diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9034acc..d2ceab8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -28,10 +28,9 @@ jobs:
python -m pip install --upgrade pip
pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous
- - name: Create default collection path symlink
+ - name: Create default collection path
run: |
- mkdir -p /home/runner/.ansible
- ln -s /home/runner/work/middleware_automation/keycloak /home/runner/.ansible/collections
+ mkdir -p /home/runner/.ansible/collections/ansible_collections
- name: Run sanity tests
run: ansible-test sanity --docker -v --color --python ${{ matrix.python_version }}
@@ -40,6 +39,7 @@ jobs:
- name: Run molecule test
run: molecule test --all
working-directory: ./ansible_collections/middleware_automation/keycloak
+
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
diff --git a/galaxy.yml b/galaxy.yml
index 5ebc6d4..4d325b4 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
namespace: middleware_automation
name: keycloak
-version: "0.1.7"
+version: "0.1.8"
readme: README.md
authors:
- Romain Pelisse <rpelisse@redhat.com>
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 3c54d4a..68adf70 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -1,6 +1,7 @@
---
dependency:
- name: galaxy
+ name: shell
+ command: ansible-galaxy collection install -r molecule/default/requirements.yml -p $HOME/.ansible/collections --force-with-deps
driver:
name: docker
platforms:
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
index a0fd601..8dbc48d 100644
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -2,7 +2,11 @@
- name: Prepare
hosts: all
tasks:
+ - name: Disable beta repos
+ command: yum config-manager --disable '*beta*'
+ ignore_errors: yes
+
- name: Install sudo
yum:
name: sudo
- state: present
\ No newline at end of file
+ state: present
diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml
new file mode 100644
index 0000000..ca255ec
--- /dev/null
+++ b/molecule/default/requirements.yml
@@ -0,0 +1,10 @@
+---
+collections:
+ - name: middleware_automation.redhat_csp_download
+ version: ">=1.2.1"
+ - name: middleware_automation.jcliff
+ version: ">=0.0.19"
+ - name: community.general
+ - name: community.docker
+ version: ">=1.9.1"
+
diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
index 392705c..81480e0 100644
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -13,6 +13,14 @@ This role requires the `python3-netaddr` library installed on the controller nod
* or via pip: `pip install netaddr==0.8.0`
+Versions
+--------
+
+| RH-SSO VERSION | Release Date | Keycloak Version | EAP Version | Notes |
+|:---------------|:------------------|:-----------------|:------------|:----------------|
+|`7.5.0 GA` |September 20, 2021 |`15.0.2` | `7.4.0` |[Release Notes](https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/index)|
+
+
Role Defaults
-------------
@@ -48,6 +56,7 @@ The following variables are _required_ only when `keycloak_ha_enabled` is True:
| Variable | Description | Default |
|:---------|:------------|:---------|
|`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` |
+|`keycloak_frontend_url` | frontend URL for keycloak endpoints when a reverse proxy is used | `http://localhost` |
|`keycloak_jdbc_engine` | backend database flavour when db is enabled: [ postgres, mariadb ] | `postgres` |
|`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
|`infinispan_user` | username for connecting to infinispan | `supervisor` |
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 2ea1d9a..de619ac 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -1,14 +1,15 @@
---
### Configuration specific to keycloak
-keycloak_version: 9.0.2
-keycloak_archive: keycloak-{{ keycloak_version }}.zip
-keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}
+keycloak_version: 15.0.2
+keycloak_archive: "keycloak-{{ keycloak_version }}.zip"
+keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
+keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
### Configuration specific to Red Hat Single Sing-On
keycloak_rhsso_enable: False
keycloak_rhsso_version: 7.5
-keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip
+keycloak_rhsso_archive: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip"
keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}"
keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId='
@@ -50,6 +51,7 @@ keycloak_force_install: False
### mod_cluster reverse proxy
keycloak_modcluster_url: localhost
+keycloak_frontend_url: http://localhost
### infinispan remote caches access (hotrod)
infinispan_user: supervisor
diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml
index 6faafe0..a346da5 100644
--- a/roles/keycloak/tasks/install.yml
+++ b/roles/keycloak/tasks/install.yml
@@ -142,7 +142,7 @@
- name: "Deploy Keycloak's standalone.xml"
become: yes
template:
- src: "{{ 'templates/standalone-rhsso.xml.j2' if keycloak_rhsso_enable else 'templates/standalone.xml.j2' }}"
+ src: templates/standalone.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
@@ -154,7 +154,7 @@
- name: "Deploy Keycloak's standalone.xml with remote cache store"
become: yes
template:
- src: "{{ 'templates/standalone-rhsso-jdg.xml.j2' if keycloak_rhsso_enable else 'templates/standalone-infinispan.xml.j2' }}"
+ src: templates/standalone-infinispan.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}"
owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}"
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 66f56b3..bcf0c06 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -6,9 +6,17 @@
tags:
- prereqs
-- include_tasks: tasks/install.yml
+- name: Include install tasks
+ include_tasks: tasks/install.yml
-- include_tasks: tasks/systemd.yml
+- name: Include systemd tasks
+ include_tasks: tasks/systemd.yml
+
+- name: Link default logs directory
+ file:
+ state: link
+ src: "{{keycloak_jboss_home}}/standalone/log"
+ dest: /var/log/keycloak
- block:
- name: Check admin credentials by generating a token
diff --git a/roles/keycloak/tasks/systemd.yml b/roles/keycloak/tasks/systemd.yml
index 3cf1479..858f5d7 100644
--- a/roles/keycloak/tasks/systemd.yml
+++ b/roles/keycloak/tasks/systemd.yml
@@ -38,6 +38,9 @@
daemon_reload: yes
when: systemdunit.changed
+- set_fact:
+ health_url: "{{ keycloak_management_url }}/health"
+
- name: start keycloak
systemd:
name: keycloak
@@ -56,9 +59,6 @@
- meta: flush_handlers
-- set_fact:
- health_url: "{{ keycloak_management_url }}/health"
-
- name: "Wait until Keycloak becomes active {{ health_url }}"
uri:
url: "{{ health_url }}"
diff --git a/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2 b/roles/keycloak/templates/9.0.2/standalone-infinispan.xml.j2
similarity index 88%
rename from roles/keycloak/templates/standalone-rhsso-jdg.xml.j2
rename to roles/keycloak/templates/9.0.2/standalone-infinispan.xml.j2
index 09884b5..2b2842b 100644
--- a/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2
+++ b/roles/keycloak/templates/9.0.2/standalone-infinispan.xml.j2
@@ -1,6 +1,6 @@
<?xml version='1.0' encoding='UTF-8'?>
-<server xmlns="urn:jboss:domain:16.0">
+<server xmlns="urn:jboss:domain:10.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan"/>
<extension module="org.jboss.as.clustering.jgroups"/>
@@ -23,9 +23,10 @@
<extension module="org.wildfly.extension.bean-validation"/>
<extension module="org.wildfly.extension.core-management"/>
<extension module="org.wildfly.extension.elytron"/>
- <extension module="org.wildfly.extension.health"/>
<extension module="org.wildfly.extension.io"/>
- <extension module="org.wildfly.extension.metrics"/>
+ <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
+ <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
+ <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
<extension module="org.wildfly.extension.request-controller"/>
<extension module="org.wildfly.extension.security.manager"/>
<extension module="org.wildfly.extension.undertow"/>
@@ -44,7 +45,8 @@
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
- <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
+ <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password"
+ alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
