mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2025-04-06 10:50:31 -07:00
revert JVM var that cannot be overridden
This commit is contained in:
Guido Grazioli
parent
467cfda0f7
commit
2bbf7d9cc4
9 changed files with 22 additions and 119 deletions
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Converge
|
- name: Converge
|
||||||
hosts: all
|
hosts: all
|
||||||
vars:
|
vars:
|
||||||
keycloak_admin_password: "remembertochangeme"
|
keycloak_admin_password: "remembertochangeme"
|
||||||
keycloak_jvm_package: java-11-openjdk-headless
|
keycloak_jvm_package: java-11-openjdk-headless
|
||||||
keycloak_modcluster_enabled: True
|
keycloak_modcluster_enabled: True
|
||||||
|
|
|
||||||
|
|
@ -2,47 +2,38 @@ argument_specs:
|
||||||
main:
|
main:
|
||||||
options:
|
options:
|
||||||
keycloak_version:
|
keycloak_version:
|
||||||
# line 3 of keycloak/defaults/main.yml
|
|
||||||
default: "18.0.2"
|
default: "18.0.2"
|
||||||
description: "keycloak.org package version"
|
description: "keycloak.org package version"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_archive:
|
keycloak_archive:
|
||||||
# line 4 of keycloak/defaults/main.yml
|
|
||||||
default: "keycloak-legacy-{{ keycloak_version }}.zip"
|
default: "keycloak-legacy-{{ keycloak_version }}.zip"
|
||||||
description: "keycloak install archive filename"
|
description: "keycloak install archive filename"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_configure_iptables:
|
keycloak_configure_iptables:
|
||||||
# line 33 of keycloak/defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Ensure iptables is running and configure keycloak ports"
|
description: "Ensure iptables is running and configure keycloak ports"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_configure_firewalld:
|
keycloak_configure_firewalld:
|
||||||
# line 33 of keycloak/defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Ensure firewalld is running and configure keycloak ports"
|
description: "Ensure firewalld is running and configure keycloak ports"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_download_url:
|
keycloak_download_url:
|
||||||
# line 5 of keycloak/defaults/main.yml
|
|
||||||
default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
|
default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
|
||||||
description: "Download URL for keycloak"
|
description: "Download URL for keycloak"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_download_url_9x:
|
keycloak_download_url_9x:
|
||||||
# line 6 of keycloak/defaults/main.yml
|
|
||||||
default: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
|
default: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
|
||||||
description: "Download URL for keycloak (deprecated)"
|
description: "Download URL for keycloak (deprecated)"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_installdir:
|
keycloak_installdir:
|
||||||
# line 7 of keycloak/defaults/main.yml
|
|
||||||
default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
|
default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
|
||||||
description: "Installation path"
|
description: "Installation path"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_offline_install:
|
keycloak_offline_install:
|
||||||
# line 20 of keycloak/defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Perform an offline install"
|
description: "Perform an offline install"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_jvm_package:
|
keycloak_jvm_package:
|
||||||
# line 23 of keycloak/defaults/main.yml
|
|
||||||
default: "java-1.8.0-openjdk-headless"
|
default: "java-1.8.0-openjdk-headless"
|
||||||
description: "RHEL java package runtime rpm"
|
description: "RHEL java package runtime rpm"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
@ -50,12 +41,10 @@ argument_specs:
|
||||||
description: "JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path"
|
description: "JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_dest:
|
keycloak_dest:
|
||||||
# line 24 of keycloak/defaults/main.yml
|
|
||||||
default: "/opt/keycloak"
|
default: "/opt/keycloak"
|
||||||
description: "Root installation directory"
|
description: "Root installation directory"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_jboss_home:
|
keycloak_jboss_home:
|
||||||
# line 25 of keycloak/defaults/main.yml
|
|
||||||
default: "{{ keycloak_installdir }}"
|
default: "{{ keycloak_installdir }}"
|
||||||
description: "Installation work directory"
|
description: "Installation work directory"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
@ -64,52 +53,42 @@ argument_specs:
|
||||||
description: "Port offset for the JBoss socket binding"
|
