From dc33cbc358da59d412483b14c86985bb085fbe81 Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Mon, 11 Apr 2022 13:48:59 +0200 Subject: [PATCH] quarkus: add README, update parameters doc --- README.md | 1 + roles/keycloak_quarkus/README.md | 101 ++++++++++++++++++ .../keycloak_quarkus/meta/argument_specs.yml | 80 +++++++------- 3 files changed, 142 insertions(+), 40 deletions(-) create mode 100644 roles/keycloak_quarkus/README.md diff --git a/README.md b/README.md index 581e882..d341f58 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ A requirement file is provided to install: * [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service. * [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, user federation(s), clients and users, in an installed service. +* [`keycloak_quarkus`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_quarkus/README.md): role for installing the quarkus variant of keycloak (>= 17.0.0). ## Usage diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md new file mode 100644 index 0000000..19237d5 --- /dev/null +++ b/roles/keycloak_quarkus/README.md @@ -0,0 +1,101 @@ +keycloak_quarkus +================ + +Install [keycloak](https://keycloak.org/) >= 17.0.0 (quarkus) server configurations. + + +Role Defaults +------------- + +* Service configuration + +| Variable | Description | Default | +|:---------|:------------|:--------| +|`keycloak_quarkus_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` | +|`keycloak_quarkus_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_quarkus_ha_enabled` is True, else `False` | +|`keycloak_quarkus_admin_user`| Administration console user account | `admin` | +|`keycloak_quarkus_bind_address`| Address for binding service ports | `0.0.0.0` | +|`keycloak_quarkus_host`| hostname | `localhost` | +|`keycloak_quarkus_http_port`| HTTP port | `8080` | +|`keycloak_quarkus_https_port`| TLS HTTP port | `8443` | +|`keycloak_quarkus_ajp_port`| AJP port | `8009` | +|`keycloak_quarkus_jgroups_port`| jgroups cluster tcp port | `7600` | +|`keycloak_quarkus_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` | +|`keycloak_quarkus_service_user`| Posix account username | `keycloak` | +|`keycloak_quarkus_service_group`| Posix account group | `keycloak` | +|`keycloak_quarkus_service_pidfile`| Pid file path for service | `/run/keycloak.pid` | +|`keycloak_quarkus_jvm_package`| RHEL java package runtime | `java-11-openjdk-headless` | +|`keycloak_quarkus_frontend_url`| Service public URL | `http://localhost:8080/auth` | +|`keycloak_quarkus_http_relative_path` | Service context path | `auth` | + + +* Database configuration + +| Variable | Description | Default | +|:---------|:------------|:--------| +|`keycloak_quarkus_jdbc_engine` | Database engine [mariadb,postres] | `postgres` | +|`keycloak_quarkus_db_user` | User for database connection | `keycloak-user` | +|`keycloak_quarkus_db_pass` | Password for database connection | `keycloak-pass` | +|`keycloak_quarkus_jdbc_url` | JDBC URL for connecting to database | `jdbc:postgresql://localhost:5432/keycloak` | +|`keycloak_quarkus_jdbc_driver_version` | Version for JDBC driver | `9.4.1212` | + + +* Remote caches configuration + +| Variable | Description | Default | +|:---------|:------------|:--------| +|`keycloak_quarkus_ispn_user` | Username for connecting to infinispan | `supervisor` | +|`keycloak_quarkus_ispn_pass` | Password for connecting to infinispan | `supervisor` | +|`keycloak_quarkus_ispn_url` | URL for connecting to infinispan | `localhost` | +|`keycloak_quarkus_ispn_sasl_mechanism` | Infinispan auth mechanism | `SCRAM-SHA-512` | +|`keycloak_quarkus_ispn_use_ssl` | Whether infinispan uses TLS connection | `false` | +|`keycloak_quarkus_ispn_trust_store_path` | Path to infinispan server trust certificate | `/etc/pki/java/cacerts` | +|`keycloak_quarkus_ispn_trust_store_password` | Password for infinispan certificate keystore | `changeit` | + + +* Install options + +| Variable | Description | Default | +|:---------|:------------|:---------| +|`keycloak_quarkus_offline_install` | Perform an offline install | `False`| +|`keycloak_quarkus_download_url`| Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download//`| +|`keycloak_quarkus_version`| keycloak.org package version | `17.0.1` | +|`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` | +|`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` | +|`keycloak_quarkus_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `False` | + + +* Miscellaneous configuration + +| Variable | Description | Default | +|:---------|:------------|:--------| +|`keycloak_quarkus_metrics_enabled`| Whether to enable metrics | `False` | +|`keycloak_quarkus_archive` | keycloak install archive filename | `keycloak-{{ keycloak_quarkus_version }}.zip` | +|`keycloak_quarkus_installdir` | Installation path | `{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}` | +|`keycloak_quarkus_home` | Installation work directory | `{{ keycloak_quarkus_installdir }}` | +|`keycloak_quarkus_config_dir` | Path for configuration | `{{ keycloak_quarkus_home }}/conf` | +|`keycloak_quarkus_master_realm` | Name for rest authentication realm | `master` | +|`keycloak_auth_client` | Authentication client for configuration REST calls | `admin-cli` | +|`keycloak_force_install` | Remove pre-existing versions of service | `False` | +|`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_quarkus_host }}:{{ keycloak_http_port }}` | +|`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_quarkus_host }}:{{ keycloak_management_http_port }}` | + + +Role Variables +-------------- + +| Variable | Description | +|:---------|:------------| +|`keycloak_quarkus_admin_pass`| Password of console admin account | + + +License +------- + +Apache License 2.0 + + +Author Information +------------------ + +* [Guido Grazioli](https://github.com/guidograzioli) diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml index cc94017..78382f9 100644 --- a/roles/keycloak_quarkus/meta/argument_specs.yml +++ b/roles/keycloak_quarkus/meta/argument_specs.yml @@ -4,200 +4,200 @@ argument_specs: keycloak_quarkus_version: # line 3 of defaults/main.yml default: "17.0.1" - description: "TODO document argument" + description: "keycloak.org package version" type: "str" keycloak_quarkus_archive: # line 4 of defaults/main.yml default: "keycloak-{{ keycloak_quarkus_version }}.zip" - description: "TODO document argument" + description: "keycloak install archive filename" type: "str" keycloak_quarkus_download_url: # line 5 of defaults/main.yml default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}" - description: "TODO document argument" + description: "Download URL for keycloak" type: "str" keycloak_quarkus_installdir: # line 6 of defaults/main.yml default: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}" - description: "TODO document argument" + description: "Installation path" type: "str" keycloak_quarkus_offline_install: # line 9 of defaults/main.yml default: false - description: "TODO document argument" + description: "Perform an offline install" type: "bool" keycloak_quarkus_jvm_package: # line 12 of defaults/main.yml default: "java-11-openjdk-headless" - description: "TODO document argument" + description: "RHEL java package runtime" type: "str" keycloak_quarkus_dest: # line 13 of defaults/main.yml default: "/opt/keycloak" - description: "TODO document argument" + description: "Installation root path" type: "str" keycloak_quarkus_home: # line 14 of defaults/main.yml default: "{{ keycloak_quarkus_installdir }}" - description: "TODO document argument" + description: "Installation work directory" type: "str" keycloak_quarkus_config_dir: # line 15 of defaults/main.yml default: "{{ keycloak_quarkus_home }}/conf" - description: "TODO document argument" + description: "Path for configuration" type: "str" keycloak_quarkus_service_user: # line 16 of defaults/main.yml default: "keycloak" - description: "TODO document argument" + description: "Posix account username" type: "str" keycloak_quarkus_service_group: # line 17 of defaults/main.yml default: "keycloak" - description: "TODO document argument" + description: "Posix account group" type: "str" keycloak_quarkus_service_pidfile: # line 18 of defaults/main.yml default: "/run/keycloak.pid" - description: "TODO document argument" + description: "Pid file path for service" type: "str" keycloak_quarkus_configure_firewalld: # line 19 of defaults/main.yml default: false - description: "TODO document argument" + description: "Ensure firewalld is running and configure keycloak ports" type: "bool" keycloak_quarkus_admin_user: # line 22 of defaults/main.yml default: "admin" - description: "TODO document argument" + description: "Administration console user account" type: "str" keycloak_quarkus_admin_pass: # line 23 of defaults/main.yml default: "" - description: "TODO document argument" + description: "Password of console admin account" type: "str" keycloak_quarkus_master_realm: # line 24 of defaults/main.yml default: "master" - description: "TODO document argument" + description: "Name for rest authentication