From b9d9874a00f522709b289ed26b5f8f13d14d07ae Mon Sep 17 00:00:00 2001 From: Malik Kennedy Date: Sat, 16 Mar 2024 18:17:20 +0000 Subject: [PATCH] feat: ubuntu compatibility --- bindep.txt | 11 ++++---- molecule/default/prepare.yml | 9 ++++++- molecule/quarkus-devmode/prepare.yml | 24 +++++++++++++++++ molecule/quarkus/prepare.yml | 2 +- roles/keycloak/README.md | 1 + roles/keycloak/defaults/main.yml | 4 ++- roles/keycloak/meta/argument_specs.yml | 5 ++++ roles/keycloak/tasks/debian.yml | 6 +++++ roles/keycloak/tasks/fastpackages.yml | 15 ++++++++++- roles/keycloak/tasks/iptables.yml | 23 ++++++++++++++++ roles/keycloak/tasks/main.yml | 15 ++++++++--- roles/keycloak/tasks/prereqs.yml | 6 ++--- roles/keycloak/tasks/redhat.yml | 6 +++++ roles/keycloak/tasks/systemd.yml | 25 +++++++++++++++++ roles/keycloak_quarkus/defaults/main.yml | 2 +- roles/keycloak_quarkus/tasks/debian.yml | 6 +++++ roles/keycloak_quarkus/tasks/fastpackages.yml | 15 ++++++++++- roles/keycloak_quarkus/tasks/iptables.yml | 20 ++++++++++++++ roles/keycloak_quarkus/tasks/main.yml | 14 +++++++--- roles/keycloak_quarkus/tasks/prereqs.yml | 6 ++--- roles/keycloak_quarkus/tasks/redhat.yml | 6 +++++ roles/keycloak_quarkus/tasks/systemd.yml | 27 ++++++++++++++++++- 22 files changed, 222 insertions(+), 26 deletions(-) create mode 100644 roles/keycloak/tasks/debian.yml create mode 100644 roles/keycloak/tasks/iptables.yml create mode 100644 roles/keycloak/tasks/redhat.yml create mode 100644 roles/keycloak_quarkus/tasks/debian.yml create mode 100644 roles/keycloak_quarkus/tasks/iptables.yml create mode 100644 roles/keycloak_quarkus/tasks/redhat.yml diff --git a/bindep.txt b/bindep.txt index 840876b3..0014f478 100644 --- a/bindep.txt +++ b/bindep.txt @@ -1,8 +1,9 @@ +python3-dev [compile platform:dpkg] python3-devel [compile platform:rpm] python39-devel [compile platform:centos-8 platform:rhel-8] -git-lfs [platform:rpm] -python3-netaddr [platform:rpm] -python3-lxml [platform:rpm] -python3-jmespath [platform:rpm] -python3-requests [platform:rpm] +git-lfs [platform:rpm platform:dpkg] +python3-netaddr [platform:rpm platform:dpkg] +python3-lxml [platform:rpm platform:dpkg] +python3-jmespath [platform:rpm platform:dpkg] +python3-requests [platform:rpm platform:dpkg] diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index da1ab183..b707f6ce 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -18,5 +18,12 @@ name: - java-1.8.0-openjdk state: present + when: ansible_facts['os_family'] == "RedHat" - + - name: Install JDK8 + become: yes + ansible.builtin.apt: + name: + - openjdk-8-jdk + state: present + when: ansible_facts['os_family'] == "Debian" diff --git a/molecule/quarkus-devmode/prepare.yml b/molecule/quarkus-devmode/prepare.yml index 88c2fb35..924aebc2 100644 --- a/molecule/quarkus-devmode/prepare.yml +++ b/molecule/quarkus-devmode/prepare.yml @@ -2,19 +2,43 @@ - name: Prepare hosts: all tasks: + - name: Install sudo + ansible.builtin.apt: + name: + - sudo + - openjdk-17-jdk-headless + state: present + when: + - ansible_facts.os_family == 'Debian' + - name: Install sudo ansible.builtin.yum: name: - sudo - java-17-openjdk-headless state: present + when: + - ansible_facts.os_family == 'RedHat' + - name: Link default logs directory + ansible.builtin.file: + state: link + src: "{{ item }}" + dest: /opt/openjdk + force: true + with_fileglob: + - /usr/lib/jvm/java-17-openjdk* + when: + - ansible_facts.os_family == "Debian" + - name: Link default logs directory ansible.builtin.file: state: link src: /usr/lib/jvm/jre-17-openjdk dest: /opt/openjdk force: true + when: + - ansible_facts.os_family == "RedHat" - name: "Display hera_home if defined." ansible.builtin.set_fact: diff --git a/molecule/quarkus/prepare.yml b/molecule/quarkus/prepare.yml index 13d85a89..568bfef1 100644 --- a/molecule/quarkus/prepare.yml +++ b/molecule/quarkus/prepare.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Install sudo - ansible.builtin.yum: + ansible.builtin.package: name: sudo state: present diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index c4dfedc5..3d3b5609 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -10,6 +10,7 @@ Requirements This role requires the `python3-netaddr` library installed on the controller node. * to install via yum/dnf: `dnf install python3-netaddr` +* to install via apt: `apt install python3-netaddr` * or via pip: `pip install netaddr==0.8.0` * or via the collection: `pip install -r requirements.txt` diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index 7ffaec68..66587743 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -8,7 +8,8 @@ keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" keycloak_offline_install: false ### Install location and service settings -keycloak_jvm_package: java-1.8.0-openjdk-headless +keycloak_jvm_package: "{{ 'java-1.8.0-openjdk-headless' if ansible_facts.os_family == 'RedHat' else 'openjdk-8-jdk-headless' }}" + keycloak_java_home: keycloak_dest: /opt/keycloak keycloak_jboss_home: "{{ keycloak_installdir }}" @@ -33,6 +34,7 @@ keycloak_service_startlimitburst: "5" keycloak_service_restartsec: "10s" keycloak_configure_firewalld: false +keycloak_configure_iptables: false ### administrator console password keycloak_admin_password: '' diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index acdb309a..ca1cb8b0 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -11,6 +11,11 @@ argument_specs: default: "keycloak-legacy-{{ keycloak_version }}.zip" description: "keycloak install archive filename" type: "str" + keycloak_configure_iptables: + # line 33 of keycloak/defaults/main.yml + default: false + description: "Ensure iptables is running and configure keycloak ports" + type: "bool" keycloak_configure_firewalld: # line 33 of keycloak/defaults/main.yml default: false diff --git a/roles/keycloak/tasks/debian.yml b/roles/keycloak/tasks/debian.yml new file mode 100644 index 00000000..ffb1348f --- /dev/null +++ b/roles/keycloak/tasks/debian.yml @@ -0,0 +1,6 @@ +--- +- name: Include firewall config tasks + ansible.builtin.include_tasks: iptables.yml + when: keycloak_configure_iptables + tags: + - firewall diff --git a/roles/keycloak/tasks/fastpackages.yml b/roles/keycloak/tasks/fastpackages.yml index c9085f8a..3b557ef8 100644 --- a/roles/keycloak/tasks/fastpackages.yml +++ b/roles/keycloak/tasks/fastpackages.yml @@ -4,14 +4,27 @@ register: rpm_info changed_when: false failed_when: false + when: ansible_facts.os_family == "RedHat" - name: "Add missing packages to the yum install list" ansible.builtin.set_fact: packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}" + when: ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_to_install }}" become: true ansible.builtin.yum: name: "{{ packages_to_install }}" state: present - when: packages_to_install | default([]) | length > 0 + when: + - packages_to_install | default([]) | length > 0 + - ansible_facts.os_family == "RedHat" + +- name: "Install packages: {{ packages_list }}" + become: true + ansible.builtin.package: + name: "{{ packages_list }}" + state: present + when: + - packages_list | default([]) | length > 0 + - ansible_facts.os_family == "Debian" diff --git a/roles/keycloak/tasks/iptables.yml b/roles/keycloak/tasks/iptables.yml new file mode 100644 index 00000000..8ebc16e6 --- /dev/null +++ b/roles/keycloak/tasks/iptables.yml @@ -0,0 +1,23 @@ +--- +- name: Ensure required package iptables are installed + ansible.builtin.include_tasks: fastpackages.yml + vars: + packages_list: + - iptables + +- name: "Configure firewall ports for {{ keycloak.service_name }}" + become: true + ansible.builtin.iptables: + destination_port: "{{ item }}" + action: "insert" + rule_num: 6 # magic number I forget why + chain: "INPUT" + policy: "ACCEPT" + protocol: tcp + loop: + - "{{ keycloak_http_port }}" + - "{{ keycloak_https_port }}" + - "{{ keycloak_management_http_port }}" + - "{{ keycloak_management_https_port }}" + - "{{ keycloak_jgroups_port }}" + - "{{ keycloak_ajp_port }}" diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index cba503b3..284900b6 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -5,11 +5,17 @@ tags: - prereqs -- name: Include firewall config tasks - ansible.builtin.include_tasks: firewalld.yml - when: keycloak_configure_firewalld +- name: Debian specific tasks + ansible.builtin.include_tasks: debian.yml + when: ansible_facts.os_family == "Debian" tags: - - firewall + - unbound + +- name: RedHat specific tasks + ansible.builtin.include_tasks: redhat.yml + when: ansible_facts.os_family == "RedHat" + tags: + - unbound - name: Include install tasks ansible.builtin.include_tasks: install.yml @@ -26,6 +32,7 @@ when: - sso_apply_patches is defined and sso_apply_patches - sso_enable is defined and sso_enable + - ansible_facts.os_family == "RedHat" tags: - install - patch diff --git a/roles/keycloak/tasks/prereqs.yml b/roles/keycloak/tasks/prereqs.yml index aad814ba..565931bb 100644 --- a/roles/keycloak/tasks/prereqs.yml +++ b/roles/keycloak/tasks/prereqs.yml @@ -42,6 +42,6 @@ packages_list: - "{{ keycloak_jvm_package }}" - unzip - - procps-ng - - initscripts - - tzdata-java + - "{{ 'procps-ng' if ansible_facts.os_family == 'RedHat' else 'procps' }}" + - "{{ 'initscripts' if ansible_facts.os_family == 'RedHat' else 'apt' }}" + - "{{ 'tzdata-java' if ansible_facts.os_family == 'RedHat' else 'tzdata' }}" diff --git a/roles/keycloak/tasks/redhat.yml b/roles/keycloak/tasks/redhat.yml new file mode 100644 index 00000000..596834b6 --- /dev/null +++ b/roles/keycloak/tasks/redhat.yml @@ -0,0 +1,6 @@ +--- +- name: Include firewall config tasks + ansible.builtin.include_tasks: firewalld.yml + when: keycloak_configure_firewalld + tags: + - firewall diff --git a/roles/keycloak/tasks/systemd.yml b/roles/keycloak/tasks/systemd.yml index cd583458..cf84c321 100644 --- a/roles/keycloak/tasks/systemd.yml +++ b/roles/keycloak/tasks/systemd.yml @@ -10,9 +10,32 @@ notify: - restart keycloak +- name: Determine JAVA_HOME for selected JVM RPM + ansible.builtin.set_fact: + rpm_java_home: "/lib/jvm/java-{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" + when: + - ansible_facts.os_family == 