description: "Port offset for the JBoss socket binding"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_config_dir:
|
keycloak_config_dir:
|
||||||
# line 26 of keycloak/defaults/main.yml
|
|
||||||
default: "{{ keycloak_jboss_home }}/standalone/configuration"
|
default: "{{ keycloak_jboss_home }}/standalone/configuration"
|
||||||
description: "Path for configuration"
|
description: "Path for configuration"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_config_standalone_xml:
|
keycloak_config_standalone_xml:
|
||||||
# line 27 of keycloak/defaults/main.yml
|
|
||||||
default: "keycloak.xml"
|
default: "keycloak.xml"
|
||||||
description: "Service configuration filename"
|
description: "Service configuration filename"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_config_path_to_standalone_xml:
|
keycloak_config_path_to_standalone_xml:
|
||||||
# line 28 of keycloak/defaults/main.yml
|
|
||||||
default: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
|
default: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
|
||||||
description: "Custom path for configuration"
|
description: "Custom path for configuration"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_config_override_template:
|
keycloak_config_override_template:
|
||||||
# line 30 of keycloak/defaults/main.yml
|
|
||||||
default: ""
|
default: ""
|
||||||
description: "Path to custom template for standalone.xml configuration"
|
description: "Path to custom template for standalone.xml configuration"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_service_runas:
|
keycloak_service_runas:
|
||||||
# line 20 of keycloak/defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Enable execution of service as `keycloak_service_user`"
|
description: "Enable execution of service as `keycloak_service_user`"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_service_user:
|
keycloak_service_user:
|
||||||
# line 29 of keycloak/defaults/main.yml
|
|
||||||
default: "keycloak"
|
default: "keycloak"
|
||||||
description: "posix account username"
|
description: "posix account username"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_service_group:
|
keycloak_service_group:
|
||||||
# line 30 of keycloak/defaults/main.yml
|
|
||||||
default: "keycloak"
|
default: "keycloak"
|
||||||
description: "posix account group"
|
description: "posix account group"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_service_pidfile:
|
keycloak_service_pidfile:
|
||||||
# line 31 of keycloak/defaults/main.yml
|
|
||||||
default: "/run/keycloak/keycloak.pid"
|
default: "/run/keycloak/keycloak.pid"
|
||||||
description: "PID file path for service"
|
description: "PID file path for service"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_features:
|
keycloak_features:
|
||||||
# line 17 of keycloak/defaults/main.yml
|
|
||||||
default: "[]"
|
default: "[]"
|
||||||
description: "List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]`"
|
description: "List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]`"
|
||||||
type: "list"
|
type: "list"
|
||||||
keycloak_bind_address:
|
keycloak_bind_address:
|
||||||
# line 34 of keycloak/defaults/main.yml
|
|
||||||
default: "0.0.0.0"
|
default: "0.0.0.0"
|
||||||
description: "Address for binding service ports"
|
description: "Address for binding service ports"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
@ -118,52 +97,42 @@ argument_specs:
|
||||||
description: "Address for binding the management ports"
|
description: "Address for binding the management ports"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_host:
|
keycloak_host:
|
||||||
# line 35 of keycloak/defaults/main.yml
|
|
||||||
default: "localhost"
|
default: "localhost"
|
||||||
description: "Hostname for service"
|
description: "Hostname for service"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_http_port:
|
keycloak_http_port:
|
||||||
# line 36 of keycloak/defaults/main.yml
|
|
||||||
default: 8080
|
default: 8080
|
||||||
description: "Listening HTTP port"
|
description: "Listening HTTP port"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_https_port:
|
keycloak_https_port:
|
||||||
# line 37 of keycloak/defaults/main.yml
|
|
||||||
default: 8443
|
default: 8443
|
||||||
description: "Listening HTTPS port"
|
description: "Listening HTTPS port"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_ajp_port:
|
keycloak_ajp_port:
|
||||||
# line 38 of keycloak/defaults/main.yml
|
|
||||||
default: 8009
|
default: 8009
|
||||||
description: "Listening AJP port"
|
description: "Listening AJP port"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_jgroups_port:
|
keycloak_jgroups_port:
|
||||||
# line 39 of keycloak/defaults/main.yml
|
|
||||||
default: 7600
|
default: 7600
|
||||||
description: "jgroups cluster tcp port"
|
description: "jgroups cluster tcp port"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_management_http_port:
|
keycloak_management_http_port:
|
||||||
# line 40 of keycloak/defaults/main.yml
|
|
||||||
default: 9990
|
default: 9990
|
||||||
description: "Management port (http)"
|
description: "Management port (http)"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_management_https_port:
|
keycloak_management_https_port:
|
||||||
# line 41 of keycloak/defaults/main.yml
|
|
||||||
default: 9993
|
default: 9993
|
||||||
description: "Management port (https)"
|
description: "Management port (https)"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_java_opts:
|
keycloak_java_opts:
|
||||||
# line 42 of keycloak/defaults/main.yml
|
|
||||||
default: "-Xms1024m -Xmx2048m"
|
default: "-Xms1024m -Xmx2048m"
|
||||||
description: "Additional JVM options"
|
description: "Additional JVM options"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_prefer_ipv4:
|
keycloak_prefer_ipv4:
|
||||||
# line 43 of keycloak/defaults/main.yml
|
|
||||||
default: true
|
default: true
|
||||||
description: "Prefer IPv4 stack and addresses for port binding"
|
description: "Prefer IPv4 stack and addresses for port binding"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_ha_enabled:
|
keycloak_ha_enabled:
|
||||||
# line 46 of keycloak/defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
|
description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
|
|
@ -172,27 +141,22 @@ argument_specs:
|
||||||
description: "Discovery protocol for HA cluster members"
|
description: "Discovery protocol for HA cluster members"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_db_enabled:
|
keycloak_db_enabled:
|
||||||
# line 48 of keycloak/defaults/main.yml
|
|
||||||
default: "{{ True if keycloak_ha_enabled else False }}"
|
default: "{{ True if keycloak_ha_enabled else False }}"
|
||||||
description: "Enable auto configuration for database backend"
|
description: "Enable auto configuration for database backend"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_admin_user:
|
keycloak_admin_user:
|
||||||
# line 51 of keycloak/defaults/main.yml
|
|
||||||
default: "admin"
|
default: "admin"
|
||||||
description: "Administration console user account"
|
description: "Administration console user account"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_auth_realm:
|
keycloak_auth_realm:
|
||||||
# line 52 of keycloak/defaults/main.yml
|
|
||||||
default: "master"
|
default: "master"
|
||||||
description: "Name for rest authentication realm"
|
description: "Name for rest authentication realm"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_auth_client:
|
keycloak_auth_client:
|
||||||
# line 53 of keycloak/defaults/main.yml
|
|
||||||
default: "admin-cli"
|
default: "admin-cli"
|
||||||
description: "Authentication client for configuration REST calls"
|
description: "Authentication client for configuration REST calls"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_force_install:
|
keycloak_force_install:
|
||||||
# line 55 of keycloak/defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Remove pre-existing versions of service"
|
description: "Remove pre-existing versions of service"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
|
|
@ -201,7 +165,6 @@ argument_specs:
|
||||||
description: "Enable configuration for modcluster subsystem"
|
description: "Enable configuration for modcluster subsystem"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_modcluster_url:
|
keycloak_modcluster_url:
|
||||||
# line 58 of keycloak/defaults/main.yml
|
|
||||||
default: "localhost"
|
default: "localhost"
|
||||||
description: "URL for the modcluster reverse proxy"
|
description: "URL for the modcluster reverse proxy"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
@ -214,7 +177,6 @@ argument_specs:
|
||||||
description: "List of modproxy node URLs in the format { host, port } for the modcluster reverse proxy"
|
description: "List of modproxy node URLs in the format { host, port } for the modcluster reverse proxy"
|
||||||
type: "list"
|
type: "list"
|
||||||
keycloak_frontend_url:
|
keycloak_frontend_url:
|
||||||
# line 59 of keycloak/defaults/main.yml
|
|
||||||
default: "http://localhost"
|
default: "http://localhost"
|
||||||
description: "Frontend URL for keycloak endpoints when a reverse proxy is used"
|
description: "Frontend URL for keycloak endpoints when a reverse proxy is used"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
@ -223,77 +185,62 @@ argument_specs:
|
||||||
description: "Force backend requests to use the frontend URL"
|
description: "Force backend requests to use the frontend URL"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_infinispan_user:
|
keycloak_infinispan_user:
|
||||||
# line 62 of keycloak/defaults/main.yml
|
|
||||||
default: "supervisor"
|
default: "supervisor"
|
||||||
description: "Username for connecting to infinispan"
|
description: "Username for connecting to infinispan"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_infinispan_pass:
|
keycloak_infinispan_pass:
|
||||||
# line 63 of keycloak/defaults/main.yml
|
|
||||||
default: "supervisor"
|
default: "supervisor"
|
||||||
description: "Password for connecting to infinispan"
|
description: "Password for connecting to infinispan"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_infinispan_url:
|
keycloak_infinispan_url:
|
||||||
# line 64 of keycloak/defaults/main.yml
|
|
||||||
default: "localhost"
|
default: "localhost"
|
||||||
description: "URL for the infinispan remote-cache server"
|
description: "URL for the infinispan remote-cache server"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_infinispan_sasl_mechanism:
|
keycloak_infinispan_sasl_mechanism:
|
||||||
# line 65 of keycloak/defaults/main.yml
|
|
||||||
default: "SCRAM-SHA-512"
|
default: "SCRAM-SHA-512"
|
||||||
description: "Authentication type to infinispan server"
|
description: "Authentication type to infinispan server"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_infinispan_use_ssl:
|
keycloak_infinispan_use_ssl:
|
||||||
# line 66 of keycloak/defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Enable hotrod client TLS communication"
|
description: "Enable hotrod client TLS communication"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_infinispan_trust_store_path:
|
keycloak_infinispan_trust_store_path:
|
||||||
# line 68 of keycloak/defaults/main.yml
|
|
||||||
default: "/etc/pki/java/cacerts"
|
default: "/etc/pki/java/cacerts"
|
||||||
description: "TODO document argument"
|
description: "TODO document argument"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_infinispan_trust_store_password:
|
keycloak_infinispan_trust_store_password:
|
||||||
# line 69 of keycloak/defaults/main.yml
|
|
||||||
default: "changeit"
|
default: "changeit"
|
||||||
description: "Path to truststore containing infinispan server certificate"
|
description: "Path to truststore containing infinispan server certificate"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_jdbc_engine:
|
keycloak_jdbc_engine:
|
||||||
# line 72 of keycloak/defaults/main.yml
|
|
||||||
default: "postgres"
|
default: "postgres"
|
||||||
description: "Backend database flavour when db is enabled: [ postgres, mariadb, sqlserver ]"
|
description: "Backend database flavour when db is enabled: [ postgres, mariadb, sqlserver ]"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_db_user:
|
keycloak_db_user:
|
||||||
# line 74 of keycloak/defaults/main.yml
|
|
||||||
default: "keycloak-user"
|
default: "keycloak-user"
|
||||||
description: "Username for connecting to database"
|
description: "Username for connecting to database"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_db_pass:
|
keycloak_db_pass:
|
||||||
# line 75 of keycloak/defaults/main.yml
|
|
||||||
default: "keycloak-pass"
|
default: "keycloak-pass"
|
||||||
description: "Password for connecting to database"
|
description: "Password for connecting to database"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_jdbc_url:
|
keycloak_jdbc_url:
|
||||||
# line 76 of keycloak/defaults/main.yml
|
|
||||||
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
|
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
|
||||||
description: "URL for connecting to backend database"
|
description: "URL for connecting to backend database"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_jdbc_driver_version:
|
keycloak_jdbc_driver_version:
|
||||||
# line 77 of keycloak/defaults/main.yml
|
|
||||||
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
|
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
|
||||||
description: "Version for the JDBC driver to download"
|
description: "Version for the JDBC driver to download"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_admin_password:
|
keycloak_admin_password:
|
||||||
# line 4 of keycloak/vars/main.yml
|
|
||||||
required: true
|
required: true
|
||||||
description: "Password for the administration console user account"
|
description: "Password for the administration console user account"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_url:
|
keycloak_url:
|
||||||
# line 12 of keycloak/vars/main.yml
|
|
||||||
default: "http://{{ keycloak_host }}:{{ keycloak_http_port + keycloak_jboss_port_offset }}"
|
default: "http://{{ keycloak_host }}:{{ keycloak_http_port + keycloak_jboss_port_offset }}"
|
||||||
description: "URL for configuration rest calls"
|
description: "URL for configuration rest calls"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_management_url:
|
keycloak_management_url:
|
||||||
# line 13 of keycloak/vars/main.yml
|
|
||||||
default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + keycloak_jboss_port_offset }}"
|
default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + keycloak_jboss_port_offset }}"
|
||||||
description: "URL for management console rest calls"
|
description: "URL for management console rest calls"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
|
||||||
|
|
@ -10,18 +10,6 @@
|
||||||
notify:
|
notify:
|
||||||
- restart keycloak
|
- restart keycloak
|
||||||
|
|
||||||
- name: Determine JAVA_HOME for selected JVM RPM
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
rpm_java_home: "/lib/jvm/java-{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
|
|
||||||
when:
|
|
||||||
- ansible_facts.os_family == 'Debian'
|
|
||||||
|
|
||||||
- name: Determine JAVA_HOME for selected JVM RPM
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
rpm_java_home: "/etc/alternatives/jre_{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}"
|
|
||||||
when:
|
|
||||||
- ansible_facts.os_family == 'RedHat'
|
|
||||||
|
|
||||||
- name: "Configure sysconfig file for {{ keycloak.service_name }} service"
|
- name: "Configure sysconfig file for {{ keycloak.service_name }} service"
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
keycloak_jvm_package: openjdk-11-jdk-headless
|
keycloak_varjvm_package: "{{ keycloak_jvm_package | default('openjdk-11-jdk-headless') }}"
|
||||||
keycloak_prereq_package_list:
|
keycloak_prereq_package_list:
|
||||||
- "{{ keycloak_jvm_package }}"
|
- "{{ keycloak_varjvm_package }}"
|
||||||
- unzip
|
- unzip
|
||||||
- procps
|
- procps
|
||||||
- apt
|
- apt
|
||||||
- tzdata
|
- tzdata
|
||||||
keycloak_configure_iptables: True
|
keycloak_configure_iptables: True
|
||||||
keycloak_sysconf_file: /etc/default/keycloak
|
keycloak_sysconf_file: /etc/default/keycloak
|
||||||
keycloak_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_jvm_package | regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
|
keycloak_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_varjvm_package | regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,10 @@
|
||||||
---
|
---
|
||||||
keycloak_jvm_package: java-1.8.0-openjdk-headless
|
keycloak_varjvm_package: "{{ keycloak_jvm_package | default('java-1.8.0-openjdk-headless') }}"
|
||||||
keycloak_prereq_package_list:
|
keycloak_prereq_package_list:
|
||||||
- "{{ keycloak_jvm_package }}"
|
- "{{ keycloak_varjvm_package }}"
|
||||||
- unzip
|
- unzip
|
||||||
- procps-ng
|
- procps-ng
|
||||||
- initscripts
|
- initscripts
|
||||||
- tzdata-java
|
- tzdata-java
|
||||||
keycloak_configure_iptables: False
|
|
||||||
keycloak_sysconf_file: /etc/sysconfig/keycloak
|
keycloak_sysconf_file: /etc/sysconfig/keycloak
|
||||||
keycloak_pkg_java_home: "/etc/alternatives/jre_{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}"
|
keycloak_pkg_java_home: "/etc/alternatives/jre_{{ keycloak_varjvm_package | regex_search('(?<=java-)[0-9.]+') }}"
|
||||||
|
|
|
||||||
|
|
@ -17,11 +17,13 @@ keycloak_quarkus_start_dev: false
|
||||||
keycloak_quarkus_service_user: keycloak
|
keycloak_quarkus_service_user: keycloak
|
||||||
keycloak_quarkus_service_group: keycloak
|
keycloak_quarkus_service_group: keycloak
|
||||||
keycloak_quarkus_service_pidfile: "/run/keycloak/keycloak.pid"
|
keycloak_quarkus_service_pidfile: "/run/keycloak/keycloak.pid"
|
||||||
keycloak_quarkus_configure_firewalld: false
|
|
||||||
keycloak_quarkus_service_restart_always: false
|
keycloak_quarkus_service_restart_always: false
|
||||||
keycloak_quarkus_service_restart_on_failure: false
|
keycloak_quarkus_service_restart_on_failure: false
|
||||||
keycloak_quarkus_service_restartsec: "10s"
|
keycloak_quarkus_service_restartsec: "10s"
|
||||||
|
|
||||||
|
keycloak_quarkus_configure_firewalld: false
|
||||||
|
keycloak_quarkus_configure_iptables: false
|
||||||
|
|
||||||
### administrator console password
|
### administrator console password
|
||||||
keycloak_quarkus_admin_user: admin
|
keycloak_quarkus_admin_user: admin
|
||||||
keycloak_quarkus_admin_pass:
|
keycloak_quarkus_admin_pass:
|
||||||
|
|
|
||||||
|
|
@ -2,32 +2,26 @@ argument_specs:
|
||||||
main:
|
main:
|
||||||
options:
|
options:
|
||||||
keycloak_quarkus_version:
|
keycloak_quarkus_version:
|
||||||
# line 3 of defaults/main.yml
|
default: "23.0.7"
|
||||||
default: "17.0.1"
|
|
||||||
description: "keycloak.org package version"
|
description: "keycloak.org package version"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_archive:
