update config options: keycloak and quarkus
parent
2cc835219c
commit
31420fc24c
|
@ -26,12 +26,18 @@ keycloak_quarkus_master_realm: master
|
||||||
### Configuration settings
|
### Configuration settings
|
||||||
keycloak_quarkus_bind_address: 0.0.0.0
|
keycloak_quarkus_bind_address: 0.0.0.0
|
||||||
keycloak_quarkus_host: localhost
|
keycloak_quarkus_host: localhost
|
||||||
|
keycloak_quarkus_http_enabled: True
|
||||||
keycloak_quarkus_http_port: 8080
|
keycloak_quarkus_http_port: 8080
|
||||||
keycloak_quarkus_https_port: 8443
|
keycloak_quarkus_https_port: 8443
|
||||||
keycloak_quarkus_ajp_port: 8009
|
keycloak_quarkus_ajp_port: 8009
|
||||||
keycloak_quarkus_jgroups_port: 7600
|
keycloak_quarkus_jgroups_port: 7600
|
||||||
keycloak_quarkus_java_opts: "-Xms1024m -Xmx2048m"
|
keycloak_quarkus_java_opts: "-Xms1024m -Xmx2048m"
|
||||||
|
|
||||||
|
### TLS/HTTPS configuration
|
||||||
|
keycloak_quarkus_https_enabled: False
|
||||||
|
keycloak_quarkus_key_file: conf/server.key.pem
|
||||||
|
keycloak_quarkus_cert_file: conf/server.crt.pem
|
||||||
|
|
||||||
### Enable configuration for database backend, clustering and remote caches on infinispan
|
### Enable configuration for database backend, clustering and remote caches on infinispan
|
||||||
keycloak_quarkus_ha_enabled: False
|
keycloak_quarkus_ha_enabled: False
|
||||||
### Enable database configuration, must be enabled when HA is configured
|
### Enable database configuration, must be enabled when HA is configured
|
||||||
|
@ -42,6 +48,7 @@ keycloak_quarkus_http_relative_path: auth
|
||||||
keycloak_quarkus_frontend_url: http://localhost:8080/auth
|
keycloak_quarkus_frontend_url: http://localhost:8080/auth
|
||||||
|
|
||||||
keycloak_quarkus_metrics_enabled: False
|
keycloak_quarkus_metrics_enabled: False
|
||||||
|
keycloak_quarkus_health_enabled: True
|
||||||
|
|
||||||
### infinispan remote caches access (hotrod)
|
### infinispan remote caches access (hotrod)
|
||||||
keycloak_quarkus_ispn_user: supervisor
|
keycloak_quarkus_ispn_user: supervisor
|
||||||
|
@ -68,3 +75,9 @@ keycloak_quarkus_default_jdbc:
|
||||||
mariadb:
|
mariadb:
|
||||||
url: 'jdbc:mariadb://localhost:3306/keycloak'
|
url: 'jdbc:mariadb://localhost:3306/keycloak'
|
||||||
version: 2.7.4
|
version: 2.7.4
|
||||||
|
|
||||||
|
### logging configuration
|
||||||
|
keycloak_quarkus_log: file
|
||||||
|
keycloak_quarkus_log_level: info
|
||||||
|
keycloak_quarkus_log_file: data/log/keycloak.log
|
||||||
|
keycloak_quarkus_log_format: '%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
|
||||||
|
|
|
@ -91,11 +91,27 @@ argument_specs:
|
||||||
default: "localhost"
|
default: "localhost"
|
||||||
description: "hostname"
|
description: "hostname"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
keycloak_quarkus_http_enabled:
|
||||||
|
default: true
|
||||||
|
description: "Enable listener on HTTP port"
|
||||||
|
type: "bool"
|
||||||
keycloak_quarkus_http_port:
|
keycloak_quarkus_http_port:
|
||||||
# line 29 of defaults/main.yml
|
# line 29 of defaults/main.yml
|
||||||
default: 8080
|
default: 8080
|
||||||
description: "HTTP port"
|
description: "HTTP port"
|
||||||
type: "int"
|
type: "int"
|
||||||
|
keycloak_quarkus_https_enabled:
|
||||||
|
default: false
|
||||||
|
description: "Enable listener on HTTPS port"
|
||||||
|
type: "bool"
|
||||||
|
keycloak_quarkus_key_file:
|
||||||
|
default: "conf/server.key.pem"
|
||||||
|
description: "The file path to a private key in PEM format"
|
||||||
|
type: "str"
|
||||||
|
keycloak_quarkus_cert_file:
|
||||||
|
default: "conf/server.crt.pem"
|
||||||
|
description: "The file path to a server certificate or certificate chain in PEM format"
|
||||||
|
type: "str"
|
||||||
keycloak_quarkus_https_port:
|
keycloak_quarkus_https_port:
|
||||||
# line 30 of defaults/main.yml
|
# line 30 of defaults/main.yml
|
||||||
default: 8443
|
default: 8443
|
||||||
|
@ -141,6 +157,10 @@ argument_specs:
|
||||||
default: false
|
default: false
|
||||||
description: "Whether to enable metrics"
|
description: "Whether to enable metrics"
|
||||||
type: "bool"
|
type: "bool"
|
||||||
|
keycloak_quarkus_health_enabled:
|
||||||
|
default: true
|
||||||
|
description: "If the server should expose health check endpoints"
|
||||||
|
type: "bool"
|
||||||
keycloak_quarkus_ispn_user:
|
keycloak_quarkus_ispn_user:
|
||||||
# line 46 of defaults/main.yml
|
# line 46 of defaults/main.yml
|
||||||
default: "supervisor"
|
default: "supervisor"
|
||||||
|
@ -201,3 +221,19 @@ argument_specs:
|
||||||
default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].version }}"
|
default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].version }}"
|
||||||
description: "Version for JDBC driver"
|
description: "Version for JDBC driver"
|
||||||
type: "str"
|
type: "str"
|
||||||
|
keycloak_quarkus_log:
|
||||||
|
default: "file"
|
||||||
|
type: "str"
|
||||||
|
description: "Enable one or more log handlers in a comma-separated list"
|
||||||
|
keycloak_quarkus_log_level:
|
||||||
|
default: "info"
|
||||||
|
type: "str"
|
||||||
|
description: "The log level of the root category or a comma-separated list of individual categories and their levels"
|
||||||
|
keycloak_quarkus_log_file:
|
||||||
|
default: "data/log/keycloak.log"
|
||||||
|
type: "str"
|
||||||
|
description: "Set the log file path and filename relative to keycloak home"
|
||||||
|
keycloak_quarkus_log_format:
|
||||||
|
default: '%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
|
||||||
|
type: "str"
|
||||||
|
description: "Set a format specific to file log entries"
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | flatten }}"
|
packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | flatten }}"
|
||||||
when: rpm_info.failed
|
when: rpm_info.failed
|
||||||
|
|
||||||
- name: "Install packages: {{ packages_to_install }}"
|
- name: "Install packages: {{ packages_to_install | join(',') }}"
|
||||||
become: yes
|
become: yes
|
||||||
ansible.builtin.yum:
|
ansible.builtin.yum:
|
||||||
name: "{{ packages_to_install }}"
|
name: "{{ packages_to_install }}"
|
||||||
|
|
|
@ -32,6 +32,16 @@
|
||||||
notify:
|
notify:
|
||||||
- restart keycloak
|
- restart keycloak
|
||||||
|
|
||||||
|
- name: "Configure quarkus config for keycloak service"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: quarkus.properties.j2
|
||||||
|
dest: "{{ keycloak.home }}/conf/quarkus.properties"
|
||||||
|
owner: "{{ keycloak.service_user }}"
|
||||||
|
group: "{{ keycloak.service_group }}"
|
||||||
|
mode: 0644
|
||||||
|
notify:
|
||||||
|
- restart keycloak
|
||||||
|
|
||||||
- name: "Start and wait for keycloak service"
|
- name: "Start and wait for keycloak service"
|
||||||
ansible.builtin.include_tasks: start.yml
|
ansible.builtin.include_tasks: start.yml
|
||||||
|
|
||||||
|
@ -39,3 +49,9 @@
|
||||||
ansible.builtin.command: "systemctl status keycloak"
|
ansible.builtin.command: "systemctl status keycloak"
|
||||||
register: keycloak_service_status
|
register: keycloak_service_status
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
|
||||||
|
- name: Link default logs directory
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: link
|
||||||
|
src: "{{ keycloak.home }}/{{ keycloak.log_file }}"
|
||||||
|
dest: /var/log/keycloak
|
||||||
|
|
|
@ -1,29 +1,27 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% if keycloak_quarkus_db_enabled %}
|
||||||
# Database
|
# Database
|
||||||
# Database vendor [dev-file, dev-mem, mariadb, mssql, mysql, oracle, postgres]
|
db={{ keycloak_quarkus_jdbc_engine }}
|
||||||
#db=postgres
|
db-url={{ keycloak_quarkus_jdbc_url }}
|
||||||
# The username of the database user.
|
db-username={{ keycloak_quarkus_db_user }}
|
||||||
#db-username=keycloak
|
db-password={{ keycloak_quarkus_db_pass }}
|
||||||
# The password of the database user.
|
{% endif %}
|
||||||
#db-password=password
|
|
||||||
# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
|
|
||||||
#db-url=jdbc:postgresql://localhost/keycloak
|
|
||||||
|
|
||||||
# Observability
|
# Observability
|
||||||
# If the server should expose metrics and healthcheck endpoints.
|
metrics-enabled={{ keycloak_quarkus_metrics_enabled }}
|
||||||
#metrics-enabled=true
|
health-enabled={{ keycloak_quarkus_health_enabled }}
|
||||||
|
|
||||||
# HTTP
|
# HTTP
|
||||||
http-enabled=true
|
http-enabled={{ keycloak_quarkus_http_enabled }}
|
||||||
http-port=8080
|
http-port={{ keycloak_quarkus_http_port }}
|
||||||
https-port=8443
|
|
||||||
# The file path to a server certificate or certificate chain in PEM format.
|
# HTTPS
|
||||||
#https-certificate-file=${kc.home.dir}conf/server.crt.pem
|
https-port={{ keycloak_quarkus_https_port }}
|
||||||
# The file path to a private key in PEM format.
|
{% if keycloak_quarkus_https_enabled %}
|
||||||
#https-certificate-key-file=${kc.home.dir}conf/server.key.pem
|
https-certificate-file={{ keycloak.home }}/{{ keycloak_quarkus_cert_file}}
|
||||||
# The proxy address forwarding mode if the server is behind a reverse proxy.
|
https-certificate-key-file={{ keycloak.home }}/{{ keycloak_quarkus_key_file }}
|
||||||
#proxy=reencrypt
|
{% endif %}
|
||||||
# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
|
# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
|
||||||
#spi-sticky-session-encoder-infinispan-should-attach-route=false
|
#spi-sticky-session-encoder-infinispan-should-attach-route=false
|
||||||
|
|
||||||
|
@ -32,12 +30,11 @@ hostname={{ keycloak_quarkus_host }}
|
||||||
hostname-path={{ keycloak_quarkus_http_relative_path }}
|
hostname-path={{ keycloak_quarkus_http_relative_path }}
|
||||||
|
|
||||||
# Cluster
|
# Cluster
|
||||||
#cache=ispn
|
{% if keycloak_quarkus_ha_enabled %}
|
||||||
#Defines the cache mechanism for high-availability. [local, ispn]
|
cache=ispn
|
||||||
#cache-config-file=conf/cache-ispn.xml
|
cache-config-file=conf/cache-ispn.xml
|
||||||
#Defines the file from which cache configuration should be loaded from.
