Merge pull request #9 from guidograzioli/prerelease_0.2.0

Prerelease 0.2.0

.github/workflows/release.yml

@@ -9,7 +9,8 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - name: Checkout code
+        uses: actions/checkout@v2
       - name: Set up Python
         uses: actions/setup-python@v1
         with:
@@ -35,4 +36,18 @@ jobs:
         env:
           ANSIBLE_GALAXY_API_KEY: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}
         run: |
-          ansible-galaxy collection publish *.tar.gz --api-key $ANSIBLE_GALAXY_API_KEY
+          ansible-galaxy collection publish *.tar.gz --api-key $ANSIBLE_GALAXY_API_KEY
+  dispatch:
+    needs: release
+    strategy:
+      matrix:
+        repo: ['ansible-middleware/cross-dc-rhsso-demo', 'ansible-middleware/flange-demo']
+    runs-on: ubuntu-latest
+    steps:
+      - name: Repository Dispatch
+        uses: peter-evans/repository-dispatch@v1
+        with:
+          token: ${{ secrets.TRIGGERING_PAT }}
+          repository: ${{ matrix.repo }}
+          event-type: "Dependency released - Keycloak"
+          client-payload: '{ "github": ${{toJson(github)}} }'

.gitignore

@@ -1 +1,2 @@
-*.tar.gz
+*.tar.gz
+*.zip

README.md

@@ -29,60 +29,87 @@ collections:
   - name: middleware_automation.keycloak
 ```
 
+The keycloak collection also depends on the following python packages to be present on the controller host:
+
+* netaddr
+
+A requirement file is provided to install:
+
+    pip install -r requirements.txt
+
+
+### Included roles
+
+* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service.
+* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, user federation(s), clients and users, in an installed service.
+
+
+## Usage
+
+
 ### Install Playbook
 
-`playbooks/keycloak.yml` installs the upstream(Keycloak) based on the defined variables.
-`playbooks/rhsso.yml` installs Red Hat Single Sign-On(RHSSO) based on defined variables.
+* [`playbooks/keycloak.yml`](playbooks/keycloak.yml) installs the upstream(Keycloak) based on the defined variables.
+* [`playbooks/rhsso.yml`](playbooks/rhsso.yml) installs Red Hat Single Sign-On(RHSSO) based on defined variables.
 
-### Choosing between upstream(Keycloak) project and Red Hat Single Sign-On(RHSSO)
+Both playbooks include the `keycloak` role, with different settings, as described in the following sections.
 
-The roles supports installing upstream(Keycloak) or Red Hat Single Sign-On in the following ways
+For service configuration details, refer to the [keycloak role README](roles/keycloak/README.md).
 
-#### Install upstream(Keycloak) from remote source
 
-This is default approach, there is one required variable
+### Choosing between upstream project (Keycloak) and Red Hat Single Sign-On (RHSSO)
 
-```
-keycloak_admin_password: "<changeme>"
-```
+The general flag `keycloak_rhsso_enable` controls what to install between upstream(Keycloak, when `False`) or Red Hat Single Sign-On (when `True`).
+The default value for the flag if `True` when Red Hat Network credentials are defined, `False` otherwise.
 
-#### Install upstream(Keycloak) from local source when the following variable is defined
 
-```
-keycloak_admin_password: "<changeme>"
-zip_file_local_path: <keycloak zip file on Ansible control node local path>
-```
+#### Install upstream (Keycloak) from keycloak releases
 
-#### Install RHSSO from the Red Hat Customer Support Portal, when the following variables are defined
+This is the default approach when RHN credentials are not defined. Keycloak is downloaded from keycloak builds (hosted on github.com) locally, and distributed to target nodes.
 
-```
-keycloak_admin_password: "<changeme>"
+
+#### Install RHSSO from the Red Hat Customer Support Portal
+
+Define the credentials as follows, and the default behaviour is to download a fresh archive of RHSSO on the controller node, then distribute to target nodes.
+
+```yaml
 rhn_username: '<customer_portal_username>'
 rhn_password: '<customer_portal_password>'
-rhsso_rhn_id: '<sso_product_id>'
+# (keycloak_rhsso_enable defaults to True)
 ```
 
-where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_)
 
-#### Install RHSSO from remote sources like Nexus etc, when the following variables are defined
+#### Install from controller node (local source)
 
-```
-keycloak_admin_password: "<changeme>"
-keycloak_rhsso_enable: True
-rhsso_source_download_url: '<url to download RHSSO zip file>'
+Making the keycloak zip archive (or the RHSSO zip archive), available to the playbook repository root directory, and setting `keycloak_offline_install` to `True`, allows to skip
+the download tasks. The local path for the archive matches the downloaded archive path, so it is also used as a cache when multiple hosts are provisioned in a cluster.
+
+```yaml
+keycloak_offline_install: True
 ```
 
-#### Install RHSSO from local source when the following variable is defined
+And depending on `keycloak_rhsso_enable`:
 
-```
-keycloak_admin_password: "<changeme>"
+* `True`: install RHSSO using file rh-sso-x.y.z-server-dist.zip
+* `False`: install keycloak using file keycloak-x.y.zip
+
+
+#### Install from alternate sources (like corporate Nexus, artifactory, proxy, etc)
+
+For RHSSO:
+
+```yaml
 keycloak_rhsso_enable: True
-zip_file_local_path: <rhsso zip file on Ansible control node local path>
+keycloak_rhsso_download_url: "https://<internal-nexus.private.net>/<path>/<to>/rh-sso-x.y.z-server-dist.zip"
 ```
 
-### Install role
+For keycloak:
+
+```yaml
+keycloak_rhsso_enable: False
+keycloak_download_url: "https://<internal-nexus.private.net>/<path>/<to>/keycloak-x.y.zip"
+```
 
-* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service. _Requires: python3-netaddr_
 
 ### Example installation command
 
@@ -100,21 +127,20 @@ ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e
   localhost ansible_connection=local
   ```
 
+
 ## Configuration
 
-### Config Playbook
 
-`playbooks/keycloak-realm.yml` creates provided realm, user federation(s), client(s), client role(s) and client user(s) if they don't exist.
+### Config Playbook
 
-### Config role
+[`playbooks/keycloak-realm.yml`](playbooks/keycloak-realm.yml) creates provided realm, user federation(s), client(s), client role(s) and client user(s) if they don't exist.
 
-* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, user federation(s), clients and users, in an installed service.
 
 ### Example configuration command
 
 Execute the following command from the source root directory
 
-```
+```bash
 ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
 ```
 
@@ -127,9 +153,12 @@ ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_adm
   localhost ansible_connection=local
   ```
 
+For configuration details, refer to the [keycloak_realm role README](roles/keycloak_realm/README.md).
+
+
 ## License
 
 Apache License v2.0 or later
 
-See [LICENCE](LICENSE) to view the full text.
+See [LICENSE](LICENSE) to view the full text.
 

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: middleware_automation
 name: keycloak
-version: "0.1.9"
+version: "0.2.0"
 readme: README.md
 authors:
   - Romain Pelisse <[email protected]>

requirements.txt

@@ -0,0 +1,6 @@
+#################################################
+# python dependencies required to be installed 
+# on the controller host with:
+# pip install -r requirements.txt
+#
+netaddr

roles/keycloak/README.md

@@ -11,6 +11,16 @@ This role requires the `python3-netaddr` library installed on the controller nod
 
 * to install via yum/dnf: `dnf install python3-netaddr`
 * or via pip: `pip install netaddr==0.8.0`
+* or via the collection: `pip install -r requirements.txt`
+
+
+Dependencies
+------------
+
+The roles depends on:
+
+* the `redhat_csp_download` role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection if Red Hat Single Sign-on zip have to be downloaded from RHN.
+* the `wildfly_driver` role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection
 
 
 Versions
@@ -24,23 +34,43 @@ Versions
 Role Defaults
 -------------
 
+* Service configuration
+
 | Variable | Description | Default |
 |:---------|:------------|:---------|
-|`keycloak_rhsso_enable`| Enable Red Hat Single Sign-on installation  | `False` |
 |`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
 |`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` |
 |`keycloak_admin_user`| Administration console user account | `admin` |
 |`keycloak_bind_address`| Address for binding service ports | `0.0.0.0` |
 |`keycloak_host`| hostname | `localhost` |
 |`keycloak_http_port`| HTTP port | `8080` |
 |`keycloak_https_port`| TLS HTTP port | `8443` |
+|`keycloak_ajp_port`| AJP port | `8009` |
+|`keycloak_jgroups_port`| jgroups cluster tcp port | `7600` |
 |`keycloak_management_http_port`| Management port | `9990` |
 |`keycloak_management_https_port`| TLS management port | `9993` |
 |`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` |
 |`keycloak_prefer_ipv4`| Prefer IPv4 stack and addresses for port binding | `True` |
+|`keycloak_config_standalone_xml`| filename for configuration | `keycloak.xml` |
+|`keycloak_service_user`| posix account username | `keycloak` |
+|`keycloak_service_group`| posix account group | `keycloak` |
+|`keycloak_service_pidfile`| pid file path for service | `/run/keycloak.pid` |
 |`jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-devel` |
 
 
+* Install options
+
+| Variable | Description | Default |
+|:---------|:------------|:---------|
+|`keycloak_rhsso_enable`| Enable Red Hat Single Sign-on installation  | `False` |
+|`keycloak_offline_install` | perform an offline install | `False`|
+|`keycloak_download_url`| Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/<version>/<archive>`| 
+|`keycloak_rhsso_download_url`| Download URL for RHSSO | `https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=<productID>`|
+|`keycloak_version`| keycloak.org package version | `15.0.2` |
+|`keycloak_rhsso_version`| RHSSO version | `7.5.0` |
+|`keycloak_dest`| Installation root path | `/opt/keycloak` |
+
+
 Role Variables
 --------------
 
@@ -76,44 +106,14 @@ The following variables are _required_ only when `keycloak_db_enabled` is True:
 |`keycloak_db_user` | username for connecting to postgres | `keycloak-user` |
 |`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` |
 
-The following variable can be used to install Keycloak or Red Hat Single Sign-On from local path:
-| Variable | Description | Example |
-|:---------|:------------|:---------|
-|`zip_file_local_path` | Full local path of upstream(Keycloak) or Red Hat Single Sign-On zip file on Ansible control plane | `tmp/rhsso/rh-sso-7.5-server-dist.zip` |
 
-The following variable can be used to install Red Hat Single Sign-On from source via url, auth support is not added right now.
-| Variable | Description | Example |
-|:---------|:------------|:---------|
-|`rhsso_source_download_url` | URL to download Red Hat Single Sign-On zip file from source | `http://localhost:8081/nexus/rhsso/rh-sso-7.5-server-dist.zip` |
+Example Playbooks
+-----------------
 
-Dependencies
-------------
-
-The roles depends on:
+_NOTE_: use ansible vaults or other security systems for storing credentials.
 
-* the redhat_csp_download role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection if Red Hat Single Sign-on zip have to be downloaded from RHN.
-* the wildfly_driver role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection
-
-
-Example Playbook
-----------------
-
-The following is an example playbook that makes use of the role to install keycloak from remote
-
-```yaml
----
-- hosts: ...
-      collections:
-        - middleware_automation.keycloak
-      tasks:
-        - name: Include keycloak role
-          include_role:
-            name: keycloak
-          vars:
-            keycloak_admin_password: "changeme"
-```
 
-The following is an example playbook that makes use of the role to install keycloak from local path on Ansible node
+* The following is an example playbook that makes use of the role to install keycloak from remote:
 
