guillaume/ansible-keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename infinispan_ vars to keycloak_infinispan_, prepare downstrea

Browse Source
This commit is contained in:
Guido Grazioli 2022-09-19 15:42:01 +02:00
parent 9b2ea35184
commit 38b5a02e95
No known key found for this signature in database
GPG Key ID: 22C8C31EF2BC093B
4 changed files with 73 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
roles/keycloak/README.md
View File

@ -126,13 +126,13 @@ The following variables are _required_ only when `keycloak_ha_enabled` is True:
|:---------|:------------|:---------| |:---------|:------------|:---------|
|`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` | |`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` |
|`keycloak_jdbc_engine` | backend database engine when db is enabled: [ postgres, mariadb ] | `postgres` | |`keycloak_jdbc_engine` | backend database engine when db is enabled: [ postgres, mariadb ] | `postgres` |
|`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` | |`keycloak_infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
|`infinispan_user` | username for connecting to infinispan | `supervisor` | |`keycloak_infinispan_user` | username for connecting to infinispan | `supervisor` |
|`infinispan_pass` | password for connecting to infinispan | `supervisor` | |`keycloak_infinispan_pass` | password for connecting to infinispan | `supervisor` |
|`infinispan_sasl_mechanism`| Authentication type | `SCRAM-SHA-512` | |`keycloak_infinispan_sasl_mechanism`| Authentication type | `SCRAM-SHA-512` |
|`infinispan_use_ssl`| Enable hotrod TLS communication | `False` | |`keycloak_infinispan_use_ssl`| Enable hotrod TLS communication | `False` |
|`infinispan_trust_store_path`| Path to truststore with infinispan server certificate | `/etc/pki/java/cacerts` | |`keycloak_infinispan_trust_store_path`| Path to truststore with infinispan server certificate | `/etc/pki/java/cacerts` |
|`infinispan_trust_store_password`| Password for opening truststore | `changeit` | |`keycloak_infinispan_trust_store_password`| Password for opening truststore | `changeit` |
The following variables are _required_ only when `keycloak_db_enabled` is True: The following variables are _required_ only when `keycloak_db_enabled` is True:

28
roles/keycloak/defaults/main.yml
View File

@ -6,20 +6,6 @@ keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{
keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}" keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
### Configuration specific to Red Hat Single Sign-On
keycloak_rhsso_version: 7.5.0
rhsso_rhn_id: "{{ rhsso_rhn_ids[keycloak_rhsso_version].id }}"
keycloak_rhsso_archive: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip"
keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}"
keycloak_rhn_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId='
keycloak_rhsso_download_url: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}"
keycloak_rhsso_apply_patches: False
### keycloak/rhsso choice: by default install rhsso if rhn credentials are defined
keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}"
# whether to install from local archive; filename must be keycloak_archive or keycloak_rhsso_archive depending on keycloak_rhsso_enable
keycloak_offline_install: False
### Install location and service settings ### Install location and service settings
keycloak_jvm_package: java-1.8.0-openjdk-headless keycloak_jvm_package: java-1.8.0-openjdk-headless
keycloak_java_home: keycloak_java_home:
@ -68,14 +54,14 @@ keycloak_modcluster_url: localhost
keycloak_frontend_url: http://localhost:8080/auth keycloak_frontend_url: http://localhost:8080/auth
### infinispan remote caches access (hotrod) ### infinispan remote caches access (hotrod)
infinispan_user: supervisor keycloak_infinispan_user: supervisor
infinispan_pass: supervisor keycloak_infinispan_pass: supervisor
infinispan_url: localhost keycloak_infinispan_url: localhost
infinispan_sasl_mechanism: SCRAM-SHA-512 keycloak_infinispan_sasl_mechanism: SCRAM-SHA-512
infinispan_use_ssl: False keycloak_infinispan_use_ssl: False
# if ssl is enabled, import ispn server certificate here # if ssl is enabled, import ispn server certificate here
infinispan_trust_store_path: /etc/pki/java/cacerts keycloak_infinispan_trust_store_path: /etc/pki/java/cacerts
infinispan_trust_store_password: changeit keycloak_infinispan_trust_store_password: changeit
### database backend engine: values [ 'postgres', 'mariadb' ] ### database backend engine: values [ 'postgres', 'mariadb' ]
keycloak_jdbc_engine: postgres keycloak_jdbc_engine: postgres

96
roles/keycloak/meta/argument_specs.yml
View File

@ -31,46 +31,6 @@ argument_specs:
default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
description: "Installation path" description: "Installation path"
type: "str" type: "str"
keycloak_rhsso_version:
# line 10 of keycloak/defaults/main.yml
default: "7.5.0"
description: "Red Hat Single Sign-On version"
type: "str"
rhsso_rhn_id:
# line 11 of keycloak/defaults/main.yml
default: "{{ rhsso_rhn_ids[keycloak_rhsso_version].id }}"
description: "Customer Portal product ID for Red Hat SSO"
type: "str"
keycloak_rhsso_archive:
# line 12 of keycloak/defaults/main.yml
default: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip"
description: "ed Hat SSO install archive filename"
type: "str"
keycloak_rhsso_apply_patches:
# line 16 of keycloak/defaults/main.yml
default: false
description: "Install RHSSO more recent cumulative patch"
type: "bool"
keycloak_rhsso_installdir:
# line 13 of keycloak/defaults/main.yml
default: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}"
description: "Installation path for Red Hat SSO"
type: "str"
keycloak_rhn_url:
# line 14 of keycloak/defaults/main.yml
default: "https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId="
description: "Base download URI for customer portal"
type: "str"
keycloak_rhsso_download_url:
# line 15 of keycloak/defaults/main.yml
default: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}"
description: "Full download URI for Red Hat SSO"
type: "str"
keycloak_rhsso_enable:
# line 18 of keycloak/defaults/main.yml
default: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}"
description: "Enable Red Hat Single Sign-on installation"
type: "str"
keycloak_offline_install: keycloak_offline_install:
# line 20 of keycloak/defaults/main.yml # line 20 of keycloak/defaults/main.yml
default: false default: false
@ -219,37 +179,37 @@ argument_specs:
default: "http://localhost" default: "http://localhost"
description: "Frontend URL for keycloak endpoints when a reverse proxy is used" description: "Frontend URL for keycloak endpoints when a reverse proxy is used"
type: "str" type: "str"
infinispan_user: keycloak_infinispan_user:
# line 62 of keycloak/defaults/main.yml # line 62 of keycloak/defaults/main.yml
default: "supervisor" default: "supervisor"
description: "Username for connecting to infinispan" description: "Username for connecting to infinispan"
type: "str" type: "str"
infinispan_pass: keycloak_infinispan_pass:
# line 63 of keycloak/defaults/main.yml # line 63 of keycloak/defaults/main.yml
default: "supervisor" default: "supervisor"
description: "Password for connecting to infinispan" description: "Password for connecting to infinispan"
type: "str" type: "str"
infinispan_url: keycloak_infinispan_url:
# line 64 of keycloak/defaults/main.yml # line 64 of keycloak/defaults/main.yml
default: "localhost" default: "localhost"
description: "URL for the infinispan remote-cache server" description: "URL for the infinispan remote-cache server"
type: "str" type: "str"
infinispan_sasl_mechanism: keycloak_infinispan_sasl_mechanism:
# line 65 of keycloak/defaults/main.yml # line 65 of keycloak/defaults/main.yml
default: "SCRAM-SHA-512" default: "SCRAM-SHA-512"
description: "Authentication type to infinispan server" description: "Authentication type to infinispan server"
type: "str" type: "str"
infinispan_use_ssl: keycloak_infinispan_use_ssl:
# line 66 of keycloak/defaults/main.yml # line 66 of keycloak/defaults/main.yml
default: false default: false
description: "Enable hotrod client TLS communication" description: "Enable hotrod client TLS communication"
type: "bool" type: "bool"
infinispan_trust_store_path: keycloak_infinispan_trust_store_path:
# line 68 of keycloak/defaults/main.yml # line 68 of keycloak/defaults/main.yml
default: "/etc/pki/java/cacerts" default: "/etc/pki/java/cacerts"
description: "TODO document argument" description: "TODO document argument"
type: "str" type: "str"
infinispan_trust_store_password: keycloak_infinispan_trust_store_password:
# line 69 of keycloak/defaults/main.yml # line 69 of keycloak/defaults/main.yml
default: "changeit" default: "changeit"
description: "Path to truststore containing infinispan server certificate" description: "Path to truststore containing infinispan server certificate"
@ -294,3 +254,45 @@ argument_specs:
default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}" default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
description: "URL for management console rest calls" description: "URL for management console rest calls"
type: "str" type: "str"
downstream:
options:
sso_version:
default: "7.5.0"
description: "Red Hat Single Sign-On version"
type: "str"
sso_rhn_id:
default: "{{ sso_rhn_ids[keycloak_version].id }}"
description: "Customer Portal product ID for Red Hat SSO"
type: "str"
sso_archive:
default: "rh-sso-{{ keycloak_version }}-server-dist.zip"
description: "Red Hat SSO install archive filename"
type: "str"
sso_dest:
default: "/opt/sso"
description: "Root installation directory"
type: "str"
sso_installdir:
default: "{{ keycloak_dest }}/rh-sso-{{ keycloak_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}"
description: "Installation path for Red Hat SSO"
type: "str"
sso_rhn_url:
default: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId='
description: "Base download URI for customer portal"
type: "str"
sso_download_url:
default: "{{ sso_rhn_url }}{{ sso_rhn_id }}"
description: "Full download URI for Red Hat SSO"
type: "str"
sso_apply_patches:
default: False
description: "Install Red Hat SSO most recent cumulative patch"
type: "bool"
sso_enable:
default: True
description: "Enable Red Hat Single Sign-on installation"
type: "str"
sso_offline_install:
default: True
description: "Perform an offline install"
type: "bool"

20
roles/keycloak/vars/main.yml
View File

@ -1,6 +1,6 @@
--- ---
# internal variables below # internal variables below
rhsso_rhn_ids: sso_rhn_ids:
'7.5.0': # noqa vars_in_vars_files_have_valid_names '7.5.0': # noqa vars_in_vars_files_have_valid_names
id: '101971' id: '101971'
latest_cp: latest_cp:
@ -15,8 +15,8 @@ keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http
keycloak: keycloak:
home: "{{ keycloak_jboss_home }}" home: "{{ keycloak_jboss_home }}"
config_dir: "{{ keycloak_config_dir }}" config_dir: "{{ keycloak_config_dir }}"
bundle: "{{ keycloak_rhsso_archive if keycloak_rhsso_enable else keycloak_archive }}" bundle: "{{ keycloak_archive }}"
patch_bundle: "rh-sso-{{ rhsso_rhn_ids[keycloak_rhsso_version].latest_cp.v }}-patch.zip" patch_bundle: "rh-sso-{{ sso_rhn_ids[keycloak_version].latest_cp.v }}-patch.zip"
service_name: "{{ 'rhsso' if keycloak_rhsso_enable else 'keycloak' }}" service_name: "{{ 'rhsso' if keycloak_rhsso_enable else 'keycloak' }}"
health_url: "{{ keycloak_management_url }}/health" health_url: "{{ keycloak_management_url }}/health"
cli_path: "{{ keycloak_jboss_home }}/bin/jboss-cli.sh" cli_path: "{{ keycloak_jboss_home }}/bin/jboss-cli.sh"
@ -73,11 +73,11 @@ keycloak_modcluster:
# infinispan # infinispan
keycloak_remotecache: keycloak_remotecache:
enabled: "{{ keycloak_ha_enabled }}" enabled: "{{ keycloak_ha_enabled }}"
username: "{{ infinispan_user }}" username: "{{ keycloak_infinispan_user }}"
password: "{{ infinispan_pass }}" password: "{{ keycloak_infinispan_pass }}"
realm: default realm: default
sasl_mechanism: "{{ infinispan_sasl_mechanism }}" sasl_mechanism: "{{ keycloak_infinispan_sasl_mechanism }}"
server_name: "{{ infinispan_url }}" server_name: "{{ keycloak_infinispan_url }}"
use_ssl: "{{ infinispan_use_ssl }}" use_ssl: "{{ keycloak_infinispan_use_ssl }}"
trust_store_path: "{{ infinispan_trust_store_path }}" trust_store_path: "{{ keycloak_infinispan_trust_store_path }}"
trust_store_password: "{{ infinispan_trust_store_password }}" trust_store_password: "{{ keycloak_infinispan_trust_store_password }}"