2022-02-08 15:28:17 +00:00
|
|
|
argument_specs:
|
|
|
|
main:
|
|
|
|
options:
|
|
|
|
keycloak_version:
|
|
|
|
# line 3 of keycloak/defaults/main.yml
|
|
|
|
default: "15.0.2"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "keycloak.org package version"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_archive:
|
|
|
|
# line 4 of keycloak/defaults/main.yml
|
|
|
|
default: "keycloak-{{ keycloak_version }}.zip"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "keycloak install archive filename"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
2022-03-11 13:44:19 +00:00
|
|
|
keycloak_configure_firewalld:
|
|
|
|
# line 33 of keycloak/defaults/main.yml
|
|
|
|
default: false
|
|
|
|
description: "Ensure firewalld is running and configure keycloak ports"
|
|
|
|
type: "bool"
|
2022-02-08 15:28:17 +00:00
|
|
|
keycloak_download_url:
|
|
|
|
# line 5 of keycloak/defaults/main.yml
|
|
|
|
default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Download URL for keycloak"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_download_url_9x:
|
|
|
|
# line 6 of keycloak/defaults/main.yml
|
|
|
|
default: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Download URL for keycloak (deprecated)"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_installdir:
|
|
|
|
# line 7 of keycloak/defaults/main.yml
|
|
|
|
default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Installation path"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_offline_install:
|
|
|
|
# line 20 of keycloak/defaults/main.yml
|
|
|
|
default: false
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Perform an offline install"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "bool"
|
2022-03-24 16:00:30 +00:00
|
|
|
keycloak_jvm_package:
|
2022-02-08 15:28:17 +00:00
|
|
|
# line 23 of keycloak/defaults/main.yml
|
2022-05-09 13:57:12 +00:00
|
|
|
default: "java-1.8.0-openjdk-headless"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "RHEL java package runtime rpm"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
2022-04-28 09:33:23 +00:00
|
|
|
keycloak_java_home:
|
|
|
|
description: "JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path"
|
|
|
|
type: "str"
|
2022-02-08 15:28:17 +00:00
|
|
|
keycloak_dest:
|
|
|
|
# line 24 of keycloak/defaults/main.yml
|
|
|
|
default: "/opt/keycloak"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Root installation directory"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_jboss_home:
|
|
|
|
# line 25 of keycloak/defaults/main.yml
|
|
|
|
default: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Installation work directory"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_config_dir:
|
|
|
|
# line 26 of keycloak/defaults/main.yml
|
|
|
|
default: "{{ keycloak_jboss_home }}/standalone/configuration"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Path for configuration"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_config_standalone_xml:
|
|
|
|
# line 27 of keycloak/defaults/main.yml
|
|
|
|
default: "keycloak.xml"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Service configuration filename"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_config_path_to_standalone_xml:
|
|
|
|
# line 28 of keycloak/defaults/main.yml
|
|
|
|
default: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Custom path for configuration"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
2022-04-12 10:07:06 +00:00
|
|
|
keycloak_config_override_template:
|
|
|
|
# line 30 of keycloak/defaults/main.yml
|
|
|
|
default: ""
|
|
|
|
description: "Path to custom template for standalone.xml configuration"
|
|
|
|
type: "str"
|
2022-02-08 15:28:17 +00:00
|
|
|
keycloak_service_user:
|
|
|
|
# line 29 of keycloak/defaults/main.yml
|
|
|
|
default: "keycloak"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "posix account username"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_service_group:
|
|
|
|
# line 30 of keycloak/defaults/main.yml
|
|
|
|
default: "keycloak"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "posix account group"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_service_pidfile:
|
|
|
|
# line 31 of keycloak/defaults/main.yml
|
|
|
|
default: "/run/keycloak.pid"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "PID file path for service"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_bind_address:
|
|
|
|
# line 34 of keycloak/defaults/main.yml
|
|
|
|
default: "0.0.0.0"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Address for binding service ports"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_host:
|
|
|
|
# line 35 of keycloak/defaults/main.yml
|
|
|
|
default: "localhost"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Hostname for service"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_http_port:
|
|
|
|
# line 36 of keycloak/defaults/main.yml
|
|
|
|
default: 8080
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Listening HTTP port"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "int"
|
|
|
|
keycloak_https_port:
|
|
|
|
# line 37 of keycloak/defaults/main.yml
|
|
|
|
default: 8443
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Listening HTTPS port"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "int"
|
|
|
|
keycloak_ajp_port:
|
|
|
|
# line 38 of keycloak/defaults/main.yml
|
|
|
|
default: 8009
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Listening AJP port"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "int"
|
|
|
|
keycloak_jgroups_port:
|
|
|
|
# line 39 of keycloak/defaults/main.yml
|
|
|
|
default: 7600
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "jgroups cluster tcp port"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "int"
|
|
|
|
keycloak_management_http_port:
|
|
|
|
# line 40 of keycloak/defaults/main.yml
|
|
|
|
default: 9990
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Management port (http)"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "int"
|
|
|
|
keycloak_management_https_port:
|
|
|
|
# line 41 of keycloak/defaults/main.yml
|
|
|
|
default: 9993
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Management port (https)"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "int"
|
|
|
|
keycloak_java_opts:
|
|
|
|
# line 42 of keycloak/defaults/main.yml
|
|
|
|
default: "-Xms1024m -Xmx2048m"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Additional JVM options"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_prefer_ipv4:
|
|
|
|
# line 43 of keycloak/defaults/main.yml
|
|
|
|
default: true
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Prefer IPv4 stack and addresses for port binding"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "bool"
|
|
|
|
keycloak_ha_enabled:
|
|
|
|
# line 46 of keycloak/defaults/main.yml
|
|
|
|
default: false
|
2022-02-08 15:46:18 +00:00
|
|
|
description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "bool"
|
|
|
|
keycloak_db_enabled:
|
|
|
|
# line 48 of keycloak/defaults/main.yml
|
|
|
|
default: "{{ True if keycloak_ha_enabled else False }}"
|
2022-02-08 15:46:18 +00:00
|
|
|
description: "Enable auto configuration for database backend"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_admin_user:
|
|
|
|
# line 51 of keycloak/defaults/main.yml
|
|
|
|
default: "admin"
|
2022-02-08 15:46:18 +00:00
|
|
|
description: "Administration console user account"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_auth_realm:
|
|
|
|
# line 52 of keycloak/defaults/main.yml
|
|
|
|
default: "master"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Name for rest authentication realm"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_auth_client:
|
|
|
|
# line 53 of keycloak/defaults/main.yml
|
|
|
|
default: "admin-cli"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Authentication client for configuration REST calls"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_force_install:
|
|
|
|
# line 55 of keycloak/defaults/main.yml
|
|
|
|
default: false
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Remove pre-existing versions of service"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "bool"
|
|
|
|
keycloak_modcluster_url:
|
|
|
|
# line 58 of keycloak/defaults/main.yml
|
|
|
|
default: "localhost"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "URL for the modcluster reverse proxy"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_frontend_url:
|
|
|
|
# line 59 of keycloak/defaults/main.yml
|
|
|
|
default: "http://localhost"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Frontend URL for keycloak endpoints when a reverse proxy is used"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
2022-09-19 13:42:01 +00:00
|
|
|
keycloak_infinispan_user:
|
2022-02-08 15:28:17 +00:00
|
|
|
# line 62 of keycloak/defaults/main.yml
|
|
|
|
default: "supervisor"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Username for connecting to infinispan"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
2022-09-19 13:42:01 +00:00
|
|
|
keycloak_infinispan_pass:
|
2022-02-08 15:28:17 +00:00
|
|
|
# line 63 of keycloak/defaults/main.yml
|
|
|
|
default: "supervisor"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Password for connecting to infinispan"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
2022-09-19 13:42:01 +00:00
|
|
|
keycloak_infinispan_url:
|
2022-02-08 15:28:17 +00:00
|
|
|
# line 64 of keycloak/defaults/main.yml
|
|
|
|
default: "localhost"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "URL for the infinispan remote-cache server"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
2022-09-19 13:42:01 +00:00
|
|
|
keycloak_infinispan_sasl_mechanism:
|
2022-02-08 15:28:17 +00:00
|
|
|
# line 65 of keycloak/defaults/main.yml
|
|
|
|
default: "SCRAM-SHA-512"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Authentication type to infinispan server"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
2022-09-19 13:42:01 +00:00
|
|
|
keycloak_infinispan_use_ssl:
|
2022-02-08 15:28:17 +00:00
|
|
|
# line 66 of keycloak/defaults/main.yml
|
|
|
|
default: false
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Enable hotrod client TLS communication"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "bool"
|
2022-09-19 13:42:01 +00:00
|
|
|
keycloak_infinispan_trust_store_path:
|
2022-02-08 15:28:17 +00:00
|
|
|
# line 68 of keycloak/defaults/main.yml
|
|
|
|
default: "/etc/pki/java/cacerts"
|
|
|
|
description: "TODO document argument"
|
|
|
|
type: "str"
|
2022-09-19 13:42:01 +00:00
|
|
|
keycloak_infinispan_trust_store_password:
|
2022-02-08 15:28:17 +00:00
|
|
|
# line 69 of keycloak/defaults/main.yml
|
|
|
|
default: "changeit"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Path to truststore containing infinispan server certificate"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_jdbc_engine:
|
|
|
|
# line 72 of keycloak/defaults/main.yml
|
|
|
|
default: "postgres"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Backend database flavour when db is enabled: [ postgres, mariadb ]"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_db_user:
|
|
|
|
# line 74 of keycloak/defaults/main.yml
|
|
|
|
default: "keycloak-user"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Username for connecting to database"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_db_pass:
|
|
|
|
# line 75 of keycloak/defaults/main.yml
|
|
|
|
default: "keycloak-pass"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Password for connecting to database"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_jdbc_url:
|
|
|
|
# line 76 of keycloak/defaults/main.yml
|
|
|
|
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "URL for connecting to backend database"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_jdbc_driver_version:
|
|
|
|
# line 77 of keycloak/defaults/main.yml
|
|
|
|
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Version for the JDBC driver to download"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_admin_password:
|
|
|
|
# line 4 of keycloak/vars/main.yml
|
|
|
|
required: true
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "Password for the administration console user account"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_url:
|
|
|
|
# line 12 of keycloak/vars/main.yml
|
|
|
|
default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "URL for configuration rest calls"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
|
|
|
keycloak_management_url:
|
|
|
|
# line 13 of keycloak/vars/main.yml
|
|
|
|
default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
|
2022-02-09 10:19:49 +00:00
|
|
|
description: "URL for management console rest calls"
|
2022-02-08 15:28:17 +00:00
|
|
|
type: "str"
|
2022-09-19 13:42:01 +00:00
|
|
|
downstream:
|
|
|
|
options:
|
|
|
|
sso_version:
|
|
|
|
default: "7.5.0"
|
|
|
|
description: "Red Hat Single Sign-On version"
|
|
|
|
type: "str"
|
|
|
|
sso_rhn_id:
|
|
|
|
default: "{{ sso_rhn_ids[keycloak_version].id }}"
|
|
|
|
description: "Customer Portal product ID for Red Hat SSO"
|
|
|
|
type: "str"
|
|
|
|
sso_archive:
|
|
|
|
default: "rh-sso-{{ keycloak_version }}-server-dist.zip"
|
|
|
|
description: "Red Hat SSO install archive filename"
|
|
|
|
type: "str"
|
|
|
|
sso_dest:
|
|
|
|
default: "/opt/sso"
|
|
|
|
description: "Root installation directory"
|
|
|
|
type: "str"
|
|
|
|
sso_installdir:
|
|
|
|
default: "{{ keycloak_dest }}/rh-sso-{{ keycloak_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}"
|
|
|
|
description: "Installation path for Red Hat SSO"
|
|
|
|
type: "str"
|
|
|
|
sso_rhn_url:
|
|
|
|
default: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId='
|
|
|
|
description: "Base download URI for customer portal"
|
|
|
|
type: "str"
|
|
|
|
sso_download_url:
|
|
|
|
default: "{{ sso_rhn_url }}{{ sso_rhn_id }}"
|
|
|
|
description: "Full download URI for Red Hat SSO"
|
|
|
|
type: "str"
|
|
|
|
sso_apply_patches:
|
|
|
|
default: False
|
|
|
|
description: "Install Red Hat SSO most recent cumulative patch"
|
|
|
|
type: "bool"
|
|
|
|
sso_enable:
|
|
|
|
default: True
|
|
|
|
description: "Enable Red Hat Single Sign-on installation"
|
|
|
|
type: "str"
|
|
|
|
sso_offline_install:
|
|
|
|
default: True
|
|
|
|
description: "Perform an offline install"
|
|
|
|
type: "bool"
|