ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-06 02:40:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
middleware_automation.keycloak/roles/keycloak_quarkus/meta/argument_specs.yml
Guido Grazioli 5808d055ae Update keycloak to 24.0
2024-04-17 17:53:13 +02:00

390 lines
19 KiB
YAML
Raw Blame History

argument_specs:
main:
options:
keycloak_quarkus_version:
default: "24.0.3"
description: "keycloak.org package version"
type: "str"
keycloak_quarkus_archive:
default: "keycloak-{{ keycloak_quarkus_version }}.zip"
description: "keycloak install archive filename"
type: "str"
keycloak_quarkus_download_url:
default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"
description: "Download URL for keycloak"
type: "str"
keycloak_quarkus_installdir:
default: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"
description: "Installation path"
type: "str"
keycloak_quarkus_offline_install:
default: false
description: "Perform an offline install"
type: "bool"
keycloak_quarkus_jvm_package:
default: "java-11-openjdk-headless"
description: "RHEL java package runtime"
type: "str"
keycloak_quarkus_java_home:
description: "JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path"
type: "str"
keycloak_quarkus_dest:
default: "/opt/keycloak"
description: "Installation root path"
type: "str"
keycloak_quarkus_home:
default: "{{ keycloak_quarkus_installdir }}"
description: "Installation work directory"
type: "str"
keycloak_quarkus_config_dir:
default: "{{ keycloak_quarkus_home }}/conf"
description: "Path for configuration"
type: "str"
keycloak_quarkus_service_user:
default: "keycloak"
description: "Posix account username"
type: "str"
keycloak_quarkus_service_group:
default: "keycloak"
description: "Posix account group"
type: "str"
keycloak_quarkus_service_pidfile:
default: "/run/keycloak/keycloak.pid"
description: "Pid file path for service"
type: "str"
keycloak_quarkus_configure_firewalld:
default: false
description: "Ensure firewalld is running and configure keycloak ports"
type: "bool"
keycloak_quarkus_configure_iptables:
default: false
description: "Ensure firewalld is running and configure keycloak ports"
type: "bool"
keycloak_service_restart_always:
default: false
description: "systemd restart always behavior of service; takes precedence over keycloak_service_restart_on_failure if true"
type: "bool"
keycloak_service_restart_on_failure:
default: false
description: "systemd restart on-failure behavior of service"
type: "bool"
keycloak_service_restartsec:
default: "10s"
description: "systemd RestartSec for service"
type: "str"
keycloak_quarkus_admin_user:
default: "admin"
description: "Administration console user account"
type: "str"
keycloak_quarkus_admin_pass:
required: true
description: "Password of console admin account"
type: "str"
keycloak_quarkus_master_realm:
default: "master"
description: "Name for rest authentication realm"
type: "str"
keycloak_quarkus_bind_address:
default: "0.0.0.0"
description: "Address for binding service ports"
type: "str"
keycloak_quarkus_host:
default: "localhost"
description: "Hostname for the Keycloak server"
type: "str"
keycloak_quarkus_port:
default: -1
description: "The port used by the proxy when exposing the hostname"
type: "int"
keycloak_quarkus_path:
required: false
description: "This should be set if proxy uses a different context-path for Keycloak"
type: "str"
keycloak_quarkus_http_enabled:
default: true
description: "Enable listener on HTTP port"
type: "bool"
keycloak_quarkus_http_port:
default: 8080
description: "HTTP port"
type: "int"
keycloak_quarkus_https_key_file_enabled:
default: false
description: "Enable configuration of HTTPS via files in PEM format"
type: "bool"
keycloak_quarkus_key_file:
default: "{{ keycloak.home }}/conf/server.key.pem"
description: "The file path to a private key in PEM format"
type: "str"
keycloak_quarkus_cert_file:
default: "{{ keycloak.home }}/conf/server.crt.pem"
description: "The file path to a server certificate or certificate chain in PEM format"
type: "str"
keycloak_quarkus_https_key_store_enabled:
default: false
description: "Enable configuration of HTTPS via a key store"
type: "bool"
keycloak_quarkus_key_store_file:
default: ""
description: "Deprecated, use `keycloak_quarkus_https_key_store_file` instead."
type: "str"
keycloak_quarkus_key_store_password:
default: ""
description: "Deprecated, use `keycloak_quarkus_https_key_store_password` instead."
type: "str"
keycloak_quarkus_https_key_store_file:
default: "{{ keycloak.home }}/conf/key_store.p12"
description: "The file path to the key store"
type: "str"
keycloak_quarkus_https_key_store_password:
default: ""
description: "Password for the key store"
type: "str"
keycloak_quarkus_https_trust_store_enabled:
default: false
description: "Enable configuration of the https trust store"
type: "bool"
keycloak_quarkus_https_trust_store_file:
default: "{{ keycloak.home }}/conf/trust_store.p12"
description: "The file path to the trust store"
type: "str"
keycloak_quarkus_https_trust_store_password:
default: ""
description: "Password for the trust store"
type: "str"
keycloak_quarkus_config_key_store_file:
default: "{{ keycloak.home }}/conf/conf_store.p12"
description: "Path to the configuration key store; only used if `keycloak_quarkus_keystore_password` is not empty"
type: "str"
keycloak_quarkus_config_key_store_password:
default: ""
description: "Password of the configuration key store; if non-empty, `keycloak_quarkus_db_pass` will be saved to the key store at `keycloak_quarkus_config_key_store_file` (instead of being written to the configuration file in clear text"
type: "str"
keycloak_quarkus_https_port:
default: 8443
description: "HTTPS port"
type: "int"
keycloak_quarkus_ajp_port:
default: 8009
description: "AJP port"
type: "int"
keycloak_quarkus_jgroups_port:
default: 7800
description: "jgroups cluster tcp port"
type: "int"
keycloak_quarkus_java_heap_opts:
default: "-Xms1024m -Xmx2048m"
description: "Heap memory JVM setting"
type: "str"
keycloak_quarkus_java_jvm_opts:
default: >
-XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.err.encoding=UTF-8
-Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC
-XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:FlightRecorderOptions=stackdepth=512
description: "Other JVM settings"
type: "str"
keycloak_quarkus_java_opts:
default: "{{ keycloak_quarkus_java_heap_opts + ' ' + keycloak_quarkus_java_jvm_opts }}"
description: "JVM arguments, by default heap_opts + jvm_opts, if overriden it takes precedence over them"
type: "str"
keycloak_quarkus_ha_enabled:
default: false
description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
type: "bool"
keycloak_quarkus_ha_discovery:
default: "TCPPING"
description: "Discovery protocol for HA cluster members"
type: "str"
keycloak_quarkus_db_enabled:
default: "{{ True if keycloak_quarkus_ha_enabled else False }}"
description: "Enable auto configuration for database backend"
type: "str"
keycloak_quarkus_http_relative_path:
required: false
default: /
description: "Set the path relative to / for serving resources. The path must start with a /"
type: "str"
keycloak_quarkus_frontend_url:
required: false
description: "Service public URL"
type: "str"
keycloak_quarkus_admin_url:
required: false
description: "Service URL for the admin console"
type: "str"
keycloak_quarkus_metrics_enabled:
default: false
description: "Whether to enable metrics"
type: "bool"
keycloak_quarkus_health_enabled:
default: true
description: "If the server should expose health check endpoints"
type: "bool"
keycloak_quarkus_ispn_user:
default: "supervisor"
description: "Username for connecting to infinispan"
type: "str"
keycloak_quarkus_ispn_pass:
default: "supervisor"
description: "Password for connecting to infinispan"
type: "str"
keycloak_quarkus_ispn_hosts:
default: "localhost:11222"
description: "host name/port for connecting to infinispan, eg. host1:11222;host2:11222"
type: "str"
keycloak_quarkus_ispn_sasl_mechanism:
default: "SCRAM-SHA-512"
description: "Infinispan auth mechanism"
type: "str"
keycloak_quarkus_ispn_use_ssl:
default: false
description: "Whether infinispan uses TLS connection"
type: "bool"
keycloak_quarkus_ispn_trust_store_path:
default: "/etc/pki/java/cacerts"
description: "Path to infinispan server trust certificate"
type: "str"
keycloak_quarkus_ispn_trust_store_password:
default: "changeit"
description: "Password for infinispan certificate keystore"
type: "str"
keycloak_quarkus_jdbc_engine:
default: "postgres"
description: "Database engine [mariadb,postres,mssql]"
type: "str"
keycloak_quarkus_db_user:
default: "keycloak-user"
description: "User for database connection"
type: "str"
keycloak_quarkus_db_pass:
default: "keycloak-pass"
description: "Password for database connection"
type: "str"
keycloak_quarkus_jdbc_url:
default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].url }}"
description: "JDBC URL for connecting to database"
type: "str"
keycloak_quarkus_jdbc_driver_version:
default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].version }}"
description: "Version for JDBC driver"
type: "str"
keycloak_quarkus_log:
default: "file"
type: "str"
description: "Enable one or more log handlers in a comma-separated list"
keycloak_quarkus_log_level:
default: "info"
type: "str"
description: "The log level of the root category or a comma-separated list of individual categories and their levels"
keycloak_quarkus_log_file:
default: "data/log/keycloak.log"
type: "str"
description: "Set the log file path and filename relative to keycloak home"
keycloak_quarkus_log_format:
default: '%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
type: "str"
description: "Set a format specific to file log entries"
keycloak_quarkus_log_target:
default: '/var/log/keycloak'
type: "str"
description: "Set the destination of the keycloak log folder link"
keycloak_quarkus_log_max_file_size:
default: 10M
type: "str"
description: >
Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular
expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes.
keycloak_quarkus_log_max_backup_index:
default: 10
type: "str"
description: "Set the maximum number of archived log files to keep"
keycloak_quarkus_log_file_suffix:
default: '.yyyy-MM-dd.zip'
type: "str"
description: >
Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix. Note: If the suffix ends
with .zip or .gz, the rotation file will also be compressed.
keycloak_quarkus_proxy_mode:
default: 'edge'
type: "str"
description: "The proxy address forwarding mode if the server is behind a reverse proxy. Set to 'none' if not using a proxy"
keycloak_quarkus_proxy_headers:
default: ""
type: "str"
description: "Parse reverse proxy headers (`forwarded` or `xforwarded`), overrides the deprecated keycloak_quarkus_proxy_mode argument"
keycloak_quarkus_start_dev:
default: false
type: "bool"
description: "Whether to start the service in development mode (start-dev)"
keycloak_quarkus_transaction_xa_enabled:
default: true
type: "bool"
description: "Enable or disable XA transactions which may not be supported by some DBMS"
keycloak_quarkus_hostname_strict:
default: true
type: "bool"
description: >
Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless
proxy verifies the Host header.
keycloak_quarkus_hostname_strict_backchannel:
default: false
type: "bool"
description: >
By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all
applications use the public URL this option should be enabled.
keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route:
default: true
type: "bool"
description: >
If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies
and we rely on the session affinity capabilities from reverse proxy
downstream:
options:
rhbk_version:
default: "22.0.10"
description: "Red Hat Build of Keycloak version"
type: "str"
rhbk_archive:
default: "rhbk-{{ rhbk_version }}.zip"
description: "Red Hat Build of Keycloak install archive filename"
type: "str"
rhbk_dest:
default: "/opt/rhbk"
description: "Root installation directory"
type: "str"
rhbk_installdir:
default: "{{ rhbk_dest }}/rhbk-{{ rhbk_version }}"
description: "Installation path for Red Hat Build of Keycloak"
type: "str"
rhbk_apply_patches:
default: false
description: "Install Red Hat Build of Keycloak most recent cumulative patch"
type: "bool"
rhbk_enable:
default: true
description: "Enable Red Hat Build of Keycloak installation"
type: "bool"
rhbk_offline_install:
default: false
description: "Perform an offline install"
type: "bool"
rhbk_service_name:
default: "rhbk"
description: "systemd service name for Red Hat Build of Keycloak"
type: "str"
rhbk_service_desc:
default: "Red Hat Build of Keycloak"
description: "systemd description for Red Hat Build of Keycloak"
type: "str"
rhbk_patch_version:
required: false
description: "Red Hat Build of Keycloak latest cumulative patch version to apply; defaults to latest version when rhbk_apply_patches is True"
type: "str"
rhbk_patch_bundle:
default: "rhbk-{{ rhbk_patch_version | default('[0-9]+[.][0-9]+[.][0-9]+') }}-patch.zip"
description: "Red Hat Build of Keycloak patch archive filename"
type: "str"
rhbk_product_category:
default: "rhbk"
description: "JBossNetwork API category for Red Hat Build of Keycloak"
type: "str"
Reference in a new issue View git blame Copy permalink