ansible-keycloak/roles/keycloak
Guido Grazioli 906ba3c577
refactor offline install, rhsso patch install
2022-01-27 15:38:03 +01:00
..
defaults refactor offline install, rhsso patch install 2022-01-27 15:38:03 +01:00
handlers Add base role and playbook, molecule configuration 2021-12-14 11:26:42 +01:00
meta Switch collection dep from jcliff to wildfly 2021-12-30 12:24:59 +01:00
tasks refactor offline install, rhsso patch install 2022-01-27 15:38:03 +01:00
templates fix: dblock for db migration / fix: ejb dist caches 2022-01-20 20:56:49 +01:00
vars refactor offline install, rhsso patch install 2022-01-27 15:38:03 +01:00
README.md rework docs, add python requirements 2022-01-27 15:38:03 +01:00

README.md

keycloak

Install keycloak or Red Hat Single Sing-On server configurations.

Requirements

This role requires the python3-netaddr library installed on the controller node.

  • to install via yum/dnf: dnf install python3-netaddr
  • or via pip: pip install netaddr==0.8.0

Versions

RH-SSO VERSION Release Date Keycloak Version EAP Version Notes
7.5.0 GA September 20, 2021 15.0.2 7.4.0 Release Notes

Role Defaults

Variable Description Default
keycloak_rhsso_enable Enable Red Hat Single Sign-on installation False
keycloak_ha_enabled Enable auto configuration for database backend, clustering and remote caches on infinispan False
keycloak_db_enabled Enable auto configuration for database backend True if keycloak_ha_enabled is True, else False
keycloak_admin_user Administration console user account admin
keycloak_bind_address Address for binding service ports 0.0.0.0
keycloak_host hostname localhost
keycloak_http_port HTTP port 8080
keycloak_https_port TLS HTTP port 8443
keycloak_management_http_port Management port 9990
keycloak_management_https_port TLS management port 9993
keycloak_java_opts Additional JVM options -Xms1024m -Xmx2048m
keycloak_prefer_ipv4 Prefer IPv4 stack and addresses for port binding True
jvm_package RHEL java package runtime java-1.8.0-openjdk-devel

Role Variables

The following are a set of required variables for the role:

Variable Description
keycloak_admin_password Password for the administration console user account

The following variables are required only when keycloak_ha_enabled is True:

Variable Description Default
keycloak_modcluster_url URL for the modcluster reverse proxy localhost
keycloak_frontend_url frontend URL for keycloak endpoints when a reverse proxy is used http://localhost
keycloak_jdbc_engine backend database flavour when db is enabled: [ postgres, mariadb ] postgres
infinispan_url URL for the infinispan remote-cache server localhost:11122
infinispan_user username for connecting to infinispan supervisor
infinispan_pass password for connecting to infinispan supervisor
infinispan_sasl_mechanism Authentication type SCRAM-SHA-512
infinispan_use_ssl Enable hotrod TLS communication False
infinispan_trust_store_path Path to truststore with infinispan server certificate /etc/pki/java/cacerts
infinispan_trust_store_password Password for opening truststore changeit

The following variables are required only when keycloak_db_enabled is True:

Variable Description Default
keycloak_jdbc_url URL for the postgres backend database jdbc:postgresql://localhost:5432/keycloak
keycloak_jdbc_driver_version Version for the JDBC driver to download 9.4.1212
keycloak_db_user username for connecting to postgres keycloak-user
keycloak_db_pass password for connecting to postgres keycloak-pass

The following variable can be used to install Keycloak or Red Hat Single Sign-On from local path:

Variable Description Example
zip_file_local_path Full local path of upstream(Keycloak) or Red Hat Single Sign-On zip file on Ansible control plane tmp/rhsso/rh-sso-7.5-server-dist.zip

The following variable can be used to install Red Hat Single Sign-On from source via url, auth support is not added right now.

Variable Description Example
rhsso_source_download_url URL to download Red Hat Single Sign-On zip file from source http://localhost:8081/nexus/rhsso/rh-sso-7.5-server-dist.zip

Dependencies

The roles depends on:

Example Playbook

The following is an example playbook that makes use of the role to install keycloak from remote

---
- hosts: ...
      collections:
        - middleware_automation.keycloak
      tasks:
        - name: Include keycloak role
          include_role:
            name: keycloak
          vars:
            keycloak_admin_password: "changeme"

The following is an example playbook that makes use of the role to install keycloak from local path on Ansible node

---
- hosts: ...
      collections:
        - middleware_automation.keycloak
      tasks:
        - name: Include keycloak role
          include_role:
            name: keycloak
          vars:
            keycloak_admin_password: "changeme"
            zip_file_local_path: "/tmp/keycloak/keycloak-16.1.0.zip"  # This should be local path on Ansible node of upstream(keycloak) zip file

The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from RHN

---
- name: Playbook for RHSSO
  hosts: keycloak
  collections:
    - middleware_automation.redhat_csp_download
  roles:
    - redhat_csp_download
  tasks:
    - name: Keycloak Role
      include_role:
        name: keycloak
      vars:
        keycloak_admin_password: "changeme"
        keycloak_rhsso_enable: True

The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from source url

---
- hosts: keycloak
  collections:
    - middleware_automation.keycloak
  tasks:
    - name: Keycloak Role
      include_role:
        name: keycloak
      vars:
        keycloak_admin_password: "changeme"
        keycloak_rhsso_enable: True
        rhsso_source_download_url: "<REPLACE with - Source download url>" # This should be the full of remote source rhsso zip file

The following is an example playbook that makes use of the role to install Red Hat Single Sign-On from local path on Ansible node

---
- hosts: keycloak
  collections:
    - middleware_automation.keycloak
  tasks:
    - name: Keycloak Role
      include_role:
        name: keycloak
      vars:
        keycloak_admin_password: "changeme"
        keycloak_rhsso_enable: True
        zip_file_local_path: "/tmp/rhsso/rh-sso-7.5-server-dist.zip"  # This should be local path on Ansible node of rhsso zip file

License

Apache License 2.0

Author Information