@@ -141,7 +143,7 @@
</subsystem>
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
- <subsystem xmlns="urn:jboss:domain:datasources:6.0">
+ <subsystem xmlns="urn:jboss:domain:datasources:5.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
@@ -152,15 +154,15 @@
</security>
</datasource>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
- <connection-url>{{ keycloak_jdbc[keycloak_jdbc_engine].connection_url }}</connection-url>
- <driver>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}</driver>
+{% if keycloak_jdbc.postgres.enabled %}
+ <connection-url>{{ keycloak_jdbc.postgres.connection_url }}</connection-url>
+ <driver>{{ keycloak_jdbc.postgres.driver_module_name }}</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
- <user-name>{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}</user-name>
- <password>{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}</password>
+ <user-name>{{ keycloak_jdbc.postgres.db_user }}</user-name>
+ <password>{{ keycloak_jdbc.postgres.db_password }}</password>
</security>
{% else %}
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
@@ -172,10 +174,10 @@
{% endif %}
</datasource>
<drivers>
-{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
- <driver name="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" module="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}">
- <driver-class>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_class }}</driver-class>
- <xa-datasource-class>{{ keycloak_jdbc[keycloak_jdbc_engine].xa_datasource_class }}</xa-datasource-class>
+{% if keycloak_jdbc.postgres.enabled %}
+ <driver name="{{ keycloak_jdbc.postgres.driver_module_name }}" module="{{ keycloak_jdbc.postgres.driver_module_name }}">
+ <driver-class>org.postgresql.Driver</driver-class>
+ <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
</driver>
{% endif %}
<driver name="h2" module="com.h2database.h2">
@@ -187,7 +189,7 @@
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ee:6.0">
+ <subsystem xmlns="urn:jboss:domain:ee:4.0">
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
<concurrent>
<context-services>
@@ -197,15 +199,17 @@
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
</managed-thread-factories>
<managed-executor-services>
- <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
+ <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
</managed-executor-services>
<managed-scheduled-executor-services>
- <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
+ <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
</managed-scheduled-executor-services>
</concurrent>
- <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
+ <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS"
+ managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
+ managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
+ <subsystem xmlns="urn:jboss:domain:ejb3:6.0">
<session-bean>
<stateless>
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
@@ -232,7 +236,7 @@
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
</data-stores>
</timer-service>
- <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
+ <remote cluster="ejb" connector-ref="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
</channel-creation-options>
@@ -248,7 +252,7 @@
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<log-system-exceptions value="true"/>
</subsystem>
- <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
+ <subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
@@ -357,7 +361,7 @@
</key-store>
</key-stores>
<key-managers>
- <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
+ <key-manager name="applicationKM" key-store="applicationKS">
<credential-reference clear-text="password"/>
</key-manager>
</key-managers>
@@ -366,25 +370,24 @@
</server-ssl-contexts>
</tls>
</subsystem>
- <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
- <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
- <cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
+ <subsystem xmlns="urn:jboss:domain:infinispan:9.0">
+ <cache-container name="ejb" default-cache="passivation" aliases="sfsb" module="org.wildfly.clustering.ejb.infinispan">
<local-cache name="passivation">
<locking isolation="REPEATABLE_READ"/>
<transaction mode="BATCH"/>
<file-store passivation="true" purge="false"/>
</local-cache>
</cache-container>
- <cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
+ <cache-container name="keycloak" module="org.keycloak.keycloak-model-infinispan">
<transport lock-timeout="60000"/>
<local-cache name="realms">
- <heap-memory size="10000"/>
+ <object-memory size="10000"/>
</local-cache>
<local-cache name="users">
- <heap-memory size="10000"/>
+ <object-memory size="10000"/>
</local-cache>
<local-cache name="authenticationSessions"/>
-{% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
+ {% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
<distributed-cache name="{{ cachename }}">
<remote-store cache="{{ cachename }}"
remote-servers="remote-cache"
@@ -400,15 +403,15 @@
<property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
<property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
<property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
- <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
- <property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
- <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
+ <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
+ <property name="infinispan.client.hotrod.use_ssl">false</property>
+ <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
- <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
+ <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
</remote-store>
</distributed-cache>
-{% endfor %}
+ {% endfor %}
<replicated-cache name="work">
<remote-store cache="work"
remote-servers="remote-cache"
@@ -424,28 +427,28 @@
<property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
<property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
<property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
- <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
- <property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
- <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
+ <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
+ <property name="infinispan.client.hotrod.use_ssl">false</property>
+ <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
- <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
+ <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
</remote-store>
</replicated-cache>
<local-cache name="authorization">
- <heap-memory size="10000"/>
+ <object-memory size="10000"/>
</local-cache>
<local-cache name="keys">
- <heap-memory size="1000"/>
+ <object-memory size="1000"/>
<expiration max-idle="3600000"/>
</local-cache>
</cache-container>
- <cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server">
+ <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
<local-cache name="default">
<transaction mode="BATCH"/>
</local-cache>
</cache-container>
- <cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan">
+ <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
<local-cache name="passivation">
<locking isolation="REPEATABLE_READ"/>
<transaction mode="BATCH"/>
@@ -457,13 +460,13 @@
</local-cache>
<local-cache name="routing"/>
</cache-container>
- <cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
+ <cache-container name="hibernate" module="org.infinispan.hibernate-cache">
<local-cache name="entity">
- <heap-memory size="10000"/>
+ <object-memory size="10000"/>
<expiration max-idle="100000"/>
</local-cache>
<local-cache name="local-query">
- <heap-memory size="10000"/>
+ <object-memory size="10000"/>
<expiration max-idle="100000"/>
</local-cache>
<local-cache name="timestamps"/>
@@ -473,7 +476,7 @@
<worker name="default"/>
<buffer-pool name="default"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
+ <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
<subsystem xmlns="urn:jboss:domain:jca:5.0">
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
<bean-validation enabled="true"/>
@@ -493,7 +496,7 @@
</default-workmanager>
