ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-07-27 23:21:33 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

single site remote cache

Browse source
This commit is contained in:
Guido Grazioli 2025-05-29 21:37:11 +02:00
commit 3de96a6666
2 changed files with 38 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
molecule/quarkus_ha_remote/converge.yml
View file

@ -45,5 +45,10 @@
keycloak_quarkus_cache_remote_password: remembertochangeme keycloak_quarkus_cache_remote_password: remembertochangeme
keycloak_quarkus_cache_remote_host: "infinispan1:11222" keycloak_quarkus_cache_remote_host: "infinispan1:11222"
keycloak_quarkus_cache_remote_tls_enabled: false keycloak_quarkus_cache_remote_tls_enabled: false
keycloak_quarkus_additional_env_vars:
- key: KC_FEATURES
value: clusterless
- key: KC_FEATURES_DISABLED
value: persistent-user-sessions
roles: roles:
- role: keycloak_quarkus - role: keycloak_quarkus

38
roles/keycloak_quarkus/defaults/main.yml
View file

@ -38,14 +38,21 @@ keycloak_quarkus_http_enabled: true
keycloak_quarkus_http_port: 8080 keycloak_quarkus_http_port: 8080
keycloak_quarkus_https_port: 8443 keycloak_quarkus_https_port: 8443
keycloak_quarkus_http_management_port: 9000 keycloak_quarkus_http_management_port: 9000
keycloak_quarkus_jgroups_ip: "{{ ansible_default_ipv4.address }}"
keycloak_quarkus_jgroups_port: 7800 keycloak_quarkus_jgroups_port: 7800
keycloak_quarkus_jgroups_bind_address: "{{ ansible_default_ipv4.address }}"
keycloak_quarkus_jgroups_external_addr: "{{ keycloak_quarkus_jgroups_bind_address }}"
keycloak_quarkus_jgroups_external_port: "{{ keycloak_quarkus_jgroups_port }}"
keycloak_quarkus_java_heap_opts: "-Xms1024m -Xmx2048m" keycloak_quarkus_java_heap_opts: "-Xms1024m -Xmx2048m"
keycloak_quarkus_java_jvm_opts: "-XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 keycloak_quarkus_java_jvm_opts: >
-XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8
-Dsun.err.encoding=UTF-8 -Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Dsun.err.encoding=UTF-8 -Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError
-Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC -XX:GCTimeRatio=4 -Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC -XX:GCTimeRatio=4
-XX:AdaptiveSizePolicyWeight=90 -XX:FlightRecorderOptions=stackdepth=512" -XX:AdaptiveSizePolicyWeight=90 -XX:FlightRecorderOptions=stackdepth=512
keycloak_quarkus_java_opts: "{{ keycloak_quarkus_java_heap_opts + ' ' + keycloak_quarkus_java_jvm_opts }}" keycloak_quarkus_jgroups_opts: >
-Djgroups.bind.address={{ keycloak_quarkus_jgroups_bind_address }}
-Djgroups.external_port={{ keycloak_quarkus_jgroups_external_port }}
-Djgroups.external_addr={{ keycloak_quarkus_jgroups_external_addr }}
keycloak_quarkus_java_opts: "{{ ' '.join(keycloak_quarkus_jgroups_opts, keycloak_quarkus_java_heap_opts, keycloak_quarkus_java_jvm_opts }}"
keycloak_quarkus_additional_env_vars: [] keycloak_quarkus_additional_env_vars: []
### TLS/HTTPS configuration ### TLS/HTTPS configuration
@ -86,7 +93,7 @@ keycloak_quarkus_hostname_admin:
### Set the path relative to / for serving resources. The path must start with a / ### Set the path relative to / for serving resources. The path must start with a /
### (set to `/auth` for retrocompatibility with pre-quarkus releases) ### (set to `/auth` for retrocompatibility with pre-quarkus releases)
keycloak_quarkus_http_relative_path: / keycloak_quarkus_http_relative_path: /
f
# Disables dynamically resolving the hostname from request headers. # Disables dynamically resolving the hostname from request headers.
# Should always be set to true in production, unless proxy verifies the Host header. # Should always be set to true in production, unless proxy verifies the Host header.
keycloak_quarkus_hostname_strict: true keycloak_quarkus_hostname_strict: true
@ -110,7 +117,28 @@ keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route: true
keycloak_quarkus_metrics_enabled: false keycloak_quarkus_metrics_enabled: false
keycloak_quarkus_health_enabled: true keycloak_quarkus_health_enabled: true
### caches; must read: https://www.keycloak.org/2024/12/storing-sessions-in-kc26
### embedded caches
# https://www.keycloak.org/server/caching
keycloak_quarkus_cache_metrics_enabled: false
keycloak_quarkus_cache_embedded_authorization_max_count:
keycloak_quarkus_cache_embedded_client_sessions_max_count:
keycloak_quarkus_cache_embedded_crl_max_count:
keycloak_quarkus_cache_embedded_keys_max_count:
keycloak_quarkus_cache_embedded_offline_client_sessions_max_count:
keycloak_quarkus_cache_embedded_offline_sessions_max_count:
keycloak_quarkus_cache_embedded_realms_max_count:
keycloak_quarkus_cache_embedded_sessions_max_count:
keycloak_quarkus_cache_embedded_users_max_count:
keycloak_quarkus_cache_embedded_mtls_enabled: true
keycloak_quarkus_cache_embedded_mtls_key_store_file: "{{ keycloak.home }}/conf/cache_key_store.p12"
keycloak_quarkus_cache_embedded_mtls_key_store_password: ''
keycloak_quarkus_cache_embedded_mtls_rotation_interval_days: 30
keycloak_quarkus_cache_embedded_mtls_trust_store_file: "{{ keycloak.home }}/conf/cache_trust_store.p12"
keycloak_quarkus_cache_embedded_mtls_trust_store_password: ''
### infinispan remote caches access (hotrod) ### infinispan remote caches access (hotrod)
# https://www.keycloak.org/server/caching#_remote_cache
keycloak_quarkus_cache_remote_username: supervisor keycloak_quarkus_cache_remote_username: supervisor
keycloak_quarkus_cache_remote_password: supervisor keycloak_quarkus_cache_remote_password: supervisor
keycloak_quarkus_cache_remote_host: "localhost:11222" keycloak_quarkus_cache_remote_host: "localhost:11222"