realm" type: "str" keycloak_quarkus_bind_address: # line 27 of defaults/main.yml default: "0.0.0.0" - description: "TODO document argument" + description: "Address for binding service ports" type: "str" keycloak_quarkus_host: # line 28 of defaults/main.yml default: "localhost" - description: "TODO document argument" + description: "hostname" type: "str" keycloak_quarkus_http_port: # line 29 of defaults/main.yml default: 8080 - description: "TODO document argument" + description: "HTTP port" type: "int" keycloak_quarkus_https_port: # line 30 of defaults/main.yml default: 8443 - description: "TODO document argument" + description: "HTTPS port" type: "int" keycloak_quarkus_ajp_port: # line 31 of defaults/main.yml default: 8009 - description: "TODO document argument" + description: "AJP port" type: "int" keycloak_quarkus_jgroups_port: # line 32 of defaults/main.yml default: 7600 - description: "TODO document argument" + description: "jgroups cluster tcp port" type: "int" keycloak_quarkus_java_opts: # line 33 of defaults/main.yml default: "-Xms1024m -Xmx2048m" - description: "TODO document argument" + description: "Additional JVM options" type: "str" keycloak_quarkus_ha_enabled: # line 36 of defaults/main.yml default: false - description: "TODO document argument" + description: "Enable auto configuration for database backend, clustering and remote caches on infinispan" type: "bool" keycloak_quarkus_db_enabled: # line 38 of defaults/main.yml default: "{{ True if keycloak_quarkus_ha_enabled else False }}" - description: "TODO document argument" + description: "Enable auto configuration for database backend" type: "str" keycloak_quarkus_http_relative_path: # line 41 of defaults/main.yml default: "auth" - description: "TODO document argument" + description: "Service context path" type: "str" keycloak_quarkus_frontend_url: # line 41 of defaults/main.yml default: "http://localhost:8080/auth" - description: "TODO document argument" + description: "Service public URL" type: "str" keycloak_quarkus_metrics_enabled: # line 43 of defaults/main.yml default: false - description: "TODO document argument" + description: "Whether to enable metrics" type: "bool" keycloak_quarkus_ispn_user: # line 46 of defaults/main.yml default: "supervisor" - description: "TODO document argument" + description: "Username for connecting to infinispan" type: "str" keycloak_quarkus_ispn_pass: # line 47 of defaults/main.yml default: "supervisor" - description: "TODO document argument" + description: "Password for connecting to infinispan" type: "str" keycloak_quarkus_ispn_url: # line 48 of defaults/main.yml default: "localhost" - description: "TODO document argument" + description: "URL for connecting to infinispan" type: "str" keycloak_quarkus_ispn_sasl_mechanism: # line 49 of defaults/main.yml default: "SCRAM-SHA-512" - description: "TODO document argument" + description: "Infinispan auth mechanism" type: "str" keycloak_quarkus_ispn_use_ssl: # line 50 of defaults/main.yml default: false - description: "TODO document argument" + description: "Whether infinispan uses TLS connection" type: "bool" keycloak_quarkus_ispn_trust_store_path: # line 52 of defaults/main.yml default: "/etc/pki/java/cacerts" - description: "TODO document argument" + description: "Path to infinispan server trust certificate" type: "str" keycloak_quarkus_ispn_trust_store_password: # line 53 of defaults/main.yml default: "changeit" - description: "TODO document argument" + description: "Password for infinispan certificate keystore" type: "str" keycloak_quarkus_jdbc_engine: # line 56 of defaults/main.yml default: "postgres" - description: "TODO document argument" + description: "Database engine [mariadb,postres]" type: "str" keycloak_quarkus_db_user: # line 58 of defaults/main.yml default: "keycloak-user" - description: "TODO document argument" + description: "User for database connection" type: "str" keycloak_quarkus_db_pass: # line 59 of defaults/main.yml default: "keycloak-pass" - description: "TODO document argument" + description: "Password for database connection" type: "str" keycloak_quarkus_jdbc_url: # line 60 of defaults/main.yml default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].url }}" - description: "TODO document argument" + description: "JDBC URL for connecting to database" type: "str" keycloak_quarkus_jdbc_driver_version: # line 61 of defaults/main.yml default: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].version }}" - description: "TODO document argument" + description: "Version for JDBC driver" type: "str"