diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index 7e73d70..ac59d57 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -4,6 +4,12 @@
vars:
keycloak_admin_password: "remembertochangeme"
keycloak_jvm_package: java-11-openjdk-headless
+ keycloak_modcluster_enabled: True
+ keycloak_modcluster_urls:
+ - host: myhost1
+ port: 16667
+ - host: myhost2
+ port: 16668
roles:
- role: keycloak
tasks:
diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
index 5af0957..53b8969 100644
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -115,8 +115,11 @@ The following are a set of _required_ variables for the role:
The following variables are _required_ only when `keycloak_ha_enabled` is True:
| Variable | Description | Default |
-|:---------|:------------|:---------|
-|`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` |
+|:---------|:------------|:--------|
+|`keycloak_modcluster_enabled`| Enable configuration for modcluster subsystem | `True` if `keycloak_ha_enabled` is True, else `False` |
+|`keycloak_modcluster_url` | _deprecated_ Host for the modcluster reverse proxy | `localhost` |
+|`keycloak_modcluster_port` | _deprecated_ Port for the modcluster reverse proxy | `6666` |
+|`keycloak_modcluster_urls` | List of {host,port} dicts for the modcluster reverse proxies | `[ { localhost:6666 } ]` |
|`keycloak_jdbc_engine` | backend database engine when db is enabled: [ postgres, mariadb ] | `postgres` |
|`keycloak_infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
|`keycloak_infinispan_user` | username for connecting to infinispan | `supervisor` |
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 88ff001..06320a1 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -54,8 +54,13 @@ keycloak_auth_client: admin-cli
keycloak_force_install: False
-### mod_cluster reverse proxy
+### mod_cluster reverse proxy list
+keycloak_modcluster_enabled: "{{ True if keycloak_ha_enabled else False }}"
keycloak_modcluster_url: localhost
+keycloak_modcluster_port: 6666
+keycloak_modcluster_urls:
+ - host: "{{ keycloak_modcluster_url }}"
+ port: "{{ keycloak_modcluster_port }}"
### keycloak frontend url
keycloak_frontend_url: http://localhost:8080/auth
diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml
index f58b1d4..1f6f10f 100644
--- a/roles/keycloak/meta/argument_specs.yml
+++ b/roles/keycloak/meta/argument_specs.yml
@@ -152,7 +152,7 @@ argument_specs:
# line 48 of keycloak/defaults/main.yml
default: "{{ True if keycloak_ha_enabled else False }}"
description: "Enable auto configuration for database backend"
- type: "str"
+ type: "bool"
keycloak_admin_user:
# line 51 of keycloak/defaults/main.yml
default: "admin"
@@ -173,11 +173,23 @@ argument_specs:
default: false
description: "Remove pre-existing versions of service"
type: "bool"
+ keycloak_modcluster_enabled:
+ default: "{{ True if keycloak_ha_enabled else False }}"
+ description: "Enable configuration for modcluster subsystem"
+ type: "bool"
keycloak_modcluster_url:
# line 58 of keycloak/defaults/main.yml
default: "localhost"
description: "URL for the modcluster reverse proxy"
type: "str"
+ keycloak_modcluster_port:
+ default: 6666
+ description: "Port for the modcluster reverse proxy"
+ type: "int"
+ keycloak_modcluster_urls:
+ default: "[ { host: 'localhost', port: 6666 } ]"
+ description: "List of modproxy node URLs in the format { host, port } for the modcluster reverse proxy"
+ type: "list"
keycloak_frontend_url:
# line 59 of keycloak/defaults/main.yml
default: "http://localhost"
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 316c033..32aca04 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -1,6 +1,5 @@
---
# tasks file for keycloak
-
- name: Check prerequisites
ansible.builtin.include_tasks: prereqs.yml
tags:
diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2
index bd71b75..91eefa8 100644
--- a/roles/keycloak/templates/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/standalone-infinispan.xml.j2
@@ -617,7 +617,7 @@
{% if keycloak_modcluster.enabled %}
-
+
@@ -705,9 +705,11 @@
{% if keycloak_modcluster.enabled %}
-
-
+{% for modcluster in keycloak_modcluster.reverse_proxy_urls %}
+
+
+{% endfor %}
{% endif %}
diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2
index 15c141a..438a0da 100644
--- a/roles/keycloak/templates/standalone.xml.j2
+++ b/roles/keycloak/templates/standalone.xml.j2
@@ -530,7 +530,7 @@
{% if keycloak_modcluster.enabled %}
-
+
@@ -604,10 +604,12 @@
-{% if keycloak_modcluster.enabled %}
-
-
+{% if keycloak_modcluster.enabled %}
+{% for modcluster in keycloak_modcluster.reverse_proxy_urls %}
+
+
+{% endfor %}
{% endif %}
diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml
index 0a1ad7a..026839e 100644
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -59,8 +59,8 @@ keycloak_jdbc:
# reverse proxy mod_cluster
keycloak_modcluster:
- enabled: "{{ keycloak_ha_enabled }}"
- reverse_proxy_url: "{{ keycloak_modcluster_url }}"
+ enabled: "{{ keycloak_ha_enabled or keycloak_modcluster_enabled }}"
+ reverse_proxy_urls: "{{ keycloak_modcluster_urls }}"
frontend_url: "{{ keycloak_frontend_url }}"
# infinispan