Modification de la mise à jour de Keycloak

c3cb010d · nono · ac1ec1d9 · c3cb010d · ac1ec1d9 · c3cb010d
--- a/README.md
+++ b/README.md
@@ -72,6 +72,9 @@ keycloak_welcome_theme: "keycloak"
 mysql_credential_file:
  debian: '/etc/mysql/debian.cnf'

+### Export old user data from Widly Installations ;
+
+`bin/standalone.sh -Dkeycloak.migration.action=export -Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/root/keycloak-user/`

 Dependencies
 ------------

--- a/files/module-mariadb.xml
+++ b/files/module-mariadb.xml
-<?xml version="1.0" ?>
-<module xmlns="urn:jboss:module:1.3" name="org.mariadb.jdbc">
-
-    <resources>
-        <resource-root path="/usr/share/java/mariadb-java-client.jar"/>
-    </resources>
-
-    <dependencies>
-        <module name="javax.api"/>
-        <module name="javax.transaction.api"/>
-    </dependencies>
-</module>
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -8,7 +8,5 @@
      vars:
        - vault_keycloak_mysql_root_password: "hello world"
        - vault_keycloak_db_pwd: "hello world"
-        - keycloak_version: "16.1.1"
-        - keycloak_previous_version: "16.1.0"
-        # - keycloak_version: "16.1.0"
-        # - keycloak_previous_version: "15.0.2"
+        # - keycloak_version: "16.1.1"
+        # - keycloak_previous_version: "16.1.0"
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -8,8 +8,10 @@ driver:
 platforms:
  - name: instance
    box: debian/bullseye64
-    memory: 512
-    cpus: 1
+    memory: 2048
+    cpus: 2
+    instance_raw_config_args:
+      - "vm.network 'forwarded_port', guest: 8080, host: 8088"
 provisioner:
  name: ansible
 verifier:

--- a/tasks/install-configuration.yml
+++ b/tasks/install-configuration.yml
 ---
+# Update

- name : Configuring Keycloak
+- name: Configuring Keycloak
  template:
-    src: standalone-ha.xml.j2
-    dest: "{{ keycloak_config_dir }}/standalone-ha.xml"
+    src: keycloak.conf.j2
+    dest: "{{ keycloak_config_dir }}/keycloak.conf"
    owner: root
    group: root
    mode: 0644
@@ -12,16 +13,13 @@
    - reload systemd
    - restart keycloak

- name: Create Keycloak admin user
+- name: Build the keycloak instance
+  become: yes
  command:
  args:
    argv:
-      - "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"
-      - -r master
-      - -u "{{ keycloak_admin_user }}"
-      - -p "{{ keycloak_admin_password }}"
-    creates: "{{ keycloak_config_dir }}/keycloak-add-user.json"
-  become: yes
-  when: keycloak_create_admin is defined and (keycloak_create_admin | bool)
-  tags:
-    - skip_ansible_lint
+      - "{{ keycloak_jboss_home }}/bin/kc.sh"
+      - "build"
+    chdir: "{{ keycloak_jboss_home }}"
+# Update
+
--- a/tasks/install-database.yml
+++ b/tasks/install-database.yml
@@ -3,6 +3,7 @@

 # Adding the Java Database Driver
 - name : Installation of the latest Java OpenJDK Driver
+  become: yes
  package :
    name :
    - libmariadb-java
@@ -11,6 +12,7 @@
 # Creating the database user and password for keycloak

 - name: "Delete the anonymous user."
+  become: yes
  mysql_user:
    user: ""
    state: "absent"
@@ -20,6 +22,7 @@
  ignore_errors: yes

 - name: "Removes the MySQL test database"
+  become: yes
  mysql_db:
    name: test
    state: absent
@@ -29,6 +32,7 @@
  ignore_errors: yes

 - name: "Add Database {{ keycloak_db_name }}."
+  become: yes
  mysql_db:
    name: "{{ keycloak_db_name }}"
    login_user: root
@@ -37,6 +41,7 @@
    state: present

 - name: "Configure the database user."
+  become: yes
  mysql_user:
    name: "{{ keycloak_db_admin }}"
    password: "{{ keycloak_db_pwd }}"

--- a/tasks/install-dependencies.yml
+++ b/tasks/install-dependencies.yml
 ---

+- name: Updating APT cache
+  become: yes
+  apt:
+    update_cache: yes
+
+
 - name : Installation of the latest Java OpenJDK
+  become: yes
  package :
-    name :
-    - default-jdk
+    name : default-jdk
    state : latest

 - name : Installation of zip and tar
+  become: yes
  package :
    name :
    - zip
@@ -14,6 +21,7 @@
    state : latest

 - name : Installation of MariaDB
+  become: yes
  package :
    name :
    - mariadb-server

--- a/tasks/install-run-service.yml
+++ b/tasks/install-run-service.yml
 ---

 - name: Installing the SystemD service script
+  become: yes
  template:
    src: "keycloak.service.j2"
    dest: "/etc/systemd/system/keycloak.service"
    owner: root
    group: root
    mode: 0644
-  become: yes
  notify:
    - reload systemd
    - restart keycloak
+
+- name: Enable and start the SystemD service script
+  become: yes
+  service:
+    name: keycloak
+    state: started
+    enabled: yes
--- a/tasks/install-service.yml
+++ b/tasks/install-service.yml
 ---
-
- name : Checking for existing installation
+- name: Checking for existing installation of the same version
  stat:
    path: "{{ keycloak_jboss_home }}"
  register: existing_deploy

 - block:
-    - name: Stopping the old keycloak service
+    - name: Stopping the existing keycloak service
      systemd:
        name: "{{ keycloak_service_name }}"
        state: stopped
      ignore_errors: true

-    - name: Removing the old Keycloak deployment
+    - name: Removing the existing Keycloak deployment
      file:
        path: "{{ keycloak_jboss_home }}"
        state: absent
@@ -23,7 +22,7 @@
    path: "{{ keycloak_jboss_home }}"
  register: existing_deploy

- name: create Keycloak install location
+- name: Create Keycloak install location
  file:
    dest: "{{ keycloak_base_path }}"
    state: directory
@@ -32,13 +31,14 @@
  become: yes

 - block:
-    - name: download Keycloak archive to target
+    - name: Download Keycloak archive to target
      get_url:
        url: "{{ keycloak_url }}"
        dest: "{{ keycloak_dest }}"
        owner: "{{ keycloak_service_user }}"
        group: "{{ keycloak_service_group }}"
-    - name: extract Keycloak archive on target
+
+    - name: Extract Keycloak archive on target
      unarchive:
        remote_src: yes
        src: "{{ keycloak_dest }}/{{ keycloak_archive }}"
@@ -52,12 +52,14 @@
  when: keycloak_archive_on_target

 - block:
-    - name: download Keycloak archive to local
+    - name: Download Keycloak archive to local
      delegate_to: localhost
      get_url:
        url: "{{ keycloak_url }}"
        dest: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
+
    - name: extract Keycloak archive on local
+      become: yes
      unarchive:
        remote_src: no
        src: "{{ keycloak_local_download_dest }}/{{ keycloak_archive }}"
@@ -65,27 +67,12 @@
        creates: "{{ keycloak_jboss_home }}"
        owner: "{{ keycloak_service_user }}"
        group: "{{ keycloak_service_group }}"
-      become: yes
      notify:
        - restart keycloak
  when: not keycloak_archive_on_target

- name: Create MariaDB module directory
-  file:
-    dest: "{{ keycloak_jboss_home }}/modules/org/mariadb/jdbc/main/"
-    state: directory
-    owner: "{{ keycloak_service_user }}"
-    group: "{{ keycloak_service_group }}"
-  become: yes
-
- name: Create module.xml for mariadb jdbc driver
-  copy:
-    src: "module-mariadb.xml"
-    dest: "{{ keycloak_jboss_home }}/modules/org/mariadb/jdbc/main/module.xml"
-    owner: "{{ keycloak_service_user }}"
-    group: "{{ keycloak_service_group }}"
-
 - name: Add systemd unit file for keycloak service
+  become: yes
  template:
    src: "keycloak.service.j2"
    dest: "/etc/systemd/system/{{ keycloak_service_name }}.service"

--- a/tasks/main.yml
+++ b/tasks/main.yml
 ---
 # tasks file for sso-lqdn

-# We start by creating a keycloack user and home
- include: install-users.yml
+- name: Creating a keycloack user and home
+  include_tasks: install-users.yml

-# We're making sure Java and other deps are available on the system
- include: install-dependencies.yml
+- name: Making sure Java and other deps are available on the system
+  include_tasks: install-dependencies.yml

-# Get the database running
- include: install-database.yml
+- name: Get the database running
+  include_tasks: install-database.yml

-# Download and install the service from archive
- include: install-service.yml
+- name: Download and install the service from archive
+  include_tasks: install-service.yml

 # Configure the service via configuration files
 - include: install-configuration.yml

 # Update the service
- include: update-service.yml
+- name: Import data from previous versions and update the installation.
+  include_tasks: update-service.yml
+  when: keycloak_previous_version is defined
+
+- name: Warn the user if no update has been made
+  debug:
+    msg: "WARNING : No data will be imported from previous versions, no update done."
+  when: keycloak_previous_version is not defined

 # Launch the service
 - include: install-run-service.yml
-
-
 # --- As of here, the service should be running and accessible
--- a/tasks/update-service.yml
+++ b/tasks/update-service.yml
 # Update the keycloak installation
+- name: Checking for pre-existing installation
+  stat:
+    path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}"
+  register: is_there_an_existing_keycloak

-# Stop the service
- name: Stopping the service for the update.
-  systemd:
-    name: "{{ keycloak_service_name }}"
-    state: stopped
-  ignore_errors: true
-
-# Delete the data/tx-object-store/ transaction directory
- name: Deleting the data/tx-object-store/ transaction directory
-  file:
-    path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone/data/tx-object-store/"
-    state: absent
-
-# Backup the old installation
-#- name: Making a copy of the current installation
-# NB: Not needed as we are installing to a new directory anyways. We don't touch
-# the old directory.
-
-# Backup the database
- name: Backing up the of database
-  shell: mysqldump keycloak > /root/keycloak-backup-$(date --iso).sql
-
-# Upgrade the server
-#- name: Upgrading the server with the new files
-# This is actually reinstalling the files.
-
-# copy the KEYCLOAK_HOME/standalone/ directory from the previous installation over the directory in the new installation.
- name: Copying the standalone directory from the previous installation
-  copy:
-    src: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone"
-    dest: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}/standalone"
-    remote_src: yes
-
-# Run the upgrade script
-# bin/jboss-cli.sh --file=bin/migrate-standalone-ha.cli
- name: Running the upgrade script
-  shell: "{{ keycloak_jboss_home}}/bin/jboss-cli.sh --file={{ keycloak_jboss_home}}/bin/migrate-standalone-ha.cli"
+- name: Printing status of pre-existing installation
+  debug:
+    msg: "{{ is_there_an_existing_keycloak }}"
+
+- name: Updating if needed
+  block:
+    # Stop the service
+    - name: Stopping the service for the update.
+      become: yes
+      systemd:
+        name: "{{ keycloak_service_name }}"
+        state: stopped
+      ignore_errors: true
+
+    # Delete the data/tx-object-store/ transaction directory
+    - name: Deleting the data/tx-object-store/ transaction directory
+      file:
+        path: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone/data/tx-object-store/"
+        state: absent
+
+    # Backup the old installation
+    #- name: Making a copy of the current installation
+    # NB: Not needed as we are installing to a new directory anyways. We don't touch
+    # the old directory.
+
+    # Backup the database
+    - name: Backing up the of database
+      become: yes
+      shell: mysqldump keycloak > /root/keycloak-backup-$(date --iso).sql
+
+    # Upgrade the server
+    #- name: Upgrading the server with the new files
+    # This is actually reinstalling the files.
+
+    # copy the KEYCLOAK_HOME/standalone/ directory from the previous installation over the directory in the new installation.
+    - name: Copying the standalone directory from the previous installation
+      become: yes
+      copy:
+        src: "{{ keycloak_base_path }}/keycloak-{{ keycloak_previous_version }}/standalone"
+        dest: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}/standalone"
+        remote_src: yes
+
+    # Run the upgrade script
+    # bin/jboss-cli.sh --file=bin/migrate-standalone-ha.cli
+    - name: Running the upgrade script
+      shell: "{{ keycloak_jboss_home}}/bin/jboss-cli.sh --file={{ keycloak_jboss_home}}/bin/migrate-standalone-ha.cli"
+
+  when: is_there_an_existing_keycloak.stat.exists
+
+- name: Update state
+  debug:
+    msg: "No update done."
+  when: not is_there_an_existing_keycloak.stat.exists

 - name:  Force systemd to reread configs
+  become: yes
  ansible.builtin.systemd:
    daemon_reload: yes
--- a/templates/keycloak.conf.j2
+++ b/templates/keycloak.conf.j2
+# Basic settings for running in production. Change accordingly before deploying the server.
+
+# Database
+
+# The database vendor.
+db=mariadb
+
+# The username of the database user.
+db-username={{ keycloak_db_admin }}
+
+# The password of the database user.
+db-password={{ keycloak_db_pwd }}
+
+# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
+db-url=jdbc:mariadb://localhost/keycloak
+
+# Observability
+
+# If the server should expose healthcheck endpoints.
+#health-enabled=true
+
+# If the server should expose metrics endpoints.
+#metrics-enabled=true
+
+# HTTP
+
+# The file path to a server certificate or certificate chain in PEM format.
+#https-certificate-file=${kc.home.dir}conf/server.crt.pem
+
+# The file path to a private key in PEM format.
+#https-certificate-key-file=${kc.home.dir}conf/server.key.pem
+
+# The proxy address forwarding mode if the server is behind a reverse proxy.
+#proxy=reencrypt
+
+# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
+#spi-sticky-session-encoder-infinispan-should-attach-route=false
+
+# Hostname for the Keycloak server.
+#hostname=myhostname
--- a/templates/keycloak.service.j2
+++ b/templates/keycloak.service.j2
@@ -10,7 +10,7 @@ Environment="JBOSS_HOME={{ keycloak_jboss_home }}"
 Restart=always
 User={{ keycloak_service_user }}
 Group={{ keycloak_service_group }}
-ExecStart={{ keycloak_jboss_home }}/bin/standalone.sh --server-config=standalone-ha.xml -b={{ keycloak_bind_address }} -Djboss.http.port={{ keycloak_http_port }} -Djboss.https.port={{ keycloak_https_port }} -Djboss.management.http.port={{ keycloak_management_http_port }} -Djboss.management.https.port={{ keycloak_management_https_port }}
+ExecStart={{ keycloak_jboss_home }}/bin/kc.sh start
 TimeoutStartSec=600
 TimeoutStopSec=600


--- a/templates/standalone-ha.xml.j2
+++ b/templates/standalone-ha.xml.j2
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -10,7 +10,7 @@ keycloak_base_path: "/opt/keycloak"
 keycloak_dest: "{{ keycloak_base_path }}"

 ## General settings
-keycloak_version: "15.0.2"
+keycloak_version: "18.0.1"
 # keycloak_previous_version: "13.0.0"
 keycloak_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/keycloak-{{ keycloak_version }}.zip"
 keycloak_archive: "keycloak-{{ keycloak_version }}.zip"
@@ -24,7 +24,7 @@ keycloak_db_pwd: "{{ vault_keycloak_db_pwd }}"
 keycloak_mysql_unix_socket: "/run/mysqld/mysqld.sock"
 # More General settings ( Optional )
 keycloak_jboss_home: "{{ keycloak_base_path }}/keycloak-{{ keycloak_version }}"
-keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
+keycloak_config_dir: "{{ keycloak_jboss_home }}/conf"

 # If you want to create the admin user
 keycloak_create_admin: false