mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2025-04-05 10:20:27 -07:00
| .. | ||
| defaults | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| vars | ||
| README.md | ||
keycloak_quarkus
Install keycloak >= 20.0.0 (quarkus) server configurations.
Role Defaults
- Installation options
| Variable | Description | Default |
|---|---|---|
keycloak_quarkus_version |
keycloak.org package version | 23.0.7 |
- Service configuration
| Variable | Description | Default |
|---|---|---|
keycloak_quarkus_ha_enabled |
Enable auto configuration for database backend, clustering and remote caches on infinispan | False |
keycloak_quarkus_ha_discovery |
Discovery protocol for HA cluster members | TCPPING |
keycloak_quarkus_db_enabled |
Enable auto configuration for database backend | True if keycloak_quarkus_ha_enabled is True, else False |
keycloak_quarkus_admin_user |
Administration console user account | admin |
keycloak_quarkus_bind_address |
Address for binding service ports | 0.0.0.0 |
keycloak_quarkus_host |
Hostname for the Keycloak server | localhost |
keycloak_quarkus_port |
The port used by the proxy when exposing the hostname | -1 |
keycloak_quarkus_path |
This should be set if proxy uses a different context-path for Keycloak | |
keycloak_quarkus_http_port |
HTTP listening port | 8080 |
keycloak_quarkus_https_port |
TLS HTTP listening port | 8443 |
keycloak_quarkus_ajp_port |
AJP port | 8009 |
keycloak_quarkus_jgroups_port |
jgroups cluster tcp port | 7800 |
keycloak_quarkus_service_user |
Posix account username | keycloak |
keycloak_quarkus_service_group |
Posix account group | keycloak |
keycloak_quarkus_service_restart_always |
systemd restart always behavior activation | False |
keycloak_quarkus_service_restart_on_failure |
systemd restart on-failure behavior activation | False |
keycloak_quarkus_service_restartsec |
systemd RestartSec | 10s |
keycloak_quarkus_service_pidfile |
Pid file path for service | /run/keycloak.pid |
keycloak_quarkus_jvm_package |
RHEL java package runtime | java-17-openjdk-headless |
keycloak_quarkus_java_home |
JAVA_HOME of installed JRE, leave empty for using specified keycloak_quarkus_jvm_package RPM path | None |
keycloak_quarkus_java_opts |
Heap memory JVM setting | -Xms1024m -Xmx2048m |
keycloak_quarkus_java_jvm_opts |
Other JVM settings | same as keycloak |
keycloak_quarkus_java_opts |
JVM arguments; if overriden, it takes precedence over keycloak_quarkus_java_* |
{{ keycloak_quarkus_java_heap_opts + ' ' + keycloak_quarkus_java_jvm_opts }} |
keycloak_quarkus_frontend_url |
Set the base URL for frontend URLs, including scheme, host, port and path | |
keycloak_quarkus_admin_url |
Set the base URL for accessing the administration console, including scheme, host, port and path | |
keycloak_quarkus_http_relative_path |
Set the path relative to / for serving resources. The path must start with a / | / |
keycloak_quarkus_http_enabled |
Enable listener on HTTP port | True |
keycloak_quarkus_https_key_file_enabled |
Enable listener on HTTPS port | False |
keycloak_quarkus_key_file |
The file path to a private key in PEM format | {{ keycloak.home }}/conf/server.key.pem |
keycloak_quarkus_cert_file |
The file path to a server certificate or certificate chain in PEM format | {{ keycloak.home }}/conf/server.crt.pem |
keycloak_quarkus_https_key_store_enabled |
Enable configuration of HTTPS via a key store | False |
keycloak_quarkus_key_store_file |
The file pat to the key store | {{ keycloak.home }}/conf/key_store.p12 |
keycloak_quarkus_key_store_password |
Password for the key store | "" |
keycloak_quarkus_https_trust_store_enabled |
Enalbe confiugration of a trust store | False |
keycloak_quarkus_trust_store_file |
The file pat to the trust store | {{ keycloak.home }}/conf/trust_store.p12 |
keycloak_quarkus_trust_store_password |
Password for the trust store | "" |
keycloak_quarkus_proxy_headers |
Parse reverse proxy headers (forwarded or xforwardedPassword) |
"" |
- Hostname configuration
| Variable | Description | Default |
|---|---|---|
keycloak_quarkus_http_relative_path |
Set the path relative to / for serving resources. The path must start with a / | / |
keycloak_quarkus_hostname_strict |
Disables dynamically resolving the hostname from request headers | true |
keycloak_quarkus_hostname_strict_backchannel |
By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all applications use the public URL this option should be enabled. | false |
- Database configuration
| Variable | Description | Default |
|---|---|---|
keycloak_quarkus_jdbc_engine |
Database engine [mariadb,postres,mssql] | postgres |
keycloak_quarkus_db_user |
User for database connection | keycloak-user |
keycloak_quarkus_db_pass |
Password for database connection | keycloak-pass |
keycloak_quarkus_jdbc_url |
JDBC URL for connecting to database | jdbc:postgresql://localhost:5432/keycloak |
keycloak_quarkus_jdbc_driver_version |
Version for JDBC driver | 9.4.1212 |
- Remote caches configuration
| Variable | Description | Default |
|---|---|---|
keycloak_quarkus_ispn_user |
Username for connecting to infinispan | supervisor |
keycloak_quarkus_ispn_pass |
Password for connecting to infinispan | supervisor |
keycloak_quarkus_ispn_hosts |
host name/port for connecting to infinispan, eg. host1:11222;host2:11222 | localhost:11222 |
keycloak_quarkus_ispn_sasl_mechanism |
Infinispan auth mechanism | SCRAM-SHA-512 |
keycloak_quarkus_ispn_use_ssl |
Whether infinispan uses TLS connection | false |
keycloak_quarkus_ispn_trust_store_path |
Path to infinispan server trust certificate | /etc/pki/java/cacerts |
keycloak_quarkus_ispn_trust_store_password |
Password for infinispan certificate keystore | changeit |
- Install options
| Variable | Description | Default |
|---|---|---|
keycloak_quarkus_offline_install |
Perform an offline install | False |
keycloak_quarkus_version |
keycloak.org package version | 23.0.7 |
keycloak_quarkus_dest |
Installation root path | /opt/keycloak |
keycloak_quarkus_download_url |
Download URL for keycloak | https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }} |
keycloak_quarkus_configure_firewalld |
Ensure firewalld is running and configure keycloak ports | False |
- Miscellaneous configuration
| Variable | Description | Default |
|---|---|---|
keycloak_quarkus_metrics_enabled |
Whether to enable metrics | False |
keycloak_quarkus_health_enabled |
If the server should expose health check endpoints | True |
keycloak_quarkus_archive |
keycloak install archive filename | keycloak-{{ keycloak_quarkus_version }}.zip |
keycloak_quarkus_installdir |
Installation path | {{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }} |
keycloak_quarkus_home |
Installation work directory | {{ keycloak_quarkus_installdir }} |
keycloak_quarkus_config_dir |
Path for configuration | {{ keycloak_quarkus_home }}/conf |
keycloak_quarkus_master_realm |
Name for rest authentication realm | master |
keycloak_auth_client |
Authentication client for configuration REST calls | admin-cli |
keycloak_force_install |
Remove pre-existing versions of service | False |
keycloak_url |
URL for configuration rest calls | http://{{ keycloak_quarkus_host }}:{{ keycloak_http_port }} |
keycloak_quarkus_log |
Enable one or more log handlers in a comma-separated list | file |
keycloak_quarkus_log_level |
The log level of the root category or a comma-separated list of individual categories and their levels | info |
keycloak_quarkus_log_file |
Set the log file path and filename relative to keycloak home | data/log/keycloak.log |
keycloak_quarkus_log_format |
Set a format specific to file log entries | %d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n |
keycloak_quarkus_log_target |
Set the destination of the keycloak log folder link | /var/log/keycloak |
keycloak_quarkus_log_max_file_size |
Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes. |
10M |
keycloak_quarkus_log_max_backup_index |
Set the maximum number of archived log files to keep" | 10 |
keycloak_quarkus_log_file_suffix |
Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix; Note: If the suffix ends with .zip or .gz, the rotation file will also be compressed. |
.yyyy-MM-dd.zip |
keycloak_quarkus_proxy_mode |
The proxy address forwarding mode if the server is behind a reverse proxy | edge |
keycloak_quarkus_start_dev |
Whether to start the service in development mode (start-dev) | False |
keycloak_quarkus_transaction_xa_enabled |
Whether to use XA transactions | True |
keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route |
If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy | True |
Role Variables
| Variable | Description | Required |
|---|---|---|
keycloak_quarkus_admin_pass |
Password of console admin account | yes |
keycloak_quarkus_frontend_url |
Base URL for frontend URLs, including scheme, host, port and path | no |
keycloak_quarkus_admin_url |
Base URL for accessing the administration console, including scheme, host, port and path | no |
License
Apache License 2.0