diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 27f622a..9034acc 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -38,7 +38,7 @@ jobs:
         working-directory: ./ansible_collections/middleware_automation/keycloak
 
       - name: Run molecule test
-        run: molecule test --all -- -vvvvv
+        run: molecule test --all
         working-directory: ./ansible_collections/middleware_automation/keycloak
         env:
           PY_COLORS: '1'
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 1b3efda..fdafef5 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -13,8 +13,6 @@ platforms:
       - "8080/tcp"
       - "8443/tcp"
       - "8009/tcp"      
-    published_ports:
-      - 0.0.0.0:8443:8443/TCP
 provisioner:
   name: ansible
   config_options:
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index af9ccdc..b0d574d 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -20,7 +20,7 @@ keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined el
 keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
 keycloak_service_user: keycloak
 keycloak_service_group: keycloak
-keycloak_service_pidfile: "{{ keycloak_dest }}/keycloak.pid"
+keycloak_service_pidfile: "/run/keycloak.pid"
 keycloak_service_logfile: "{{ keycloak_dest }}/keycloak.log"
 
 ### Keycloak configuration settings
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index ce8b8b5..c6bf0b9 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -8,6 +8,7 @@
 
 - include_tasks: tasks/install.yml
 
+## FIXME not idempotent (keyclock removes the file when it restarts)
 - name: create Keycloak admin user
   command:
   args:
diff --git a/roles/keycloak/templates/keycloak-service.sh.j2 b/roles/keycloak/templates/keycloak-service.sh.j2
index 6e9a4e2..60adab2 100755
--- a/roles/keycloak/templates/keycloak-service.sh.j2
+++ b/roles/keycloak/templates/keycloak-service.sh.j2
@@ -75,14 +75,16 @@ startKeycloak() {
   if [ "$(isKeyCloakRunning)" -eq 1 ]; then
     statusKeycloak
   else
-    ${KEYCLOAK_HOME}/bin/standalone.sh \
-	-Djboss.bind.address=${KEYCLOAK_BIND_ADDRESS} \
-	-Djboss.http.port=${KEYCLOAK_HTTP_PORT} \
-	-Djboss.https.port=${KEYCLOAK_HTTPS_PORT} \
-	-Djboss.management.http.port=${KEYCLOAK_MANAGEMENT_HTTP_PORT} \
-	-Djboss.management.https.port=${KEYCLOAK_MANAGEMENT_HTTPS_PORT} \
-	-Djboss.node.name={{ inventory_hostname }} 2>&1 >> "${KEYCLOAK_LOGFILE}" &
-    echo "${!}" > "${KEYCLOAK_PIDFILE}"
+    LAUNCH_JBOSS_IN_BACKGROUND=1 JBOSS_PIDFILE=${KEYCLOAK_PIDFILE} ${KEYCLOAK_HOME}/bin/standalone.sh \
+        -Djboss.bind.address=${KEYCLOAK_BIND_ADDRESS} \
+        -Djboss.http.port=${KEYCLOAK_HTTP_PORT} \
+        -Djboss.https.port=${KEYCLOAK_HTTPS_PORT} \
+        -Djboss.management.http.port=${KEYCLOAK_MANAGEMENT_HTTP_PORT} \
+        -Djboss.management.https.port=${KEYCLOAK_MANAGEMENT_HTTPS_PORT} \
+        -Djboss.node.name={{ inventory_hostname }} \
+      {% if ansible_facts.virtualization_type in ['docker','oci','containerd'] %}-Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true {% endif %}\
+      2>&1 >> "${KEYCLOAK_LOGFILE}" &
+    while [ ! -f ${KEYCLOAK_PIDFILE} ]; do sleep 1; done
   fi
 }
 
diff --git a/roles/keycloak/templates/keycloak-sysconfig.j2 b/roles/keycloak/templates/keycloak-sysconfig.j2
index d0682ac..f2eda03 100644
--- a/roles/keycloak/templates/keycloak-sysconfig.j2
+++ b/roles/keycloak/templates/keycloak-sysconfig.j2
@@ -5,3 +5,5 @@ KEYCLOAK_HTTP_PORT={{ keycloak_http_port }}
 KEYCLOAK_HTTPS_PORT={{ keycloak_https_port }}
 KEYCLOAK_MANAGEMENT_HTTP_PORT={{ keycloak_management_http_port }}
 KEYCLOAK_MANAGEMENT_HTTPS_PORT={{ keycloak_management_https_port }}
+JBOSS_PIDFILE='{{ keycloak_service_pidfile }}'
+LAUNCH_JBOSS_IN_BACKGROUND=1
\ No newline at end of file
diff --git a/roles/keycloak/templates/keycloak.service.j2 b/roles/keycloak/templates/keycloak.service.j2
index 2824a25..5816af0 100644
--- a/roles/keycloak/templates/keycloak.service.j2
+++ b/roles/keycloak/templates/keycloak.service.j2
@@ -5,14 +5,11 @@ After=network.target
 [Service]
 Type=forking
 EnvironmentFile=-/etc/sysconfig/keycloak
-
-User={{ keycloak_service_user }}
-Group={{ keycloak_service_group }}
 PIDFile={{ keycloak_service_pidfile }}
 ExecStart={{ keycloak_dest }}/keycloak-service.sh start
 ExecStop={{ keycloak_dest }}/keycloak-service.sh stop
-TimeoutStartSec=90
-TimeoutStopSec=60
+TimeoutStartSec=30
+TimeoutStopSec=30
 LimitNOFILE=102642
 
 [Install]