mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2025-04-06 02:40:30 -07:00
386 lines
18 KiB
YAML
386 lines
18 KiB
YAML
argument_specs:
|
|
main:
|
|
options:
|
|
keycloak_version:
|
|
# line 3 of keycloak/defaults/main.yml
|
|
default: "18.0.2"
|
|
description: "keycloak.org package version"
|
|
type: "str"
|
|
keycloak_archive:
|
|
# line 4 of keycloak/defaults/main.yml
|
|
default: "keycloak-legacy-{{ keycloak_version }}.zip"
|
|
description: "keycloak install archive filename"
|
|
type: "str"
|
|
keycloak_configure_firewalld:
|
|
# line 33 of keycloak/defaults/main.yml
|
|
default: false
|
|
description: "Ensure firewalld is running and configure keycloak ports"
|
|
type: "bool"
|
|
keycloak_download_url:
|
|
# line 5 of keycloak/defaults/main.yml
|
|
default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
|
|
description: "Download URL for keycloak"
|
|
type: "str"
|
|
keycloak_download_url_9x:
|
|
# line 6 of keycloak/defaults/main.yml
|
|
default: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
|
|
description: "Download URL for keycloak (deprecated)"
|
|
type: "str"
|
|
keycloak_installdir:
|
|
# line 7 of keycloak/defaults/main.yml
|
|
default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
|
|
description: "Installation path"
|
|
type: "str"
|
|
keycloak_offline_install:
|
|
# line 20 of keycloak/defaults/main.yml
|
|
default: false
|
|
description: "Perform an offline install"
|
|
type: "bool"
|
|
keycloak_jvm_package:
|
|
# line 23 of keycloak/defaults/main.yml
|
|
default: "java-1.8.0-openjdk-headless"
|
|
description: "RHEL java package runtime rpm"
|
|
type: "str"
|
|
keycloak_java_home:
|
|
description: "JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path"
|
|
type: "str"
|
|
keycloak_dest:
|
|
# line 24 of keycloak/defaults/main.yml
|
|
default: "/opt/keycloak"
|
|
description: "Root installation directory"
|
|
type: "str"
|
|
keycloak_jboss_home:
|
|
# line 25 of keycloak/defaults/main.yml
|
|
default: "{{ keycloak_installdir }}"
|
|
description: "Installation work directory"
|
|
type: "str"
|
|
keycloak_config_dir:
|
|
# line 26 of keycloak/defaults/main.yml
|
|
default: "{{ keycloak_jboss_home }}/standalone/configuration"
|
|
description: "Path for configuration"
|
|
type: "str"
|
|
keycloak_config_standalone_xml:
|
|
# line 27 of keycloak/defaults/main.yml
|
|
default: "keycloak.xml"
|
|
description: "Service configuration filename"
|
|
type: "str"
|
|
keycloak_config_path_to_standalone_xml:
|
|
# line 28 of keycloak/defaults/main.yml
|
|
default: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
|
|
description: "Custom path for configuration"
|
|
type: "str"
|
|
keycloak_config_override_template:
|
|
# line 30 of keycloak/defaults/main.yml
|
|
default: ""
|
|
description: "Path to custom template for standalone.xml configuration"
|
|
type: "str"
|
|
keycloak_service_user:
|
|
# line 29 of keycloak/defaults/main.yml
|
|
default: "keycloak"
|
|
description: "posix account username"
|
|
type: "str"
|
|
keycloak_service_group:
|
|
# line 30 of keycloak/defaults/main.yml
|
|
default: "keycloak"
|
|
description: "posix account group"
|
|
type: "str"
|
|
keycloak_service_pidfile:
|
|
# line 31 of keycloak/defaults/main.yml
|
|
default: "/run/keycloak.pid"
|
|
description: "PID file path for service"
|
|
type: "str"
|
|
keycloak_bind_address:
|
|
# line 34 of keycloak/defaults/main.yml
|
|
default: "0.0.0.0"
|
|
description: "Address for binding service ports"
|
|
type: "str"
|
|
keycloak_management_port_bind_address:
|
|
default: "127.0.0.1"
|
|
description: "Address for binding the managemnt ports"
|
|
type: "str"
|
|
keycloak_host:
|
|
# line 35 of keycloak/defaults/main.yml
|
|
default: "localhost"
|
|
description: "Hostname for service"
|
|
type: "str"
|
|
keycloak_http_port:
|
|
# line 36 of keycloak/defaults/main.yml
|
|
default: 8080
|
|
description: "Listening HTTP port"
|
|
type: "int"
|
|
keycloak_https_port:
|
|
# line 37 of keycloak/defaults/main.yml
|
|
default: 8443
|
|
description: "Listening HTTPS port"
|
|
type: "int"
|
|
keycloak_ajp_port:
|
|
# line 38 of keycloak/defaults/main.yml
|
|
default: 8009
|
|
description: "Listening AJP port"
|
|
type: "int"
|
|
keycloak_jgroups_port:
|
|
# line 39 of keycloak/defaults/main.yml
|
|
default: 7600
|
|
description: "jgroups cluster tcp port"
|
|
type: "int"
|
|
keycloak_management_http_port:
|
|
# line 40 of keycloak/defaults/main.yml
|
|
default: 9990
|
|
description: "Management port (http)"
|
|
type: "int"
|
|
keycloak_management_https_port:
|
|
# line 41 of keycloak/defaults/main.yml
|
|
default: 9993
|
|
description: "Management port (https)"
|
|
type: "int"
|
|
keycloak_java_opts:
|
|
# line 42 of keycloak/defaults/main.yml
|
|
default: "-Xms1024m -Xmx2048m"
|
|
description: "Additional JVM options"
|
|
type: "str"
|
|
keycloak_prefer_ipv4:
|
|
# line 43 of keycloak/defaults/main.yml
|
|
default: true
|
|
description: "Prefer IPv4 stack and addresses for port binding"
|
|
type: "bool"
|
|
keycloak_ha_enabled:
|
|
# line 46 of keycloak/defaults/main.yml
|
|
default: false
|
|
description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
|
|
type: "bool"
|
|
keycloak_ha_discovery:
|
|
default: "{{ 'JDBC_PING' if keycloak_db_enabled else 'TCPPING' }}"
|
|
description: "Discovery protocol for HA cluster members"
|
|
type: "str"
|
|
keycloak_db_enabled:
|
|
# line 48 of keycloak/defaults/main.yml
|
|
default: "{{ True if keycloak_ha_enabled else False }}"
|
|
description: "Enable auto configuration for database backend"
|
|
type: "bool"
|
|
keycloak_admin_user:
|
|
# line 51 of keycloak/defaults/main.yml
|
|
default: "admin"
|
|
description: "Administration console user account"
|
|
type: "str"
|
|
keycloak_auth_realm:
|
|
# line 52 of keycloak/defaults/main.yml
|
|
default: "master"
|
|
description: "Name for rest authentication realm"
|
|
type: "str"
|
|
keycloak_auth_client:
|
|
# line 53 of keycloak/defaults/main.yml
|
|
default: "admin-cli"
|
|
description: "Authentication client for configuration REST calls"
|
|
type: "str"
|
|
keycloak_force_install:
|
|
# line 55 of keycloak/defaults/main.yml
|
|
default: false
|
|
description: "Remove pre-existing versions of service"
|
|
type: "bool"
|
|
keycloak_modcluster_enabled:
|
|
default: "{{ True if keycloak_ha_enabled else False }}"
|
|
description: "Enable configuration for modcluster subsystem"
|
|
type: "bool"
|
|
keycloak_modcluster_url:
|
|
# line 58 of keycloak/defaults/main.yml
|
|
default: "localhost"
|
|
description: "URL for the modcluster reverse proxy"
|
|
type: "str"
|
|
keycloak_modcluster_port:
|
|
default: 6666
|
|
description: "Port for the modcluster reverse proxy"
|
|
type: "int"
|
|
keycloak_modcluster_urls:
|
|
default: "[ { host: 'localhost', port: 6666 } ]"
|
|
description: "List of modproxy node URLs in the format { host, port } for the modcluster reverse proxy"
|
|
type: "list"
|
|
keycloak_frontend_url:
|
|
# line 59 of keycloak/defaults/main.yml
|
|
default: "http://localhost"
|
|
description: "Frontend URL for keycloak endpoints when a reverse proxy is used"
|
|
type: "str"
|
|
keycloak_frontend_url_force:
|
|
default: False
|
|
description: "Force backend requests to use the frontend URL"
|
|
type: "bool"
|
|
keycloak_infinispan_user:
|
|
# line 62 of keycloak/defaults/main.yml
|
|
default: "supervisor"
|
|
description: "Username for connecting to infinispan"
|
|
type: "str"
|
|
keycloak_infinispan_pass:
|
|
# line 63 of keycloak/defaults/main.yml
|
|
default: "supervisor"
|
|
description: "Password for connecting to infinispan"
|
|
type: "str"
|
|
keycloak_infinispan_url:
|
|
# line 64 of keycloak/defaults/main.yml
|
|
default: "localhost"
|
|
description: "URL for the infinispan remote-cache server"
|
|
type: "str"
|
|
keycloak_infinispan_sasl_mechanism:
|
|
# line 65 of keycloak/defaults/main.yml
|
|
default: "SCRAM-SHA-512"
|
|
description: "Authentication type to infinispan server"
|
|
type: "str"
|
|
keycloak_infinispan_use_ssl:
|
|
# line 66 of keycloak/defaults/main.yml
|
|
default: false
|
|
description: "Enable hotrod client TLS communication"
|
|
type: "bool"
|
|
keycloak_infinispan_trust_store_path:
|
|
# line 68 of keycloak/defaults/main.yml
|
|
default: "/etc/pki/java/cacerts"
|
|
description: "TODO document argument"
|
|
type: "str"
|
|
keycloak_infinispan_trust_store_password:
|
|
# line 69 of keycloak/defaults/main.yml
|
|
default: "changeit"
|
|
description: "Path to truststore containing infinispan server certificate"
|
|
type: "str"
|
|
keycloak_jdbc_engine:
|
|
# line 72 of keycloak/defaults/main.yml
|
|
default: "postgres"
|
|
description: "Backend database flavour when db is enabled: [ postgres, mariadb, sqlserver ]"
|
|
type: "str"
|
|
keycloak_db_user:
|
|
# line 74 of keycloak/defaults/main.yml
|
|
default: "keycloak-user"
|
|
description: "Username for connecting to database"
|
|
type: "str"
|
|
keycloak_db_pass:
|
|
# line 75 of keycloak/defaults/main.yml
|
|
default: "keycloak-pass"
|
|
description: "Password for connecting to database"
|
|
type: "str"
|
|
keycloak_jdbc_url:
|
|
# line 76 of keycloak/defaults/main.yml
|
|
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
|
|
description: "URL for connecting to backend database"
|
|
type: "str"
|
|
keycloak_jdbc_driver_version:
|
|
# line 77 of keycloak/defaults/main.yml
|
|
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
|
|
description: "Version for the JDBC driver to download"
|
|
type: "str"
|
|
keycloak_admin_password:
|
|
# line 4 of keycloak/vars/main.yml
|
|
required: true
|
|
description: "Password for the administration console user account"
|
|
type: "str"
|
|
keycloak_url:
|
|
# line 12 of keycloak/vars/main.yml
|
|
default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
|
|
description: "URL for configuration rest calls"
|
|
type: "str"
|
|
keycloak_management_url:
|
|
# line 13 of keycloak/vars/main.yml
|
|
default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
|
|
description: "URL for management console rest calls"
|
|
type: "str"
|
|
keycloak_service_name:
|
|
default: "keycloak"
|
|
description: "systemd service name for keycloak"
|
|
type: "str"
|
|
keycloak_service_desc:
|
|
default: "Keycloak"
|
|
description: "systemd description for keycloak"
|
|
type: "str"
|
|
keycloak_service_start_delay:
|
|
default: "10"
|
|
description: "Expected delay in ms before the service is expected to be available after start."
|
|
type: "int"
|
|
keycloak_service_start_retries:
|
|
default: "25"
|
|
description: "How many time should Ansible retry to connect to the service after it was started, before failing."
|
|
type: "int"
|
|
keycloak_service_restart_on_failure:
|
|
default: true
|
|
description: "systemd restart-on-failure behavior activation for keycloak"
|
|
type: "bool"
|
|
keycloak_service_startlimitintervalsec:
|
|
default: 300
|
|
description: "systemd StartLimitIntervalSec for keycloak"
|
|
type: "int"
|
|
keycloak_service_startlimitburst:
|
|
default: 5
|
|
description: "systemd StartLimitBurst for keycloak"
|
|
type: "int"
|
|
keycloak_service_restartsec:
|
|
default: "5s"
|
|
description: "systemd RestartSec for keycloak"
|
|
type: "str"
|
|
keycloak_no_log:
|
|
default: true
|
|
type: "bool"
|
|
description: "Changes default behavior for no_log for debugging purpose, do not change for production system."
|
|
keycloak_remote_cache_enabled:
|
|
default: "{{ True if keycloak_ha_enabled else False }}"
|
|
description: "Enable remote cache store when in clustered ha configurations"
|
|
type: "bool"
|
|
keycloak_db_background_validation:
|
|
default: False
|
|
description: "Enable background validation of database connection"
|
|
type: "bool"
|
|
keycloak_db_background_validation_millis:
|
|
default: "{{ 10000 if keycloak_db_background_validation else 0 }}"
|
|
description: "How frequenly the connection pool is validated in the background"
|
|
type: 'int'
|
|
keycloak_db_background_validate_on_match:
|
|
default: False
|
|
description: "Enable validate on match for database connections"
|
|
type: "bool"
|
|
keycloak_db_valid_conn_sql:
|
|
required: False
|
|
description: "Override the default database connection validation query sql"
|
|
type: "str"
|
|
downstream:
|
|
options:
|
|
sso_version:
|
|
default: "7.6.0"
|
|
description: "Red Hat Single Sign-On version"
|
|
type: "str"
|
|
sso_archive:
|
|
default: "rh-sso-{{ sso_version }}-server-dist.zip"
|
|
description: "Red Hat SSO install archive filename"
|
|
type: "str"
|
|
sso_dest:
|
|
default: "/opt/sso"
|
|
description: "Root installation directory"
|
|
type: "str"
|
|
sso_installdir:
|
|
default: "{{ sso_dest }}/rh-sso-{{ sso_version.split('.')[0] }}.{{ sso_version.split('.')[1] }}"
|
|
description: "Installation path for Red Hat SSO"
|
|
type: "str"
|
|
sso_apply_patches:
|
|
default: False
|
|
description: "Install Red Hat SSO most recent cumulative patch"
|
|
type: "bool"
|
|
sso_enable:
|
|
default: True
|
|
description: "Enable Red Hat Single Sign-on installation"
|
|
type: "str"
|
|
sso_offline_install:
|
|
default: False
|
|
description: "Perform an offline install"
|
|
type: "bool"
|
|
sso_service_name:
|
|
default: "sso"
|
|
description: "systemd service name for Single Sign-On"
|
|
type: "str"
|
|
sso_service_desc:
|
|
default: "Red Hat Single Sign-On"
|
|
description: "systemd description for Red Hat Single Sign-On"
|
|
type: "str"
|
|
sso_patch_version:
|
|
required: False
|
|
description: "Red Hat Single Sign-On latest cumulative patch version to apply; defaults to latest version when sso_apply_patches is True"
|
|
type: "str"
|
|
sso_patch_bundle:
|
|
default: "rh-sso-{{ sso_patch_version | default('[0-9]+[.][0-9]+[.][0-9]+') }}-patch.zip"
|
|
description: "Red Hat SSO patch archive filename"
|
|
type: "str"
|
|
sso_product_category:
|
|
default: "core.service.rhsso"
|
|
description: "JBossNetwork API category for Single Sign-On"
|
|
type: "str"
|