|
cache-stack=tcp
|
||||||
#cache-stack=tcp
|
{% endif %}
|
||||||
#Define the default stack to use for cluster communication and node discovery. [tcp, udp, kubernetes, ec2, azure, google]
|
|
||||||
|
|
||||||
# Proxy
|
# Proxy
|
||||||
# The proxy address forwarding mode if the server is behind a reverse proxy. [edge, reencrypt, passthrough]
|
# The proxy address forwarding mode if the server is behind a reverse proxy. [edge, reencrypt, passthrough]
|
||||||
|
@ -46,6 +43,7 @@ hostname-path={{ keycloak_quarkus_http_relative_path }}
|
||||||
# Logging
|
# Logging
|
||||||
# The format of log entries.
|
# The format of log entries.
|
||||||
#log-format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
|
#log-format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
|
||||||
# The log level of the root category or a comma-separated list of individual categories and their levels.
|
log=file
|
||||||
#log-level=info
|
log-level={{ keycloak.log.level }}
|
||||||
|
log-file={{ keycloak.log.file }}
|
||||||
|
log-file-format={{ keycloak.log.format }}
|
||||||
|
|
|
@ -7,7 +7,7 @@ After=network.target
|
||||||
Type=simple
|
Type=simple
|
||||||
EnvironmentFile=-/etc/sysconfig/keycloak
|
EnvironmentFile=-/etc/sysconfig/keycloak
|
||||||
PIDFile={{ keycloak_quarkus_service_pidfile }}
|
PIDFile={{ keycloak_quarkus_service_pidfile }}
|
||||||
ExecStart={{ keycloak.home }}/bin/kc.sh start
|
ExecStart={{ keycloak.home }}/bin/kc.sh --auto-build start
|
||||||
#--http-relative-path={{ keycloak_quarkus_http_relative_path }}
|
#--http-relative-path={{ keycloak_quarkus_http_relative_path }}
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
{% if keycloak_quarkus_ha_enabled %}
|
||||||
|
quarkus.infinispan-client.server-list={{ keycloak_quarkus_ispn_url }}
|
||||||
|
quarkus.infinispan-client.client-intelligence=HASH_DISTRIBUTION_AWARE
|
||||||
|
quarkus.infinispan-client.use-auth=true
|
||||||
|
quarkus.infinispan-client.auth-username={{ keycloak_quarkus_ispn_user }}
|
||||||
|
quarkus.infinispan-client.auth-password={{ keycloak_quarkus_ispn_pass }}
|
||||||
|
quarkus.infinispan-client.auth-realm=default
|
||||||
|
quarkus.infinispan-client.auth-server-name=infinispan
|
||||||
|
quarkus.infinispan-client.sasl-mechanism={{ keycloak_quarkus_ispn_sasl_mechanism }}
|
||||||
|
{% if keycloak_quarkus_ispn_use_ssl %}
|
||||||
|
quarkus.infinispan-client.trust-store={{ keycloak_quarkus_ispn_trust_store_path }}
|
||||||
|
quarkus.infinispan-client.trust-store-password={{ keycloak_quarkus_ispn_trust_store_password }}
|
||||||
|
quarkus.infinispan-client.trust-store-type=jks
|
||||||
|
{% endif %}
|
||||||
|
#quarkus.infinispan-client.use-schema-registration=true
|
||||||
|
#quarkus.infinispan-client.auth-client-subject
|
||||||
|
#quarkus.infinispan-client.auth-callback-handler
|
||||||
|
{% endif %}
|
|
@ -9,3 +9,7 @@ keycloak:
|
||||||
service_user: "{{ keycloak_quarkus_service_user }}"
|
service_user: "{{ keycloak_quarkus_service_user }}"
|
||||||
service_group: "{{ keycloak_quarkus_service_group }}"
|
service_group: "{{ keycloak_quarkus_service_group }}"
|
||||||
offline_install: "{{ keycloak_quarkus_offline_install }}"
|
offline_install: "{{ keycloak_quarkus_offline_install }}"
|
||||||
|
log:
|
||||||
|
file: "{{ keycloak_quarkus_log_file }}"
|
||||||
|
level: "{{ keycloak_quarkus_log_level }}"
|
||||||
|
format: "{{ keycloak_quarkus_log_format }}"
|
Loading…
Reference in New Issue