feat: ubuntu compatibility

Aeyk · Aeyk · commit b9d9874a00f5 · 2024-03-17T09:15:38.000Z
diff --git a/bindep.txt b/bindep.txt
@@ -1,8 +1,9 @@
+python3-dev [compile platform:dpkg]
 python3-devel [compile platform:rpm]
 python39-devel [compile platform:centos-8 platform:rhel-8]
-git-lfs [platform:rpm]
-python3-netaddr [platform:rpm]
-python3-lxml [platform:rpm]
-python3-jmespath [platform:rpm]
-python3-requests [platform:rpm]
+git-lfs [platform:rpm platform:dpkg]
+python3-netaddr [platform:rpm platform:dpkg]
+python3-lxml [platform:rpm platform:dpkg]
+python3-jmespath [platform:rpm platform:dpkg]
+python3-requests [platform:rpm platform:dpkg]
 
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
@@ -18,5 +18,12 @@
         name:
           - java-1.8.0-openjdk
         state: present
+      when: ansible_facts['os_family'] == "RedHat"
 
-
+    - name: Install JDK8
+      become: yes
+      ansible.builtin.apt:
+        name:
+          - openjdk-8-jdk
+        state: present
+      when: ansible_facts['os_family'] == "Debian"
diff --git a/molecule/quarkus-devmode/prepare.yml b/molecule/quarkus-devmode/prepare.yml
@@ -2,19 +2,43 @@
 - name: Prepare
   hosts: all
   tasks:
+    - name: Install sudo
+      ansible.builtin.apt:
+        name:
+          - sudo
+          - openjdk-17-jdk-headless
+        state: present
+      when:
+        - ansible_facts.os_family == 'Debian'
+
     - name: Install sudo
       ansible.builtin.yum:
         name:
           - sudo
           - java-17-openjdk-headless
         state: present
+      when:
+        - ansible_facts.os_family == 'RedHat'
 
+    - name: Link default logs directory
+      ansible.builtin.file:
+        state: link
+        src: "{{ item }}"
+        dest: /opt/openjdk
+        force: true
+        with_fileglob:
+          - /usr/lib/jvm/java-17-openjdk*
+      when:
+        - ansible_facts.os_family == "Debian"
+          
     - name: Link default logs directory
       ansible.builtin.file:
         state: link
         src: /usr/lib/jvm/jre-17-openjdk
         dest: /opt/openjdk
         force: true
+      when:
+        - ansible_facts.os_family == "RedHat"
 
     - name: "Display hera_home if defined."
       ansible.builtin.set_fact:
diff --git a/molecule/quarkus/prepare.yml b/molecule/quarkus/prepare.yml
@@ -3,7 +3,7 @@
   hosts: all
   tasks:
     - name: Install sudo
-      ansible.builtin.yum:
+      ansible.builtin.package:
         name: sudo
         state: present
 
diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
@@ -10,6 +10,7 @@ Requirements
 This role requires the `python3-netaddr` library installed on the controller node.
 
 * to install via yum/dnf: `dnf install python3-netaddr`
+* to install via apt: `apt install python3-netaddr`
 * or via pip: `pip install netaddr==0.8.0`
 * or via the collection: `pip install -r requirements.txt`
 
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
@@ -8,7 +8,8 @@ keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
 keycloak_offline_install: false
 
 ### Install location and service settings
-keycloak_jvm_package: java-1.8.0-openjdk-headless
+keycloak_jvm_package: "{{ 'java-1.8.0-openjdk-headless' if ansible_facts.os_family == 'RedHat' else 'openjdk-8-jdk-headless' }}"
+
 keycloak_java_home:
 keycloak_dest: /opt/keycloak
 keycloak_jboss_home: "{{ keycloak_installdir }}"
@@ -33,6 +34,7 @@ keycloak_service_startlimitburst: "5"
 keycloak_service_restartsec: "10s"
 
 keycloak_configure_firewalld: false
+keycloak_configure_iptables: false
 
 ### administrator console password
 keycloak_admin_password: ''
diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml
@@ -11,6 +11,11 @@ argument_specs:
                 default: "keycloak-legacy-{{ keycloak_version }}.zip"
                 description: "keycloak install archive filename"
                 type: "str"
+            keycloak_configure_iptables:
+                # line 33 of keycloak/defaults/main.yml
+                default: false
+                description: "Ensure iptables is running and configure keycloak ports"
+                type: "bool"
             keycloak_configure_firewalld:
                 # line 33 of keycloak/defaults/main.yml
                 default: false
diff --git a/roles/keycloak/tasks/debian.yml b/roles/keycloak/tasks/debian.yml
@@ -0,0 +1,6 @@
+---
+- name: Include firewall config tasks
+  ansible.builtin.include_tasks: iptables.yml
+  when: keycloak_configure_iptables
+  tags:
+    - firewall
diff --git a/roles/keycloak/tasks/fastpackages.yml b/roles/keycloak/tasks/fastpackages.yml
@@ -4,14 +4,27 @@
   register: rpm_info
   changed_when: false
   failed_when: false
+  when: ansible_facts.os_family == "RedHat"
 
 - name: "Add missing packages to the yum install list"
   ansible.builtin.set_fact:
     packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
+  when: ansible_facts.os_family == "RedHat"
 
 - name: "Install packages: {{ packages_to_install }}"
   become: true
   ansible.builtin.yum:
     name: "{{ packages_to_install }}"
     state: present
-  when: packages_to_install | default([]) | length > 0
+  when:
+  - packages_to_install | default([]) | length > 0
+  - ansible_facts.os_family == "RedHat"
+
+- name: "Install packages: {{ packages_list }}"
+  become: true
+  ansible.builtin.package:
+    name: "{{ packages_list }}"
+    state: present
+  when:
+    - packages_list | default([]) | length > 0
+    - ansible_facts.os_family == "Debian"
diff --git a/roles/keycloak/tasks/iptables.yml b/roles/keycloak/tasks/iptables.yml
@@ -0,0 +1,23 @@
+---
+- name: Ensure required package iptables are installed
+  ansible.builtin.include_tasks: fastpackages.yml
+  vars:
+    packages_list:
+      - iptables
+
+- name: "Configure firewall ports for {{ keycloak.service_name }}"
+  become: true
+  ansible.builtin.iptables:
+    destination_port: "{{ item }}"
+    action: "insert"
+    rule_num: 6 # magic number I forget why
+    chain: "INPUT"
+    policy: "ACCEPT"
+    protocol: tcp
+  loop:
+    - "{{ keycloak_http_port }}"
+    - "{{ keycloak_https_port }}"
+    - "{{ keycloak_management_http_port }}"
+    - "{{ keycloak_management_https_port }}"
+    - "{{ keycloak_jgroups_port }}"
+    - "{{ keycloak_ajp_port }}"
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
@@ -5,11 +5,17 @@
   tags:
     - prereqs
 
-- name: Include firewall config tasks
-  ansible.builtin.include_tasks: firewalld.yml
-  when: keycloak_configure_firewalld
+- name: Debian specific tasks
+  ansible.builtin.include_tasks: debian.yml
+  when: ansible_facts.os_family == "Debian"
   tags:
-    - firewall
+    - unbound
+
+- name: RedHat specific tasks 
+  ansible.builtin.include_tasks: redhat.yml
+  when: ansible_facts.os_family == "RedHat"
+  tags:
+    - unbound
 
 - name: Include install tasks
   ansible.builtin.include_tasks: install.yml
@@ -26,6 +32,7 @@
   when:
     - sso_apply_patches is defined and sso_apply_patches
     - sso_enable is defined and sso_enable
+    - ansible_facts.os_family == "RedHat"
   tags:
     - install
     - patch
diff --git a/roles/keycloak/tasks/prereqs.yml b/roles/keycloak/tasks/prereqs.yml
@@ -42,6 +42,6 @@
     packages_list:
       - "{{ keycloak_jvm_package }}"
       - unzip
-      - procps-ng
-      - initscripts
-      - tzdata-java
+      - "{{ 'procps-ng' if ansible_facts.os_family == 'RedHat' else 'procps' }}"
+      - "{{ 'initscripts' if ansible_facts.os_family == 'RedHat' else 'apt' }}"
+      - "{{ 'tzdata-java' if ansible_facts.os_family == 'RedHat' else 'tzdata' }}" 
diff --git a/roles/keycloak/tasks/redhat.yml b/roles/keycloak/tasks/redhat.yml
@@ -0,0 +1,6 @@
+---
+- name: Include firewall config tasks
+  ansible.builtin.include_tasks: firewalld.yml
+  when: keycloak_configure_firewalld
+  tags:
+    - firewall
diff --git a/roles/keycloak/tasks/systemd.yml b/roles/keycloak/tasks/systemd.yml
@@ -10,9 +10,32 @@
   notify:
     - restart keycloak
 
+- name: Determine JAVA_HOME for selected JVM RPM
+  ansible.builtin.set_fact:
+    rpm_java_home: "/lib/jvm/java-{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+  when:
+    - ansible_facts.os_family == 'Debian'
+
 - name: Determine JAVA_HOME for selected JVM RPM
   ansible.builtin.set_fact:
     rpm_java_home: "/etc/alternatives/jre_{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}"
+  when:
+    - ansible_facts.os_family == 'RedHat'
+
+- name: "Configure sysconfig file for {{ keycloak.service_name }} service"
+  become: true
+  ansible.builtin.template:
+    src: keycloak-sysconfig.j2
+    dest: /etc/default/keycloak
+    owner: root
+    group: root
+    mode: 0644
+  vars:
+    keycloak_rpm_java_home: "{{ rpm_java_home }}"
+  when:
+    - ansible_facts.os_family == "Debian"
+  notify:
+    - restart keycloak
 
 - name: "Configure sysconfig file for {{ keycloak.service_name }} service"
   become: true
@@ -24,6 +47,8 @@
     mode: 0644
   vars:
     keycloak_rpm_java_home: "{{ rpm_java_home }}"
+  when:
+    - ansible_facts.os_family == "RedHat"
   notify:
     - restart keycloak
 
diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml
@@ -9,7 +9,7 @@ keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_q
 keycloak_quarkus_offline_install: false
 
 ### Install location and service settings
-keycloak_quarkus_jvm_package: java-17-openjdk-headless
+keycloak_quarkus_jvm_package: "{{ 'java-17-openjdk-headless' if ansible_facts.os_family == 'RedHat' else 'openjdk-17-jdk-headless' }}"
 keycloak_quarkus_java_home:
 keycloak_quarkus_dest: /opt/keycloak
 keycloak_quarkus_home: "{{ keycloak_quarkus_installdir }}"
diff --git a/roles/keycloak_quarkus/tasks/debian.yml b/roles/keycloak_quarkus/tasks/debian.yml
@@ -0,0 +1,6 @@
+---
+- name: Include firewall config tasks
+  ansible.builtin.include_tasks: iptables.yml
+  when: keycloak_configure_iptables
+  tags:
+    - firewall
diff --git a/roles/keycloak_quarkus/tasks/fastpackages.yml b/roles/keycloak_quarkus/tasks/fastpackages.yml
@@ -4,14 +4,27 @@
   register: rpm_info
   changed_when: false
   failed_when: false
+  when: ansible_facts.os_family == "RedHat"
 
 - name: "Add missing packages to the yum install list"
   ansible.builtin.set_fact:
     packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
+  when: ansible_facts.os_family == "RedHat"
 
 - name: "Install packages: {{ packages_to_install }}"
   become: true
   ansible.builtin.yum:
     name: "{{ packages_to_install }}"
     state: present
-  when: packages_to_install | default([]) | length > 0
+  when:
+  - packages_to_install | default([]) | length > 0
+  - ansible_facts.os_family == "RedHat"
+
+- name: "Install packages: {{ packages_list }}"
+  become: true
+  ansible.builtin.package:
+    name: "{{ packages_list }}"
+    state: present
+  when:
+    - packages_list | default([]) | length > 0
+    - ansible_facts.os_family == "Debian"
diff --git a/roles/keycloak_quarkus/tasks/iptables.yml b/roles/keycloak_quarkus/tasks/iptables.yml
@@ -0,0 +1,20 @@
+---
+- name: Ensure required package iptables are installed
+  ansible.builtin.include_tasks: fastpackages.yml
+  vars:
+    packages_list:
+      - iptables
+
+- name: "Configure firewall ports for {{ keycloak.service_name }}"
+  become: true
+  ansible.builtin.iptables:
+    destination_port: "{{ item }}"
+    action: "insert"
+    rule_num: 6 # magic number I forget why
+    chain: "INPUT"
+    policy: "ACCEPT"
+    protocol: tcp
+  loop:
+    - "{{ keycloak_quarkus_http_port }}"
+    - "{{ keycloak_quarkus_https_port }}"
+    - "{{ keycloak_quarkus_jgroups_port }}"
diff --git a/roles/keycloak_quarkus/tasks/main.yml b/roles/keycloak_quarkus/tasks/main.yml
@@ -5,11 +5,17 @@
   tags:
     - prereqs
 
-- name: Include firewall config tasks
-  ansible.builtin.include_tasks: firewalld.yml
-  when: keycloak_quarkus_configure_firewalld
+- name: Debian specific tasks
+  ansible.builtin.include_tasks: debian.yml
+  when: ansible_facts.os_family == "Debian"
   tags:
-    - firewall
+    - unbound
+
+- name: RedHat specific tasks
+  ansible.builtin.include_tasks: redhat.yml
+  when: ansible_facts.os_family == "RedHat"
+  tags:
+    - unbound
 
 - name: Include install tasks
   ansible.builtin.include_tasks: install.yml
diff --git a/roles/keycloak_quarkus/tasks/prereqs.yml b/roles/keycloak_quarkus/tasks/prereqs.yml
@@ -29,6 +29,6 @@
     packages_list:
       - "{{ keycloak_quarkus_jvm_package }}"
       - unzip
-      - procps-ng
-      - initscripts
-      - tzdata-java
+      - "{{ 'procps-ng' if ansible_facts.os_family == 'RedHat' else 'procps' }}"
+      - "{{ 'initscripts' if ansible_facts.os_family == 'RedHat' else 'apt' }}"
+      - "{{ 'tzdata-java' if ansible_facts.os_family == 'RedHat' else 'tzdata' }}"
diff --git a/roles/keycloak_quarkus/tasks/redhat.yml b/roles/keycloak_quarkus/tasks/redhat.yml
@@ -0,0 +1,6 @@
+---
+- name: Include firewall config tasks
+  ansible.builtin.include_tasks: firewalld.yml
+  when: keycloak_quarkus_configure_firewalld
+  tags:
+    - firewall
diff --git a/roles/keycloak_quarkus/tasks/systemd.yml b/roles/keycloak_quarkus/tasks/systemd.yml