 ```yaml
 ---
@@ -126,10 +126,9 @@ The following is an example playbook that makes use of the role to install keycl
             name: keycloak
           vars:
             keycloak_admin_password: "changeme"
-            zip_file_local_path: "/tmp/keycloak/keycloak-16.1.0.zip"  # This should be local path on Ansible node of upstream(keycloak) zip file
 ```
 
-The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN
+* The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN:
 
 ```yaml
 ---
@@ -146,9 +145,30 @@ The following is an example playbook that makes use of the role to install Red H
       vars:
         keycloak_admin_password: "changeme"
         keycloak_rhsso_enable: True
+        rhn_username: '<customer portal username>'
+        rhn_password: '<customer portal password>'
 ```
 
-The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from source url
+
+* The following example playbook makes use of the role to install keycloak from the controller node:
+
+```yaml
+---
+- hosts: ...
+      collections:
+        - middleware_automation.keycloak
+      tasks:
+        - name: Include keycloak role
+          include_role:
+            name: keycloak
+          vars:
+            keycloak_admin_password: "changeme"
+            keycloak_offline_install: True
+            # This should be the filename of keycloak archive on Ansible node: keycloak-16.1.0.zip
+```
+
+
+* This playbook installs Red Hat Single Sign-On from an alternate url:
 
 ```yaml
 ---
@@ -162,10 +182,12 @@ The following is an example playbook that makes use of the role to install Red H
       vars:
         keycloak_admin_password: "changeme"
         keycloak_rhsso_enable: True
-        rhsso_source_download_url: "<REPLACE with - Source download url>" # This should be the full of remote source rhsso zip file
+        keycloak_rhsso_download_url: "<REPLACE with download url>"
+        # This should be the full of remote source rhsso zip file and can contain basic authentication credentials
 ```
 
-The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from local path on Ansible node
+
+* The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from the controller node:
 
 ```yaml
 ---
@@ -179,7 +201,8 @@ The following is an example playbook that makes use of the role to install Red H
       vars:
         keycloak_admin_password: "changeme"
         keycloak_rhsso_enable: True
-        zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip"  # This should be local path on Ansible node of rhsso zip file
+        keycloak_offline_install: True
+        # This should be the filename of rhsso zip file on Ansible node: rh-sso-7.5-server-dist.zip
 ```
 
 License