guillaume/ansible-keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Variables polish pass

Browse Source
This commit is contained in:
Guido Grazioli 2021-12-22 08:49:55 +01:00
parent 1670ba060e
commit 1ded0a1cfe
3 changed files with 69 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/keycloak/README.md
View File

@ -64,8 +64,8 @@ Dependencies
The roles depends on: The roles depends on:
* the redhat_csp_download role of [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection * the redhat_csp_download role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection
* the jcliff role of [middleware_automation.jcliff](https://github.com/ansible-middleware/ansible_collections_jcliff) collection * the wildfly_driver role from [middleware_automation.jcliff](https://github.com/ansible-middleware/ansible_collections_jcliff) collection
Example Playbook Example Playbook

62
roles/keycloak/defaults/main.yml
View File

@ -3,13 +3,10 @@
keycloak_version: 9.0.2 keycloak_version: 9.0.2
keycloak_archive: keycloak-{{ keycloak_version }}.zip keycloak_archive: keycloak-{{ keycloak_version }}.zip
keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }} keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}
keycloak_local_download_dest: '{{ "~/keycloak_download" | expanduser }}'
keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
### Configuration specific to Red Hat Single Sing-On ### Configuration specific to Red Hat Single Sing-On
keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}" keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}"
keycloak_rhsso_client_adapter_rhn_id: '101951'
keycloak_rhsso_saml_adapter_rhn_id: '101901'
keycloak_rhsso_version: 7.5 keycloak_rhsso_version: 7.5
keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip
keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}" keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}"
@ -32,56 +29,33 @@ keycloak_https_port: 8443
keycloak_management_http_port: 9990 keycloak_management_http_port: 9990
keycloak_management_https_port: 9993 keycloak_management_https_port: 9993
keycloak_java_opts: "-Xms1024m -Xmx20480m -XX:MaxPermSize=768m" keycloak_java_opts: "-Xms1024m -Xmx20480m -XX:MaxPermSize=768m"
keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}" ### Enable configuration for database backend, clustering and remote caches on infinispan
# enable auto configuration for database backend, clustering and remote caches on infinispan
keycloak_ha_enabled: False keycloak_ha_enabled: False
### Enable database configuration, must be enabled when HA is configured
keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}" keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}"
# keycloak administration console user ### Keycloak administration console user
keycloak_admin_user: admin keycloak_admin_user: admin
keycloak_auth_realm: master keycloak_auth_realm: master
keycloak_auth_client: admin-cli keycloak_auth_client: admin-cli
keycloak_force_install: False keycloak_force_install: False
keycloak_modcluster: ### mod_cluster reverse proxy
enabled: "{{ keycloak_ha_enabled }}" keycloak_modcluster_url: localhost
reverse_proxy_url: "{{ keycloak_modcluster_url | default('localhost') }}"
keycloak_remotecache: ### infinispan remote caches access
enabled: "{{ keycloak_ha_enabled }}" infinispan_user: supervisor
username: "{{ infinispan_user | default('supervisor') }}" infinispan_pass: supervisor
password: "{{ infinispan_pass | default('supervisor') }}" infinispan_url: localhost
realm: default
server_name: "{{ infinispan_url | default('localhost') }}"
trust_store_path: /path/to/jks/keystore
trust_store_password: changeme
### database backend engine: values [ 'postgres', 'mariadb' ]
keycloak_jdbc_engine: postgres keycloak_jdbc_engine: postgres
keycloak_jdbc: ### database backend credentials
postgres: postgres_jdbc_url: 'jdbc:postgresql://localhost:5432/keycloak'
enabled: "{{ keycloak_ha_enabled and keycloak_jdbc_engine == 'postgres' }}" postgres_db_user: keycloak-user
driver_class: org.postgresql.Driver postgres_db_pass: keycloak-pass
xa_datasource_class: org.postgresql.xa.PGXADataSource mariadb_jdbc_url: 'jdbc:mariadb://localhost:3306/keycloak'
driver_module_name: "org.postgresql" mariadb_db_user: keycloak-user
driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/postgresql/main" mariadb_db_pass: keycloak-pass
driver_version: 9.4.1212
driver_jar_filename: "postgresql-9.4.1212.jar"
driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/9.4.1212/postgresql-9.4.1212.jar"
connection_url: "{{ postgres_jdbc_url | default('jdbc:postgresql://localhost:5432/keycloak') }}"
db_user: "{{ postgres_db_user | default('keycloak-user') }}"
db_password: "{{ postgres_db_pass | default('keycloak-pass') }}"
mariadb:
enabled: "{{ keycloak_ha_enabled and keycloak_jdbc_engine == 'mariadb' }}"
driver_class: org.mariadb.jdbc.Driver
xa_datasource_class: org.mariadb.jdbc.MySQLDataSource
driver_module_name: "org.mariadb"
driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/mariadb/main"
driver_version: 2.7.4
driver_jar_filename: "mariadb-java-client-2.7.4.jar"
driver_jar_url: "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/2.7.4/mariadb-java-client-2.7.4.jar"
connection_url: "{{ mariadb_jdbc_url | default('jdbc:mariadb://localhost:3306/keycloak') }}"
db_user: "{{ mariadb_db_user | default('keycloak-user') }}"
db_password: "{{ mariadb_db_pass | default('keycloak-pass') }}"

48
roles/keycloak/vars/main.yml
View File

@ -1,3 +1,51 @@
--- ---
# vars file for keycloak # vars file for keycloak
# administrator console password, this is a required variable
keycloak_admin_password: keycloak_admin_password:
# locations
keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
# database
keycloak_jdbc:
postgres:
enabled: "{{ keycloak_ha_enabled and keycloak_jdbc_engine == 'postgres' }}"
driver_class: org.postgresql.Driver
xa_datasource_class: org.postgresql.xa.PGXADataSource
driver_module_name: "org.postgresql"
driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/postgresql/main"
driver_version: 9.4.1212
driver_jar_filename: "postgresql-9.4.1212.jar"
driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/9.4.1212/postgresql-9.4.1212.jar"
connection_url: "{{ postgres_jdbc_url }}"
db_user: "{{ postgres_db_user }}"
db_password: "{{ postgres_db_pass }}"
mariadb:
enabled: "{{ keycloak_ha_enabled and keycloak_jdbc_engine == 'mariadb' }}"
driver_class: org.mariadb.jdbc.Driver
xa_datasource_class: org.mariadb.jdbc.MySQLDataSource
driver_module_name: "org.mariadb"
driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/mariadb/main"
driver_version: 2.7.4
driver_jar_filename: "mariadb-java-client-2.7.4.jar"
driver_jar_url: "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/2.7.4/mariadb-java-client-2.7.4.jar"
connection_url: "{{ mariadb_jdbc_url }}"
db_user: "{{ mariadb_db_user }}"
db_password: "{{ mariadb_db_pass }}"
# reverse proxy mod_cluster
keycloak_modcluster:
enabled: "{{ keycloak_ha_enabled }}"
reverse_proxy_url: "{{ keycloak_modcluster_url }}"
# infinispan
keycloak_remotecache:
enabled: "{{ keycloak_ha_enabled }}"
username: "{{ infinispan_user }}"
password: "{{ infinispan_pass }}"
realm: default
server_name: "{{ infinispan_url }}"
trust_store_path: /path/to/jks/keystore
trust_store_password: changeme