From 1ff25325a709f6cb5eef26cbc2317723b1af9577 Mon Sep 17 00:00:00 2001
From: Helmut Wolf <helmut.wolf@world-direct.at>
Date: Mon, 16 Jun 2025 12:41:34 +0200
Subject: [PATCH 1/3] fix(ispn): use legacy JGroups stack configuration for <
 26.2 only

---
 roles/keycloak_quarkus/templates/cache-ispn.xml.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/keycloak_quarkus/templates/cache-ispn.xml.j2 b/roles/keycloak_quarkus/templates/cache-ispn.xml.j2
index 2d745d5c..cf74656f 100644
--- a/roles/keycloak_quarkus/templates/cache-ispn.xml.j2
+++ b/roles/keycloak_quarkus/templates/cache-ispn.xml.j2
@@ -22,6 +22,7 @@
         xmlns="urn:infinispan:config:15.0">
 
 {% set stack_expression='' %}
+{% if keycloak_quarkus_version is version_compare('26.2.0', '<') %}
 {% if keycloak_quarkus_ha_enabled %}
 {% if keycloak_quarkus_ha_discovery == 'TCPPING' %}
 {% set stack_expression='stack="tcpping"' %}
@@ -39,6 +40,7 @@
 {% elif keycloak_quarkus_ha_discovery == 'JDBCPING' %}
 {% set stack_expression='stack="JDBC_PING2"' %}
 {% endif %}
+{% endif %}
 {% endif %}
 
     <cache-container name="keycloak">

From 19564987ca2ba1cec5fd57025f79343c70ff19b7 Mon Sep 17 00:00:00 2001
From: Helmut Wolf <helmut.wolf@world-direct.at>
Date: Mon, 16 Jun 2025 12:41:52 +0200
Subject: [PATCH 2/3] fix(quarkus): update infinispan-client configuration to
 include port in server-list and hosts

---
 roles/keycloak_quarkus/templates/quarkus.properties.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/keycloak_quarkus/templates/quarkus.properties.j2 b/roles/keycloak_quarkus/templates/quarkus.properties.j2
index 06d9077c..cd0f9698 100644
--- a/roles/keycloak_quarkus/templates/quarkus.properties.j2
+++ b/roles/keycloak_quarkus/templates/quarkus.properties.j2
@@ -1,11 +1,11 @@
 {{ ansible_managed | comment }}
 {% if keycloak_quarkus_ha_enabled %}
 {% if keycloak_quarkus_version.split('.')[0] | int < 22 %}
-quarkus.infinispan-client.server-list={{ keycloak_quarkus_cache_remote_host }}
+quarkus.infinispan-client.server-list={{ keycloak_quarkus_cache_remote_host }}:{{ keycloak_quarkus_cache_remote_port }}
 quarkus.infinispan-client.auth-username={{ keycloak_quarkus_cache_remote_username }}
 quarkus.infinispan-client.auth-password={{ keycloak_quarkus_cache_remote_password }}
 {% else %}
-quarkus.infinispan-client.hosts={{ keycloak_quarkus_cache_remote_host }}
+quarkus.infinispan-client.hosts={{ keycloak_quarkus_cache_remote_host }}:{{ keycloak_quarkus_cache_remote_port }}
 quarkus.infinispan-client.username={{ keycloak_quarkus_cache_remote_username }}
 quarkus.infinispan-client.password={{ keycloak_quarkus_cache_remote_password }}
 {% endif %}

From f79fd227ebc4c5d1c4ed7d2d5ee7d9ab85f713e6 Mon Sep 17 00:00:00 2001
From: Helmut Wolf <helmut.wolf@world-direct.at>
Date: Mon, 16 Jun 2025 12:46:00 +0200
Subject: [PATCH 3/3] chore: bump KC/RHBK to v26.3.0/v26.2.5

---
 molecule/default/prepare.yml                   | 2 +-
 molecule/quarkus/converge.yml                  | 4 ++--
 roles/keycloak_quarkus/README.md               | 2 +-
 roles/keycloak_quarkus/defaults/main.yml       | 2 +-
 roles/keycloak_quarkus/meta/argument_specs.yml | 8 ++++----
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
index 44d4a912..540e3219 100644
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -18,7 +18,7 @@
 
