--- ### Configuration specific to keycloak keycloak_version: 9.0.2 keycloak_archive: keycloak-{{ keycloak_version }}.zip keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }} keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" ### Configuration specific to Red Hat Single Sing-On keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}" keycloak_rhsso_version: 7.5 keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}" keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=' ### Install location and service settings jvm_package: java-1.8.0-openjdk-devel keycloak_dest: /opt/keycloak keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined else keycloak_installdir }}" keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration" keycloak_config_standalone_xml: "keycloak.xml" keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}" keycloak_service_user: keycloak keycloak_service_group: keycloak keycloak_service_pidfile: "/run/keycloak.pid" keycloak_service_logfile: "{{ keycloak_dest }}/keycloak.log" ### Keycloak configuration settings keycloak_bind_address: 0.0.0.0 keycloak_host: localhost keycloak_http_port: 8080 keycloak_https_port: 8443 keycloak_management_http_port: 9990 keycloak_management_https_port: 9993 keycloak_java_opts: "-Xms1024m -Xmx20480m -XX:MaxPermSize=768m" ### Enable configuration for database backend, clustering and remote caches on infinispan keycloak_ha_enabled: False ### Enable database configuration, must be enabled when HA is configured keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}" ### Keycloak administration console user keycloak_admin_user: admin keycloak_auth_realm: master keycloak_auth_client: admin-cli keycloak_force_install: False ### mod_cluster reverse proxy keycloak_modcluster_url: localhost ### infinispan remote caches access (hotrod) infinispan_user: supervisor infinispan_pass: supervisor infinispan_url: localhost infinispan_sasl_mechanism: SCRAM-SHA-512 infinispan_use_ssl: False # if ssl is enabled, import ispn server certificate here infinispan_trust_store_path: /etc/pki/java/cacerts infinispan_trust_store_password: changeit ### database backend engine: values [ 'postgres', 'mariadb' ] keycloak_jdbc_engine: postgres ### database backend credentials postgres_jdbc_url: 'jdbc:postgresql://localhost:5432/keycloak' postgres_db_user: keycloak-user postgres_db_pass: keycloak-pass mariadb_jdbc_url: 'jdbc:mariadb://localhost:3306/keycloak' mariadb_db_user: keycloak-user mariadb_db_pass: keycloak-pass