---
- name: Converge
  hosts: infinispan
  roles:
    - role: middleware_automation.infinispan.infinispan
      infinispan_service_name: infinispan
      infinispan_supervisor_password: remembertochangeme
      infinispan_keycloak_caches: true
      infinispan_keycloak_persistence: False
      infinispan_jdbc_engine: postgres
      infinispan_jdbc_url: jdbc:postgresql://postgres:5432/keycloak
      infinispan_jdbc_driver_version: 9.4.1212
      infinispan_jdbc_user: keycloak
      infinispan_jdbc_pass: mysecretpass
      infinispan_bind_address: "{{ ansible_default_ipv4.address }}"
      infinispan_users:
        - { name: 'testuser', password: 'test', roles: 'observer' }

- name: Converge
  hosts: keycloak
  vars:
    keycloak_quarkus_show_deprecation_warnings: false
    keycloak_quarkus_bootstrap_admin_password: "remembertochangeme"
    keycloak_quarkus_bootstrap_admin_user: "remembertochangeme"
    keycloak_quarkus_hostname: "http://{{ inventory_hostname }}:8080"
    keycloak_quarkus_log: file
    keycloak_quarkus_log_level: info
    keycloak_quarkus_https_key_file_enabled: true
    keycloak_quarkus_key_file_copy_enabled: true
    keycloak_quarkus_key_content: "{{ lookup('file', inventory_hostname + '.key') }}"
    keycloak_quarkus_cert_file_copy_enabled: true
    keycloak_quarkus_cert_file_src: "{{ inventory_hostname }}.pem"
    keycloak_quarkus_ks_vault_enabled: true
    keycloak_quarkus_ks_vault_file: "/opt/keycloak/vault/keystore.p12"
    keycloak_quarkus_ks_vault_pass: keystorepassword
    keycloak_quarkus_systemd_wait_for_port: true
    keycloak_quarkus_systemd_wait_for_timeout: 20
    keycloak_quarkus_systemd_wait_for_delay: 2
    keycloak_quarkus_systemd_wait_for_log: true
    keycloak_quarkus_ha_enabled: true
    keycloak_quarkus_restart_strategy: restart/serial.yml
    keycloak_quarkus_db_user: keycloak
    keycloak_quarkus_db_pass: mysecretpass
    keycloak_quarkus_db_url: jdbc:postgresql://postgres:5432/keycloak
    keycloak_quarkus_cache_remote: true
    keycloak_quarkus_cache_remote_username: supervisor
    keycloak_quarkus_cache_remote_password: remembertochangeme
    keycloak_quarkus_cache_remote_host: "infinispan1"
    keycloak_quarkus_cache_remote_port: 11222
    keycloak_quarkus_cache_remote_tls_enabled: false
    keycloak_quarkus_additional_env_vars:
      - key: KC_FEATURES
        value: clusterless
      - key: KC_FEATURES_DISABLED
        value: persistent-user-sessions
  roles:
    - role: keycloak_quarkus