'Debian' + - name: Determine JAVA_HOME for selected JVM RPM ansible.builtin.set_fact: rpm_java_home: "/etc/alternatives/jre_{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}" + when: + - ansible_facts.os_family == 'RedHat' + +- name: "Configure sysconfig file for {{ keycloak.service_name }} service" + become: true + ansible.builtin.template: + src: keycloak-sysconfig.j2 + dest: /etc/default/keycloak + owner: root + group: root + mode: 0644 + vars: + keycloak_rpm_java_home: "{{ rpm_java_home }}" + when: + - ansible_facts.os_family == "Debian" + notify: + - restart keycloak - name: "Configure sysconfig file for {{ keycloak.service_name }} service" become: true @@ -24,6 +47,8 @@ mode: 0644 vars: keycloak_rpm_java_home: "{{ rpm_java_home }}" + when: + - ansible_facts.os_family == "RedHat" notify: - restart keycloak diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index f5cdb823..f2f07a58 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -9,7 +9,7 @@ keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_q keycloak_quarkus_offline_install: false ### Install location and service settings -keycloak_quarkus_jvm_package: java-17-openjdk-headless +keycloak_quarkus_jvm_package: "{{ 'java-17-openjdk-headless' if ansible_facts.os_family == 'RedHat' else 'openjdk-17-jdk-headless' }}" keycloak_quarkus_java_home: keycloak_quarkus_dest: /opt/keycloak keycloak_quarkus_home: "{{ keycloak_quarkus_installdir }}" diff --git a/roles/keycloak_quarkus/tasks/debian.yml b/roles/keycloak_quarkus/tasks/debian.yml new file mode 100644 index 00000000..ffb1348f --- /dev/null +++ b/roles/keycloak_quarkus/tasks/debian.yml @@ -0,0 +1,6 @@ +--- +- name: Include firewall config tasks + ansible.builtin.include_tasks: iptables.yml + when: keycloak_configure_iptables + tags: + - firewall diff --git a/roles/keycloak_quarkus/tasks/fastpackages.yml b/roles/keycloak_quarkus/tasks/fastpackages.yml index c9085f8a..3b557ef8 100644 --- a/roles/keycloak_quarkus/tasks/fastpackages.yml +++ b/roles/keycloak_quarkus/tasks/fastpackages.yml @@ -4,14 +4,27 @@ register: rpm_info changed_when: false failed_when: false + when: ansible_facts.os_family == "RedHat" - name: "Add missing packages to the yum install list" ansible.builtin.set_fact: packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}" + when: ansible_facts.os_family == "RedHat" - name: "Install packages: {{ packages_to_install }}" become: true ansible.builtin.yum: name: "{{ packages_to_install }}" state: present - when: packages_to_install | default([]) | length > 0 + when: + - packages_to_install | default([]) | length > 0 + - ansible_facts.os_family == "RedHat" + +- name: "Install packages: {{ packages_list }}" + become: true + ansible.builtin.package: + name: "{{ packages_list }}" + state: present + when: + - packages_list | default([]) | length > 0 + - ansible_facts.os_family == "Debian" diff --git a/roles/keycloak_quarkus/tasks/iptables.yml b/roles/keycloak_quarkus/tasks/iptables.yml new file mode 100644 index 00000000..b487b891 --- /dev/null +++ b/roles/keycloak_quarkus/tasks/iptables.yml @@ -0,0 +1,20 @@ +--- +- name: Ensure required package iptables are installed + ansible.builtin.include_tasks: fastpackages.yml + vars: + packages_list: + - iptables + +- name: "Configure firewall ports for {{ keycloak.service_name }}" + become: true + ansible.builtin.iptables: + destination_port: "{{ item }}" + action: "insert" + rule_num: 6 # magic number I forget why + chain: "INPUT" + policy: "ACCEPT" + protocol: tcp + loop: + - "{{ keycloak_quarkus_http_port }}" + - "{{ keycloak_quarkus_https_port }}" + - "{{ keycloak_quarkus_jgroups_port }}" diff --git a/roles/keycloak_quarkus/tasks/main.yml b/roles/keycloak_quarkus/tasks/main.yml index 4e559613..72f4fddc 100644 --- a/roles/keycloak_quarkus/tasks/main.yml +++ b/roles/keycloak_quarkus/tasks/main.yml @@ -5,11 +5,17 @@ tags: - prereqs -- name: Include firewall config tasks - ansible.builtin.include_tasks: firewalld.yml - when: keycloak_quarkus_configure_firewalld +- name: Debian specific tasks + ansible.builtin.include_tasks: debian.yml + when: ansible_facts.os_family == "Debian" tags: - - firewall + - unbound + +- name: RedHat specific tasks + ansible.builtin.include_tasks: redhat.yml + when: ansible_facts.os_family == "RedHat" + tags: + - unbound - name: Include install tasks ansible.builtin.include_tasks: install.yml diff --git a/roles/keycloak_quarkus/tasks/prereqs.yml b/roles/keycloak_quarkus/tasks/prereqs.yml index ee2abcaf..252f75fc 100644 --- a/roles/keycloak_quarkus/tasks/prereqs.yml +++ b/roles/keycloak_quarkus/tasks/prereqs.yml @@ -29,6 +29,6 @@ packages_list: - "{{ keycloak_quarkus_jvm_package }}" - unzip - - procps-ng - - initscripts - - tzdata-java + - "{{ 'procps-ng' if ansible_facts.os_family == 'RedHat' else 'procps' }}" + - "{{ 'initscripts' if ansible_facts.os_family == 'RedHat' else 'apt' }}" + - "{{ 'tzdata-java' if ansible_facts.os_family == 'RedHat' else 'tzdata' }}" diff --git a/roles/keycloak_quarkus/tasks/redhat.yml b/roles/keycloak_quarkus/tasks/redhat.yml new file mode 100644 index 00000000..093b9304 --- /dev/null +++ b/roles/keycloak_quarkus/tasks/redhat.yml @@ -0,0 +1,6 @@ +--- +- name: Include firewall config tasks + ansible.builtin.include_tasks: firewalld.yml + when: keycloak_quarkus_configure_firewalld + tags: + - firewall diff --git a/roles/keycloak_quarkus/tasks/systemd.yml b/roles/keycloak_quarkus/tasks/systemd.yml index 3d59b3f2..65aeeb3b 100644 --- a/roles/keycloak_quarkus/tasks/systemd.yml +++ b/roles/keycloak_quarkus/tasks/systemd.yml @@ -2,8 +2,31 @@ - name: Determine JAVA_HOME for selected JVM RPM ansible.builtin.set_fact: rpm_java_home: "/etc/alternatives/jre_{{ keycloak_quarkus_jvm_package | regex_search('(?<=java-)[0-9.]+') }}" + when: + - ansible_facts.os_family == "RedHat" -- name: "Configure sysconfig file for keycloak service" +- name: Determine JAVA_HOME for selected JVM RPM + ansible.builtin.set_fact: + rpm_java_home: "/lib/jvm/java-{{ keycloak_quarkus_jvm_package | regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" + when: + - ansible_facts.os_family == "Debian" + +- name: "Configure sysconfig file for {{ keycloak.service_name }} service" + become: true + ansible.builtin.template: + src: keycloak-sysconfig.j2 + dest: /etc/default/keycloak + owner: root + group: root + mode: 0644 + vars: + keycloak_rpm_java_home: "{{ rpm_java_home }}" + when: + - ansible_facts.os_family == "Debian" + notify: + - restart keycloak + +- name: "Configure sysconfig file for {{ keycloak.service_name }} service" become: true ansible.builtin.template: src: keycloak-sysconfig.j2 @@ -13,6 +36,8 @@ mode: 0644 vars: keycloak_rpm_java_home: "{{ rpm_java_home }}" + when: + - ansible_facts.os_family == "RedHat" notify: - restart keycloak