5fa9243bcd | ||
---|---|---|
.. | ||
defaults | ||
handlers | ||
meta | ||
tasks | ||
templates | ||
vars | ||
README.md |
README.md
keycloak
Install keycloak or Red Hat Single Sing-On server configurations.
Requirements
This role requires the python3-netaddr
library installed on the controller node.
- to install via yum/dnf:
dnf install python3-netaddr
- or via pip:
pip install netaddr==0.8.0
Role Defaults
Variable | Description | Default |
---|---|---|
keycloak_ha_enabled |
Enable auto configuration for database backend, clustering and remote caches on infinispan | False |
keycloak_db_enabled |
Enable auto configuration for database backend | True if keycloak_ha_enabled is True, else False |
keycloak_admin_user |
Administration console user account | admin |
keycloak_bind_address |
Address for binding service ports | 0.0.0.0 |
keycloak_host |
hostname | localhost |
keycloak_http_port |
HTTP port | 8080 |
keycloak_https_port |
TLS HTTP port | 8443 |
keycloak_management_http_port |
Management port | 9990 |
keycloak_management_https_port |
TLS management port | 9993 |
keycloak_java_opts |
Additional JVM options | -Xms1024m -Xmx2048m |
keycloak_prefer_ipv4 |
Prefer IPv4 stack and addresses for port binding | True |
jvm_package |
RHEL java package runtime | java-1.8.0-openjdk-devel |
Role Variables
The following are a set of required variables for the role:
Variable | Description |
---|---|
keycloak_admin_password |
Password for the administration console user account |
The following variables are required only when keycloak_ha_enabled
is True:
Variable | Description | Default |
---|---|---|
keycloak_modcluster_url |
URL for the modcluster reverse proxy | localhost |
keycloak_frontend_url |
frontend URL for keycloak endpoints when a reverse proxy is used | http://localhost |
keycloak_jdbc_engine |
backend database flavour when db is enabled: [ postgres, mariadb ] | postgres |
infinispan_url |
URL for the infinispan remote-cache server | localhost:11122 |
infinispan_user |
username for connecting to infinispan | supervisor |
infinispan_pass |
password for connecting to infinispan | supervisor |
infinispan_sasl_mechanism |
Authentication type | SCRAM-SHA-512 |
infinispan_use_ssl |
Enable hotrod TLS communication | False |
infinispan_trust_store_path |
Path to truststore with infinispan server certificate | /etc/pki/java/cacerts |
infinispan_trust_store_password |
Password for opening truststore | changeit |
The following variables are required only when keycloak_db_enabled
is True:
Variable | Description | Default |
---|---|---|
keycloak_jdbc_url |
URL for the postgres backend database | jdbc:postgresql://localhost:5432/keycloak |
keycloak_jdbc_driver_version |
Version for the JDBC driver to download | 9.4.1212 |
keycloak_db_user |
username for connecting to postgres | keycloak-user |
keycloak_db_pass |
password for connecting to postgres | keycloak-pass |
Dependencies
The roles depends on:
- the
redhat_csp_download
role from middleware_automation.redhat_csp_download collection - the
wildfly_driver
role from middleware_automation.wildfly collection
Example Playbook
The following is an example playbook that makes use of the role to install keycloak
---
- hosts: ...
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
include_role:
name: keycloak
vars:
keycloak_admin_password: "changeme"
License
Apache License 2.0