    permissions:
-      actions: write
-      checks: write
-      contents: write
-      deployments: write
-      packages: write
-      pages: write
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v2
-        with:
-          path: ansible_collections/middleware_automation/keycloak
-          fetch-depth: 0
-
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: 3.9
-          cache: 'pip'
-
-      - name: Install doc dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install -r ansible_collections/middleware_automation/keycloak/docs/requirements.txt
-          pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt
-          sudo apt --fix-missing update
-          sudo apt install -y sed hub
-
-      - name: Create default collection path
-        run: |
-          mkdir -p /home/runner/.ansible/
-          ln -s /home/runner/work/keycloak/keycloak /home/runner/.ansible/collections
-
-      - name: Create changelog and documentation
-        uses: ansible-middleware/collection-docs-action@main
-        with:
-          collection_fqcn: middleware_automation.keycloak
-          collection_repo: ansible-middleware/keycloak
-          dependencies: false
-          commit_changelog: false
-          commit_ghpages: true
-          changelog_release: false
-          generate_docs: true
-          path: ansible_collections/middleware_automation/keycloak
-          token: ${{ secrets.GITHUB_TOKEN }}
+    uses: ansible-middleware/github-actions/.github/workflows/docs.yml@main
+    secrets: inherit
+    with:
+      fqcn: 'middleware_automation/keycloak'
+      collection_fqcn: 'middleware_automation.keycloak'

.github/workflows/release.yml

@@ -5,89 +5,10 @@ on:
 
 jobs:
   release:
-    runs-on: ubuntu-latest
-    if: github.repository == 'ansible-middleware/keycloak'
-    permissions:
-      actions: write
-      checks: write
-      contents: write
-      deployments: write
-      packages: write
-      pages: write
-    outputs:
-      tag_version: ${{ steps.get_version.outputs.TAG_VERSION }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.TRIGGERING_PAT }}
-
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: "3.x"
-          cache: 'pip'
-
-      - name: Get current version
-        id: get_version
-        run: echo "::set-output name=TAG_VERSION::$(grep version galaxy.yml | awk -F'"' '{ print $2 }')"
-
-      - name: Check if tag exists
-        id: check_tag
-        run: echo "::set-output name=TAG_EXISTS::$(git tag | grep ${{ steps.get_version.outputs.TAG_VERSION }})"
-
-      - name: Fail if tag exists
-        if: ${{ steps.get_version.outputs.TAG_VERSION == steps.check_tag.outputs.TAG_EXISTS }}
-        uses: actions/github-script@v3
-        with:
-          script: |
-              core.setFailed('Release tag already exists')
-
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install ansible-core antsibull
-          sudo apt --fix-missing update
-          sudo apt install -y sed hub
-
-      - name: Build collection
-        run: |
-          ansible-galaxy collection build .
-
-      - name: Create changelog and documentation
-        uses: ansible-middleware/collection-docs-action@main
-        with:
-          collection_fqcn: middleware_automation.keycloak
-          collection_repo: ansible-middleware/keycloak
-          dependencies: false
-          commit_changelog: true
-          commit_ghpages: false
-          changelog_release: true
-          generate_docs: false
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Publish collection
-        env:
-          ANSIBLE_GALAXY_API_KEY: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}
-        run: |
-          ansible-galaxy collection publish *.tar.gz --api-key $ANSIBLE_GALAXY_API_KEY
-
-      - name: Create release tag
-        run: |
-          git config user.name github-actions
-          git config user.email github-actions@github.com
-          git tag -a ${{ steps.get_version.outputs.TAG_VERSION }} -m "Release v${{ steps.get_version.outputs.TAG_VERSION }}" || true
-          git push origin --tags
-
-      - name: Publish Release
-        uses: softprops/action-gh-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ steps.get_version.outputs.TAG_VERSION }}
-          files: "*.tar.gz"
-          body_path: gh-release.md
+    uses: ansible-middleware/github-actions/.github/workflows/release.yml@main
+    secrets: inherit
+    with:
+      collection_fqcn: 'middleware_automation.keycloak'
 
   dispatch:
     needs: release

CHANGELOG.rst

@@ -6,6 +6,31 @@ middleware_automation.keycloak Release Notes
 
 This changelog describes changes after version 0.2.6.
 
+v1.2.8
+======
+
+Minor Changes
+-------------
+
+- keycloak_quarkus: set openjdk 17 as default `#103 <https://github.com/ansible-middleware/keycloak/pull/103>`_
+- keycloak_quarkus: update to version 22.0.1 `#107 <https://github.com/ansible-middleware/keycloak/pull/107>`_
+
+Bugfixes
+--------
+
+- Fix incorrect checks for ``keycloak_jgroups_subnet`` `#98 <https://github.com/ansible-middleware/keycloak/pull/98>`_
+- Undefine ``keycloak_db_valid_conn_sql`` default `#91 <https://github.com/ansible-middleware/keycloak/pull/91>`_
+- Update bindep.txt package python3-devel to support RHEL9 `#105 <https://github.com/ansible-middleware/keycloak/pull/105>`_
+
+v1.2.7
+======
+
+Minor Changes
+-------------
+
+- Allow to override jgroups subnet `#93 <https://github.com/ansible-middleware/keycloak/pull/93>`_
+- keycloak-quarkus: update keycloakx to v21.1.1 `#92 <https://github.com/ansible-middleware/keycloak/pull/92>`_
+
 v1.2.6
 ======
 

README.md

@@ -3,6 +3,8 @@
 <!--start build_status -->
 [![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml)
 
+> **_NOTE:_ If you are Red Hat customer, install `redhat.sso` from [Automation Hub](https://console.redhat.com/ansible/ansible-dashboard) as the certified version of this collection.**
+
 <!--end build_status -->
 Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on). 
 

bindep.txt

@@ -1,4 +1,5 @@
-python39-devel [platform:rpm compile]
+python3-devel [compile platform:rpm]
+python39-devel [compile platform:centos-8 platform:rhel-8]
 git-lfs [platform:rpm]
 python3-netaddr [platform:rpm]
 python3-lxml [platform:rpm]

changelogs/changelog.yaml

@@ -247,3 +247,42 @@ releases:
     - 89.yaml
     - 90.yaml
     release_date: '2023-06-07'
+  1.2.7:
+    changes:
+      minor_changes:
+      - 'Allow to override jgroups subnet `#93 <https://github.com/ansible-middleware/keycloak/pull/93>`_
+
+        '
+      - 'keycloak-quarkus: update keycloakx to v21.1.1 `#92 <https://github.com/ansible-middleware/keycloak/pull/92>`_
+
+        '
+    fragments:
+    - 92.yaml
+    - 93.yaml
+    release_date: '2023-06-19'
+  1.2.8:
+    changes:
+      bugfixes:
+      - 'Fix incorrect checks for ``keycloak_jgroups_subnet`` `#98 <https://github.com/ansible-middleware/keycloak/pull/98>`_
+
+        '
+      - 'Undefine ``keycloak_db_valid_conn_sql`` default `#91 <https://github.com/ansible-middleware/keycloak/pull/91>`_
+
+        '
+      - 'Update bindep.txt package python3-devel to support RHEL9 `#105 <https://github.com/ansible-middleware/keycloak/pull/105>`_
+
+        '
+      minor_changes:
+      - 'keycloak_quarkus: set openjdk 17 as default `#103 <https://github.com/ansible-middleware/keycloak/pull/103>`_
+
+        '
+      - 'keycloak_quarkus: update to version 22.0.1 `#107 <https://github.com/ansible-middleware/keycloak/pull/107>`_
+
+        '
+    fragments:
+    - 103.yaml
+    - 105.yaml
+    - 107.yaml
+    - 91.yaml
+    - 98.yaml
+    release_date: '2023-08-28'

docs/conf.py

@@ -43,6 +43,7 @@ extensions = [
     'myst_parser',
     'sphinx.ext.autodoc',
     'sphinx.ext.intersphinx',
+    'sphinx_antsibull_ext',
     'ansible_basic_sphinx_ext',
 ]
 
@@ -71,7 +72,7 @@ language = None
 exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', '.tmp']
 
 # The name of the Pygments (syntax highlighting) style to use.
-pygments_style = 'sphinx'
+pygments_style = 'ansible'
 
 highlight_language = 'YAML+Jinja'
 

docs/requirements.txt

@@ -2,6 +2,7 @@ antsibull>=0.17.0
 antsibull-docs
 antsibull-changelog
 ansible-core>=2.14.1
+ansible-pygments
 sphinx-rtd-theme
 git+https://github.com/felixfontein/ansible-basic-sphinx-ext
 myst-parser

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: middleware_automation
 name: keycloak
-version: "1.2.6"
+version: "1.2.8"
 readme: README.md
 authors:
   - Romain Pelisse <rpelisse@redhat.com>

molecule/default/molecule.yml

@@ -1,12 +1,6 @@
 ---
-dependency:
-  name: shell
-  command: ansible-galaxy collection install -r molecule/requirements.yml -p $HOME/.ansible/collections --force-with-deps
 driver:
   name: docker
-lint: |
-  ansible-lint --version
-  ansible-lint -v
 platforms:
   - name: instance
     image: registry.access.redhat.com/ubi8/ubi-init:latest
@@ -34,15 +28,13 @@ provisioner:
         ansible_python_interpreter: "{{ ansible_playbook_python }}"
   env:
     ANSIBLE_FORCE_COLOR: "true"
+    ANSIBLE_VERBOSITY: 3
 verifier:
   name: ansible
 scenario:
   test_sequence:
-    - dependency
-    - lint
     - cleanup
     - destroy
-    - syntax
     - create
     - prepare
     - converge

molecule/default/verify.yml

@@ -17,7 +17,7 @@
     - name: Verify we are running on requested jvm # noqa blocked_modules command-instead-of-module
       ansible.builtin.shell: |
         set -o pipefail
-        ps -ef | grep /usr/lib/jvm/java-11 | grep -v grep
+        ps -ef | grep '/etc/alternatives/jre_11/' | grep -v grep
       args:
         executable: /bin/bash
       changed_when: no

molecule/overridexml/molecule.yml

@@ -1,12 +1,6 @@
 ---
-dependency:
-  name: shell
-  command: ansible-galaxy collection install -r molecule/requirements.yml -p $HOME/.ansible/collections --force-with-deps
 driver:
   name: docker
-lint: |
-  ansible-lint --version
-  ansible-lint -v
 platforms:
   - name: instance
     image: registry.access.redhat.com/ubi8/ubi-init:latest
@@ -38,11 +32,8 @@ verifier:
   name: ansible
 scenario:
   test_sequence:
-    - dependency
-    - lint
     - cleanup
     - destroy
-    - syntax
     - create
     - prepare
     - converge

molecule/quarkus/molecule.yml

@@ -1,12 +1,6 @@
 ---
-dependency:
-  name: shell
-  command: ansible-galaxy collection install -r molecule/requirements.yml -p $HOME/.ansible/collections --force-with-deps
 driver:
   name: docker
-lint: |
-  ansible-lint --version
-  ansible-lint -v
 platforms:
   - name: instance
     image: registry.access.redhat.com/ubi8/ubi-init:latest
@@ -40,11 +34,8 @@ verifier:
   name: ansible
 scenario:
   test_sequence:
-    - dependency
-    - lint
     - cleanup
     - destroy
-    - syntax
     - create
     - prepare
     - converge

molecule/quarkus/prepare.yml

@@ -30,13 +30,13 @@
     - name: Create conf directory # risky-file-permissions in test user account does not exist yet
       ansible.builtin.file:
         state: directory
-        path: /opt/keycloak/keycloak-18.0.0/conf/
+        path: /opt/keycloak/keycloak-22.0.1/conf/
         mode: 0755
 
     - name: Copy certificates
       ansible.builtin.copy:
         src: "{{ item }}"
-        dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}"
+        dest: "/opt/keycloak/keycloak-22.0.1/conf/{{ item }}"
         mode: 0444
       loop:
         - cert.pem

roles/keycloak/README.md

@@ -165,7 +165,7 @@ The following variables are _optional_:
 |:---------|:------------|
 |`keycloak_db_valid_conn_sql` | Override the default database connection validation query sql |
 |`keycloak_admin_url` | Override the default administration endpoint URL |
-
+|`keycloak_jgroups_subnet`| Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration |
 
 Example Playbook
 -----------------

roles/keycloak/defaults/main.yml

@@ -42,6 +42,7 @@ keycloak_http_port: 8080
 keycloak_https_port: 8443
 keycloak_ajp_port: 8009
 keycloak_jgroups_port: 7600
+keycloak_jgroups_subnet:
 keycloak_management_port_bind_address: 127.0.0.1
 keycloak_management_http_port: 9990
 keycloak_management_https_port: 9993
@@ -97,8 +98,6 @@ keycloak_db_pass: keycloak-pass
 keycloak_db_background_validation: False
 keycloak_db_background_validation_millis: "{{ 10000 if keycloak_db_background_validation else 0 }}"
 keycloak_db_background_validate_on_match: False
-# variable to override database connection validation query
-keycloak_db_valid_conn_sql:
 keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
 keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
 # override the variables above, following defaults show minimum supported versions

roles/keycloak/meta/argument_specs.yml

@@ -347,6 +347,10 @@ argument_specs:
                 required: False
                 description: "Override the default administration endpoint URL"
                 type: "str"
+            keycloak_jgroups_subnet:
+                required: False
+                description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration"
+                type: "str"
     downstream:
         options:
             sso_version:

roles/keycloak/tasks/install.yml

@@ -239,7 +239,7 @@
   loop: "{{ ansible_play_batch }}"
   when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING'
 
-- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak.config_template_source }}"
+- name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
   become: yes
   ansible.builtin.template:
     src: templates/standalone-ha.xml.j2

roles/keycloak/tasks/prereqs.yml

@@ -43,4 +43,5 @@
       - "{{ keycloak_jvm_package }}"
       - unzip
       - procps-ng
-      - initscripts
+      - initscripts
+      - tzdata-java

roles/keycloak/tasks/systemd.yml

@@ -10,14 +10,9 @@
   notify:
     - restart keycloak
 
-- name: Determine JAVA_HOME for selected JVM RPM  # noqa blocked_modules
-  ansible.builtin.shell: |
-    set -o pipefail
-    rpm -ql {{ keycloak_jvm_package }} | grep -Po '/usr/lib/jvm/.*(?=/bin/java$)'
-  args:
-    executable: /bin/bash
-  changed_when: False
-  register: rpm_java_home
+- name: Determine JAVA_HOME for selected JVM RPM
+  ansible.builtin.set_fact:
+    rpm_java_home: "/etc/alternatives/jre_{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}"
 
 - name: "Configure sysconfig file for {{ keycloak.service_name }} service"
   become: yes
@@ -28,7 +23,7 @@
     group: root
     mode: 0644
   vars:
-    keycloak_rpm_java_home: "{{ rpm_java_home.stdout }}"
+    keycloak_rpm_java_home: "{{ rpm_java_home }}"
   notify:
     - restart keycloak
 

roles/keycloak/templates/standalone-ha.xml.j2

@@ -662,7 +662,9 @@
             <inet-address value="{{ keycloak_management_port_bind_address }}"/>
         </interface>
         <interface name="jgroups">
-{% if ansible_default_ipv4 is defined %}
+{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet is not none and keycloak_jgroups_subnet | string | length > 0 %}
+            <subnet-match value="{{ keycloak_jgroups_subnet | string }}"/>
+{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %}
             <subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}"/>
 {% else %}
             <any-address />

roles/keycloak/templates/standalone-infinispan.xml.j2

@@ -700,7 +700,9 @@
             <inet-address value="{{ keycloak_management_port_bind_address }}"/>
         </interface>
         <interface name="jgroups">
-{% if ansible_default_ipv4 is defined %}
+{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet is not none and keycloak_jgroups_subnet | string | length > 0 %}
+            <subnet-match value="{{ keycloak_jgroups_subnet | string }}"/>
+{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %}
             <subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}"/>
 {% else %}
             <any-address />

roles/keycloak_quarkus/README.md

@@ -1,7 +1,7 @@
 keycloak_quarkus
 ================
 
-Install [keycloak](https://keycloak.org/) >= 17.0.0 (quarkus) server configurations.
+Install [keycloak](https://keycloak.org/) >= 20.0.0 (quarkus) server configurations.
 
 
 Role Defaults
@@ -11,7 +11,7 @@ Role Defaults
 
 | Variable | Description | Default |
 |:---------|:------------|:--------|
-|`keycloak_quarkus_version`| keycloak.org package version | `17.0.1` |
+|`keycloak_quarkus_version`| keycloak.org package version | `22.0.1` |
 
 
 * Service configuration
@@ -30,7 +30,7 @@ Role Defaults
 |`keycloak_quarkus_service_user`| Posix account username | `keycloak` |
 |`keycloak_quarkus_service_group`| Posix account group | `keycloak` |
 |`keycloak_quarkus_service_pidfile`| Pid file path for service | `/run/keycloak.pid` |
-|`keycloak_quarkus_jvm_package`| RHEL java package runtime | `java-11-openjdk-headless` |
+|`keycloak_quarkus_jvm_package`| RHEL java package runtime | `java-17-openjdk-headless` |
 |`keycloak_quarkus_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_quarkus_jvm_package RPM path | `None` |
 |`keycloak_quarkus_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` |
 |`keycloak_quarkus_frontend_url`| Service public URL | `http://localhost:8080/auth` |
@@ -71,7 +71,7 @@ Role Defaults
 |:---------|:------------|:---------|
 |`keycloak_quarkus_offline_install` | Perform an offline install | `False`|
 |`keycloak_quarkus_download_url`| Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/<version>/<archive>`| 
-|`keycloak_quarkus_version`| keycloak.org package version | `17.0.1` |
+|`keycloak_quarkus_version`| keycloak.org package version | `22.0.1` |
 |`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` |
 |`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` |
 |`keycloak_quarkus_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `False` |

roles/keycloak_quarkus/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 ### Configuration specific to keycloak
-keycloak_quarkus_version: 18.0.0
+keycloak_quarkus_version: 22.0.1
 keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip"
 keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"  
 keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"
@@ -9,7 +9,7 @@ keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_q
 keycloak_quarkus_offline_install: False
 
 ### Install location and service settings
-keycloak_quarkus_jvm_package: java-11-openjdk-headless
+keycloak_quarkus_jvm_package: java-17-openjdk-headless
 keycloak_quarkus_java_home:
 keycloak_quarkus_dest: /opt/keycloak
 keycloak_quarkus_home: "{{ keycloak_quarkus_installdir }}"

roles/keycloak_quarkus/tasks/prereqs.yml

@@ -22,4 +22,5 @@
       - "{{ keycloak_quarkus_jvm_package }}"
       - unzip
       - procps-ng
-      - initscripts
+      - initscripts
+      - tzdata-java

roles/keycloak_quarkus/tasks/systemd.yml

@@ -1,12 +1,7 @@
 ---
-- name: Determine JAVA_HOME for selected JVM RPM  # noqa blocked_modules
-  ansible.builtin.shell: |
-    set -o pipefail
-    rpm -ql {{ keycloak_quarkus_jvm_package }} | grep -Po '/usr/lib/jvm/.*(?=/bin/java$)'
-  args:
-    executable: /bin/bash
-  changed_when: False
-  register: rpm_java_home
+- name: Determine JAVA_HOME for selected JVM RPM
+  ansible.builtin.set_fact:
+    rpm_java_home: "/etc/alternatives/jre_{{ keycloak_quarkus_jvm_package | regex_search('(?<=java-)[0-9.]+') }}"
 
 - name: "Configure sysconfig file for keycloak service"
   become: yes
@@ -17,7 +12,7 @@
     group: root
     mode: 0644
   vars:
-    keycloak_rpm_java_home: "{{ rpm_java_home.stdout }}"
+    keycloak_rpm_java_home: "{{ rpm_java_home }}"
   notify:
     - restart keycloak
 

roles/keycloak_quarkus/templates/keycloak.service.j2

@@ -10,7 +10,7 @@ PIDFile={{ keycloak_quarkus_service_pidfile }}
 {% if keycloak_quarkus_start_dev %}
 ExecStart={{ keycloak.home }}/bin/kc.sh start-dev
 {% else %}
-ExecStart={{ keycloak.home }}/bin/kc.sh start --auto-build --log={{ keycloak_quarkus_log }}
+ExecStart={{ keycloak.home }}/bin/kc.sh start --log={{ keycloak_quarkus_log }}
 {% endif %}
 User={{ keycloak.service_user }}
 

roles/keycloak_realm/defaults/main.yml

@@ -32,6 +32,7 @@ keycloak_admin_password: ''
 #    realm: "{{ keycloak_realm }}"
 #    public_client: "{{ keycloak_client_public }}"
 #    web_origins: "{{ keycloak_client_web_origins }}"
+#    redirect_uris: "{{ keycloak_client_redirect_uris }}"
 #    users: "{{ keycloak_client_users }}"
 keycloak_clients: []