--- ### Configuration specific to keycloak keycloak_version: 15.0.2 keycloak_archive: "keycloak-{{ keycloak_version }}.zip" keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}" keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}" keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" ### Configuration specific to Red Hat Single Sign-On keycloak_rhsso_version: 7.5.0 rhsso_rhn_id: "{{ rhsso_rhn_ids[keycloak_rhsso_version].id }}" keycloak_rhsso_archive: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip" keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}" keycloak_rhn_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=' keycloak_rhsso_download_url: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}" keycloak_rhsso_apply_patches: True ### keycloak/rhsso choice: by default install rhsso if rhn credentials are defined keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}" # whether to install from local archive; filename must be keycloak_archive or keycloak_rhsso_archive depending on keycloak_rhsso_enable keycloak_offline_install: False ### Install location and service settings jvm_package: java-1.8.0-openjdk-devel keycloak_dest: /opt/keycloak keycloak_jboss_home: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}" keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration" keycloak_config_standalone_xml: "keycloak.xml" keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}" keycloak_service_user: keycloak keycloak_service_group: keycloak keycloak_service_pidfile: "/run/keycloak.pid" keycloak_configure_firewalld: False ### administrator console password keycloak_admin_password: '' ### Common configuration settings keycloak_bind_address: 0.0.0.0 keycloak_host: localhost keycloak_http_port: 8080 keycloak_https_port: 8443 keycloak_ajp_port: 8009 keycloak_jgroups_port: 7600 keycloak_management_http_port: 9990 keycloak_management_https_port: 9993 keycloak_java_opts: "-Xms1024m -Xmx2048m" keycloak_prefer_ipv4: True ### Enable configuration for database backend, clustering and remote caches on infinispan keycloak_ha_enabled: False ### Enable database configuration, must be enabled when HA is configured keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}" ### Keycloak administration console user keycloak_admin_user: admin keycloak_auth_realm: master keycloak_auth_client: admin-cli keycloak_force_install: False ### mod_cluster reverse proxy keycloak_modcluster_url: localhost keycloak_frontend_url: http://localhost ### infinispan remote caches access (hotrod) infinispan_user: supervisor infinispan_pass: supervisor infinispan_url: localhost infinispan_sasl_mechanism: SCRAM-SHA-512 infinispan_use_ssl: False # if ssl is enabled, import ispn server certificate here infinispan_trust_store_path: /etc/pki/java/cacerts infinispan_trust_store_password: changeit ### database backend engine: values [ 'postgres', 'mariadb' ] keycloak_jdbc_engine: postgres ### database backend credentials keycloak_db_user: keycloak-user keycloak_db_pass: keycloak-pass keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}" keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}" # override the variables above, following defaults show minimum supported versions keycloak_default_jdbc: postgres: url: 'jdbc:postgresql://localhost:5432/keycloak' version: 9.4.1212 mariadb: url: 'jdbc:mariadb://localhost:3306/keycloak' version: 2.7.4