diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index 8d43718..4c8e3fb 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -5,4 +5,6 @@
tasks:
- name: Include keycloak role
include_role:
- name: ../../roles/keycloak
\ No newline at end of file
+ name: ../../roles/keycloak
+ vars:
+ keycloak_admin_password: "changeme"
\ No newline at end of file
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index e28ed78..6a7d7f3 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -4,7 +4,7 @@
tasks:
- name: Populate service facts
ansible.builtin.service_facts:
- - name: Check if infinispan service started
+ - name: Check if keycloak service started
assert:
that:
- ansible_facts.services["keycloak.service"]["state"] == "running"
diff --git a/playbooks/keycloak.yml b/playbooks/keycloak.yml
index 4c4ee4b..c40d219 100644
--- a/playbooks/keycloak.yml
+++ b/playbooks/keycloak.yml
@@ -8,4 +8,6 @@
tasks:
- name: Keycloak Role
include_role:
- name: keycloak
\ No newline at end of file
+ name: keycloak
+ vars:
+ keycloak_admin_password: "changeme"
\ No newline at end of file
diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
new file mode 100644
index 0000000..ca28b3c
--- /dev/null
+++ b/roles/keycloak/README.md
@@ -0,0 +1,75 @@
+keycloak
+========
+
+Install [keycloak](https://keycloak.org/) or [Red Hat Single Sing-On](https://access.redhat.com/products/red-hat-single-sign-on) server configurations.
+
+
+Role Defaults
+-------------
+
+| Variable | Description | Default |
+|:---------|:------------|:---------|
+|`keycloak_ha_enabled`| enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
+|`keycloak_admin_user`| Administration console user account | `admin` |
+
+
+Role Variables
+--------------
+
+The following are a set of required variables for the role:
+
+| Variable | Description |
+|:---------|:------------|
+|`keycloak_admin_password`| Password for the administration console user account |
+
+The following variables are required when keycloak_ha_enabled is True:
+
+| Variable | Description | Default |
+|:---------|:------------|:---------|
+|`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` |
+|`postgres_jdbc_url` | URL for the postgres backend database | `jdbc:postgresql://localhost:5432/keycloak` |
+|`postgres_db_user` | username for connecting to postgres | `keycloak-user` |
+|`postgres_db_pass` | password for connecting to postgres | `keycloak-pass` |
+|`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
+|`infinispan_user` | username for connecting to infinispan | `supervisor` |
+|`infinispan_pass` | password for connecting to infinispan | `supervisor` |
+
+
+Dependencies
+------------
+
+The roles depends on:
+
+* the redhat_csp_download role of [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection
+* the jcliff role of [middleware_automation.jcliff](https://github.com/ansible-middleware/ansible_collections_jcliff) collection
+
+
+Example Playbook
+----------------
+
+The following is an example playbook that makes use of the role to install keycloak
+
+```yaml
+---
+- hosts: ...
+ collections:
+ - middleware_automation.keycloak
+ tasks:
+ - name: Include keycloak role
+ include_role:
+ name: keycloak
+ vars:
+ keycloak_admin_password: "changeme"
+```
+
+License
+-------
+
+Apache License 2.0
+
+
+Author Information
+------------------
+
+* [Guido Grazioli](https://github.com/guidograzioli)
+* [Romain Pelisse](https://github.com/rpelisse)
\ No newline at end of file
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index b0d574d..3f7d4b0 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -38,7 +38,6 @@ keycloak_ha_enabled: False
# keycloak administration console user
keycloak_admin_user: admin
-keycloak_admin_password: "password"
keycloak_auth_realm: master
keycloak_auth_client: admin-cli
@@ -47,14 +46,14 @@ keycloak_force_install: False
keycloak_modcluster:
enabled: "{{ keycloak_ha_enabled }}"
- reverse_proxy_url: jbcs-0
+ reverse_proxy_url: "{{ keycloak_modcluster_url | default('localhost') }}"
keycloak_remotecache:
enabled: "{{ keycloak_ha_enabled }}"
- username: supervisor
- password: itsme
+ username: "{{ infinispan_user | default('supervisor') }}"
+ password: "{{ infinispan_pass | default('supervisor') }}"
realm: default
- server_name: jdg-1
+ server_name: "{{ infinispan_url | default('localhost') }}"
trust_store_path: /path/to/jks/keystore
trust_store_password: changeme
@@ -66,6 +65,6 @@ keycloak_jdbc:
driver_version: 9.4.1212
driver_jar_filename: "postgresql-9.4.1212.jar"
driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/9.4.1212/postgresql-9.4.1212.jar"
- connection_url: "jdbc:postgresql://pgsql-0:5432/keycloak"
- db_user: "keycloak-user"
- db_password: "keycloak-pass"
+ connection_url: "{{ postgres_jdbc_url | default('jdbc:postgresql://localhost:5432/keycloak') }}"
+ db_user: "{{ postgres_db_user | default('keycloak-user') }}"
+ db_password: "{{ postgres_db_pass | default('keycloak-pass') }}"
diff --git a/roles/keycloak/tasks/firewalld.yml b/roles/keycloak/tasks/firewalld.yml
index 346d58d..d3a8a0c 100644
--- a/roles/keycloak/tasks/firewalld.yml
+++ b/roles/keycloak/tasks/firewalld.yml
@@ -14,7 +14,7 @@
- name: Configure firewall for jdg ports
become: yes
- ansible.posix.firewalld:
+ firewalld:
port: "{{ item }}"
permanent: true
state: enabled
@@ -22,4 +22,6 @@
loop:
- "{{ keycloak_http_port }}/tcp"
- "{{ keycloak_https_port }}/tcp"
+ - "{{ keycloak_management_http_port }}/tcp"
+ - "{{ keycloak_management_https_port }}/tcp"
- "8009/tcp"
diff --git a/roles/keycloak/templates/standalone-infinispan.xml.j2 b/roles/keycloak/templates/standalone-infinispan.xml.j2
index d63072a..3e07df1 100644
--- a/roles/keycloak/templates/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/standalone-infinispan.xml.j2
@@ -709,11 +709,11 @@
{% if keycloak_modcluster.enabled %}
-
+
{% endif %}
-
+
diff --git a/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2 b/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2
index c308dde..65dd4f7 100644
--- a/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2
+++ b/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2
@@ -709,11 +709,11 @@
{% if keycloak_modcluster.enabled %}
-
+
{% endif %}
-
+
diff --git a/roles/keycloak/templates/standalone-rhsso.xml.j2 b/roles/keycloak/templates/standalone-rhsso.xml.j2
index 777aa85..95eb4e0 100644
--- a/roles/keycloak/templates/standalone-rhsso.xml.j2
+++ b/roles/keycloak/templates/standalone-rhsso.xml.j2
@@ -625,7 +625,7 @@
{% if keycloak_modcluster.enabled %}
-
+
{% endif %}
diff --git a/roles/keycloak/templates/standalone.xml.j2 b/roles/keycloak/templates/standalone.xml.j2
index 9e620b2..b67a109 100644
--- a/roles/keycloak/templates/standalone.xml.j2
+++ b/roles/keycloak/templates/standalone.xml.j2
@@ -607,7 +607,7 @@
{% if keycloak_modcluster.enabled %}
-
+
{% endif %}
diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml
index 203b6d7..c28fbb0 100644
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -1,2 +1,3 @@
---
-# vars file for keycloak
\ No newline at end of file
+# vars file for keycloak
+keycloak_admin_password:
\ No newline at end of file