     - name: Download keycloak archive to controller directory
       ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
-        url: https://github.com/keycloak/keycloak/releases/download/26.2.4/keycloak-26.2.4.zip
+        url: https://github.com/keycloak/keycloak/releases/download/26.3.0/keycloak-26.3.0.zip
         dest: /tmp/keycloak
         mode: '0640'
       delegate_to: localhost
diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml
index fa2d70f8..857c0722 100644
--- a/molecule/quarkus/converge.yml
+++ b/molecule/quarkus/converge.yml
@@ -23,7 +23,7 @@
     keycloak_quarkus_systemd_wait_for_delay: 2
     keycloak_quarkus_systemd_wait_for_log: true
     keycloak_quarkus_restart_health_check: false # would fail because of self-signed cert
-    keycloak_quarkus_version: 26.2.4
+    keycloak_quarkus_version: 26.3.0
     keycloak_quarkus_java_heap_opts: "-Xms1024m -Xmx1024m"
     keycloak_quarkus_additional_env_vars:
       - key: KC_FEATURES_DISABLED
@@ -46,7 +46,7 @@
           repository_url: https://repo1.maven.org/maven2/ # https://mvnrepository.com/artifact/org.keycloak/keycloak-kerberos-federation/24.0.4
           group_id: org.keycloak
           artifact_id: keycloak-kerberos-federation
-          version: 26.2.4 # optional
+          version: 26.3.0 # optional
           # username: myUser # optional
           # password: myPAT # optional
       # - id: my-static-theme
diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md
index f625a90a..8ac353f9 100644
--- a/roles/keycloak_quarkus/README.md
+++ b/roles/keycloak_quarkus/README.md
@@ -33,7 +33,7 @@ Role Defaults
 
 | Variable | Description | Default |
 |:---------|:------------|:--------|
-|`keycloak_quarkus_version`| keycloak.org package version | `26.2.4` |
+|`keycloak_quarkus_version`| keycloak.org package version | `26.3.0` |
 |`keycloak_quarkus_offline_install` | Perform an offline install | `False`|
 |`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` |
 |`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` |
diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml
index be05225e..c96aa8a6 100644
--- a/roles/keycloak_quarkus/defaults/main.yml
+++ b/roles/keycloak_quarkus/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 ### Configuration specific to keycloak
-keycloak_quarkus_version: 26.2.4
+keycloak_quarkus_version: 26.3.0
 keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip"
 keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"
 keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"
diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml
index 5bf57e45..7525c507 100644
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@@ -2,7 +2,7 @@ argument_specs:
     main:
         options:
             keycloak_quarkus_version:
-                default: "26.2.4"
+                default: "26.3.0"
                 description: "keycloak.org package version"
                 type: "str"
             keycloak_quarkus_archive:
@@ -540,7 +540,7 @@ argument_specs:
                 description: 'The password to access the Truststore.'
                 default: ''
                 type: "str"
-            keycloak_quarkus_jgroups_port: 
+            keycloak_quarkus_jgroups_port:
                 description: 'jgroups bind port'
                 default: 7800
                 type: "int"
@@ -552,7 +552,7 @@ argument_specs:
                 description: 'IP address that other instances in the Keycloak should use to contact this node'
                 default: "{{ keycloak_quarkus_jgroups_bind_address }}"
                 type: "str"
-            keycloak_quarkus_jgroups_external_port: 
+            keycloak_quarkus_jgroups_external_port:
                 description: 'Port that other instances in the Keycloak cluster should use to contact this node'
                 default: "{{ keycloak_quarkus_jgroups_port }}"
                 type: "int"
@@ -563,7 +563,7 @@ argument_specs:
     downstream:
         options:
             rhbk_version:
-                default: "26.2.4"
+                default: "26.2.5"
                 description: "Red Hat Build of Keycloak version"
                 type: "str"
             rhbk_archive: