ansible-keycloak/roles/keycloak/defaults/main.yml

---
### Configuration specific to keycloak
keycloak_version: 9.0.2
keycloak_archive: keycloak-{{ keycloak_version }}.zip
keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}
keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"

### Configuration specific to Red Hat Single Sing-On
keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined  or rhsso_source_download_url is defined else False }}"
keycloak_rhsso_version: 7.5
keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip
keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}"
keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId='

### Install location and service settings
jvm_package: java-1.8.0-openjdk-devel
keycloak_dest: /opt/keycloak
keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined else keycloak_installdir }}"
keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"

keycloak_config_standalone_xml: "keycloak.xml"
keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"

keycloak_service_user: keycloak
keycloak_service_group: keycloak
keycloak_service_pidfile: "/run/keycloak.pid"
keycloak_service_logfile: "{{ keycloak_dest }}/keycloak.log"

### Keycloak configuration settings
keycloak_bind_address: 0.0.0.0
keycloak_host: localhost
keycloak_http_port: 8080
keycloak_https_port: 8443
keycloak_management_http_port: 9990
keycloak_management_https_port: 9993
keycloak_java_opts: "-Xms1024m -Xmx2048m"
keycloak_prefer_ipv4: True

### Enable configuration for database backend, clustering and remote caches on infinispan
keycloak_ha_enabled: False
### Enable database configuration, must be enabled when HA is configured
keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}"

### Keycloak administration console user
keycloak_admin_user: admin
keycloak_auth_realm: master
keycloak_auth_client: admin-cli

keycloak_force_install: False

### mod_cluster reverse proxy
keycloak_modcluster_url: localhost

### infinispan remote caches access (hotrod)
infinispan_user: supervisor
infinispan_pass: supervisor
infinispan_url: localhost
infinispan_sasl_mechanism: SCRAM-SHA-512
infinispan_use_ssl: False
# if ssl is enabled, import ispn server certificate here
infinispan_trust_store_path: /etc/pki/java/cacerts
infinispan_trust_store_password: changeit

### database backend engine: values [ 'postgres', 'mariadb' ]
keycloak_jdbc_engine: postgres
### database backend credentials
keycloak_db_user: keycloak-user
keycloak_db_pass: keycloak-pass
keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
# override the variables above, following defaults show minimum supported versions
keycloak_default_jdbc:
  postgres:
    url: 'jdbc:postgresql://localhost:5432/keycloak'
    version: 9.4.1212
  mariadb:
    url: 'jdbc:mariadb://localhost:3306/keycloak'
    version: 2.7.4
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`---`
			`### Configuration specific to keycloak`
			`keycloak_version: 9.0.2`
			`keycloak_archive: keycloak-{{ keycloak_version }}.zip`
			`keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}`
			`keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"`

			`### Configuration specific to Red Hat Single Sing-On`
Download source via url 2022-01-12 15:13:53 +00:00			`keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined else False }}"`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`keycloak_rhsso_version: 7.5`
			`keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip`
			`keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}"`
fix incorrect rhn download url 2021-12-15 12:55:41 +00:00			`keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId='`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00
			`### Install location and service settings`
JVM as variable, name all tasks, update README 2022-01-04 15:01:37 +00:00			`jvm_package: java-1.8.0-openjdk-devel`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`keycloak_dest: /opt/keycloak`
Download source via url 2022-01-12 15:13:53 +00:00			`keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined or rhsso_zip_file_local_path is defined or rhsso_source_download_url is defined else keycloak_installdir }}"`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"`
Allow to change default standalone.xml path and name 2021-12-30 15:22:41 +00:00
			`keycloak_config_standalone_xml: "keycloak.xml"`
			`keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"`

Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`keycloak_service_user: keycloak`
			`keycloak_service_group: keycloak`
Run as root or systemd wont accept the pidfile 2021-12-14 15:20:26 +00:00			`keycloak_service_pidfile: "/run/keycloak.pid"`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`keycloak_service_logfile: "{{ keycloak_dest }}/keycloak.log"`

			`### Keycloak configuration settings`
			`keycloak_bind_address: 0.0.0.0`
			`keycloak_host: localhost`
			`keycloak_http_port: 8080`
			`keycloak_https_port: 8443`
			`keycloak_management_http_port: 9990`
			`keycloak_management_https_port: 9993`
Template preferIPv4Stack, add health check after handler 2022-01-10 16:37:14 +00:00			`keycloak_java_opts: "-Xms1024m -Xmx2048m"`
			`keycloak_prefer_ipv4: True`
Variables polish pass 2021-12-22 07:49:55 +00:00
			`### Enable configuration for database backend, clustering and remote caches on infinispan`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`keycloak_ha_enabled: False`
Variables polish pass 2021-12-22 07:49:55 +00:00			`### Enable database configuration, must be enabled when HA is configured`
Enable db by default when ha is enabled 2021-12-20 14:55:05 +00:00			`keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}"`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00
Variables polish pass 2021-12-22 07:49:55 +00:00			`### Keycloak administration console user`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`keycloak_admin_user: admin`
			`keycloak_auth_realm: master`
			`keycloak_auth_client: admin-cli`

			`keycloak_force_install: False`

Variables polish pass 2021-12-22 07:49:55 +00:00			`### mod_cluster reverse proxy`
			`keycloak_modcluster_url: localhost`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00
Add configuration for hotrod TLS 2022-01-04 13:30:28 +00:00			`### infinispan remote caches access (hotrod)`
Variables polish pass 2021-12-22 07:49:55 +00:00			`infinispan_user: supervisor`
			`infinispan_pass: supervisor`
			`infinispan_url: localhost`
Add configuration for hotrod TLS 2022-01-04 13:30:28 +00:00			`infinispan_sasl_mechanism: SCRAM-SHA-512`
			`infinispan_use_ssl: False`
			`# if ssl is enabled, import ispn server certificate here`
			`infinispan_trust_store_path: /etc/pki/java/cacerts`
			`infinispan_trust_store_password: changeit`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00
Variables polish pass 2021-12-22 07:49:55 +00:00			`### database backend engine: values [ 'postgres', 'mariadb' ]`
Add mariadb default, add config validation 2021-12-17 13:56:28 +00:00			`keycloak_jdbc_engine: postgres`
Variables polish pass 2021-12-22 07:49:55 +00:00			`### database backend credentials`
Parametrize jdbc driver version 2022-01-05 12:53:29 +00:00			`keycloak_db_user: keycloak-user`
			`keycloak_db_pass: keycloak-pass`
			`keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"`
			`keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"`
			`# override the variables above, following defaults show minimum supported versions`
			`keycloak_default_jdbc:`
			`postgres:`
			`url: 'jdbc:postgresql://localhost:5432/keycloak'`
			`version: 9.4.1212`
			`mariadb:`
			`url: 'jdbc:mariadb://localhost:3306/keycloak'`
			`version: 2.7.4`