From f86f29f8733f521be38afbc64a40cde161c1d671 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Sat, 24 Sep 2022 20:04:51 +0200
Subject: [PATCH] The lib/quarkus directory must be writeable.

---
 tasks/keycloak-install.yml    | 9 +++++++++
 templates/keycloak.service.j2 | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/tasks/keycloak-install.yml b/tasks/keycloak-install.yml
index 179827f..ef8d69e 100644
--- a/tasks/keycloak-install.yml
+++ b/tasks/keycloak-install.yml
@@ -34,6 +34,15 @@
       mode: 0750
     tags: [ keycloak, keycloak_data_dir ]
 
+  - name: Set the permissions of the {{ keycloak_runtime_home }}/lib/quarkus directory 
+    ansible.builtin.file:
+      dest: '{{ keycloak_runtime_home }}/lib/quarkus'
+      state: directory
+      owner: '{{ keycloak_user }}'
+      group: '{{ keycloak_user }}'
+      mode: 0750
+    tags: [ keycloak, keycloak_data_dir ]
+
   - name: Avatar directory
     ansible.builtin.file:
       dest: '{{ keycloak_external_avatar_dir }}'
diff --git a/templates/keycloak.service.j2 b/templates/keycloak.service.j2
index 5107180..dcc1fcf 100644
--- a/templates/keycloak.service.j2
+++ b/templates/keycloak.service.j2
@@ -20,7 +20,7 @@ User={{ keycloak_user }}
 Group={{ keycloak_user }}
 SuccessExitStatus=0 143
 UMask=0027
-ExecStart={{ keycloak_runtime_home }}/bin/kc.sh start{% if not keycloak_optimize_build_at_startup %} --optimized{% endif %}{% if keycloak_disabled_features != "" %} --features-disabled={% for dis in keycloak_disabled_features %}{{ dis }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}{% if keycloak_preview_features != "" %} --features=={% for feat in --features= %}{{ feat }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}{% if keycloak_upgrade_db_at_startup %} --spi-connections-jpa-default-migration-strategy=update{% endif %}
+ExecStart={{ keycloak_runtime_home }}/bin/kc.sh start{% if not keycloak_optimize_build_at_startup %} --optimized{% endif %}{% if keycloak_disabled_features | length %} --features-disabled={% for dis in keycloak_disabled_features %}{{ dis }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}{% if keycloak_preview_features | length  %} --features={% for feat in keycloak_preview_features %}{{ feat }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}{% if keycloak_upgrade_db_at_startup %} --spi-connections-jpa-default-migration-strategy=update{% endif %}
 
 [Install]
 WantedBy=multi-user.target
\ No newline at end of file