DEV-1073 updates/bugfixes for keycloak

3 years ago · 31012d7682
parent 284489b8c0
commit 31012d7682
6 changed files with 33 additions and 53 deletions
--- a/group_vars/all/versions.yml
+++ b/group_vars/all/versions.yml
@ -1,5 +1,4 @@
 ---
-
 elastic_elasticsearch_version: "7.16.1"
 elastic_elasticsearch_exporter_version: "v1.5.0"
 elastic_filebeat_version: "7.16.3"
@ -13,16 +12,16 @@ prom_grafana_version: "9.1.5"

 harbor_version: "v2.4.1"

-keycloak_version: "20.0.2.1"
+keycloak_version: "21.0.2.7"

-pgadmin4_version: "6.14"
+pgadmin4_version: "7.1"

-prom_alertmanager_version: "v0.24.0"
-prom_blackbox_exporter_version: "v0.22.0"
-prom_prometheus_version: "v2.38.0"
-prom_prom2teams_version: "3.2.3"
+prom_alertmanager_version: "v0.25.0"
+prom_blackbox_exporter_version: "v0.23.0"
+prom_prometheus_version: "v2.44.0"
+prom_prom2teams_version: "3.2.3" # TODO 4.2.1

-traefik_version: "v2.8.5"
+traefik_version: "v2.10.1"

 connect_version: "10.5"
 iam_version: "10.5"
--- a/group_vars/stage_demompmx/versions.yml
+++ b/group_vars/stage_demompmx/versions.yml
@ -1,15 +0,0 @@
---
-
-keycloak_version: "21.0.2.7"
-
-pgadmin4_version: "7.1"
-
-prom_alertmanager_version: "v0.25.0"
-prom_blackbox_exporter_version: "v0.23.0"
-prom_prometheus_version: "v2.44.0"
-prom_prom2teams_version: "3.2.3" # TODO 4.2.1
-
-traefik_version: "v2.10.1"
-
-connect_version: "10.5"
-iam_version: "10.5"
--- a/roles/keycloak/tasks/_configure_realm.yml
+++ b/roles/keycloak/tasks/_configure_realm.yml
@ -13,11 +13,7 @@
    account_theme: "{{ keycloak_default_theme }}"
    admin_theme: "{{ keycloak_default_theme }}"
    login_theme: "{{ keycloak_default_theme }}"
-    registration_allowed: no
-    reset_password_allowed: yes
-    login_with_email_allowed: no
-    duplicate_emails_allowed: yes
-    internationalization_enabled: yes
+    internationalization_enabled: true
    default_locale: "de"
    brute_force_protected: yes
    password_policy: "{{ current_realm_password_policy | default('forceExpiredPasswordChange(60) and passwordHistory(3) and length(8) and notUsername(undefined) and upperCase(2) and lowerCase(2) and specialChars(2) and digits(1)') }}"
--- a/roles/postgres/tasks/master-requirements.yml
+++ b/roles/postgres/tasks/master-requirements.yml
@ -1,13 +1,12 @@
 ---

- name: Check role exists
+- name: Check role exists # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: '/usr/bin/psql -Atc "SELECT count(rolname) FROM pg_roles where rolname=''replicator''"' # noqa command-instead-of-shell
  register: role_check
-  ignore_errors: true # noqa ignore-errors no-changed-when

- name: Create role if necessary
+- name: Create role if necessary # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: "/usr/bin/psql -c 'CREATE ROLE replicator WITH REPLICATION LOGIN;'"
@ -15,7 +14,7 @@
  register: cmd_ret
  changed_when: cmd_ret.rc != 0

- name: Change password with scram-sha-256! for replicator and set password
+- name: Change password with scram-sha-256! for replicator and set password # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: >-
@ -123,39 +122,34 @@
    wal_keep_size.changed or
    ansible_facts.services["postgresql.service"].state != "active"

- name: Create extension pgcrypto for template1
+- name: Create extension pgcrypto for template1 # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: '/usr/bin/psql template1 -c "create extension if not exists pgcrypto;"'
-  ignore_errors: true # noqa ignore-errors no-changed-when

- name: Check database replication_cron exists
+- name: Check database replication_cron exists # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: '/usr/bin/psql -Atc "SELECT count(*) FROM pg_database WHERE datname = ''replication_cron''"'
  register: database_replication_check
-  ignore_errors: true # noqa ignore-errors no-changed-when

- name: Create replication_cron update database
+- name: Create replication_cron update database # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: '/usr/bin/psql -c "CREATE DATABASE replication_cron;"'
  when: database_replication_check.stdout == "0"
-  ignore_errors: true # noqa ignore-errors no-changed-when

- name: Create replication update schema
+- name: Create replication update schema # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: '/usr/bin/psql replication_cron -c "CREATE SCHEMA IF NOT EXISTS replication_cron;"'
-  ignore_errors: true # noqa ignore-errors no-changed-when

- name: Create replication update table
+- name: Create replication update table # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: '/usr/bin/psql replication_cron -c "CREATE TABLE IF NOT EXISTS replication_cron.replication_cron (dt timestamp);"'
-  ignore_errors: true # noqa ignore-errors no-changed-when

- name: Create dummy update data
+- name: Create dummy update data # noqa command-instead-of-shell
  become: true
  become_user: postgres
  ansible.builtin.shell: >-
@ -163,11 +157,9 @@
    "INSERT INTO replication_cron.replication_cron
    SELECT NOW()
    WHERE NOT EXISTS
-    (SELECT 1
-    FROM replication_cron.replication_cron)"
+    (SELECT 1 FROM replication_cron.replication_cron)"
  register: cmd_ret
  changed_when: cmd_ret.rc != 0
-  ignore_errors: true # noqa command-instead-of-shell

 - name: Ensure a cron runs every 5 minutes and update replication check table"
  ansible.builtin.cron:
@ -175,21 +167,19 @@
    minute: "*/5"
    job: su - postgres -c "/usr/bin/psql replication_cron -c \"UPDATE replication_cron.replication_cron SET dt=now();\""

- name: Check replication slot exists
+- name: Check replication slot exists # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: '/usr/bin/psql -Atc "select count(*) from pg_replication_slots where slot_name=''pgstandby1''"'
  register: replication_slot_check
-  ignore_errors: true # noqa ignore-errors no-changed-when

- name: Create replication-slot
+- name: Create replication-slot # noqa no-changed-when
  become: true
  become_user: postgres
  ansible.builtin.shell: '/usr/bin/psql -Atc "SELECT pg_create_physical_replication_slot(''pgstandby1'');"'
  when: replication_slot_check.stdout == "0"
  register: cmd_ret
  changed_when: cmd_ret.rc != 0
-  ignore_errors: true # noqa command-instead-of-shell

 # only needed in case of install from scratch
 - name: "Ensure test db stuff"
--- a/tasks/autodiscover_pre_tasks.yml
+++ b/tasks/autodiscover_pre_tasks.yml
@ -132,7 +132,7 @@
  tags:
    - always

- name: "Reading hetzner loadbalancer infos for stage <{{ stage }}/{{ stage_kube }}>"
+- name: "Reading hetzner loadbalancer infos for stage <{{ stage }}/{{ stage_kube }}>" # noqa var-naming
  set_fact:
    "stage_public_{{ item.name | replace(stage_kube + '-', '') | replace('-','_') }}_loadbalancer_ip": "{{ item.public_net.ipv4.ip }}"
    "stage_private_{{ item.name | replace(stage_kube + '-', '') | replace('-','_') }}_loadbalancer_ip": "{{ item.private_net[0].ip if item.private_net | length > 0 else 'Not Available' }}"
--- a/tasks/constraints_check.yml
+++ b/tasks/constraints_check.yml
@ -22,9 +22,19 @@
  tags:
    - always

+- name: "Read galaxy-requirements file"
+  ansible.builtin.command: "cat galaxy-requirements.yml"
+  register: galaxy_requirements_txt
+  changed_when: false
+  connection: local
+
+- name: "Parse galaxy-requirements file into variable"
+  set_fact:
+    galaxy_requirements_json: "{{ galaxy_requirements_txt.stdout | from_yaml }}"
+
 - name: "Reading all role versions and set versions as facts (galaxy-requirements)" # noqa var-naming
  set_fact:
-    {"{{ item | replace('-','_') }}_current_version":"{{ lookup('file', 'galaxy-requirements.yml') | regex_search('- name:\\s+' + item + '\\s+src:\\s+.*?\\s+scm:\\s+git\\s+version:\\s+(.*)', '\\1') }}"}
+    {"{{ item | replace('-','_') }}_current_version":"{{ galaxy_requirements_json.roles | selectattr('name','equalto',item) | map(attribute='version') | first | default('version_not_available') }}"}
  loop: "{{ hetzner_ansible_roles }}"
  tags:
    - always
@ -47,7 +57,7 @@
 - name: "Check role versions"
  assert:
    that:
-      - "'{{ lookup('vars', item | replace('-','_') + '_version') }}' in {{ lookup('vars', item | replace('-','_') + '_current_version') }}" 
+      - "'{{ lookup('vars', item | replace('-', '_') + '_version') }}' == '{{ lookup('vars', item | replace('-', '_') + '_current_version') }}'"
    msg: "The current {{ item }} version has to be {{ lookup('vars', item | replace('-','_') + '_current_version') }}"
  loop: "{{ hetzner_ansible_roles }}"
  tags: