This commit is contained in:
Ranabir Chakraborty 2025-09-18 19:10:00 +05:30 committed by GitHub
commit 29759c48f6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 28 additions and 16 deletions

View file

@ -11,6 +11,5 @@
keycloak_quarkus_http_port: 8080 keycloak_quarkus_http_port: 8080
keycloak_quarkus_proxy_mode: edge keycloak_quarkus_proxy_mode: edge
keycloak_quarkus_http_relative_path: / keycloak_quarkus_http_relative_path: /
keycloak_quarkus_health_check_url: http://proxy:8080/realms/master/.well-known/openid-configuration
roles: roles:
- role: keycloak_quarkus - role: keycloak_quarkus

View file

@ -116,6 +116,8 @@ keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route: true
keycloak_quarkus_metrics_enabled: false keycloak_quarkus_metrics_enabled: false
keycloak_quarkus_health_enabled: true keycloak_quarkus_health_enabled: true
keycloak_quarkus_health_check_url_path: "realms/master/.well-known/openid-configuration"
keycloak_quarkus_http_health_port: 9000
### caches; must read: https://www.keycloak.org/2024/12/storing-sessions-in-kc26 ### caches; must read: https://www.keycloak.org/2024/12/storing-sessions-in-kc26
### embedded caches ### embedded caches

View file

@ -259,6 +259,10 @@ argument_specs:
default: true default: true
description: "If the server should expose health check endpoints on the management interface" description: "If the server should expose health check endpoints on the management interface"
type: "bool" type: "bool"
keycloak_quarkus_http_health_port:
default: 9000
description: "Port used for the health endpoint when health checks are enabled. This is typically different from the main HTTP port."
type: "int"
keycloak_quarkus_cache_remote: keycloak_quarkus_cache_remote:
description: "Whether to connect to remote cache infinispan server" description: "Whether to connect to remote cache infinispan server"
default: false default: false

View file

@ -7,6 +7,11 @@
daemon_reload: true daemon_reload: true
become: true become: true
- name: "Fail if health check URL does not use port 9000 while health is enabled"
ansible.builtin.fail:
msg: "When `keycloak_quarkus_health_enabled` is true, the health check URL must use port 9000. Current URL: {{ keycloak_quarkus_health_check_url }}"
when: keycloak_quarkus_health_enabled | bool and keycloak_quarkus_health_check_url is defined and (keycloak_quarkus_health_check_url | regex_search(':(\\d+)', '\\1') | int) != 9000
- name: "Wait until {{ keycloak.service_name }} service becomes active {{ keycloak.health_url }}" - name: "Wait until {{ keycloak.service_name }} service becomes active {{ keycloak.health_url }}"
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak.health_url }}" url: "{{ keycloak.health_url }}"

View file

@ -1,10 +1,12 @@
--- ---
keycloak_quarkus_effective_health_path: "{{ 'health/ready' if keycloak_quarkus_health_enabled | bool else keycloak_quarkus_health_check_url_path }}"
keycloak_quarkus_hostname_stripped: "{{ keycloak_quarkus_hostname | regex_replace('(:\\d+)(?=/|$)', '') }}"
keycloak: # noqa var-naming this is an internal dict of interpolated values keycloak: # noqa var-naming this is an internal dict of interpolated values
home: "{{ keycloak_quarkus_home }}" home: "{{ keycloak_quarkus_home }}"
config_dir: "{{ keycloak_quarkus_config_dir }}" config_dir: "{{ keycloak_quarkus_config_dir }}"
bundle: "{{ keycloak_quarkus_archive }}" bundle: "{{ keycloak_quarkus_archive }}"
service_name: "keycloak" service_name: "keycloak"
health_url: "{{ keycloak_quarkus_health_check_url | default(keycloak_quarkus_hostname ~ '/' ~ (keycloak_quarkus_health_check_url_path | default('realms/master/.well-known/openid-configuration'))) }}" health_url: "{{ keycloak_quarkus_health_check_url | default(((('https://' ~ keycloak_quarkus_hostname_stripped ~ ':' ~ keycloak_quarkus_http_health_port) if not (keycloak_quarkus_hostname.startswith('http://') or keycloak_quarkus_hostname.startswith('https://')) else keycloak_quarkus_hostname_stripped ~ ':' ~ keycloak_quarkus_http_health_port) ~ keycloak_quarkus_http_relative_path ~ keycloak_quarkus_effective_health_path), true) }}"
cli_path: "{{ keycloak_quarkus_home }}/bin/kcadm.sh" cli_path: "{{ keycloak_quarkus_home }}/bin/kcadm.sh"
service_user: "{{ keycloak_quarkus_service_user }}" service_user: "{{ keycloak_quarkus_service_user }}"
service_group: "{{ keycloak_quarkus_service_group }}" service_group: "{{ keycloak_quarkus_service_group }}"

View file

@ -9,19 +9,19 @@ Role Defaults
------------- -------------
| Variable | Description | Default | | Variable | Description | Default |
|:---------|:------------|:--------| |:------------------------------------|:-----------------------------------------------------------------|:------------------------------------------------------|
|`keycloak_admin_user`| Administration console user account | `admin` | | `keycloak_admin_user` | Administration console user account | `admin` |
|`keycloak_host`| hostname | `localhost` | | `keycloak_host` | hostname | `localhost` |
|`keycloak_context`| Context path for rest calls | `/auth` | | `keycloak_context` | Context path for rest calls | `/auth` |
|`keycloak_http_port`| HTTP port | `8080` | | `keycloak_http_port` | HTTP port | `8080` |
|`keycloak_https_port`| TLS HTTP port | `8443` | | `keycloak_https_port` | TLS HTTP port | `8443` |
|`keycloak_auth_realm`| Name of the main authentication realm | `master` | | `keycloak_auth_realm` | Name of the main authentication realm | `master` |
|`keycloak_management_http_port`| Management port | `9990` | | `keycloak_management_http_port` | Management port | `9990` |
|`keycloak_auth_client`| Authentication client for configuration REST calls | `admin-cli` | | `keycloak_auth_client` | Authentication client for configuration REST calls | `admin-cli` |
|`keycloak_client_public`| Configure a public realm client | `True` | | `keycloak_client_public` | Configure a public realm client | `True` |
|`keycloak_client_web_origins`| Web origins for realm client | `/*` | | `keycloak_client_web_origins` | Web origins for realm client | `/*` |
|`keycloak_url`| URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port }}` | | `keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port }}` |
|`keycloak_management_url`| URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port }}` | | `keycloak_quarkus_http_health_port` | Port used for the health endpoint when health checks are enabled | `9000` |
Role Variables Role Variables