Add configuration for hotrod TLS
Guido Grazioli
parent
5eba1c12e4
commit
15d3411f45
|
|
@ -24,7 +24,7 @@ Role Defaults
|
|||
|`keycloak_https_port`| TLS HTTP port | `8443`
|
||||
|`keycloak_management_http_port`| management port | `9990`
|
||||
|`keycloak_management_https_port`| TLS management port | `9993`
|
||||
|`keycloak_java_opts`| | `-Xms1024m -Xmx20480m -XX:MaxPermSize=768m`
|
||||
|`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx20480m -XX:MaxPermSize=768m`
|
||||
|
||||
|
||||
Role Variables
|
||||
|
|
@ -46,6 +46,10 @@ The following variables are _required_ only when keycloak_ha_enabled is True:
|
|||
|`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
|
||||
|`infinispan_user` | username for connecting to infinispan | `supervisor` |
|
||||
|`infinispan_pass` | password for connecting to infinispan | `supervisor` |
|
||||
|`infinispan_sasl_mechanism`| Authentication type | `SCRAM-SHA-512` |
|
||||
|`infinispan_use_ssl`| Enable hotrod TLS communication | `False` |
|
||||
|`infinispan_trust_store_path`| Path to truststore with infinispan server certificate | `/etc/pki/java/cacerts` |
|
||||
|`infinispan_trust_store_password`| Password for opening truststore | `changeit` |
|
||||
|
||||
|
||||
The following variables are _required_ only when keycloak_db_enabled is True and keycloak_jdbc_engine is postgres:
|
||||
|
|
|
|||
|
|
@ -49,10 +49,15 @@ keycloak_force_install: False
|
|||
### mod_cluster reverse proxy
|
||||
keycloak_modcluster_url: localhost
|
||||
|
||||
### infinispan remote caches access
|
||||
### infinispan remote caches access (hotrod)
|
||||
infinispan_user: supervisor
|
||||
infinispan_pass: supervisor
|
||||
infinispan_url: localhost
|
||||
infinispan_sasl_mechanism: SCRAM-SHA-512
|
||||
infinispan_use_ssl: False
|
||||
# if ssl is enabled, import ispn server certificate here
|
||||
infinispan_trust_store_path: /etc/pki/java/cacerts
|
||||
infinispan_trust_store_password: changeit
|
||||
|
||||
### database backend engine: values [ 'postgres', 'mariadb' ]
|
||||
keycloak_jdbc_engine: postgres
|
||||
|
|
|
|||
|
|
@ -405,6 +405,7 @@
|
|||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
|
||||
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
|
||||
</remote-store>
|
||||
</distributed-cache>
|
||||
{% endfor %}
|
||||
|
|
@ -428,6 +429,7 @@
|
|||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
|
||||
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
|
||||
</remote-store>
|
||||
</replicated-cache>
|
||||
<local-cache name="authorization">
|
||||
|
|
|
|||
|
|
@ -400,11 +400,12 @@
|
|||
<property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
|
||||
<property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
|
||||
<property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
|
||||
<property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
|
||||
<property name="infinispan.client.hotrod.use_ssl">false</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
|
||||
<property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
|
||||
<property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
|
||||
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
|
||||
</remote-store>
|
||||
</distributed-cache>
|
||||
{% endfor %}
|
||||
|
|
@ -423,11 +424,12 @@
|
|||
<property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
|
||||
<property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
|
||||
<property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
|
||||
<property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
|
||||
<property name="infinispan.client.hotrod.use_ssl">false</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
|
||||
<property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
|
||||
<property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
|
||||
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
|
||||
</remote-store>
|
||||
</replicated-cache>
|
||||
<local-cache name="authorization">
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
---
|
||||
# vars file for keycloak
|
||||
|
||||
# administrator console password, this is a required variable
|
||||
# required variables for keycloak
|
||||
# administrator console password
|
||||
keycloak_admin_password:
|
||||
|
||||
# internal variables below
|
||||
|
||||
# locations
|
||||
keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
|
||||
keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
|
||||
|
|
@ -61,6 +62,8 @@ keycloak_remotecache:
|
|||
username: "{{ infinispan_user }}"
|
||||
password: "{{ infinispan_pass }}"
|
||||
realm: default
|
||||
sasl_mechanism: "{{ infinispan_sasl_mechanism }}"
|
||||
server_name: "{{ infinispan_url }}"
|
||||
trust_store_path: /path/to/jks/keystore
|
||||
trust_store_password: changeme
|
||||
use_ssl: "{{ infinispan_use_ssl }}"
|
||||
trust_store_path: "{{ infinispan_trust_store_path }}"
|
||||
trust_store_password: "{{ infinispan_trust_store_password }}"
|
||||
Loading…
Reference in New Issue