|
keycloak_quarkus_archive:
|
||||||
# line 4 of defaults/main.yml
|
|
||||||
default: "keycloak-{{ keycloak_quarkus_version }}.zip"
|
default: "keycloak-{{ keycloak_quarkus_version }}.zip"
|
||||||
description: "keycloak install archive filename"
|
description: "keycloak install archive filename"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_download_url:
|
keycloak_quarkus_download_url:
|
||||||
# line 5 of defaults/main.yml
|
|
||||||
default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"
|
default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"
|
||||||
description: "Download URL for keycloak"
|
description: "Download URL for keycloak"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_installdir:
|
keycloak_quarkus_installdir:
|
||||||
# line 6 of defaults/main.yml
|
|
||||||
default: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"
|
default: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"
|
||||||
description: "Installation path"
|
description: "Installation path"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_offline_install:
|
keycloak_quarkus_offline_install:
|
||||||
# line 9 of defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Perform an offline install"
|
description: "Perform an offline install"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_quarkus_jvm_package:
|
keycloak_quarkus_jvm_package:
|
||||||
# line 12 of defaults/main.yml
|
|
||||||
default: "java-11-openjdk-headless"
|
default: "java-11-openjdk-headless"
|
||||||
description: "RHEL java package runtime"
|
description: "RHEL java package runtime"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
@ -35,37 +29,34 @@ argument_specs:
|
||||||
description: "JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path"
|
description: "JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_dest:
|
keycloak_quarkus_dest:
|
||||||
# line 13 of defaults/main.yml
|
|
||||||
default: "/opt/keycloak"
|
default: "/opt/keycloak"
|
||||||
description: "Installation root path"
|
description: "Installation root path"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_home:
|
keycloak_quarkus_home:
|
||||||
# line 14 of defaults/main.yml
|
|
||||||
default: "{{ keycloak_quarkus_installdir }}"
|
default: "{{ keycloak_quarkus_installdir }}"
|
||||||
description: "Installation work directory"
|
description: "Installation work directory"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_config_dir:
|
keycloak_quarkus_config_dir:
|
||||||
# line 15 of defaults/main.yml
|
|
||||||
default: "{{ keycloak_quarkus_home }}/conf"
|
default: "{{ keycloak_quarkus_home }}/conf"
|
||||||
description: "Path for configuration"
|
description: "Path for configuration"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_service_user:
|
keycloak_quarkus_service_user:
|
||||||
# line 16 of defaults/main.yml
|
|
||||||
default: "keycloak"
|
default: "keycloak"
|
||||||
description: "Posix account username"
|
description: "Posix account username"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_service_group:
|
keycloak_quarkus_service_group:
|
||||||
# line 17 of defaults/main.yml
|
|
||||||
default: "keycloak"
|
default: "keycloak"
|
||||||
description: "Posix account group"
|
description: "Posix account group"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_service_pidfile:
|
keycloak_quarkus_service_pidfile:
|
||||||
# line 18 of defaults/main.yml
|
|
||||||
default: "/run/keycloak/keycloak.pid"
|
default: "/run/keycloak/keycloak.pid"
|
||||||
description: "Pid file path for service"
|
description: "Pid file path for service"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_configure_firewalld:
|
keycloak_quarkus_configure_firewalld:
|
||||||
# line 19 of defaults/main.yml
|
default: false
|
||||||
|
description: "Ensure firewalld is running and configure keycloak ports"
|
||||||
|
type: "bool"
|
||||||
|
keycloak_quarkus_configure_iptables:
|
||||||
default: false
|
default: false
|
||||||
description: "Ensure firewalld is running and configure keycloak ports"
|
description: "Ensure firewalld is running and configure keycloak ports"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
|
|
@ -90,12 +81,10 @@ argument_specs:
|
||||||
description: "Password of console admin account"
|
description: "Password of console admin account"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_master_realm:
|
keycloak_quarkus_master_realm:
|
||||||
# line 24 of defaults/main.yml
|
|
||||||
default: "master"
|
default: "master"
|
||||||
description: "Name for rest authentication realm"
|
description: "Name for rest authentication realm"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_bind_address:
|
keycloak_quarkus_bind_address:
|
