diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
index 5c882cc..19f0ed9 100644
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -111,6 +111,11 @@ Role Defaults
|`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port }}` |
|`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port }}` |
|`keycloak_frontend_url_force` | Force backend requests to use the frontend URL | `False` |
+|`keycloak_db_background_validation` | Enable background validation of database connection | `False` |
+|`keycloak_db_background_validation_millis`| How frequenly the connection pool is validated in the background | `10000` if background validation enabled |
+|`keycloak_db_background_validate_on_match` Enable validate on match for database connections | `False` |
+|`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` |
+
Role Variables
--------------
@@ -123,7 +128,7 @@ The following are a set of _required_ variables for the role:
|`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` |
-The following variables are _required_ only when `keycloak_ha_enabled` is True:
+The following parameters are _required_ only when `keycloak_ha_enabled` is True:
| Variable | Description | Default |
|:---------|:------------|:--------|
@@ -141,7 +146,7 @@ The following variables are _required_ only when `keycloak_ha_enabled` is True:
|`keycloak_infinispan_trust_store_password`| Password for opening truststore | `changeit` |
-The following variables are _required_ only when `keycloak_db_enabled` is True:
+The following parameters are _required_ only when `keycloak_db_enabled` is True:
| Variable | Description | Default |
|:---------|:------------|:---------|
@@ -151,6 +156,13 @@ The following variables are _required_ only when `keycloak_db_enabled` is True:
|`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` |
+The following variables are _optional_:
+
+| Variable | Description |
+|:---------|:------------|
+|`keycloak_db_valid_conn_sql` | Override the default database connection validation query sql |
+
+
Example Playbook
-----------------
@@ -161,8 +173,6 @@ Example Playbook
- hosts: ...
vars:
keycloak_admin_password: "remembertochangeme"
- collections:
- - middleware_automation.keycloak
roles:
- middleware_automation.keycloak.keycloak
```
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 025a815..68e473b 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -89,6 +89,12 @@ keycloak_jdbc_engine: postgres
### database backend credentials
keycloak_db_user: keycloak-user
keycloak_db_pass: keycloak-pass
+## connection validation
+keycloak_db_background_validation: False
+keycloak_db_background_validation_millis: "{{ 10000 if keycloak_db_background_validation else 0 }}"
+keycloak_db_background_validate_on_match: False
+# variable to override database connection validation query
+keycloak_db_valid_conn_sql:
keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
# override the variables above, following defaults show minimum supported versions
diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml
index 3a7572a..9441fff 100644
--- a/roles/keycloak/meta/argument_specs.yml
+++ b/roles/keycloak/meta/argument_specs.yml
@@ -318,6 +318,22 @@ argument_specs:
default: "{{ True if keycloak_ha_enabled else False }}"
description: "Enable remote cache store when in clustered ha configurations"
type: "bool"
+ keycloak_db_background_validation:
+ default: False
+ description: "Enable background validation of database connection"
+ type: "bool"
+ keycloak_db_background_validation_millis:
+ default: "{{ 10000 if keycloak_db_background_validation else 0 }}"
+ description: "How frequenly the connection pool is validated in the background"
+ type: 'int'
+ keycloak_db_background_validate_on_match:
+ default: False
+ description: "Enable validate on match for database connections"
+ type: "bool"
+ keycloak_db_valid_conn_sql:
+ required: False
+ description: "Override the default database connection validation query sql"
+ type: "str"
downstream:
options:
sso_version:
diff --git a/roles/keycloak/templates/standalone-ha.xml.j2 b/roles/keycloak/templates/standalone-ha.xml.j2
index 14a6e3a..ca9f4f9 100644
--- a/roles/keycloak/templates/standalone-ha.xml.j2
+++ b/roles/keycloak/templates/standalone-ha.xml.j2
@@ -136,6 +136,12 @@
{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}
{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}
+
+ {{ keycloak_jdbc[keycloak_jdbc_engine].validate_query }}
+ {{ keycloak_db_background_validate_on_match }}
+ {{ keycloak_db_background_validation }}
+ {{ keycloak_db_background_validation_millis }}
+
{% else %}
jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE
h2
diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2
index 5f0ea5b..ba75cd2 100644
--- a/roles/keycloak/templates/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/standalone-infinispan.xml.j2
@@ -136,6 +136,12 @@
{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}
{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}
+
+ {{ keycloak_jdbc[keycloak_jdbc_engine].validate_query }}
+ {{ keycloak_db_background_validate_on_match }}
+ {{ keycloak_db_background_validation }}
+ {{ keycloak_db_background_validation_millis }}
+
{% else %}
jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE
h2
diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2
index 6ba9efd..4f538d0 100644
--- a/roles/keycloak/templates/standalone.xml.j2
+++ b/roles/keycloak/templates/standalone.xml.j2
@@ -123,6 +123,12 @@
{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}
{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}
+
+ {{ keycloak_jdbc[keycloak_jdbc_engine].validate_query }}
+ {{ keycloak_db_background_validate_on_match }}
+ {{ keycloak_db_background_validation }}
+ {{ keycloak_db_background_validation_millis }}
+
{% else %}
jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE
h2
diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml
index cffbac3..993e841 100644
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -29,6 +29,7 @@ keycloak_jdbc:
connection_url: "{{ keycloak_jdbc_url }}"
db_user: "{{ keycloak_db_user }}"
db_password: "{{ keycloak_db_pass }}"
+ validate_query: "{{ keycloak_db_valid_conn_sql | default('select 1') }}"
initialize_db: >
CREATE TABLE IF NOT EXISTS JGROUPSPING (
own_addr varchar(200) NOT NULL,
@@ -48,6 +49,7 @@ keycloak_jdbc:
connection_url: "{{ keycloak_jdbc_url }}"
db_user: "{{ keycloak_db_user }}"
db_password: "{{ keycloak_db_pass }}"
+ validate_query: "{{ keycloak_db_valid_conn_sql | default('select 1') }}"
initialize_db: >
CREATE TABLE IF NOT EXISTS JGROUPSPING (
own_addr varchar(200) NOT NULL,
@@ -68,6 +70,7 @@ keycloak_jdbc:
connection_url: "{{ keycloak_jdbc_url }}"
db_user: "{{ keycloak_db_user }}"
db_password: "{{ keycloak_db_pass }}"
+ validate_query: "{{ keycloak_db_valid_conn_sql | default('select 1') }}"
initialize_db: >
IF NOT EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[JGROUPSPING]') AND type in (N'U'))
BEGIN