ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-05 18:30:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
middleware_automation.keycloak/main/roles/keycloak_quarkus.html
ansible-middleware-core 5201161e25 Update docs for main 
Signed-off-by: ansible-middleware-core <ansible-middleware-core@redhat.com>
2024-07-31 15:31:35 +00:00

862 lines
No EOL
69 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="../">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>keycloak_quarkus &mdash; Keycloak Ansible Collection documentation</title>
<link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=5707b69d" />
<link rel="stylesheet" type="text/css" href="../_static/css/theme.css?v=19f00094" />
<link rel="stylesheet" type="text/css" href="../_static/antsibull-minimal.css" />
<link rel="stylesheet" type="text/css" href="../_static/ansible-basic-sphinx-ext.css" />
<!--[if lt IE 9]>
<script src="../_static/js/html5shiv.min.js"></script>
<![endif]-->
<script src="../_static/jquery.js?v=5d32c60e"></script>
<script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../_static/documentation_options.js?v=5929fcd5"></script>
<script src="../_static/doctools.js?v=9a2dae69"></script>
<script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../_static/js/theme.js"></script>
<link rel="index" title="Index" href="../genindex.html" />
<link rel="search" title="Search" href="../search.html" />
<link rel="next" title="keycloak_realm" href="keycloak_realm.html" />
<link rel="prev" title="keycloak" href="keycloak.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="../index.html" class="icon icon-home">
Keycloak Ansible Collection
</a>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<p class="caption" role="heading"><span class="caption-text">User documentation</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../README.html">Ansible Collection - middleware_automation.keycloak</a></li>
<li class="toctree-l1"><a class="reference internal" href="../plugins/index.html">Plugin Index</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Role Index</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="keycloak.html">keycloak</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">keycloak_quarkus</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#requirements">Requirements</a></li>
<li class="toctree-l3"><a class="reference internal" href="#dependencies">Dependencies</a></li>
<li class="toctree-l3"><a class="reference internal" href="#role-defaults">Role Defaults</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#installation-options">Installation options</a></li>
<li class="toctree-l4"><a class="reference internal" href="#service-configuration">Service configuration</a></li>
<li class="toctree-l4"><a class="reference internal" href="#high-availability">High-availability</a></li>
<li class="toctree-l4"><a class="reference internal" href="#hostname-configuration">Hostname configuration</a></li>
<li class="toctree-l4"><a class="reference internal" href="#database-configuration">Database configuration</a></li>
<li class="toctree-l4"><a class="reference internal" href="#remote-caches-configuration">Remote caches configuration</a></li>
<li class="toctree-l4"><a class="reference internal" href="#miscellaneous-configuration">Miscellaneous configuration</a></li>
<li class="toctree-l4"><a class="reference internal" href="#vault-spi">Vault SPI</a></li>
<li class="toctree-l4"><a class="reference internal" href="#configuring-providers">Configuring providers</a></li>
<li class="toctree-l4"><a class="reference internal" href="#configuring-policies">Configuring policies</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#role-variables">Role Variables</a></li>
<li class="toctree-l3"><a class="reference internal" href="#role-custom-facts">Role custom facts</a></li>
<li class="toctree-l3"><a class="reference internal" href="#license">License</a></li>
<li class="toctree-l3"><a class="reference internal" href="#author-information">Author Information</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="keycloak_realm.html">keycloak_realm</a></li>
</ul>
</li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Developer documentation</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../testing.html">Testing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../developing.html">Contributors Guidelines</a></li>
<li class="toctree-l1"><a class="reference internal" href="../releasing.html">Collection Versioning Strategy</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">General</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../CHANGELOG.html">Changelog</a></li>
</ul>
<p class="caption" role="heading"><span class="caption-text">Middleware collections</span></p>
<ul>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/infinispan/main/">Infinispan / Red Hat Data Grid</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/keycloak/main/">Keycloak / Red Hat Single Sign-On</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/wildfly/main/">Wildfly / Red Hat JBoss EAP</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/jws/main/">Tomcat / Red Hat JWS</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/amq/main/">ActiveMQ / Red Hat AMQ Broker</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/amq_streams/main/">Kafka / Red Hat AMQ Streams</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/common/main/">Ansible Middleware utilities</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/redhat-csp-download/main/">Red Hat CSP Download</a></li>
<li class="toctree-l1"><a class="reference external" href="https://ansible-middleware.github.io/ansible_collections_jcliff/main/">JCliff</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">Keycloak Ansible Collection</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item"><a href="index.html">Role Index</a></li>