||||||
# line 27 of defaults/main.yml
|
|
||||||
default: "0.0.0.0"
|
default: "0.0.0.0"
|
||||||
description: "Address for binding service ports"
|
description: "Address for binding service ports"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
@ -116,7 +105,6 @@ argument_specs:
|
||||||
description: "Enable listener on HTTP port"
|
description: "Enable listener on HTTP port"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_quarkus_http_port:
|
keycloak_quarkus_http_port:
|
||||||
# line 29 of defaults/main.yml
|
|
||||||
default: 8080
|
default: 8080
|
||||||
description: "HTTP port"
|
description: "HTTP port"
|
||||||
type: "int"
|
type: "int"
|
||||||
|
|
@ -157,27 +145,22 @@ argument_specs:
|
||||||
description: "Password for the trust store"
|
description: "Password for the trust store"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_https_port:
|
keycloak_quarkus_https_port:
|
||||||
# line 30 of defaults/main.yml
|
|
||||||
default: 8443
|
default: 8443
|
||||||
description: "HTTPS port"
|
description: "HTTPS port"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_quarkus_ajp_port:
|
keycloak_quarkus_ajp_port:
|
||||||
# line 31 of defaults/main.yml
|
|
||||||
default: 8009
|
default: 8009
|
||||||
description: "AJP port"
|
description: "AJP port"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_quarkus_jgroups_port:
|
keycloak_quarkus_jgroups_port:
|
||||||
# line 32 of defaults/main.yml
|
|
||||||
default: 7800
|
default: 7800
|
||||||
description: "jgroups cluster tcp port"
|
description: "jgroups cluster tcp port"
|
||||||
type: "int"
|
type: "int"
|
||||||
keycloak_quarkus_java_opts:
|
keycloak_quarkus_java_opts:
|
||||||
# line 33 of defaults/main.yml
|
|
||||||
default: "-Xms1024m -Xmx2048m"
|
default: "-Xms1024m -Xmx2048m"
|
||||||
description: "Additional JVM options"
|
description: "Additional JVM options"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_ha_enabled:
|
keycloak_quarkus_ha_enabled:
|
||||||
# line 36 of defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
|
description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
|
|
@ -186,7 +169,6 @@ argument_specs:
|
||||||
description: "Discovery protocol for HA cluster members"
|
description: "Discovery protocol for HA cluster members"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_db_enabled:
|
keycloak_quarkus_db_enabled:
|
||||||
# line 38 of defaults/main.yml
|
|
||||||
default: "{{ True if keycloak_quarkus_ha_enabled else False }}"
|
default: "{{ True if keycloak_quarkus_ha_enabled else False }}"
|
||||||
description: "Enable auto configuration for database backend"
|
description: "Enable auto configuration for database backend"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
@ -204,7 +186,6 @@ argument_specs:
|
||||||
description: "Service URL for the admin console"
|
description: "Service URL for the admin console"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_metrics_enabled:
|
keycloak_quarkus_metrics_enabled:
|
||||||
# line 43 of defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Whether to enable metrics"
|
description: "Whether to enable metrics"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
|
|
@ -213,62 +194,50 @@ argument_specs:
|
||||||
description: "If the server should expose health check endpoints"
|
description: "If the server should expose health check endpoints"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_quarkus_ispn_user:
|
keycloak_quarkus_ispn_user:
|
||||||
# line 46 of defaults/main.yml
|
|
||||||
default: "supervisor"
|
default: "supervisor"
|
||||||
description: "Username for connecting to infinispan"
|
description: "Username for connecting to infinispan"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_ispn_pass:
|
keycloak_quarkus_ispn_pass:
|
||||||
# line 47 of defaults/main.yml
|
|
||||||
default: "supervisor"
|
default: "supervisor"
|
||||||
description: "Password for connecting to infinispan"
|
description: "Password for connecting to infinispan"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_ispn_hosts:
|
keycloak_quarkus_ispn_hosts:
|
||||||
# line 48 of defaults/main.yml
|
|
||||||
default: "localhost:11222"
|
default: "localhost:11222"
|
||||||
description: "host name/port for connecting to infinispan, eg. host1:11222;host2:11222"
|
description: "host name/port for connecting to infinispan, eg. host1:11222;host2:11222"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_ispn_sasl_mechanism:
|
keycloak_quarkus_ispn_sasl_mechanism:
|
||||||
# line 49 of defaults/main.yml
|
|
||||||
default: "SCRAM-SHA-512"
|
default: "SCRAM-SHA-512"
|
||||||
description: "Infinispan auth mechanism"
|
description: "Infinispan auth mechanism"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_ispn_use_ssl:
|
keycloak_quarkus_ispn_use_ssl:
|
||||||
# line 50 of defaults/main.yml
|
|
||||||
default: false
|
default: false
|
||||||
description: "Whether infinispan uses TLS connection"
|
description: "Whether infinispan uses TLS connection"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
keycloak_quarkus_ispn_trust_store_path:
|
keycloak_quarkus_ispn_trust_store_path:
|
||||||
# line 52 of defaults/main.yml
|
|
||||||
default: "/etc/pki/java/cacerts"
|
default: "/etc/pki/java/cacerts"
|
||||||
description: "Path to infinispan server trust certificate"
|
description: "Path to infinispan server trust certificate"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_ispn_trust_store_password:
|
keycloak_quarkus_ispn_trust_store_password:
|
||||||
# line 53 of defaults/main.yml
|
|
||||||
default: "changeit"
|
default: "changeit"
|
||||||
description: "Password for infinispan certificate keystore"
|
description: "Password for infinispan certificate keystore"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_jdbc_engine:
|
keycloak_quarkus_jdbc_engine:
|
||||||
# line 56 of defaults/main.yml
|
|
||||||
default: "postgres"
|
default: "postgres"
|
||||||
description: "Database engine [mariadb,postres,mssql]"
|
description: "Database engine [mariadb,postres,mssql]"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_db_user:
|
keycloak_quarkus_db_user:
|
||||||
# line 58 of defaults/main.yml
|
|
||||||
default: "keycloak-user"
|
default: "keycloak-user"
|
||||||
description: "User for database connection"
|
description: "User for database connection"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_db_pass:
|
keycloak_quarkus_db_pass:
|
||||||
# line 59 of defaults/main.yml
|
|
||||||
default: "keycloak-pass"
|
default: "keycloak-pass"
|
||||||
description: "Password for database connection"
|
description: "Password for database connection"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_jdbc_url:
|
keycloak_quarkus_jdbc_url:
|
||||||
# line 60 of defaults/main.yml
|
|
||||||
default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].url }}"
|
default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].url }}"
|
||||||
description: "JDBC URL for connecting to database"
|
description: "JDBC URL for connecting to database"
|
||||||
type: "str"
|
type: "str"
|
||||||
keycloak_quarkus_jdbc_driver_version:
|
keycloak_quarkus_jdbc_driver_version:
|
||||||
# line 61 of defaults/main.yml
|
|
||||||
default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].version }}"
|
default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].version }}"
|
||||||
description: "Version for JDBC driver"
|
description: "Version for JDBC driver"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,10 @@
|
||||||
---
|
---
|
||||||
keycloak_quarkus_jvm_package: openjdk-17-jdk-headless
|
keycloak_quarkus_varjvm_package: "{{ keycloak_quarkus_jvm_package | default('openjdk-17-jdk-headless') }}"
|
||||||
keycloak_quarkus_prereq_package_list:
|
keycloak_quarkus_prereq_package_list:
|
||||||
- "{{ keycloak_quarkus_jvm_package }}"
|
- "{{ keycloak_quarkus_varjvm_package }}"
|
||||||
- unzip
|
- unzip
|
||||||
- procps
|
- procps
|
||||||
- apt
|
- apt
|
||||||
- tzdata
|
- tzdata
|
||||||
keycloak_quarkus_configure_iptables: True
|
|
||||||
keycloak_quarkus_sysconf_file: /etc/default/keycloak
|
keycloak_quarkus_sysconf_file: /etc/default/keycloak
|
||||||
keycloak_quarkus_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_quarkus_jvm_package | regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
|
keycloak_quarkus_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_quarkus_varjvm_package | regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,10 @@
|
||||||
---
|
---
|
||||||
keycloak_quarkus_jvm_package: java-17-openjdk-headless
|
keycloak_quarkus_varjvm_package: "{{ keycloak_quarkus_jvm_package | default('java-17-openjdk-headless') }}"
|
||||||
keycloak_quarkus_prereq_package_list:
|
keycloak_quarkus_prereq_package_list:
|
||||||
- "{{ keycloak_quarkus_jvm_package }}"
|
- "{{ keycloak_quarkus_varjvm_package }}"
|
||||||
- unzip
|
- unzip
|
||||||
- procps-ng
|
- procps-ng
|
||||||
- initscripts
|
- initscripts
|
||||||
- tzdata-java
|
- tzdata-java
|
||||||
keycloak_quarkus_configure_iptables: False
|
|
||||||
keycloak_quarkus_sysconf_file: /etc/sysconfig/keycloak
|
keycloak_quarkus_sysconf_file: /etc/sysconfig/keycloak
|
||||||
keycloak_quarkus_pkg_java_home: "/etc/alternatives/jre_{{ keycloak_quarkus_jvm_package | regex_search('(?<=java-)[0-9.]+') }}"
|
keycloak_quarkus_pkg_java_home: "/etc/alternatives/jre_{{ keycloak_quarkus_varjvm_package | regex_search('(?<=java-)[0-9.]+') }}"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue