diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md index 71787b1..1693a66 100644 --- a/roles/keycloak/README.md +++ b/roles/keycloak/README.md @@ -126,13 +126,13 @@ The following variables are _required_ only when `keycloak_ha_enabled` is True: |:---------|:------------|:---------| |`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` | |`keycloak_jdbc_engine` | backend database engine when db is enabled: [ postgres, mariadb ] | `postgres` | -|`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` | -|`infinispan_user` | username for connecting to infinispan | `supervisor` | -|`infinispan_pass` | password for connecting to infinispan | `supervisor` | -|`infinispan_sasl_mechanism`| Authentication type | `SCRAM-SHA-512` | -|`infinispan_use_ssl`| Enable hotrod TLS communication | `False` | -|`infinispan_trust_store_path`| Path to truststore with infinispan server certificate | `/etc/pki/java/cacerts` | -|`infinispan_trust_store_password`| Password for opening truststore | `changeit` | +|`keycloak_infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` | +|`keycloak_infinispan_user` | username for connecting to infinispan | `supervisor` | +|`keycloak_infinispan_pass` | password for connecting to infinispan | `supervisor` | +|`keycloak_infinispan_sasl_mechanism`| Authentication type | `SCRAM-SHA-512` | +|`keycloak_infinispan_use_ssl`| Enable hotrod TLS communication | `False` | +|`keycloak_infinispan_trust_store_path`| Path to truststore with infinispan server certificate | `/etc/pki/java/cacerts` | +|`keycloak_infinispan_trust_store_password`| Password for opening truststore | `changeit` | The following variables are _required_ only when `keycloak_db_enabled` is True: diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index 7ef632a..ba3413c 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -6,20 +6,6 @@ keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{ keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}" keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" -### Configuration specific to Red Hat Single Sign-On -keycloak_rhsso_version: 7.5.0 -rhsso_rhn_id: "{{ rhsso_rhn_ids[keycloak_rhsso_version].id }}" -keycloak_rhsso_archive: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip" -keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}" -keycloak_rhn_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=' -keycloak_rhsso_download_url: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}" -keycloak_rhsso_apply_patches: False - -### keycloak/rhsso choice: by default install rhsso if rhn credentials are defined -keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}" -# whether to install from local archive; filename must be keycloak_archive or keycloak_rhsso_archive depending on keycloak_rhsso_enable -keycloak_offline_install: False - ### Install location and service settings keycloak_jvm_package: java-1.8.0-openjdk-headless keycloak_java_home: @@ -68,14 +54,14 @@ keycloak_modcluster_url: localhost keycloak_frontend_url: http://localhost:8080/auth ### infinispan remote caches access (hotrod) -infinispan_user: supervisor -infinispan_pass: supervisor -infinispan_url: localhost -infinispan_sasl_mechanism: SCRAM-SHA-512 -infinispan_use_ssl: False +keycloak_infinispan_user: supervisor +keycloak_infinispan_pass: supervisor +keycloak_infinispan_url: localhost +keycloak_infinispan_sasl_mechanism: SCRAM-SHA-512 +keycloak_infinispan_use_ssl: False # if ssl is enabled, import ispn server certificate here -infinispan_trust_store_path: /etc/pki/java/cacerts -infinispan_trust_store_password: changeit +keycloak_infinispan_trust_store_path: /etc/pki/java/cacerts +keycloak_infinispan_trust_store_password: changeit ### database backend engine: values [ 'postgres', 'mariadb' ] keycloak_jdbc_engine: postgres diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml index 983d59d..39c047a 100644 --- a/roles/keycloak/meta/argument_specs.yml +++ b/roles/keycloak/meta/argument_specs.yml @@ -31,46 +31,6 @@ argument_specs: default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" description: "Installation path" type: "str" - keycloak_rhsso_version: - # line 10 of keycloak/defaults/main.yml - default: "7.5.0" - description: "Red Hat Single Sign-On version" - type: "str" - rhsso_rhn_id: - # line 11 of keycloak/defaults/main.yml - default: "{{ rhsso_rhn_ids[keycloak_rhsso_version].id }}" - description: "Customer Portal product ID for Red Hat SSO" - type: "str" - keycloak_rhsso_archive: - # line 12 of keycloak/defaults/main.yml - default: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip" - description: "ed Hat SSO install archive filename" - type: "str" - keycloak_rhsso_apply_patches: - # line 16 of keycloak/defaults/main.yml - default: false - description: "Install RHSSO more recent cumulative patch" - type: "bool" - keycloak_rhsso_installdir: - # line 13 of keycloak/defaults/main.yml - default: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}" - description: "Installation path for Red Hat SSO" - type: "str" - keycloak_rhn_url: - # line 14 of keycloak/defaults/main.yml - default: "https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=" - description: "Base download URI for customer portal" - type: "str" - keycloak_rhsso_download_url: - # line 15 of keycloak/defaults/main.yml - default: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}" - description: "Full download URI for Red Hat SSO" - type: "str" - keycloak_rhsso_enable: - # line 18 of keycloak/defaults/main.yml - default: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}" - description: "Enable Red Hat Single Sign-on installation" - type: "str" keycloak_offline_install: # line 20 of keycloak/defaults/main.yml default: false @@ -219,37 +179,37 @@ argument_specs: default: "http://localhost" description: "Frontend URL for keycloak endpoints when a reverse proxy is used" type: "str" - infinispan_user: + keycloak_infinispan_user: # line 62 of keycloak/defaults/main.yml default: "supervisor" description: "Username for connecting to infinispan" type: "str" - infinispan_pass: + keycloak_infinispan_pass: # line 63 of keycloak/defaults/main.yml default: "supervisor" description: "Password for connecting to infinispan" type: "str" - infinispan_url: + keycloak_infinispan_url: # line 64 of keycloak/defaults/main.yml default: "localhost" description: "URL for the infinispan remote-cache server" type: "str" - infinispan_sasl_mechanism: + keycloak_infinispan_sasl_mechanism: # line 65 of keycloak/defaults/main.yml default: "SCRAM-SHA-512" description: "Authentication type to infinispan server" type: "str" - infinispan_use_ssl: + keycloak_infinispan_use_ssl: # line 66 of keycloak/defaults/main.yml default: false description: "Enable hotrod client TLS communication" type: "bool" - infinispan_trust_store_path: + keycloak_infinispan_trust_store_path: # line 68 of keycloak/defaults/main.yml default: "/etc/pki/java/cacerts" description: "TODO document argument" type: "str" - infinispan_trust_store_password: + keycloak_infinispan_trust_store_password: # line 69 of keycloak/defaults/main.yml default: "changeit" description: "Path to truststore containing infinispan server certificate" @@ -294,3 +254,45 @@ argument_specs: default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}" description: "URL for management console rest calls" type: "str" + downstream: + options: + sso_version: + default: "7.5.0" + description: "Red Hat Single Sign-On version" + type: "str" + sso_rhn_id: + default: "{{ sso_rhn_ids[keycloak_version].id }}" + description: "Customer Portal product ID for Red Hat SSO" + type: "str" + sso_archive: + default: "rh-sso-{{ keycloak_version }}-server-dist.zip" + description: "Red Hat SSO install archive filename" + type: "str" + sso_dest: + default: "/opt/sso" + description: "Root installation directory" + type: "str" + sso_installdir: + default: "{{ keycloak_dest }}/rh-sso-{{ keycloak_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}" + description: "Installation path for Red Hat SSO" + type: "str" + sso_rhn_url: + default: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=' + description: "Base download URI for customer portal" + type: "str" + sso_download_url: + default: "{{ sso_rhn_url }}{{ sso_rhn_id }}" + description: "Full download URI for Red Hat SSO" + type: "str" + sso_apply_patches: + default: False + description: "Install Red Hat SSO most recent cumulative patch" + type: "bool" + sso_enable: + default: True + description: "Enable Red Hat Single Sign-on installation" + type: "str" + sso_offline_install: + default: True + description: "Perform an offline install" + type: "bool" diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml index 5a6b059..76d2b58 100644 --- a/roles/keycloak/vars/main.yml +++ b/roles/keycloak/vars/main.yml @@ -1,6 +1,6 @@ --- # internal variables below -rhsso_rhn_ids: +sso_rhn_ids: '7.5.0': # noqa vars_in_vars_files_have_valid_names id: '101971' latest_cp: @@ -15,8 +15,8 @@ keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http keycloak: home: "{{ keycloak_jboss_home }}" config_dir: "{{ keycloak_config_dir }}" - bundle: "{{ keycloak_rhsso_archive if keycloak_rhsso_enable else keycloak_archive }}" - patch_bundle: "rh-sso-{{ rhsso_rhn_ids[keycloak_rhsso_version].latest_cp.v }}-patch.zip" + bundle: "{{ keycloak_archive }}" + patch_bundle: "rh-sso-{{ sso_rhn_ids[keycloak_version].latest_cp.v }}-patch.zip" service_name: "{{ 'rhsso' if keycloak_rhsso_enable else 'keycloak' }}" health_url: "{{ keycloak_management_url }}/health" cli_path: "{{ keycloak_jboss_home }}/bin/jboss-cli.sh" @@ -73,11 +73,11 @@ keycloak_modcluster: # infinispan keycloak_remotecache: enabled: "{{ keycloak_ha_enabled }}" - username: "{{ infinispan_user }}" - password: "{{ infinispan_pass }}" + username: "{{ keycloak_infinispan_user }}" + password: "{{ keycloak_infinispan_pass }}" realm: default - sasl_mechanism: "{{ infinispan_sasl_mechanism }}" - server_name: "{{ infinispan_url }}" - use_ssl: "{{ infinispan_use_ssl }}" - trust_store_path: "{{ infinispan_trust_store_path }}" - trust_store_password: "{{ infinispan_trust_store_password }}" \ No newline at end of file + sasl_mechanism: "{{ keycloak_infinispan_sasl_mechanism }}" + server_name: "{{ keycloak_infinispan_url }}" + use_ssl: "{{ keycloak_infinispan_use_ssl }}" + trust_store_path: "{{ keycloak_infinispan_trust_store_path }}" + trust_store_password: "{{ keycloak_infinispan_trust_store_password }}" \ No newline at end of file