<li class="breadcrumb-item active">keycloak_quarkus</li>
<li class="wy-breadcrumbs-aside">
<a href="../_sources/roles/keycloak_quarkus.md.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="keycloak-quarkus">
<h1>keycloak_quarkus<a class="headerlink" href="#keycloak-quarkus" title="Link to this heading"></a></h1>
<!--start description -->
<p>Install <a class="reference external" href="https://keycloak.org/">keycloak</a> &gt;= 20.0.0 (quarkus) server configurations.</p>
<!--end description -->
<section id="requirements">
<h2>Requirements<a class="headerlink" href="#requirements" title="Link to this heading"></a></h2>
<p>This role requires the <code class="docutils literal notranslate"><span class="pre">python3-netaddr</span></code> and <code class="docutils literal notranslate"><span class="pre">lxml</span></code> library installed on the controller node.</p>
<ul class="simple">
<li><p>to install via yum/dnf: <code class="docutils literal notranslate"><span class="pre">dnf</span> <span class="pre">install</span> <span class="pre">python3-netaddr</span> <span class="pre">python3-lxml</span></code></p></li>
<li><p>to install via apt: <code class="docutils literal notranslate"><span class="pre">apt</span> <span class="pre">install</span> <span class="pre">python3-netaddr</span> <span class="pre">python3-lxml</span></code></p></li>
<li><p>or via the collection: <code class="docutils literal notranslate"><span class="pre">pip</span> <span class="pre">install</span> <span class="pre">-r</span> <span class="pre">requirements.txt</span></code></p></li>
</ul>
</section>
<section id="dependencies">
<h2>Dependencies<a class="headerlink" href="#dependencies" title="Link to this heading"></a></h2>
<p>The roles depends on:</p>
<ul class="simple">
<li><p><a class="reference external" href="https://github.com/ansible-middleware/common">middleware_automation.common</a></p></li>
<li><p><a class="reference external" href="https://docs.ansible.com/ansible/latest/collections/ansible/posix/index.html">ansible-posix</a></p></li>
</ul>
<p>To install all the dependencies via galaxy:</p>
<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>ansible-galaxy collection install -r requirements.yml
</pre></div>
</div>
</section>
<section id="role-defaults">
<h2>Role Defaults<a class="headerlink" href="#role-defaults" title="Link to this heading"></a></h2>
<section id="installation-options">
<h3>Installation options<a class="headerlink" href="#installation-options" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_version</span></code></p></td>
<td class="text-left"><p>keycloak.org package version</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">24.0.4</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_offline_install</span></code></p></td>
<td class="text-left"><p>Perform an offline install</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_dest</span></code></p></td>
<td class="text-left"><p>Installation root path</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">/opt/keycloak</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_download_url</span></code></p></td>
<td class="text-left"><p>Download URL for keycloak</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">https://github.com/keycloak/keycloak/releases/download/{{</span> <span class="pre">keycloak_quarkus_version</span> <span class="pre">}}/{{</span> <span class="pre">keycloak_quarkus_archive</span> <span class="pre">}}</span></code></p></td>
</tr>
</tbody>
</table>
</section>
<section id="service-configuration">
<h3>Service configuration<a class="headerlink" href="#service-configuration" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_admin_user</span></code></p></td>
<td class="text-left"><p>Administration console user account</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">admin</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_bind_address</span></code></p></td>
<td class="text-left"><p>Address for binding service ports</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">0.0.0.0</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_host</span></code></p></td>
<td class="text-left"><p>Hostname for the Keycloak server</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">localhost</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_port</span></code></p></td>
<td class="text-left"><p>The port used by the proxy when exposing the hostname</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">-1</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_path</span></code></p></td>
<td class="text-left"><p>This should be set if proxy uses a different context-path for Keycloak</p></td>
<td class="text-left"><p></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_http_port</span></code></p></td>
<td class="text-left"><p>HTTP listening port</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">8080</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_port</span></code></p></td>
<td class="text-left"><p>TLS HTTP listening port</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">8443</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ajp_port</span></code></p></td>
<td class="text-left"><p>AJP port</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">8009</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_service_user</span></code></p></td>
<td class="text-left"><p>Posix account username</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_service_group</span></code></p></td>
<td class="text-left"><p>Posix account group</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_service_restart_always</span></code></p></td>
<td class="text-left"><p>systemd restart always behavior activation</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_service_restart_on_failure</span></code></p></td>
<td class="text-left"><p>systemd restart on-failure behavior activation</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_service_restartsec</span></code></p></td>
<td class="text-left"><p>systemd RestartSec</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">10s</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_jvm_package</span></code></p></td>
<td class="text-left"><p>RHEL java package runtime</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">java-17-openjdk-headless</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_java_home</span></code></p></td>
<td class="text-left"><p>JAVA_HOME of installed JRE, leave empty for using specified keycloak_quarkus_jvm_package RPM path</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">None</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_java_heap_opts</span></code></p></td>
<td class="text-left"><p>Heap memory JVM setting</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">-Xms1024m</span> <span class="pre">-Xmx2048m</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_java_jvm_opts</span></code></p></td>
<td class="text-left"><p>Other JVM settings</p></td>
<td class="text-left"><p>same as keycloak</p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_java_opts</span></code></p></td>
<td class="text-left"><p>JVM arguments; if overridden, it takes precedence over <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_java_*</span></code></p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak_quarkus_java_heap_opts</span> <span class="pre">+</span> <span class="pre">'</span> <span class="pre">'</span> <span class="pre">+</span> <span class="pre">keycloak_quarkus_java_jvm_opts</span> <span class="pre">}}</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_additional_env_vars</span></code></p></td>
<td class="text-left"><p>List of additional env variables of { key: str, value: str} to be put in sysconfig file</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">[]</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_frontend_url</span></code></p></td>
<td class="text-left"><p>Set the base URL for frontend URLs, including scheme, host, port and path</p></td>
<td class="text-left"><p></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_admin_url</span></code></p></td>
<td class="text-left"><p>Set the base URL for accessing the administration console, including scheme, host, port and path</p></td>
<td class="text-left"><p></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_http_relative_path</span></code></p></td>
<td class="text-left"><p>Set the path relative to / for serving resources. The path must start with a /</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">/</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_http_enabled</span></code></p></td>
<td class="text-left"><p>Enable listener on HTTP port</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">True</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_health_check_url_path</span></code></p></td>
<td class="text-left"><p>Path to the health check endpoint; scheme, host and keycloak_quarkus_http_relative_path will be prepended automatically</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">realms/master/.well-known/openid-configuration</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_key_file_enabled</span></code></p></td>
<td class="text-left"><p>Enable listener on HTTPS port</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_key_file_copy_enabled</span></code></p></td>
<td class="text-left"><p>Enable copy of key file to target host</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_key_content</span></code></p></td>
<td class="text-left"><p>Content of the TLS private key. Use <code class="docutils literal notranslate"><span class="pre">&quot;{{</span> <span class="pre">lookup('file',</span> <span class="pre">'server.key.pem')</span> <span class="pre">}}&quot;</span></code> to lookup a file.</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">&quot;&quot;</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_key_file</span></code></p></td>
<td class="text-left"><p>The file path to a private key in PEM format</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">/etc/pki/tls/private/server.key.pem</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_cert_file_copy_enabled</span></code></p></td>
<td class="text-left"><p>Enable copy of cert file to target host</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_cert_file_src</span></code></p></td>
<td class="text-left"><p>Set the source file path</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">&quot;&quot;</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_cert_file</span></code></p></td>
<td class="text-left"><p>The file path to a server certificate or certificate chain in PEM format</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">/etc/pki/tls/certs/server.crt.pem</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_key_store_enabled</span></code></p></td>
<td class="text-left"><p>Enable configuration of HTTPS via a key store</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_key_store_file</span></code></p></td>
<td class="text-left"><p>Deprecated, use <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_key_store_file</span></code> instead.</p></td>
<td class="text-left"><p></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_key_store_password</span></code></p></td>
<td class="text-left"><p>Deprecated, use <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_key_store_password</span></code> instead.</p></td>
