Disambiguate core-identifiers, set correct bind for jgroups

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: middleware_automation
 name: keycloak
-version: "0.0.3"
+version: "0.0.4"
 readme: README.md
 authors:
   - Romain Pelisse <rpelisse@redhat.com>

roles/keycloak/README.md

@@ -10,31 +10,55 @@ Role Defaults
 | Variable | Description | Default |
 |:---------|:------------|:---------|
 |`keycloak_ha_enabled`| enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
+|`keycloak_db_enabled`| enable auto configuration for database backend | `True` if keycloak_ha_enabled is True, else `False` |
 |`keycloak_admin_user`| Administration console user account | `admin` |
-
+|`keycloak_bind_address`| address for binding service ports | `0.0.0.0`
+|`keycloak_host`| hostname | `localhost`
+|`keycloak_http_port`| HTTP port | `8080`
+|`keycloak_https_port`| TLS HTTP port | `8443`
+|`keycloak_management_http_port`| management port | `9990`
+|`keycloak_management_https_port`| TLS management port | `9993`
+|`keycloak_java_opts`| | `-Xms1024m -Xmx20480m -XX:MaxPermSize=768m`
 
 Role Variables
 --------------
 
-The following are a set of required variables for the role:
+The following are a set of _required_ variables for the role:
 
 | Variable | Description |
 |:---------|:------------|
 |`keycloak_admin_password`| Password for the administration console user account |
 
-The following variables are required when keycloak_ha_enabled is True:
+
+The following variables are _required_ only when keycloak_ha_enabled is True:
 
 | Variable | Description | Default |
 |:---------|:------------|:---------|
 |`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` |
-|`postgres_jdbc_url` | URL for the postgres backend database | `jdbc:postgresql://localhost:5432/keycloak` |
-|`postgres_db_user` | username for connecting to postgres | `keycloak-user` |
-|`postgres_db_pass` | password for connecting to postgres | `keycloak-pass` |
+|`keycloak_jdbc_engine` | backend database flavour when db is enabled: [ postgres, mariadb ] | `postgres` |
 |`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
 |`infinispan_user` | username for connecting to infinispan | `supervisor` |
 |`infinispan_pass` | password for connecting to infinispan | `supervisor` |
 
 
+The following variables are _required_ only when keycloak_db_enabled is True and keycloak_jdbc_engine is postgres:
+
+| Variable | Description | Default |
+|:---------|:------------|:---------|
+|`postgres_jdbc_url` | URL for the postgres backend database | `jdbc:postgresql://localhost:5432/keycloak` |
+|`postgres_db_user` | username for connecting to postgres | `keycloak-user` |
+|`postgres_db_pass` | password for connecting to postgres | `keycloak-pass` |
+
+
+The following variables are _required_ only when keycloak_db_enabled is True and keycloak_jdbc_engine is mariadb:
+
+| Variable | Description | Default |
+|:---------|:------------|:---------|
+|`mariadb_jdbc_url` | URL for the mariadb backend database | `jdbc:mariadb://localhost:3306/keycloak` |
+|`mariadb_db_user` | username for connecting to mariadb | `keycloak-user` |
+|`mariadb_db_pass` | password for connecting to mariadb | `keycloak-pass` |
+
+
 Dependencies
 ------------
 

roles/keycloak/defaults/main.yml

@@ -36,7 +36,7 @@ keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
 keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
 # enable auto configuration for database backend, clustering and remote caches on infinispan
 keycloak_ha_enabled: False
-keycloak_db_enabled: False
+keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}"
 
 # keycloak administration console user
 keycloak_admin_user: admin

roles/keycloak/tasks/prereqs.yml

@@ -4,7 +4,7 @@
     that:
       - (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled)
     quiet: True
-    fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_ha_enabled"
+    fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_db_enabled"
     success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"
 
 - name: "Validate credentials"

roles/keycloak/templates/standalone-infinispan.xml.j2

@@ -509,6 +509,9 @@
                             PRIMARY KEY (own_addr, cluster_name))
                             ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin
                         </property>
+                        <property name="insert_single_sql">INSERT INTO JGROUPSPING (own_addr, cluster_name, ping_data) values (?, ?, ?)</property>
+                        <property name="delete_single_sql">DELETE FROM JGROUPSPING WHERE own_addr=? AND cluster_name=?</property>
+                        <property name="select_all_pingdata_sql">SELECT ping_data FROM JGROUPSPING WHERE cluster_name=?</property>
                     </protocol>
                     <protocol type="MERGE3"/>
                     <protocol type="FD_SOCK"/>
@@ -675,7 +678,7 @@
             </deployment-permissions>
         </subsystem>
         <subsystem xmlns="urn:jboss:domain:transactions:6.0">
-            <core-environment node-identifier="${jboss.tx.node.id:1}">
+            <core-environment node-identifier="{{ inventory_hostname | default('${jboss.tx.node.id:1}') }}">
                 <process-id>
                     <uuid/>
                 </process-id>
@@ -715,7 +718,7 @@
             <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
         </interface>
         <interface name="jgroups">
-            <subnet-match value="{{ (ansible_default_ipv4.address + '/' + ansible_default_ipv4.netmask) | ipaddr('prefix') }}"/>
+            <subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr('net') }}"/>
         </interface>
         <interface name="public">
             <inet-address value="${jboss.bind.address:127.0.0.1}"/>

roles/keycloak/templates/standalone-rhsso-jdg.xml.j2

@@ -384,7 +384,7 @@
                     <heap-memory size="10000"/>
                 </local-cache>
                 <local-cache name="authenticationSessions"/>
-                {% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
+{% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
                 <distributed-cache name="{{ cachename }}">
                     <remote-store cache="{{ cachename }}"
                                   remote-servers="remote-cache"
@@ -407,7 +407,7 @@
                         <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
                     </remote-store>
                 </distributed-cache>
-                {% endfor %}
+{% endfor %}
                 <replicated-cache name="work">
                     <remote-store cache="work"
                                   remote-servers="remote-cache"
@@ -509,6 +509,9 @@
                             PRIMARY KEY (own_addr, cluster_name))
                             ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin
                         </property>
+                        <property name="insert_single_sql">INSERT INTO JGROUPSPING (own_addr, cluster_name, ping_data) values (?, ?, ?)</property>
+                        <property name="delete_single_sql">DELETE FROM JGROUPSPING WHERE own_addr=? AND cluster_name=?</property>
+                        <property name="select_all_pingdata_sql">SELECT ping_data FROM JGROUPSPING WHERE cluster_name=?</property>
                     </protocol>
                     <protocol type="MERGE3"/>
                     <protocol type="FD_SOCK"/>
@@ -675,7 +678,7 @@
             </deployment-permissions>
         </subsystem>
         <subsystem xmlns="urn:jboss:domain:transactions:6.0">
-            <core-environment node-identifier="${jboss.tx.node.id:1}">
+            <core-environment node-identifier="{{ inventory_hostname | default('${jboss.tx.node.id:1}') }}">
                 <process-id>
                     <uuid/>
                 </process-id>
@@ -715,7 +718,7 @@
             <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
         </interface>
         <interface name="jgroups">
-            <subnet-match value="{{ (ansible_default_ipv4.address + '/' + ansible_default_ipv4.netmask) | ipaddr('prefix') }}"/>
+            <subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr('net') }}"/>
         </interface>
         <interface name="public">
             <inet-address value="${jboss.bind.address:127.0.0.1}"/>
@@ -734,11 +737,11 @@
         <outbound-socket-binding name="mail-smtp">
             <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
         </outbound-socket-binding>
-{% if keycloak_modcluster.enabled %}            
+{% if keycloak_modcluster.enabled %}
         <outbound-socket-binding name="proxy1">
             <remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
         </outbound-socket-binding>
-{% endif %}        
+{% endif %}
         <outbound-socket-binding name="remote-cache">
             <remote-destination host="{{ keycloak_remotecache.server_name | default('localhost') }}" port="${remote.cache.port:11222}"/>
         </outbound-socket-binding>