update config options: keycloak and quarkus

2025-07-29 16:11:34 -07:00 · 2022-05-17 18:59:10 +02:00 · 2022-05-17 18:59:10 +02:00 · 31420fc24c
commit 31420fc24c
parent 2cc835219c
9 changed files with 120 additions and 34 deletions
--- a/roles/keycloak_quarkus/templates/keycloak-sysconfig.j2
+++ b/roles/keycloak_quarkus/templates/keycloak-sysconfig.j2
@ -1,3 +1,3 @@
 # {{ ansible_managed }}
 KEYCLOAK_ADMIN={{ keycloak_quarkus_admin_user }}
-KEYCLOAK_ADMIN_PASSWORD='{{ keycloak_quarkus_admin_pass }}'
+KEYCLOAK_ADMIN_PASSWORD='{{ keycloak_quarkus_admin_pass }}'
--- a/roles/keycloak_quarkus/templates/keycloak.conf.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.conf.j2
@ -1,29 +1,27 @@
 # {{ ansible_managed }}

+{% if keycloak_quarkus_db_enabled %}
 # Database
-# Database vendor [dev-file, dev-mem, mariadb, mssql, mysql, oracle, postgres]
-#db=postgres
-# The username of the database user.
-#db-username=keycloak
-# The password of the database user.
-#db-password=password
-# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
-#db-url=jdbc:postgresql://localhost/keycloak
+db={{ keycloak_quarkus_jdbc_engine }}
+db-url={{ keycloak_quarkus_jdbc_url }}
+db-username={{ keycloak_quarkus_db_user }}
+db-password={{ keycloak_quarkus_db_pass }}
+{% endif %}

 # Observability
-# If the server should expose metrics and healthcheck endpoints.
-#metrics-enabled=true
+metrics-enabled={{ keycloak_quarkus_metrics_enabled }}
+health-enabled={{ keycloak_quarkus_health_enabled }}

 # HTTP
-http-enabled=true
-http-port=8080
-https-port=8443
-# The file path to a server certificate or certificate chain in PEM format.
-#https-certificate-file=${kc.home.dir}conf/server.crt.pem
-# The file path to a private key in PEM format.
-#https-certificate-key-file=${kc.home.dir}conf/server.key.pem
-# The proxy address forwarding mode if the server is behind a reverse proxy.
-#proxy=reencrypt
+http-enabled={{ keycloak_quarkus_http_enabled }}
+http-port={{ keycloak_quarkus_http_port }}
+
+# HTTPS
+https-port={{ keycloak_quarkus_https_port }}
+{% if keycloak_quarkus_https_enabled %}
+https-certificate-file={{ keycloak.home }}/{{ keycloak_quarkus_cert_file}}
+https-certificate-key-file={{ keycloak.home }}/{{ keycloak_quarkus_key_file }}
+{% endif %}
 # Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
 #spi-sticky-session-encoder-infinispan-should-attach-route=false

@ -32,12 +30,11 @@ hostname={{ keycloak_quarkus_host }}
 hostname-path={{ keycloak_quarkus_http_relative_path }}

 # Cluster
-#cache=ispn
-#Defines the cache mechanism for high-availability. [local, ispn]
-#cache-config-file=conf/cache-ispn.xml
-#Defines the file from which cache configuration should be loaded from.
-#cache-stack=tcp
-#Define the default stack to use for cluster communication and node discovery. [tcp, udp, kubernetes, ec2, azure, google]
+{% if keycloak_quarkus_ha_enabled %}
+cache=ispn
+cache-config-file=conf/cache-ispn.xml
+cache-stack=tcp
+{% endif %}

 # Proxy
 # The proxy address forwarding mode if the server is behind a reverse proxy. [edge, reencrypt, passthrough]
@ -46,6 +43,7 @@ hostname-path={{ keycloak_quarkus_http_relative_path }}
 # Logging
 # The format of log entries.
 #log-format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
-# The log level of the root category or a comma-separated list of individual categories and their levels.
-#log-level=info
-
+log=file
+log-level={{ keycloak.log.level }}
+log-file={{ keycloak.log.file }}
+log-file-format={{ keycloak.log.format }}
--- a/roles/keycloak_quarkus/templates/keycloak.service.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.service.j2
@ -7,7 +7,7 @@ After=network.target
 Type=simple
 EnvironmentFile=-/etc/sysconfig/keycloak
 PIDFile={{ keycloak_quarkus_service_pidfile }}
-ExecStart={{ keycloak.home }}/bin/kc.sh start 
+ExecStart={{ keycloak.home }}/bin/kc.sh --auto-build start
 #--http-relative-path={{ keycloak_quarkus_http_relative_path }}

 [Install]
--- a/roles/keycloak_quarkus/templates/quarkus.properties.j2
+++ b/roles/keycloak_quarkus/templates/quarkus.properties.j2
@ -0,0 +1,19 @@
+# {{ ansible_managed }}
+{% if keycloak_quarkus_ha_enabled %}
+quarkus.infinispan-client.server-list={{ keycloak_quarkus_ispn_url }}
+quarkus.infinispan-client.client-intelligence=HASH_DISTRIBUTION_AWARE
+quarkus.infinispan-client.use-auth=true
+quarkus.infinispan-client.auth-username={{ keycloak_quarkus_ispn_user }}
+quarkus.infinispan-client.auth-password={{ keycloak_quarkus_ispn_pass }}
+quarkus.infinispan-client.auth-realm=default
+quarkus.infinispan-client.auth-server-name=infinispan
+quarkus.infinispan-client.sasl-mechanism={{ keycloak_quarkus_ispn_sasl_mechanism }}
+{% if keycloak_quarkus_ispn_use_ssl %}
+quarkus.infinispan-client.trust-store={{ keycloak_quarkus_ispn_trust_store_path }}
+quarkus.infinispan-client.trust-store-password={{ keycloak_quarkus_ispn_trust_store_password }}
+quarkus.infinispan-client.trust-store-type=jks
+{% endif %}
+#quarkus.infinispan-client.use-schema-registration=true
+#quarkus.infinispan-client.auth-client-subject
+#quarkus.infinispan-client.auth-callback-handler
+{% endif %}