<td class="text-left"><p></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_key_store_file</span></code></p></td>
<td class="text-left"><p>The file path to the key store</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak.home</span> <span class="pre">}}/conf/key_store.p12</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_key_store_password</span></code></p></td>
<td class="text-left"><p>Password for the key store</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">&quot;&quot;</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_trust_store_enabled</span></code></p></td>
<td class="text-left"><p>Enable configuration of the https trust store</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_trust_store_file</span></code></p></td>
<td class="text-left"><p>The file path to the trust store</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak.home</span> <span class="pre">}}/conf/trust_store.p12</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_https_trust_store_password</span></code></p></td>
<td class="text-left"><p>Password for the trust store</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">&quot;&quot;</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_proxy_headers</span></code></p></td>
<td class="text-left"><p>Parse reverse proxy headers (<code class="docutils literal notranslate"><span class="pre">forwarded</span></code> or <code class="docutils literal notranslate"><span class="pre">xforwarded</span></code>)</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">&quot;&quot;</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_config_key_store_file</span></code></p></td>
<td class="text-left"><p>Path to the configuration key store; only used if <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_keystore_password</span></code> is not empty</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak.home</span> <span class="pre">}}/conf/conf_store.p12</span></code> if <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_keystore_password</span> <span class="pre">!=</span> <span class="pre">''</span></code>, else <code class="docutils literal notranslate"><span class="pre">''</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_config_key_store_password</span></code></p></td>
<td class="text-left"><p>Password of the configuration keystore; if non-empty, <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_db_pass</span></code> will be saved to the keystore at <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_config_key_store_file</span></code> instead of being written to the configuration file in clear text</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">&quot;&quot;</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_configure_firewalld</span></code></p></td>
<td class="text-left"><p>Ensure firewalld is running and configure keycloak ports</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_configure_iptables</span></code></p></td>
<td class="text-left"><p>Ensure iptables is configured for keycloak ports</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
</tbody>
</table>
</section>
<section id="high-availability">
<h3>High-availability<a class="headerlink" href="#high-availability" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ha_enabled</span></code></p></td>
<td class="text-left"><p>Enable auto configuration for database backend, clustering and remote caches on infinispan</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ha_discovery</span></code></p></td>
<td class="text-left"><p>Discovery protocol for HA cluster members</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">TCPPING</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_db_enabled</span></code></p></td>
<td class="text-left"><p>Enable auto configuration for database backend</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">True</span></code> if <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ha_enabled</span></code> is True, else <code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_jgroups_port</span></code></p></td>
<td class="text-left"><p>jgroups cluster tcp port</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">7800</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_systemd_wait_for_port</span></code></p></td>
<td class="text-left"><p>Whether systemd unit should wait for keycloak port before returning</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak_quarkus_ha_enabled</span> <span class="pre">}}</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_systemd_wait_for_port_number</span></code></p></td>
<td class="text-left"><p>Which port the systemd unit should wait for</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak_quarkus_https_port</span> <span class="pre">}}</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_systemd_wait_for_log</span></code></p></td>
<td class="text-left"><p>Whether systemd unit should wait for service to be up in logs</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_systemd_wait_for_timeout</span></code></p></td>
<td class="text-left"><p>How long to wait for service to be alive (seconds)</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">60</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_systemd_wait_for_delay</span></code></p></td>
<td class="text-left"><p>Activation delay for service systemd unit (seconds)</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">10</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_restart_strategy</span></code></p></td>
<td class="text-left"><p>Strategy task file for restarting in HA (one of provided restart/[serial.yml,none.yml,serial_then_parallel.yml]) or path to file when providing custom strategy</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">restart/serial.yml</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_restart_health_check</span></code></p></td>
<td class="text-left"><p>Whether to wait for successful health check after restart</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_restart_health_check_delay</span></code></p></td>
<td class="text-left"><p>Seconds to let pass before starting healch checks</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">10</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_restart_health_check_reries</span></code></p></td>
<td class="text-left"><p>Number of attempts for successful health check before failing</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">25</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_restart_pause</span></code></p></td>
<td class="text-left"><p>Seconds to wait between restarts in HA strategy</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">15</span></code></p></td>
</tr>
</tbody>
</table>
</section>
<section id="hostname-configuration">
<h3>Hostname configuration<a class="headerlink" href="#hostname-configuration" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_http_relative_path</span></code></p></td>
<td class="text-left"><p>Set the path relative to / for serving resources. The path must start with a /</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">/</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_hostname_strict</span></code></p></td>
<td class="text-left"><p>Disables dynamically resolving the hostname from request headers</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_hostname_strict_backchannel</span></code></p></td>
<td class="text-left"><p>By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all applications use the public URL this option should be enabled.</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p></td>
</tr>
</tbody>
</table>
</section>
<section id="database-configuration">
<h3>Database configuration<a class="headerlink" href="#database-configuration" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_jdbc_engine</span></code></p></td>
<td class="text-left"><p>Database engine [mariadb,postres,mssql]</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">postgres</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_db_user</span></code></p></td>
<td class="text-left"><p>User for database connection</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak-user</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_db_pass</span></code></p></td>
<td class="text-left"><p>Password for database connection</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak-pass</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_jdbc_url</span></code></p></td>
<td class="text-left"><p>JDBC URL for connecting to database</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">jdbc:postgresql://localhost:5432/keycloak</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_jdbc_driver_version</span></code></p></td>
<td class="text-left"><p>Version for JDBC driver</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">9.4.1212</span></code></p></td>
</tr>
</tbody>
</table>
</section>
<section id="remote-caches-configuration">
<h3>Remote caches configuration<a class="headerlink" href="#remote-caches-configuration" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ispn_user</span></code></p></td>
<td class="text-left"><p>Username for connecting to infinispan</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">supervisor</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ispn_pass</span></code></p></td>
<td class="text-left"><p>Password for connecting to infinispan</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">supervisor</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ispn_hosts</span></code></p></td>
<td class="text-left"><p>host name/port for connecting to infinispan, eg. host1:11222;host2:11222</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">localhost:11222</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ispn_sasl_mechanism</span></code></p></td>
<td class="text-left"><p>Infinispan auth mechanism</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">SCRAM-SHA-512</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ispn_use_ssl</span></code></p></td>
<td class="text-left"><p>Whether infinispan uses TLS connection</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ispn_trust_store_path</span></code></p></td>
<td class="text-left"><p>Path to infinispan server trust certificate</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">/etc/pki/java/cacerts</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ispn_trust_store_password</span></code></p></td>
<td class="text-left"><p>Password for infinispan certificate keystore</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">changeit</span></code></p></td>
</tr>
</tbody>
</table>
</section>
<section id="miscellaneous-configuration">
<h3>Miscellaneous configuration<a class="headerlink" href="#miscellaneous-configuration" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_metrics_enabled</span></code></p></td>
<td class="text-left"><p>Whether to enable metrics</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_health_enabled</span></code></p></td>
<td class="text-left"><p>If the server should expose health check endpoints</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">True</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_archive</span></code></p></td>
<td class="text-left"><p>keycloak install archive filename</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak-{{</span> <span class="pre">keycloak_quarkus_version</span> <span class="pre">}}.zip</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_installdir</span></code></p></td>
<td class="text-left"><p>Installation path</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak_quarkus_dest</span> <span class="pre">}}/keycloak-{{</span> <span class="pre">keycloak_quarkus_version</span> <span class="pre">}}</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_home</span></code></p></td>
<td class="text-left"><p>Installation work directory</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak_quarkus_installdir</span> <span class="pre">}}</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_config_dir</span></code></p></td>
<td class="text-left"><p>Path for configuration</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak_quarkus_home</span> <span class="pre">}}/conf</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_master_realm</span></code></p></td>
<td class="text-left"><p>Name for rest authentication realm</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">master</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_auth_client</span></code></p></td>
<td class="text-left"><p>Authentication client for configuration REST calls</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">admin-cli</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_force_install</span></code></p></td>
<td class="text-left"><p>Remove pre-existing versions of service</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_url</span></code></p></td>
<td class="text-left"><p>URL for configuration rest calls</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">http://{{</span> <span class="pre">keycloak_quarkus_host</span> <span class="pre">}}:{{</span> <span class="pre">keycloak_http_port</span> <span class="pre">}}</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_log</span></code></p></td>
<td class="text-left"><p>Enable one or more log handlers in a comma-separated list</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">file</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_log_level</span></code></p></td>
<td class="text-left"><p>The log level of the root category or a comma-separated list of individual categories and their levels</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">info</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_log_file</span></code></p></td>
<td class="text-left"><p>Set the log file path and filename relative to keycloak home</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">data/log/keycloak.log</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_log_format</span></code></p></td>
<td class="text-left"><p>Set a format specific to file log entries</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">%d{yyyy-MM-dd</span> <span class="pre">HH:mm:ss,SSS}</span> <span class="pre">%-5p</span> <span class="pre">[%c]</span> <span class="pre">(%t)</span> <span class="pre">%s%e%n</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_log_target</span></code></p></td>
<td class="text-left"><p>Set the destination of the keycloak log folder link</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">/var/log/keycloak</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_log_max_file_size</span></code></p></td>
<td class="text-left"><p>Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular expression): <code class="docutils literal notranslate"><span class="pre">[0-9]+[KkMmGgTtPpEeZzYy]?</span></code>. If no suffix is given, assume bytes.</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">10M</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_log_max_backup_index</span></code></p></td>
<td class="text-left"><p>Set the maximum number of archived log files to keep”</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">10</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_log_file_suffix</span></code></p></td>
<td class="text-left"><p>Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix; Note: If the suffix ends with <code class="docutils literal notranslate"><span class="pre">.zip</span></code> or <code class="docutils literal notranslate"><span class="pre">.gz</span></code>, the rotation file will also be compressed.</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">.yyyy-MM-dd.zip</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_proxy_mode</span></code></p></td>
<td class="text-left"><p>The proxy address forwarding mode if the server is behind a reverse proxy</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">edge</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_start_dev</span></code></p></td>
<td class="text-left"><p>Whether to start the service in development mode (start-dev)</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">False</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_transaction_xa_enabled</span></code></p></td>
<td class="text-left"><p>Whether to use XA transactions</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">True</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route</span></code></p></td>
<td class="text-left"><p>If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">True</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_show_deprecation_warnings</span></code></p></td>
<td class="text-left"><p>Whether deprecation warnings should be shown</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">True</span></code></p></td>
</tr>
</tbody>
</table>
</section>
<section id="vault-spi">
<h3>Vault SPI<a class="headerlink" href="#vault-spi" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ks_vault_enabled</span></code></p></td>
<td class="text-left"><p>Whether to enable the vault SPI</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">false</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ks_vault_file</span></code></p></td>
