Skip to content

Commit

Permalink
Merge pull request #85 from guidograzioli/datasource_validation
Browse files Browse the repository at this point in the history 
Add configuration for database connection pool validation
  • Loading branch information
@guidograzioli
guidograzioli authored May 26, 2023
2 parents c3d8bbc + 2be35f9 commit cca20a0
Show file tree
Hide file tree
Showing 7 changed files with 57 additions and 4 deletions.
18 changes: 14 additions & 4 deletions roles/keycloak/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ Role Defaults
|`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port }}` |
|`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port }}` |
|`keycloak_frontend_url_force` | Force backend requests to use the frontend URL | `False` |
|`keycloak_db_background_validation` | Enable background validation of database connection | `False` |
|`keycloak_db_background_validation_millis`| How frequenly the connection pool is validated in the background | `10000` if background validation enabled |
|`keycloak_db_background_validate_on_match` | Enable validate on match for database connections | `False` |
|`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` |


Role Variables
--------------
Expand All @@ -123,7 +128,7 @@ The following are a set of _required_ variables for the role:
|`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` |


The following variables are _required_ only when `keycloak_ha_enabled` is True:
The following parameters are _required_ only when `keycloak_ha_enabled` is True:

| Variable | Description | Default |
|:---------|:------------|:--------|
Expand All @@ -141,7 +146,7 @@ The following variables are _required_ only when `keycloak_ha_enabled` is True:
|`keycloak_infinispan_trust_store_password`| Password for opening truststore | `changeit` |


The following variables are _required_ only when `keycloak_db_enabled` is True:
The following parameters are _required_ only when `keycloak_db_enabled` is True:

| Variable | Description | Default |
|:---------|:------------|:---------|
Expand All @@ -151,6 +156,13 @@ The following variables are _required_ only when `keycloak_db_enabled` is True:
|`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` |


The following variables are _optional_:

| Variable | Description |
|:---------|:------------|
|`keycloak_db_valid_conn_sql` | Override the default database connection validation query sql |


Example Playbook
-----------------

Expand All @@ -161,8 +173,6 @@ Example Playbook
- hosts: ...
vars:
keycloak_admin_password: "remembertochangeme"
collections:
- middleware_automation.keycloak
roles:
- middleware_automation.keycloak.keycloak
```
Expand Down
6 changes: 6 additions & 0 deletions roles/keycloak/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,12 @@ keycloak_jdbc_engine: postgres
### database backend credentials
keycloak_db_user: keycloak-user
keycloak_db_pass: keycloak-pass
## connection validation
keycloak_db_background_validation: False
keycloak_db_background_validation_millis: "{{ 10000 if keycloak_db_background_validation else 0 }}"
keycloak_db_background_validate_on_match: False
# variable to override database connection validation query
keycloak_db_valid_conn_sql:
keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
# override the variables above, following defaults show minimum supported versions
Expand Down
16 changes: 16 additions & 0 deletions roles/keycloak/meta/argument_specs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,22 @@ argument_specs:
default: "{{ True if keycloak_ha_enabled else False }}"
description: "Enable remote cache store when in clustered ha configurations"
type: "bool"
keycloak_db_background_validation:
default: False
description: "Enable background validation of database connection"
type: "bool"
keycloak_db_background_validation_millis:
default: "{{ 10000 if keycloak_db_background_validation else 0 }}"
description: "How frequenly the connection pool is validated in the background"
type: 'int'
keycloak_db_background_validate_on_match:
default: False
description: "Enable validate on match for database connections"
type: "bool"
keycloak_db_valid_conn_sql:
required: False
description: "Override the default database connection validation query sql"
type: "str"
downstream:
options:
sso_version:
Expand Down
6 changes: 6 additions & 0 deletions roles/keycloak/templates/standalone-ha.xml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,12 @@
<user-name>{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}</user-name>
<password>{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}</password>
</security>
<validation>
<check-valid-connection-sql>{{ keycloak_jdbc[keycloak_jdbc_engine].validate_query }}</check-valid-connection-sql>
<validate-on-match>{{ keycloak_db_background_validate_on_match }}</validate-on-match>
<background-validation>{{ keycloak_db_background_validation }}</background-validation>
<background-validation-millis>{{ keycloak_db_background_validation_millis }}</background-validation-millis>
</validation>
{% else %}
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
<driver>h2</driver>
Expand Down
6 changes: 6 additions & 0 deletions roles/keycloak/templates/standalone-infinispan.xml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,12 @@
<user-name>{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}</user-name>
<password>{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}</password>
</security>
<validation>
<check-valid-connection-sql>{{ keycloak_jdbc[keycloak_jdbc_engine].validate_query }}</check-valid-connection-sql>
<validate-on-match>{{ keycloak_db_background_validate_on_match }}</validate-on-match>
<background-validation>{{ keycloak_db_background_validation }}</background-validation>
<background-validation-millis>{{ keycloak_db_background_validation_millis }}</background-validation-millis>
</validation>
{% else %}
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
<driver>h2</driver>
Expand Down
6 changes: 6 additions & 0 deletions roles/keycloak/templates/standalone.xml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,12 @@
<user-name>{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}</user-name>
<password>{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}</password>
</security>
<validation>
<check-valid-connection-sql>{{ keycloak_jdbc[keycloak_jdbc_engine].validate_query }}</check-valid-connection-sql>
<validate-on-match>{{ keycloak_db_background_validate_on_match }}</validate-on-match>
<background-validation>{{ keycloak_db_background_validation }}</background-validation>
<background-validation-millis>{{ keycloak_db_background_validation_millis }}</background-validation-millis>
</validation>
{% else %}
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
<driver>h2</driver>
Expand Down
3 changes: 3 additions & 0 deletions roles/keycloak/vars/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ keycloak_jdbc:
connection_url: "{{ keycloak_jdbc_url }}"
db_user: "{{ keycloak_db_user }}"
db_password: "{{ keycloak_db_pass }}"
validate_query: "{{ keycloak_db_valid_conn_sql | default('select 1') }}"
initialize_db: >
CREATE TABLE IF NOT EXISTS JGROUPSPING (
own_addr varchar(200) NOT NULL,
Expand All @@ -48,6 +49,7 @@ keycloak_jdbc:
connection_url: "{{ keycloak_jdbc_url }}"
db_user: "{{ keycloak_db_user }}"
db_password: "{{ keycloak_db_pass }}"
validate_query: "{{ keycloak_db_valid_conn_sql | default('select 1') }}"
initialize_db: >
CREATE TABLE IF NOT EXISTS JGROUPSPING (
own_addr varchar(200) NOT NULL,
Expand All @@ -68,6 +70,7 @@ keycloak_jdbc:
connection_url: "{{ keycloak_jdbc_url }}"
db_user: "{{ keycloak_db_user }}"
db_password: "{{ keycloak_db_pass }}"
validate_query: "{{ keycloak_db_valid_conn_sql | default('select 1') }}"
initialize_db: >
IF NOT EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[JGROUPSPING]') AND type in (N'U'))
BEGIN
Expand Down

0 comments on commit cca20a0

Please sign in to comment.