2021-12-14 10:26:42 +00:00
|
|
|
---
|
|
|
|
### Configuration specific to keycloak
|
2022-01-14 09:06:43 +00:00
|
|
|
keycloak_version: 15.0.2
|
2022-01-14 09:29:48 +00:00
|
|
|
keycloak_archive: "keycloak-{{ keycloak_version }}.zip"
|
|
|
|
keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
|
|
|
|
keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
|
2021-12-14 10:26:42 +00:00
|
|
|
keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
|
2022-09-19 14:02:55 +00:00
|
|
|
keycloak_offline_install: False
|
2021-12-14 10:26:42 +00:00
|
|
|
|
|
|
|
### Install location and service settings
|
2022-10-05 12:55:42 +00:00
|
|
|
keycloak_jvm_package: openjdk-17-jdk-headless
|
2022-04-28 09:33:23 +00:00
|
|
|
keycloak_java_home:
|
2021-12-14 10:26:42 +00:00
|
|
|
keycloak_dest: /opt/keycloak
|
2022-09-19 14:02:55 +00:00
|
|
|
keycloak_jboss_home: "{{ keycloak_installdir }}"
|
2021-12-14 10:26:42 +00:00
|
|
|
keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
|
2021-12-30 15:22:41 +00:00
|
|
|
keycloak_config_standalone_xml: "keycloak.xml"
|
|
|
|
keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
|
2022-04-12 10:07:06 +00:00
|
|
|
keycloak_config_override_template: ''
|
2021-12-14 10:26:42 +00:00
|
|
|
keycloak_service_user: keycloak
|
|
|
|
keycloak_service_group: keycloak
|
2021-12-14 15:20:26 +00:00
|
|
|
keycloak_service_pidfile: "/run/keycloak.pid"
|
2022-09-19 14:02:55 +00:00
|
|
|
keycloak_service_name: keycloak
|
|
|
|
keycloak_service_desc: Keycloak
|
|
|
|
|
2022-03-11 13:44:19 +00:00
|
|
|
keycloak_configure_firewalld: False
|
2021-12-14 10:26:42 +00:00
|
|
|
|
2022-03-24 16:44:13 +00:00
|
|
|
### administrator console password
|
|
|
|
keycloak_admin_password: ''
|
|
|
|
|
2022-01-27 11:00:11 +00:00
|
|
|
### Common configuration settings
|
2021-12-14 10:26:42 +00:00
|
|
|
keycloak_bind_address: 0.0.0.0
|
|
|
|
keycloak_host: localhost
|
|
|
|
keycloak_http_port: 8080
|
|
|
|
keycloak_https_port: 8443
|
2022-01-27 13:21:18 +00:00
|
|
|
keycloak_ajp_port: 8009
|
|
|
|
keycloak_jgroups_port: 7600
|
2022-09-28 13:33:30 +00:00
|
|
|
keycloak_management_port_bind_address: 127.0.0.1
|
2021-12-14 10:26:42 +00:00
|
|
|
keycloak_management_http_port: 9990
|
|
|
|
keycloak_management_https_port: 9993
|
2022-01-10 16:37:14 +00:00
|
|
|
keycloak_java_opts: "-Xms1024m -Xmx2048m"
|
|
|
|
keycloak_prefer_ipv4: True
|
2021-12-22 07:49:55 +00:00
|
|
|
|
|
|
|
### Enable configuration for database backend, clustering and remote caches on infinispan
|
2021-12-14 10:26:42 +00:00
|
|
|
keycloak_ha_enabled: False
|
2021-12-22 07:49:55 +00:00
|
|
|
### Enable database configuration, must be enabled when HA is configured
|
2021-12-20 14:55:05 +00:00
|
|
|
keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}"
|
2021-12-14 10:26:42 +00:00
|
|
|
|
2021-12-22 07:49:55 +00:00
|
|
|
### Keycloak administration console user
|
2021-12-14 10:26:42 +00:00
|
|
|
keycloak_admin_user: admin
|
|
|
|
keycloak_auth_realm: master
|
|
|
|
keycloak_auth_client: admin-cli
|
|
|
|
|
|
|
|
keycloak_force_install: False
|
|
|
|
|
2021-12-22 07:49:55 +00:00
|
|
|
### mod_cluster reverse proxy
|
|
|
|
keycloak_modcluster_url: localhost
|
2022-03-24 16:00:30 +00:00
|
|
|
|
|
|
|
### keycloak frontend url
|
|
|
|
keycloak_frontend_url: http://localhost:8080/auth
|
2021-12-14 10:26:42 +00:00
|
|
|
|
2022-01-04 13:30:28 +00:00
|
|
|
### infinispan remote caches access (hotrod)
|
2022-09-19 13:42:01 +00:00
|
|
|
keycloak_infinispan_user: supervisor
|
|
|
|
keycloak_infinispan_pass: supervisor
|
|
|
|
keycloak_infinispan_url: localhost
|
|
|
|
keycloak_infinispan_sasl_mechanism: SCRAM-SHA-512
|
|
|
|
keycloak_infinispan_use_ssl: False
|
2022-01-04 13:30:28 +00:00
|
|
|
# if ssl is enabled, import ispn server certificate here
|
2022-09-19 13:42:01 +00:00
|
|
|
keycloak_infinispan_trust_store_path: /etc/pki/java/cacerts
|
|
|
|
keycloak_infinispan_trust_store_password: changeit
|
2021-12-14 10:26:42 +00:00
|
|
|
|
2021-12-22 07:49:55 +00:00
|
|
|
### database backend engine: values [ 'postgres', 'mariadb' ]
|
2021-12-17 13:56:28 +00:00
|
|
|
keycloak_jdbc_engine: postgres
|
2021-12-22 07:49:55 +00:00
|
|
|
### database backend credentials
|
2022-01-05 12:53:29 +00:00
|
|
|
keycloak_db_user: keycloak-user
|
|
|
|
keycloak_db_pass: keycloak-pass
|
|
|
|
keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
|
|
|
|
keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
|
|
|
|
# override the variables above, following defaults show minimum supported versions
|
|
|
|
keycloak_default_jdbc:
|
|
|
|
postgres:
|
|
|
|
url: 'jdbc:postgresql://localhost:5432/keycloak'
|
|
|
|
version: 9.4.1212
|
|
|
|
mariadb:
|
|
|
|
url: 'jdbc:mariadb://localhost:3306/keycloak'
|
|
|
|
version: 2.7.4
|