<td class="text-left"><p>The keystore path for the vault SPI</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">{{</span> <span class="pre">keycloak_quarkus_config_dir</span> <span class="pre">}}/keystore.p12</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ks_vault_type</span></code></p></td>
<td class="text-left"><p>Type of the keystore used for the vault SPI</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">PKCS12</span></code></p></td>
</tr>
</tbody>
</table>
</section>
<section id="configuring-providers">
<h3>Configuring providers<a class="headerlink" href="#configuring-providers" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_providers</span></code></p></td>
<td class="text-left"><p>List of provider definitions; see below</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">[]</span></code></p></td>
</tr>
</tbody>
</table>
<p>Providers support different sources:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">url</span></code>: http download for providers not requiring authentication</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">maven</span></code>: maven download for providers hosted publicly on Apache Maven Central or private Maven repositories like Github Maven requiring authentication</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">local_path</span></code>: static providers to be uploaded</p></li>
</ul>
<p>Provider definition:</p>
<div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="nt">keycloak_quarkus_providers</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">http-client</span><span class="w"> </span><span class="c1"># required; &quot;{{ id }}.jar&quot; identifies the file name on RHBK</span>
<span class="w"> </span><span class="nt">spi</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">connections</span><span class="w"> </span><span class="c1"># required if neither url, local_path nor maven are specified; required for setting properties</span>
<span class="w"> </span><span class="nt">default</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># optional, whether to set default for spi, default false</span>
<span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span><span class="w"> </span><span class="c1"># optional, whether to restart, default true</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://.../.../custom_spi.jar</span><span class="w"> </span><span class="c1"># optional, url for download via http</span>
<span class="w"> </span><span class="nt">local_path</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my_theme_spi.jar</span><span class="w"> </span><span class="c1"># optional, path on local controller for SPI to be uploaded</span>
<span class="w"> </span><span class="nt">maven</span><span class="p">:</span><span class="w"> </span><span class="c1"># optional, for download using maven</span>
<span class="w"> </span><span class="nt">repository_url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://maven.pkg.github.com/OWNER/REPOSITORY</span><span class="w"> </span><span class="c1"># optional, maven repo url</span>
<span class="w"> </span><span class="nt">group_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">my.group</span><span class="w"> </span><span class="c1"># optional, maven group id</span>
<span class="w"> </span><span class="nt">artifact_id</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">artifact</span><span class="w"> </span><span class="c1"># optional, maven artifact id</span>
<span class="w"> </span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">24.0.4</span><span class="w"> </span><span class="c1"># optional, defaults to latest</span>
<span class="w"> </span><span class="nt">username</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">user</span><span class="w"> </span><span class="c1"># optional, cf. https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry#authenticating-to-github-packages</span>
<span class="w"> </span><span class="nt">password</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">pat</span><span class="w"> </span><span class="c1"># optional, provide a PAT for accessing Github&#39;s Apache Maven registry</span>
<span class="w"> </span><span class="nt">properties</span><span class="p">:</span><span class="w"> </span><span class="c1"># optional, list of key-values</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">default-connection-pool-size</span>
<span class="w"> </span><span class="nt">value</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">10</span>
</pre></div>
</div>
<p>the definition above will generate the following build command:</p>
<div class="highlight-YAML+Jinja notranslate"><div class="highlight"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">bin/kc.sh build --spi-connections-provider=http-client --spi-connections-http-client-default-connection-pool-size=10</span>
</pre></div>
</div>
</section>
<section id="configuring-policies">
<h3>Configuring policies<a class="headerlink" href="#configuring-policies" title="Link to this heading"></a></h3>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head text-left"><p>Default</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_policies</span></code></p></td>
<td class="text-left"><p>List of policy definitions; see below</p></td>
<td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">[]</span></code></p></td>
</tr>
</tbody>
</table>
<p>Provider definition:</p>
<div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="nt">keycloak_quarkus_policies</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">xato-net-10-million-passwords.txt</span><span class="w"> </span><span class="c1"># required, resulting file name</span>
<span class="w"> </span><span class="nt">url</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">https://github.com/danielmiessler/SecLists/raw/master/Passwords/xato-net-10-million-passwords.txt</span><span class="w"> </span><span class="c1"># required, url for download</span>
<span class="w"> </span><span class="nt">type</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">password-blacklists</span><span class="w"> </span><span class="c1"># optional, defaults to `password-blacklists`; supported values: [`password-blacklists`]</span>
</pre></div>
</div>
</section>
</section>
<section id="role-variables">
<h2>Role Variables<a class="headerlink" href="#role-variables" title="Link to this heading"></a></h2>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
<th class="head"><p>Required</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_admin_pass</span></code></p></td>
<td class="text-left"><p>Password of console admin account</p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">yes</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_frontend_url</span></code></p></td>
<td class="text-left"><p>Base URL for frontend URLs, including scheme, host, port and path</p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_admin_url</span></code></p></td>
<td class="text-left"><p>Base URL for accessing the administration console, including scheme, host, port and path</p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_ks_vault_pass</span></code></p></td>
<td class="text-left"><p>The password for accessing the keystore vault SPI</p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_alternate_download_url</span></code></p></td>
<td class="text-left"><p>Alternate location with optional authentication for downloading RHBK</p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_download_user</span></code></p></td>
<td class="text-left"><p>Optional username for http authentication</p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no*</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_download_pass</span></code></p></td>
<td class="text-left"><p>Optional password for http authentication</p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no*</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_download_validate_certs</span></code></p></td>
<td class="text-left"><p>Whether to validate certs for URL <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_alternate_download_url</span></code></p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_jdbc_download_user</span></code></p></td>
<td class="text-left"><p>Optional username for http authentication</p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no*</span></code></p></td>
</tr>
<tr class="row-odd"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_jdbc_download_pass</span></code></p></td>
<td class="text-left"><p>Optional password for http authentication</p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no*</span></code></p></td>
</tr>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_jdbc_download_validate_certs</span></code></p></td>
<td class="text-left"><p>Whether to validate certs for URL <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_download_validate_certs</span></code></p></td>
<td><p><code class="docutils literal notranslate"><span class="pre">no</span></code></p></td>
</tr>
</tbody>
</table>
<p><code class="docutils literal notranslate"><span class="pre">*</span></code> username/password authentication credentials must be both declared or both undefined</p>
</section>
<section id="role-custom-facts">
<h2>Role custom facts<a class="headerlink" href="#role-custom-facts" title="Link to this heading"></a></h2>
<p>The role uses the following <a class="reference external" href="https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html#adding-custom-facts">custom facts</a> found in <code class="docutils literal notranslate"><span class="pre">/etc/ansible/facts.d/keycloak.fact</span></code> (and thus identified by the <code class="docutils literal notranslate"><span class="pre">ansible_local.keycloak.</span></code> prefix):</p>
<table class="docutils align-default">
<thead>
<tr class="row-odd"><th class="head text-left"><p>Variable</p></th>
<th class="head text-left"><p>Description</p></th>
</tr>
</thead>
<tbody>
<tr class="row-even"><td class="text-left"><p><code class="docutils literal notranslate"><span class="pre">general.bootstrapped</span></code></p></td>
<td class="text-left"><p>A custom fact indicating whether this role has been used for bootstrapping keycloak on the respective host before; set to <code class="docutils literal notranslate"><span class="pre">false</span></code> (e.g., when starting off with a new, empty database) ensures that the initial admin user as defined by <code class="docutils literal notranslate"><span class="pre">keycloak_quarkus_admin_user[_pass]</span></code> gets created</p></td>
</tr>
</tbody>
</table>
</section>
<section id="license">
<h2>License<a class="headerlink" href="#license" title="Link to this heading"></a></h2>
<p>Apache License 2.0</p>
</section>
<section id="author-information">
<h2>Author Information<a class="headerlink" href="#author-information" title="Link to this heading"></a></h2>
<ul class="simple">
<li><p><a class="reference external" href="https://github.com/guidograzioli">Guido Grazioli</a></p></li>
</ul>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="keycloak.html" class="btn btn-neutral float-left" title="keycloak" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="keycloak_realm.html" class="btn btn-neutral float-right" title="keycloak_realm" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>&#169; Copyright 2024, Red Hat, Inc..</p>
</div>
Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
<a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink