argument_specs: main: options: keycloak_version: # line 3 of keycloak/defaults/main.yml default: "18.0.2" description: "keycloak.org package version" type: "str" keycloak_archive: # line 4 of keycloak/defaults/main.yml default: "keycloak-legacy-{{ keycloak_version }}.zip" description: "keycloak install archive filename" type: "str" keycloak_configure_firewalld: # line 33 of keycloak/defaults/main.yml default: false description: "Ensure firewalld is running and configure keycloak ports" type: "bool" keycloak_download_url: # line 5 of keycloak/defaults/main.yml default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}" description: "Download URL for keycloak" type: "str" keycloak_download_url_9x: # line 6 of keycloak/defaults/main.yml default: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}" description: "Download URL for keycloak (deprecated)" type: "str" keycloak_installdir: # line 7 of keycloak/defaults/main.yml default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" description: "Installation path" type: "str" keycloak_offline_install: # line 20 of keycloak/defaults/main.yml default: false description: "Perform an offline install" type: "bool" keycloak_jvm_package: # line 23 of keycloak/defaults/main.yml default: "java-1.8.0-openjdk-headless" description: "RHEL java package runtime rpm" type: "str" keycloak_java_home: description: "JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path" type: "str" keycloak_dest: # line 24 of keycloak/defaults/main.yml default: "/opt/keycloak" description: "Root installation directory" type: "str" keycloak_jboss_home: # line 25 of keycloak/defaults/main.yml default: "{{ keycloak_installdir }}" description: "Installation work directory" type: "str" keycloak_config_dir: # line 26 of keycloak/defaults/main.yml default: "{{ keycloak_jboss_home }}/standalone/configuration" description: "Path for configuration" type: "str" keycloak_config_standalone_xml: # line 27 of keycloak/defaults/main.yml default: "keycloak.xml" description: "Service configuration filename" type: "str" keycloak_config_path_to_standalone_xml: # line 28 of keycloak/defaults/main.yml default: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}" description: "Custom path for configuration" type: "str" keycloak_config_override_template: # line 30 of keycloak/defaults/main.yml default: "" description: "Path to custom template for standalone.xml configuration" type: "str" keycloak_service_user: # line 29 of keycloak/defaults/main.yml default: "keycloak" description: "posix account username" type: "str" keycloak_service_group: # line 30 of keycloak/defaults/main.yml default: "keycloak" description: "posix account group" type: "str" keycloak_service_pidfile: # line 31 of keycloak/defaults/main.yml default: "/run/keycloak.pid" description: "PID file path for service" type: "str" keycloak_bind_address: # line 34 of keycloak/defaults/main.yml default: "0.0.0.0" description: "Address for binding service ports" type: "str" keycloak_management_port_bind_address: default: "127.0.0.1" description: "Address for binding the managemnt ports" type: "str" keycloak_host: # line 35 of keycloak/defaults/main.yml default: "localhost" description: "Hostname for service" type: "str" keycloak_http_port: # line 36 of keycloak/defaults/main.yml default: 8080 description: "Listening HTTP port" type: "int" keycloak_https_port: # line 37 of keycloak/defaults/main.yml default: 8443 description: "Listening HTTPS port" type: "int" keycloak_ajp_port: # line 38 of keycloak/defaults/main.yml default: 8009 description: "Listening AJP port" type: "int" keycloak_jgroups_port: # line 39 of keycloak/defaults/main.yml default: 7600 description: "jgroups cluster tcp port" type: "int" keycloak_management_http_port: # line 40 of keycloak/defaults/main.yml default: 9990 description: "Management port (http)" type: "int" keycloak_management_https_port: # line 41 of keycloak/defaults/main.yml default: 9993 description: "Management port (https)" type: "int" keycloak_java_opts: # line 42 of keycloak/defaults/main.yml default: "-Xms1024m -Xmx2048m" description: "Additional JVM options" type: "str" keycloak_prefer_ipv4: # line 43 of keycloak/defaults/main.yml default: true description: "Prefer IPv4 stack and addresses for port binding" type: "bool" keycloak_ha_enabled: # line 46 of keycloak/defaults/main.yml default: false description: "Enable auto configuration for database backend, clustering and remote caches on infinispan" type: "bool" keycloak_ha_discovery: default: "{{ 'JDBC_PING' if keycloak_db_enabled else 'TCPPING' }}" description: "Discovery protocol for HA cluster members" type: "str" keycloak_db_enabled: # line 48 of keycloak/defaults/main.yml default: "{{ True if keycloak_ha_enabled else False }}" description: "Enable auto configuration for database backend" type: "bool" keycloak_admin_user: # line 51 of keycloak/defaults/main.yml default: "admin" description: "Administration console user account" type: "str" keycloak_auth_realm: # line 52 of keycloak/defaults/main.yml default: "master" description: "Name for rest authentication realm" type: "str" keycloak_auth_client: # line 53 of keycloak/defaults/main.yml default: "admin-cli" description: "Authentication client for configuration REST calls" type: "str" keycloak_force_install: # line 55 of keycloak/defaults/main.yml default: false description: "Remove pre-existing versions of service" type: "bool" keycloak_modcluster_enabled: default: "{{ True if keycloak_ha_enabled else False }}" description: "Enable configuration for modcluster subsystem" type: "bool" keycloak_modcluster_url: # line 58 of keycloak/defaults/main.yml default: "localhost" description: "URL for the modcluster reverse proxy" type: "str" keycloak_modcluster_port: default: 6666 description: "Port for the modcluster reverse proxy" type: "int" keycloak_modcluster_urls: default: "[ { host: 'localhost', port: 6666 } ]" description: "List of modproxy node URLs in the format { host, port } for the modcluster reverse proxy" type: "list" keycloak_frontend_url: # line 59 of keycloak/defaults/main.yml default: "http://localhost" description: "Frontend URL for keycloak endpoints when a reverse proxy is used" type: "str" keycloak_frontend_url_force: default: False description: "Force backend requests to use the frontend URL" type: "bool" keycloak_infinispan_user: # line 62 of keycloak/defaults/main.yml default: "supervisor" description: "Username for connecting to infinispan" type: "str" keycloak_infinispan_pass: # line 63 of keycloak/defaults/main.yml default: "supervisor" description: "Password for connecting to infinispan" type: "str" keycloak_infinispan_url: # line 64 of keycloak/defaults/main.yml default: "localhost" description: "URL for the infinispan remote-cache server" type: "str" keycloak_infinispan_sasl_mechanism: # line 65 of keycloak/defaults/main.yml default: "SCRAM-SHA-512" description: "Authentication type to infinispan server" type: "str" keycloak_infinispan_use_ssl: # line 66 of keycloak/defaults/main.yml default: false description: "Enable hotrod client TLS communication" type: "bool" keycloak_infinispan_trust_store_path: # line 68 of keycloak/defaults/main.yml default: "/etc/pki/java/cacerts" description: "TODO document argument" type: "str" keycloak_infinispan_trust_store_password: # line 69 of keycloak/defaults/main.yml default: "changeit" description: "Path to truststore containing infinispan server certificate" type: "str" keycloak_jdbc_engine: # line 72 of keycloak/defaults/main.yml default: "postgres" description: "Backend database flavour when db is enabled: [ postgres, mariadb, sqlserver ]" type: "str" keycloak_db_user: # line 74 of keycloak/defaults/main.yml default: "keycloak-user" description: "Username for connecting to database" type: "str" keycloak_db_pass: # line 75 of keycloak/defaults/main.yml default: "keycloak-pass" description: "Password for connecting to database" type: "str" keycloak_jdbc_url: # line 76 of keycloak/defaults/main.yml default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}" description: "URL for connecting to backend database" type: "str" keycloak_jdbc_driver_version: # line 77 of keycloak/defaults/main.yml default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}" description: "Version for the JDBC driver to download" type: "str" keycloak_admin_password: # line 4 of keycloak/vars/main.yml required: true description: "Password for the administration console user account" type: "str" keycloak_url: # line 12 of keycloak/vars/main.yml default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}" description: "URL for configuration rest calls" type: "str" keycloak_management_url: # line 13 of keycloak/vars/main.yml default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}" description: "URL for management console rest calls" type: "str" keycloak_service_name: default: "keycloak" description: "systemd service name for keycloak" type: "str" keycloak_service_desc: default: "Keycloak" description: "systemd description for keycloak" type: "str" keycloak_service_start_delay: default: "10" description: "Expected delay in ms before the service is expected to be available after start." type: "int" keycloak_service_start_retries: default: "25" description: "How many time should Ansible retry to connect to the service after it was started, before failing." type: "int" keycloak_service_restart_on_failure: default: true description: "systemd restart-on-failure behavior activation for keycloak" type: "bool" keycloak_service_startlimitintervalsec: default: 300 description: "systemd StartLimitIntervalSec for keycloak" type: "int" keycloak_service_startlimitburst: default: 5 description: "systemd StartLimitBurst for keycloak" type: "int" keycloak_service_restartsec: default: "5s" description: "systemd RestartSec for keycloak" type: "str" keycloak_no_log: default: true type: "bool" description: "Changes default behavior for no_log for debugging purpose, do not change for production system." keycloak_remote_cache_enabled: default: "{{ True if keycloak_ha_enabled else False }}" description: "Enable remote cache store when in clustered ha configurations" type: "bool" keycloak_db_background_validation: default: False description: "Enable background validation of database connection" type: "bool" keycloak_db_background_validation_millis: default: "{{ 10000 if keycloak_db_background_validation else 0 }}" description: "How frequenly the connection pool is validated in the background" type: 'int' keycloak_db_background_validate_on_match: default: False description: "Enable validate on match for database connections" type: "bool" keycloak_db_valid_conn_sql: required: False description: "Override the default database connection validation query sql" type: "str" downstream: options: sso_version: default: "7.6.0" description: "Red Hat Single Sign-On version" type: "str" sso_archive: default: "rh-sso-{{ sso_version }}-server-dist.zip" description: "Red Hat SSO install archive filename" type: "str" sso_dest: default: "/opt/sso" description: "Root installation directory" type: "str" sso_installdir: default: "{{ sso_dest }}/rh-sso-{{ sso_version.split('.')[0] }}.{{ sso_version.split('.')[1] }}" description: "Installation path for Red Hat SSO" type: "str" sso_apply_patches: default: False description: "Install Red Hat SSO most recent cumulative patch" type: "bool" sso_enable: default: True description: "Enable Red Hat Single Sign-on installation" type: "str" sso_offline_install: default: False description: "Perform an offline install" type: "bool" sso_service_name: default: "sso" description: "systemd service name for Single Sign-On" type: "str" sso_service_desc: default: "Red Hat Single Sign-On" description: "systemd description for Red Hat Single Sign-On" type: "str" sso_patch_version: required: False description: "Red Hat Single Sign-On latest cumulative patch version to apply; defaults to latest version when sso_apply_patches is True" type: "str" sso_patch_bundle: default: "rh-sso-{{ sso_patch_version | default('[0-9]+[.][0-9]+[.][0-9]+') }}-patch.zip" description: "Red Hat SSO patch archive filename" type: "str" sso_product_category: default: "core.service.rhsso" description: "JBossNetwork API category for Single Sign-On" type: "str"