Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHBK/KC v26 #254

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

RHBK/KC v26 #254

wants to merge 10 commits into from

Conversation

hwo-wd
Copy link
Collaborator

@hwo-wd hwo-wd commented Dec 5, 2024
edited
Loading

Important Docs:

Known upstream issues, relevant for ppl thinking about upgrading to RHBK 26 just yet:

@guidograzioli this one has quite some braking changes, most noteworthy hostname v2 and I was unsure about the way to deal with it: on the one hand, keycloak will move forward with hostname v2 (and that's what I implemented), on the other hand, there could be a try to be downwards compatible.
However, the relative_path option confuses me still a bit: it needs to be part of the keycloak_quarkus_hostname var but should also be set in the http_relative_path; the latter is now really only used for ressources and the thing that really matters is keycloak_quarkus_hostname.
This, of course, is even more important for RH-SSO users wanting to upgrade and who are stuck with /auth keyword.

I've tried in deprecations.yaml to mitigate some of the issues, but in my personal opinion I would go the route that the playbook exits when legacy hostname vars are used such that the user is forced to upgrade to keycloak_quarkus_hostname.

Alltogether this will be a v3 one way or the other, but let me know your thoughts, thx

@hwo-wd hwo-wd marked this pull request as draft December 5, 2024 12:28
@hwo-wd hwo-wd force-pushed the feature/253_rhbk_v26 branch 18 times, most recently from e5d80fd to c708770 Compare December 12, 2024 15:23
@hwo-wd
RHBK v26: Raise default KC+RHBK versions to v26.x (ansible-middleware…
5d15d37 
…#253)
@hwo-wd
RHBK v26: Update mssqj jdbc driver (KC/RHBK v26 Support ansible-middl…
bf0bd9e 
…eware#253)

As per <https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/server_configuration_guide/index#db-installing-the-microsoft-sql-server-driver>
@hwo-wd
RHBK v26: Update ispn session usages (KC/RHBK v26 Support ansible-mid…
0c58ae4 
…dleware#253)

Cf. <https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/upgrading_guide/index#restricting_the_size_of_session_caches>
@hwo-wd
keycloak.conf: Remove config-keystore-type (KC/RHBK v26 Support ans…
5823354 
…ible-middleware#253)

Cf. <https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/upgrading_guide/index#keystore_and_trust_store_default_format_change>
@hwo-wd
RHBK v26: Migrate to `keycloak_quarkus_bootstrap_admin_user[_password…
277e133 
…]` (Process for creation of admin account changed ansible-middleware#248)
@hwo-wd
RHBK v26: Add hostname v2 (KC/RHBK v26 Support ansible-middleware#253)
213449e 
Cf. https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/upgrading_guide/index#new_hostname_options - especially the removed options
@hwo-wd
keycloak_quarkus: Add http_management_port and http_management_relati…
d0f19b5 
…ve_path options

RHBK v26 exposes health endpoints and metrics on this port moving forward.
Note that the scheme of the MGMT interface is defined by the overall keycloak configuration: if https is enabled and configured, th MGMT interface is exposed via https and NOT via http; this might be breaking some configured load balancer health checks
@hwo-wd
keycloak_quarkus: Introduce keycloak_quarkus_health_check_url
e029e1c
@hwo-wd hwo-wd force-pushed the feature/253_rhbk_v26 branch from 6ffc78e to 07925d0 Compare December 13, 2024 11:12
@hwo-wd hwo-wd requested a review from guidograzioli December 13, 2024 11:23
@hwo-wd hwo-wd marked this pull request as ready for review December 13, 2024 11:23
@hwo-wd hwo-wd force-pushed the feature/253_rhbk_v26 branch from 07925d0 to 1bf21bd Compare January 9, 2025 11:16
@hwo-wd hwo-wd force-pushed the feature/253_rhbk_v26 branch from 1bf21bd to 86284b1 Compare January 9, 2025 11:17
@idNoRD
Copy link

idNoRD commented Jan 18, 2025

Hi @hwo-wd I tried your changes and got this error:

Unexpected templating type error occurred on ({{ keycloak_quarkus_health_check_url | default(keycloak_quarkus_hostname + '/' + (keycloak_quarkus_health_check_url_path | default('realms/master/.well-known/openid-configuration'))) }}): unsupported operand type(s) for +: 'NoneType' and 'str'. unsupported operand type(s) for +: 'NoneType' and 'str'

As a solution I propose to replace + with ~ because ~ operator in Jinja2 can handle None gracefully.

@hwo-wd
Copy link
Collaborator Author

hwo-wd commented Jan 20, 2025
edited
Loading

Thanks, @idNoRD, today I learned ;-).
Would you mind giving it another try? -- Thanks

@guidograzioli any thoughts about this PR from your side?
Update: molecule tests are failing now due to:

fatal: [instance]: FAILED! => {"changed": false, "module_stderr": "sudo: PAM account management error: Authentication service cannot retrieve authentication info\nsudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guidograzioli guidograzioli Awaiting requested review from guidograzioli

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hwo-wd @idNoRD