-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RHBK/KC v26 #254
base: main
Are you sure you want to change the base?
RHBK/KC v26 #254
Conversation
e5d80fd
to
c708770
Compare
…]` (Process for creation of admin account changed ansible-middleware#248)
…ve_path options RHBK v26 exposes health endpoints and metrics on this port moving forward. Note that the scheme of the MGMT interface is defined by the overall keycloak configuration: if https is enabled and configured, th MGMT interface is exposed via https and NOT via http; this might be breaking some configured load balancer health checks
6ffc78e
to
07925d0
Compare
07925d0
to
1bf21bd
Compare
1bf21bd
to
86284b1
Compare
Hi @hwo-wd I tried your changes and got this error:
As a solution I propose to replace + with ~ because ~ operator in Jinja2 can handle None gracefully. |
Thanks, @idNoRD, today I learned ;-). @guidograzioli any thoughts about this PR from your side?
|
@hwo-wd thank you for the quick fix! I confirm it works even with keycloak_quarkus_version: "26.1.0" |
Important Docs:
Known upstream issues, relevant for ppl thinking about upgrading to RHBK 26 just yet:
@guidograzioli this one has quite some braking changes, most noteworthy hostname v2 and I was unsure about the way to deal with it: on the one hand, keycloak will move forward with hostname v2 (and that's what I implemented), on the other hand, there could be a try to be downwards compatible.
However, the
relative_path
option confuses me still a bit: it needs to be part of thekeycloak_quarkus_hostname
var but should also be set in thehttp_relative_path
; the latter is now really only used for ressources and the thing that really matters iskeycloak_quarkus_hostname
.This, of course, is even more important for RH-SSO users wanting to upgrade and who are stuck with
/auth
keyword.I've tried in
deprecations.yaml
to mitigate some of the issues, but in my personal opinion I would go the route that the playbook exits when legacy hostname vars are used such that the user is forced to upgrade tokeycloak_quarkus_hostname
.Alltogether this will be a v3 one way or the other, but let me know your thoughts, thx