<cached-connection-manager/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:jgroups:8.0">
+ <subsystem xmlns="urn:jboss:domain:jgroups:7.0">
<channels default="ee">
<channel name="ee" stack="tcp" cluster="ejb"/>
</channels>
@@ -530,7 +533,7 @@
<remoting-connector/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
- <jpa default-extended-persistence-inheritance="DEEP"/>
+ <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
@@ -606,19 +609,18 @@
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
- <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
- <property name="forceBackendUrlToFrontendUrl" value="false"/>
+ <property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
+ <property name="forceBackendUrlToFrontendUrl" value="true"/>
</properties>
</provider>
</spi>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:mail:4.0">
+ <subsystem xmlns="urn:jboss:domain:mail:3.0">
<mail-session name="default" jndi-name="java:jboss/mail/Default">
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
</mail-session>
</subsystem>
- <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
-{% if keycloak_modcluster.enabled %}
+{% if keycloak_modcluster.enabled %}
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
<proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
<dynamic-load-provider>
@@ -626,7 +628,7 @@
</dynamic-load-provider>
</proxy>
</subsystem>
-{% endif %}
+{% endif %}
<subsystem xmlns="urn:jboss:domain:naming:2.0">
<remote-naming/>
</subsystem>
@@ -673,7 +675,7 @@
</maximum-set>
</deployment-permissions>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:transactions:6.0">
+ <subsystem xmlns="urn:jboss:domain:transactions:5.0">
<core-environment node-identifier="{{ inventory_hostname | default('${jboss.tx.node.id:1}') }}">
<process-id>
<uuid/>
@@ -683,7 +685,9 @@
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
+ <subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host"
+ default-servlet-container="default" default-security-domain="other"
+ statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp"/>
@@ -708,12 +712,18 @@
</filters>
</subsystem>
<subsystem xmlns="urn:jboss:domain:weld:4.0"/>
- </profile>
+ <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
+ <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false"
+ empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}"
+ empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
+ <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false"
+ exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
+ </profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
- <interface name="jgroups">
+ <interface name="jgroups">
{% if ansible_default_ipv4 is defined %}
<subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr('net') }}"/>
{% else %}
diff --git a/roles/keycloak/templates/standalone-rhsso.xml.j2 b/roles/keycloak/templates/9.0.2/standalone.xml.j2
similarity index 87%
rename from roles/keycloak/templates/standalone-rhsso.xml.j2
rename to roles/keycloak/templates/9.0.2/standalone.xml.j2
index 95eb4e0..823357f 100644
--- a/roles/keycloak/templates/standalone-rhsso.xml.j2
+++ b/roles/keycloak/templates/9.0.2/standalone.xml.j2
@@ -1,6 +1,6 @@
<?xml version='1.0' encoding='UTF-8'?>
-<server xmlns="urn:jboss:domain:16.0">
+<server xmlns="urn:jboss:domain:10.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan"/>
<extension module="org.jboss.as.connector"/>
@@ -22,9 +22,10 @@
<extension module="org.wildfly.extension.bean-validation"/>
<extension module="org.wildfly.extension.core-management"/>
<extension module="org.wildfly.extension.elytron"/>
- <extension module="org.wildfly.extension.health"/>
<extension module="org.wildfly.extension.io"/>
- <extension module="org.wildfly.extension.metrics"/>
+ <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
+ <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
+ <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
<extension module="org.wildfly.extension.request-controller"/>
<extension module="org.wildfly.extension.security.manager"/>
<extension module="org.wildfly.extension.undertow"/>
@@ -43,7 +44,8 @@
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
- <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
+ <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password"
+ alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
@@ -128,7 +130,7 @@
</subsystem>
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
- <subsystem xmlns="urn:jboss:domain:datasources:6.0">
+ <subsystem xmlns="urn:jboss:domain:datasources:5.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
@@ -156,7 +158,7 @@
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ee:6.0">
+ <subsystem xmlns="urn:jboss:domain:ee:4.0">
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
<concurrent>
<context-services>
@@ -166,15 +168,17 @@
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
</managed-thread-factories>
<managed-executor-services>
- <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
+ <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
</managed-executor-services>
<managed-scheduled-executor-services>
- <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
+ <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
</managed-scheduled-executor-services>
</concurrent>
- <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
+ <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS"
+ managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
+ managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
+ <subsystem xmlns="urn:jboss:domain:ejb3:6.0">
<session-bean>
<stateless>
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
@@ -201,7 +205,7 @@
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
</data-stores>
</timer-service>
- <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
+ <remote connector-ref="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
</channel-creation-options>
@@ -217,7 +221,130 @@
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<log-system-exceptions value="true"/>
</subsystem>
- <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
+ <subsystem xmlns="urn:jboss:domain:io:3.0">
+ <worker name="default"/>
+ <buffer-pool name="default"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:infinispan:9.0">
+ <cache-container name="keycloak">
+ <local-cache name="realms">
+ <object-memory size="10000"/>
+ </local-cache>
+ <local-cache name="users">
+ <object-memory size="10000"/>
+ </local-cache>
+ <local-cache name="sessions"/>
+ <local-cache name="authenticationSessions"/>
+ <local-cache name="offlineSessions"/>
+ <local-cache name="clientSessions"/>
+ <local-cache name="offlineClientSessions"/>
+ <local-cache name="loginFailures"/>
+ <local-cache name="work"/>
+ <local-cache name="authorization">
+ <object-memory size="10000"/>
+ </local-cache>
+ <local-cache name="keys">
+ <object-memory size="1000"/>
+ <expiration max-idle="3600000"/>
+ </local-cache>
+ <local-cache name="actionTokens">
+ <object-memory size="-1"/>
+ <expiration max-idle="-1" interval="300000"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
+ <local-cache name="default">
+ <transaction mode="BATCH"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ <local-cache name="sso">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ </local-cache>
+ <local-cache name="routing"/>
+ </cache-container>
+ <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="hibernate" module="org.infinispan.hibernate-cache">
+ <local-cache name="entity">
+ <object-memory size="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="local-query">
+ <object-memory size="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="timestamps"/>
+ </cache-container>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:jca:5.0">
+ <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
+ <bean-validation enabled="true"/>
+ <default-workmanager>
+ <short-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </short-running-threads>
+ <long-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </long-running-threads>
+ </default-workmanager>
+ <cached-connection-manager/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jmx:1.3">
+ <expose-resolved-model/>
+ <expose-expression-model/>
+ <remoting-connector/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jpa:1.1">
+ <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:mail:3.0">
+ <mail-session name="default" jndi-name="java:jboss/mail/Default">
+ <smtp-server outbound-socket-binding-ref="mail-smtp"/>
+ </mail-session>
+ </subsystem>
+{% if keycloak_modcluster.enabled %}
+ <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
+ <proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
+ <dynamic-load-provider>
+ <load-metric type="cpu"/>
+ </dynamic-load-provider>
+ </proxy>
+ </subsystem>
+{% endif %}
+ <subsystem xmlns="urn:jboss:domain:naming:2.0">
+ <remote-naming/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:remoting:4.0">
+ <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
+ <deployment-permissions>
+ <maximum-set>
+ <permission class="java.security.AllPermission"/>
+ </maximum-set>
+ </deployment-permissions>
+ </subsystem>
+ <subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
@@ -275,7 +402,6 @@
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
- <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
</permission-set>
</permission-sets>
<http>
@@ -317,126 +443,78 @@
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global"/>
</sasl>
- <tls>
- <key-stores>
- <key-store name="applicationKS">
- <credential-reference clear-text="password"/>
- <implementation type="JKS"/>
- <file path="application.keystore" relative-to="jboss.server.config.dir"/>
- </key-store>
- </key-stores>
- <key-managers>
- <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
- <credential-reference clear-text="password"/>
- </key-manager>
- </key-managers>
- <server-ssl-contexts>
- <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
- </server-ssl-contexts>
- </tls>
</subsystem>
- <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
- <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
- <cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
- <local-cache name="passivation">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="true" purge="false"/>
- </local-cache>
- </cache-container>
- <cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
- <local-cache name="realms">
- <heap-memory size="10000"/>
- </local-cache>
- <local-cache name="users">
- <heap-memory size="10000"/>
- </local-cache>
- <local-cache name="sessions"/>
- <local-cache name="authenticationSessions"/>
- <local-cache name="offlineSessions"/>
- <local-cache name="clientSessions"/>
- <local-cache name="offlineClientSessions"/>
- <local-cache name="loginFailures"/>
- <local-cache name="work"/>
- <local-cache name="authorization">
- <heap-memory size="10000"/>
- </local-cache>
- <local-cache name="keys">
- <heap-memory size="1000"/>
- <expiration max-idle="3600000"/>
- </local-cache>
- <local-cache name="actionTokens">
- <heap-memory size="-1"/>
- <expiration interval="300000" max-idle="-1"/>
- </local-cache>
- </cache-container>
- <cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server">
- <local-cache name="default">
- <transaction mode="BATCH"/>
- </local-cache>
- </cache-container>
- <cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan">
- <local-cache name="passivation">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="true" purge="false"/>
- </local-cache>
- <local-cache name="sso">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- </local-cache>
- <local-cache name="routing"/>
- </cache-container>
- <cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
- <local-cache name="entity">
- <heap-memory size="10000"/>
- <expiration max-idle="100000"/>
- </local-cache>
- <local-cache name="local-query">
- <heap-memory size="10000"/>
- <expiration max-idle="100000"/>
- </local-cache>
- <local-cache name="timestamps"/>
- </cache-container>
+ <subsystem xmlns="urn:jboss:domain:security:2.0">
+ <security-domains>
+ <security-domain name="other" cache-type="default">
+ <authentication>
+ <login-module code="Remoting" flag="optional">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ <login-module code="RealmDirect" flag="required">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ </authentication>
+ </security-domain>
+ <security-domain name="jboss-web-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ <security-domain name="jaspitest" cache-type="default">
+ <authentication-jaspi>
+ <login-module-stack name="dummy">
+ <login-module code="Dummy" flag="optional"/>
+ </login-module-stack>
+ <auth-module code="Dummy"/>
+ </authentication-jaspi>
+ </security-domain>
+ <security-domain name="jboss-ejb-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ </security-domains>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:io:3.0">
- <worker name="default"/>
- <buffer-pool name="default"/>
+ <subsystem xmlns="urn:jboss:domain:transactions:5.0">
+ <core-environment node-identifier="${jboss.tx.node.id:1}">
+ <process-id>
+ <uuid/>
+ </process-id>
+ </core-environment>
+ <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
+ <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
+ <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
- <subsystem xmlns="urn:jboss:domain:jca:5.0">
- <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
- <bean-validation enabled="true"/>
- <default-workmanager>
- <short-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </short-running-threads>
- <long-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </long-running-threads>
- </default-workmanager>
- <cached-connection-manager/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jmx:1.3">
- <expose-resolved-model/>
- <expose-expression-model/>
- <remoting-connector/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jpa:1.1">
- <jpa default-extended-persistence-inheritance="DEEP"/>
+ <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
+ <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
+ <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false"
+ empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
+ <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
+ <subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host"
+ default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
+ <buffer-cache name="default"/>
+ <server name="default-server">
+ <ajp-listener name="ajp" socket-binding="ajp"/>
+ <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
+ <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
+ <host name="default-host" alias="localhost">
+ <location name="/" handler="welcome-content"/>
+ <http-invoker security-realm="ApplicationRealm"/>
+ </host>
+ </server>
+ <servlet-container name="default">
+ <jsp-config/>
+ <websockets/>
+ </servlet-container>
+ <handlers>
+ <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
+ </handlers>
</subsystem>
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
<providers>
- <provider>
- classpath:${jboss.home.dir}/providers/*
- </provider>
+ <provider>classpath:${jboss.home.dir}/providers/*</provider>
</providers>
<master-realm-name>master</master-realm-name>
<scheduled-task-interval>900</scheduled-task-interval>
@@ -505,103 +583,12 @@
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
- <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
- <property name="forceBackendUrlToFrontendUrl" value="false"/>
+ <property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
+ <property name="forceBackendUrlToFrontendUrl" value="true"/>
</properties>
</provider>
</spi>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:mail:4.0">
- <mail-session name="default" jndi-name="java:jboss/mail/Default">
- <smtp-server outbound-socket-binding-ref="mail-smtp"/>
- </mail-session>
- </subsystem>
- <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
-{% if keycloak_modcluster.enabled %}
- <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
- <proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
- <dynamic-load-provider>
- <load-metric type="cpu"/>
- </dynamic-load-provider>
- </proxy>
- </subsystem>
-{% endif %}
- <subsystem xmlns="urn:jboss:domain:naming:2.0">
- <remote-naming/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:remoting:4.0">
- <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
- <subsystem xmlns="urn:jboss:domain:security:2.0">
- <security-domains>
- <security-domain name="other" cache-type="default">
- <authentication>
- <login-module code="Remoting" flag="optional">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- <login-module code="RealmDirect" flag="required">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- </authentication>
- </security-domain>
- <security-domain name="jboss-web-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- <security-domain name="jaspitest" cache-type="default">
- <authentication-jaspi>
- <login-module-stack name="dummy">
- <login-module code="Dummy" flag="optional"/>
- </login-module-stack>
- <auth-module code="Dummy"/>
- </authentication-jaspi>
- </security-domain>
- <security-domain name="jboss-ejb-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- </security-domains>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
- <deployment-permissions>
- <maximum-set>
- <permission class="java.security.AllPermission"/>
- </maximum-set>
- </deployment-permissions>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:transactions:6.0">
- <core-environment node-identifier="${jboss.tx.node.id:1}">
- <process-id>
- <uuid/>
- </process-id>
- </core-environment>
- <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
- <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
- <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
- <buffer-cache name="default"/>
- <server name="default-server">
- <ajp-listener name="ajp" socket-binding="ajp"/>
- <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
- <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
- <host name="default-host" alias="localhost">
- <location name="/" handler="welcome-content"/>
- <http-invoker security-realm="ApplicationRealm"/>
- </host>
- </server>
- <servlet-container name="default">
- <jsp-config/>
- <websockets/>
- </servlet-container>
- <handlers>
- <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
- </handlers>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
</profile>
<interfaces>
<interface name="management">
@@ -621,12 +608,12 @@
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
- <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
+ <remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
-{% if keycloak_modcluster.enabled %}
+{% if keycloak_modcluster.enabled %}
<outbound-socket-binding name="proxy1">
<remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
</outbound-socket-binding>
-{% endif %}
+{% endif %}
</socket-binding-group>
</server>
diff --git a/roles/keycloak/templates/keycloak-service.sh.j2 b/roles/keycloak/templates/keycloak-service.sh.j2
index 422ccde..82e3a21 100755
--- a/roles/keycloak/templates/keycloak-service.sh.j2
+++ b/roles/keycloak/templates/keycloak-service.sh.j2
@@ -83,8 +83,7 @@ startKeycloak() {
-Djboss.management.https.port=${KEYCLOAK_MANAGEMENT_HTTPS_PORT} \
-Djboss.node.name={{ inventory_hostname }} \
{% if keycloak_prefer_ipv4 %}-Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true {% endif %}\
- {% if keycloak_config_standalone_xml is defined %}--server-config={{ keycloak_config_standalone_xml }}{% endif %} \
- 2>&1 >> "${KEYCLOAK_LOGFILE}" &
+ {% if keycloak_config_standalone_xml is defined %}--server-config={{ keycloak_config_standalone_xml }}{% endif %} &
while [ ! -f ${KEYCLOAK_PIDFILE} ]; do sleep 1; done
fi
}
diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2
index e7d2a8c..e73bf19 100644
--- a/roles/keycloak/templates/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/standalone-infinispan.xml.j2
@@ -1,6 +1,6 @@
<?xml version='1.0' encoding='UTF-8'?>
-<server xmlns="urn:jboss:domain:10.0">
+<server xmlns="urn:jboss:domain:16.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan"/>
<extension module="org.jboss.as.clustering.jgroups"/>
@@ -23,10 +23,9 @@
<extension module="org.wildfly.extension.bean-validation"/>
<extension module="org.wildfly.extension.core-management"/>
<extension module="org.wildfly.extension.elytron"/>
+ <extension module="org.wildfly.extension.health"/>
<extension module="org.wildfly.extension.io"/>
- <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
- <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
- <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
+ <extension module="org.wildfly.extension.metrics"/>
<extension module="org.wildfly.extension.request-controller"/>
<extension module="org.wildfly.extension.security.manager"/>
<extension module="org.wildfly.extension.undertow"/>
@@ -45,8 +44,7 @@
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
- <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password"
- alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
+ <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
@@ -143,7 +141,7 @@
</subsystem>
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
- <subsystem xmlns="urn:jboss:domain:datasources:5.0">
+ <subsystem xmlns="urn:jboss:domain:datasources:6.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
@@ -154,15 +152,15 @@
</security>
</datasource>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-{% if keycloak_jdbc.postgres.enabled %}
- <connection-url>{{ keycloak_jdbc.postgres.connection_url }}</connection-url>
- <driver>{{ keycloak_jdbc.postgres.driver_module_name }}</driver>
+{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
+ <connection-url>{{ keycloak_jdbc[keycloak_jdbc_engine].connection_url }}</connection-url>
+ <driver>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
- <user-name>{{ keycloak_jdbc.postgres.db_user }}</user-name>
- <password>{{ keycloak_jdbc.postgres.db_password }}</password>
+ <user-name>{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}</user-name>
+ <password>{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}</password>
</security>
{% else %}
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
@@ -174,10 +172,10 @@
{% endif %}
</datasource>
<drivers>
-{% if keycloak_jdbc.postgres.enabled %}
- <driver name="{{ keycloak_jdbc.postgres.driver_module_name }}" module="{{ keycloak_jdbc.postgres.driver_module_name }}">
- <driver-class>org.postgresql.Driver</driver-class>
- <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
+{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
+ <driver name="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" module="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}">
+ <driver-class>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_class }}</driver-class>
+ <xa-datasource-class>{{ keycloak_jdbc[keycloak_jdbc_engine].xa_datasource_class }}</xa-datasource-class>
</driver>
{% endif %}
<driver name="h2" module="com.h2database.h2">
@@ -189,7 +187,7 @@
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ee:4.0">
+ <subsystem xmlns="urn:jboss:domain:ee:6.0">
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
<concurrent>
<context-services>
@@ -199,17 +197,15 @@
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
</managed-thread-factories>
<managed-executor-services>
- <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
+ <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
</managed-executor-services>
<managed-scheduled-executor-services>
- <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
+ <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
</managed-scheduled-executor-services>
</concurrent>
- <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS"
- managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
- managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
+ <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ejb3:6.0">
+ <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
<session-bean>
<stateless>
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
@@ -236,7 +232,7 @@
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
</data-stores>
</timer-service>
- <remote cluster="ejb" connector-ref="http-remoting-connector" thread-pool-name="default">
+ <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
</channel-creation-options>
@@ -252,7 +248,7 @@
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<log-system-exceptions value="true"/>
</subsystem>
- <subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
+ <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
@@ -361,7 +357,7 @@
</key-store>
</key-stores>
<key-managers>
- <key-manager name="applicationKM" key-store="applicationKS">
+ <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
<credential-reference clear-text="password"/>
</key-manager>
</key-managers>
@@ -370,24 +366,25 @@
</server-ssl-contexts>
</tls>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:infinispan:9.0">
- <cache-container name="ejb" default-cache="passivation" aliases="sfsb" module="org.wildfly.clustering.ejb.infinispan">
+ <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
+ <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
+ <cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
<local-cache name="passivation">
<locking isolation="REPEATABLE_READ"/>
<transaction mode="BATCH"/>
<file-store passivation="true" purge="false"/>
</local-cache>
</cache-container>
- <cache-container name="keycloak" module="org.keycloak.keycloak-model-infinispan">
+ <cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
<transport lock-timeout="60000"/>
<local-cache name="realms">
- <object-memory size="10000"/>
+ <heap-memory size="10000"/>
</local-cache>
<local-cache name="users">
- <object-memory size="10000"/>
+ <heap-memory size="10000"/>
</local-cache>
<local-cache name="authenticationSessions"/>
- {% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
+{% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
<distributed-cache name="{{ cachename }}">
<remote-store cache="{{ cachename }}"
remote-servers="remote-cache"
@@ -403,15 +400,15 @@
<property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
<property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
<property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
- <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
- <property name="infinispan.client.hotrod.use_ssl">false</property>
- <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
+ <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
+ <property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
+ <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
- <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
+ <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
</remote-store>
</distributed-cache>
- {% endfor %}
+{% endfor %}
<replicated-cache name="work">
<remote-store cache="work"
remote-servers="remote-cache"
@@ -427,28 +424,28 @@
<property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
<property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
<property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
- <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
- <property name="infinispan.client.hotrod.use_ssl">false</property>
- <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
+ <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
+ <property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
+ <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
- <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
+ <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
</remote-store>
</replicated-cache>
<local-cache name="authorization">
- <object-memory size="10000"/>
+ <heap-memory size="10000"/>
</local-cache>
<local-cache name="keys">
- <object-memory size="1000"/>
+ <heap-memory size="1000"/>
<expiration max-idle="3600000"/>
</local-cache>
</cache-container>
- <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
+ <cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server">
<local-cache name="default">
<transaction mode="BATCH"/>
</local-cache>
</cache-container>
- <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
+ <cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan">
<local-cache name="passivation">
<locking isolation="REPEATABLE_READ"/>
<transaction mode="BATCH"/>
@@ -460,13 +457,13 @@
</local-cache>
<local-cache name="routing"/>
</cache-container>
- <cache-container name="hibernate" module="org.infinispan.hibernate-cache">
+ <cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
<local-cache name="entity">
- <object-memory size="10000"/>
+ <heap-memory size="10000"/>
<expiration max-idle="100000"/>
</local-cache>
<local-cache name="local-query">
- <object-memory size="10000"/>
+ <heap-memory size="10000"/>
<expiration max-idle="100000"/>
</local-cache>
<local-cache name="timestamps"/>
@@ -476,7 +473,7 @@
<worker name="default"/>
<buffer-pool name="default"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
<subsystem xmlns="urn:jboss:domain:jca:5.0">
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
<bean-validation enabled="true"/>
@@ -496,7 +493,7 @@
</default-workmanager>
<cached-connection-manager/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:jgroups:7.0">
+ <subsystem xmlns="urn:jboss:domain:jgroups:8.0">
<channels default="ee">
<channel name="ee" stack="tcp" cluster="ejb"/>
</channels>
@@ -533,7 +530,7 @@
<remoting-connector/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
- <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
+ <jpa default-extended-persistence-inheritance="DEEP"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
@@ -609,18 +606,19 @@
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
- <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
- <property name="forceBackendUrlToFrontendUrl" value="false"/>
+ <property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
+ <property name="forceBackendUrlToFrontendUrl" value="true"/>
</properties>
</provider>
</spi>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:mail:3.0">
+ <subsystem xmlns="urn:jboss:domain:mail:4.0">
<mail-session name="default" jndi-name="java:jboss/mail/Default">
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
</mail-session>
</subsystem>
-{% if keycloak_modcluster.enabled %}
+ <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
+{% if keycloak_modcluster.enabled %}
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
<proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
<dynamic-load-provider>
@@ -628,7 +626,7 @@
</dynamic-load-provider>
</proxy>
</subsystem>
-{% endif %}
+{% endif %}
<subsystem xmlns="urn:jboss:domain:naming:2.0">
<remote-naming/>
</subsystem>
@@ -675,7 +673,7 @@
</maximum-set>
</deployment-permissions>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:transactions:5.0">
+ <subsystem xmlns="urn:jboss:domain:transactions:6.0">
<core-environment node-identifier="{{ inventory_hostname | default('${jboss.tx.node.id:1}') }}">
<process-id>
<uuid/>
@@ -685,9 +683,7 @@
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host"
- default-servlet-container="default" default-security-domain="other"
- statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
+ <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp"/>
@@ -712,18 +708,12 @@
</filters>
</subsystem>
<subsystem xmlns="urn:jboss:domain:weld:4.0"/>
- <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
- <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false"
- empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}"
- empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
- <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false"
- exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
- </profile>
+ </profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
- <interface name="jgroups">
+ <interface name="jgroups">
{% if ansible_default_ipv4 is defined %}
<subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr('net') }}"/>
{% else %}
diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2
index bf3ce0a..b48883a 100644
--- a/roles/keycloak/templates/standalone.xml.j2
+++ b/roles/keycloak/templates/standalone.xml.j2
@@ -1,6 +1,6 @@
<?xml version='1.0' encoding='UTF-8'?>
-<server xmlns="urn:jboss:domain:10.0">
+<server xmlns="urn:jboss:domain:16.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan"/>
<extension module="org.jboss.as.connector"/>
@@ -22,10 +22,9 @@
<extension module="org.wildfly.extension.bean-validation"/>
<extension module="org.wildfly.extension.core-management"/>
<extension module="org.wildfly.extension.elytron"/>
+ <extension module="org.wildfly.extension.health"/>
<extension module="org.wildfly.extension.io"/>
- <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
- <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
- <extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
+ <extension module="org.wildfly.extension.metrics"/>
<extension module="org.wildfly.extension.request-controller"/>
<extension module="org.wildfly.extension.security.manager"/>
<extension module="org.wildfly.extension.undertow"/>
@@ -44,8 +43,7 @@
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
- <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password"
- alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
+ <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
@@ -130,7 +128,7 @@
</subsystem>
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
- <subsystem xmlns="urn:jboss:domain:datasources:5.0">
+ <subsystem xmlns="urn:jboss:domain:datasources:6.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
@@ -158,7 +156,7 @@
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ee:4.0">
+ <subsystem xmlns="urn:jboss:domain:ee:6.0">
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
<concurrent>
<context-services>
@@ -168,17 +166,15 @@
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
</managed-thread-factories>
<managed-executor-services>
- <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
+ <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
</managed-executor-services>
<managed-scheduled-executor-services>
- <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
+ <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
</managed-scheduled-executor-services>
</concurrent>
- <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS"
- managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
- managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
+ <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:ejb3:6.0">
+ <subsystem xmlns="urn:jboss:domain:ejb3:9.0">
<session-bean>
<stateless>
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
@@ -205,7 +201,7 @@
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
</data-stores>
</timer-service>
- <remote connector-ref="http-remoting-connector" thread-pool-name="default">
+ <remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
</channel-creation-options>
@@ -221,130 +217,7 @@
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<log-system-exceptions value="true"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:io:3.0">
- <worker name="default"/>
- <buffer-pool name="default"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:infinispan:9.0">
- <cache-container name="keycloak">
- <local-cache name="realms">
- <object-memory size="10000"/>
- </local-cache>
- <local-cache name="users">
- <object-memory size="10000"/>
- </local-cache>
- <local-cache name="sessions"/>
- <local-cache name="authenticationSessions"/>
- <local-cache name="offlineSessions"/>
- <local-cache name="clientSessions"/>
- <local-cache name="offlineClientSessions"/>
- <local-cache name="loginFailures"/>
- <local-cache name="work"/>
- <local-cache name="authorization">
- <object-memory size="10000"/>
- </local-cache>
- <local-cache name="keys">
- <object-memory size="1000"/>
- <expiration max-idle="3600000"/>
- </local-cache>
- <local-cache name="actionTokens">
- <object-memory size="-1"/>
- <expiration max-idle="-1" interval="300000"/>
- </local-cache>
- </cache-container>
- <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
- <local-cache name="default">
- <transaction mode="BATCH"/>
- </local-cache>
- </cache-container>
- <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
- <local-cache name="passivation">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="true" purge="false"/>
- </local-cache>
- <local-cache name="sso">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- </local-cache>
- <local-cache name="routing"/>
- </cache-container>
- <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
- <local-cache name="passivation">
- <locking isolation="REPEATABLE_READ"/>
- <transaction mode="BATCH"/>
- <file-store passivation="true" purge="false"/>
- </local-cache>
- </cache-container>
- <cache-container name="hibernate" module="org.infinispan.hibernate-cache">
- <local-cache name="entity">
- <object-memory size="10000"/>
- <expiration max-idle="100000"/>
- </local-cache>
- <local-cache name="local-query">
- <object-memory size="10000"/>
- <expiration max-idle="100000"/>
- </local-cache>
- <local-cache name="timestamps"/>
- </cache-container>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
- <subsystem xmlns="urn:jboss:domain:jca:5.0">
- <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
- <bean-validation enabled="true"/>
- <default-workmanager>
- <short-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </short-running-threads>
- <long-running-threads>
- <core-threads count="50"/>
- <queue-length count="50"/>
- <max-threads count="50"/>
- <keepalive-time time="10" unit="seconds"/>
- </long-running-threads>
- </default-workmanager>
- <cached-connection-manager/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jmx:1.3">
- <expose-resolved-model/>
- <expose-expression-model/>
- <remoting-connector/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:jpa:1.1">
- <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:mail:3.0">
- <mail-session name="default" jndi-name="java:jboss/mail/Default">
- <smtp-server outbound-socket-binding-ref="mail-smtp"/>
- </mail-session>
- </subsystem>
-{% if keycloak_modcluster.enabled %}
- <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
- <proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
- <dynamic-load-provider>
- <load-metric type="cpu"/>
- </dynamic-load-provider>
- </proxy>
- </subsystem>
-{% endif %}
- <subsystem xmlns="urn:jboss:domain:naming:2.0">
- <remote-naming/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:remoting:4.0">
- <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
- </subsystem>
- <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
- <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
- <deployment-permissions>
- <maximum-set>
- <permission class="java.security.AllPermission"/>
- </maximum-set>
- </deployment-permissions>
- </subsystem>
- <subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
+ <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
@@ -402,6 +275,7 @@
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
+ <permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
</permission-set>
</permission-sets>
<http>
@@ -443,78 +317,126 @@
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global"/>
</sasl>
+ <tls>
+ <key-stores>
+ <key-store name="applicationKS">
+ <credential-reference clear-text="password"/>
+ <implementation type="JKS"/>
+ <file path="application.keystore" relative-to="jboss.server.config.dir"/>
+ </key-store>
+ </key-stores>
+ <key-managers>
+ <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
+ <credential-reference clear-text="password"/>
+ </key-manager>
+ </key-managers>
+ <server-ssl-contexts>
+ <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
+ </server-ssl-contexts>
+ </tls>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:security:2.0">
- <security-domains>
- <security-domain name="other" cache-type="default">
- <authentication>
- <login-module code="Remoting" flag="optional">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- <login-module code="RealmDirect" flag="required">
- <module-option name="password-stacking" value="useFirstPass"/>
- </login-module>
- </authentication>
- </security-domain>
- <security-domain name="jboss-web-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- <security-domain name="jaspitest" cache-type="default">
- <authentication-jaspi>
- <login-module-stack name="dummy">
- <login-module code="Dummy" flag="optional"/>
- </login-module-stack>
- <auth-module code="Dummy"/>
- </authentication-jaspi>
- </security-domain>
- <security-domain name="jboss-ejb-policy" cache-type="default">
- <authorization>
- <policy-module code="Delegating" flag="required"/>
- </authorization>
- </security-domain>
- </security-domains>
+ <subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
+ <subsystem xmlns="urn:jboss:domain:infinispan:12.0">
+ <cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
+ <local-cache name="realms">
+ <heap-memory size="10000"/>
+ </local-cache>
+ <local-cache name="users">
+ <heap-memory size="10000"/>
+ </local-cache>
+ <local-cache name="sessions"/>
+ <local-cache name="authenticationSessions"/>
+ <local-cache name="offlineSessions"/>
+ <local-cache name="clientSessions"/>
+ <local-cache name="offlineClientSessions"/>
+ <local-cache name="loginFailures"/>
+ <local-cache name="work"/>
+ <local-cache name="authorization">
+ <heap-memory size="10000"/>
+ </local-cache>
+ <local-cache name="keys">
+ <heap-memory size="1000"/>
+ <expiration max-idle="3600000"/>
+ </local-cache>
+ <local-cache name="actionTokens">
+ <heap-memory size="-1"/>
+ <expiration interval="300000" max-idle="-1"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server">
+ <local-cache name="default">
+ <transaction mode="BATCH"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ <local-cache name="sso">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ </local-cache>
+ <local-cache name="routing"/>
+ </cache-container>
+ <cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
+ <local-cache name="entity">
+ <heap-memory size="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="local-query">
+ <heap-memory size="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="timestamps"/>
+ </cache-container>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:transactions:5.0">
- <core-environment node-identifier="${jboss.tx.node.id:1}">
- <process-id>
- <uuid/>
- </process-id>
- </core-environment>
- <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
- <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
- <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
+ <subsystem xmlns="urn:jboss:domain:io:3.0">
+ <worker name="default"/>
+ <buffer-pool name="default"/>
</subsystem>
- <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
- <subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
- <subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false"
- empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
- <subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
- <subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host"
- default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
- <buffer-cache name="default"/>
- <server name="default-server">
- <ajp-listener name="ajp" socket-binding="ajp"/>
- <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
- <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
- <host name="default-host" alias="localhost">
- <location name="/" handler="welcome-content"/>
- <http-invoker security-realm="ApplicationRealm"/>
- </host>
- </server>
- <servlet-container name="default">
- <jsp-config/>
- <websockets/>
- </servlet-container>
- <handlers>
- <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
- </handlers>
+ <subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
+ <subsystem xmlns="urn:jboss:domain:jca:5.0">
+ <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
+ <bean-validation enabled="true"/>
+ <default-workmanager>
+ <short-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </short-running-threads>
+ <long-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </long-running-threads>
+ </default-workmanager>
+ <cached-connection-manager/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jmx:1.3">
+ <expose-resolved-model/>
+ <expose-expression-model/>
+ <remoting-connector/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jpa:1.1">
+ <jpa default-extended-persistence-inheritance="DEEP"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
<providers>
- <provider>classpath:${jboss.home.dir}/providers/*</provider>
+ <provider>
+ classpath:${jboss.home.dir}/providers/*
+ </provider>
</providers>
<master-realm-name>master</master-realm-name>
<scheduled-task-interval>900</scheduled-task-interval>
@@ -583,12 +505,103 @@
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
- <property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
- <property name="forceBackendUrlToFrontendUrl" value="false"/>
+ <property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
+ <property name="forceBackendUrlToFrontendUrl" value="true"/>
</properties>
</provider>
</spi>
</subsystem>
+ <subsystem xmlns="urn:jboss:domain:mail:4.0">
+ <mail-session name="default" jndi-name="java:jboss/mail/Default">
+ <smtp-server outbound-socket-binding-ref="mail-smtp"/>
+ </mail-session>
+ </subsystem>
+ <subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
+{% if keycloak_modcluster.enabled %}
+ <subsystem xmlns="urn:jboss:domain:modcluster:5.0">
+ <proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
+ <dynamic-load-provider>
+ <load-metric type="cpu"/>
+ </dynamic-load-provider>
+ </proxy>
+ </subsystem>
+{% endif %}
+ <subsystem xmlns="urn:jboss:domain:naming:2.0">
+ <remote-naming/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:remoting:4.0">
+ <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:security:2.0">
+ <security-domains>
+ <security-domain name="other" cache-type="default">
+ <authentication>
+ <login-module code="Remoting" flag="optional">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ <login-module code="RealmDirect" flag="required">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ </authentication>
+ </security-domain>
+ <security-domain name="jboss-web-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ <security-domain name="jaspitest" cache-type="default">
+ <authentication-jaspi>
+ <login-module-stack name="dummy">
+ <login-module code="Dummy" flag="optional"/>
+ </login-module-stack>
+ <auth-module code="Dummy"/>
+ </authentication-jaspi>
+ </security-domain>
+ <security-domain name="jboss-ejb-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ </security-domains>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
+ <deployment-permissions>
+ <maximum-set>
+ <permission class="java.security.AllPermission"/>
+ </maximum-set>
+ </deployment-permissions>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:transactions:6.0">
+ <core-environment node-identifier="${jboss.tx.node.id:1}">
+ <process-id>
+ <uuid/>
+ </process-id>
+ </core-environment>
+ <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
+ <coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
+ <object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
+ <buffer-cache name="default"/>
+ <server name="default-server">
+ <ajp-listener name="ajp" socket-binding="ajp"/>
+ <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
+ <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
+ <host name="default-host" alias="localhost">
+ <location name="/" handler="welcome-content"/>
+ <http-invoker security-realm="ApplicationRealm"/>
+ </host>
+ </server>
+ <servlet-container name="default">
+ <jsp-config/>
+ <websockets/>
+ </servlet-container>
+ <handlers>
+ <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
+ </handlers>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:weld:4.0"/>
</profile>
<interfaces>
<interface name="management">
@@ -608,12 +621,12 @@
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
- <remote-destination host="localhost" port="25"/>
+ <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
</outbound-socket-binding>
-{% if keycloak_modcluster.enabled %}
+{% if keycloak_modcluster.enabled %}
<outbound-socket-binding name="proxy1">
<remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
</outbound-socket-binding>
-{% endif %}
+{% endif %}
</socket-binding-group>
</server>
diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml
index f135d99..cf1d6cc 100644
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -55,6 +55,7 @@ keycloak_jdbc:
keycloak_modcluster:
enabled: "{{ keycloak_ha_enabled }}"
reverse_proxy_url: "{{ keycloak_modcluster_url }}"
+ frontend_url: "{{ keycloak_frontend_url }}"
# infinispan
keycloak_remotecache: