3.6 KiB
3.6 KiB
keycloak
Install keycloak or Red Hat Single Sing-On server configurations.
Requirements
This role requires the python3-netaddr
library installed on the controller node.
Role Defaults
Variable | Description | Default |
---|---|---|
keycloak_ha_enabled |
enable auto configuration for database backend, clustering and remote caches on infinispan | False |
keycloak_db_enabled |
enable auto configuration for database backend | True if keycloak_ha_enabled is True, else False |
keycloak_admin_user |
Administration console user account | admin |
keycloak_bind_address |
address for binding service ports | 0.0.0.0 |
keycloak_host |
hostname | localhost |
keycloak_http_port |
HTTP port | 8080 |
keycloak_https_port |
TLS HTTP port | 8443 |
keycloak_management_http_port |
management port | 9990 |
keycloak_management_https_port |
TLS management port | 9993 |
keycloak_java_opts |
-Xms1024m -Xmx20480m -XX:MaxPermSize=768m |
Role Variables
The following are a set of required variables for the role:
Variable | Description |
---|---|
keycloak_admin_password |
Password for the administration console user account |
The following variables are required only when keycloak_ha_enabled is True:
Variable | Description | Default |
---|---|---|
keycloak_modcluster_url |
URL for the modcluster reverse proxy | localhost |
keycloak_jdbc_engine |
backend database flavour when db is enabled: [ postgres, mariadb ] | postgres |
infinispan_url |
URL for the infinispan remote-cache server | localhost:11122 |
infinispan_user |
username for connecting to infinispan | supervisor |
infinispan_pass |
password for connecting to infinispan | supervisor |
The following variables are required only when keycloak_db_enabled is True and keycloak_jdbc_engine is postgres:
Variable | Description | Default |
---|---|---|
postgres_jdbc_url |
URL for the postgres backend database | jdbc:postgresql://localhost:5432/keycloak |
postgres_db_user |
username for connecting to postgres | keycloak-user |
postgres_db_pass |
password for connecting to postgres | keycloak-pass |
The following variables are required only when keycloak_db_enabled is True and keycloak_jdbc_engine is mariadb:
Variable | Description | Default |
---|---|---|
mariadb_jdbc_url |
URL for the mariadb backend database | jdbc:mariadb://localhost:3306/keycloak |
mariadb_db_user |
username for connecting to mariadb | keycloak-user |
mariadb_db_pass |
password for connecting to mariadb | keycloak-pass |
Dependencies
The roles depends on:
- the redhat_csp_download role from middleware_automation.redhat_csp_download collection
- the wildfly_driver role from middleware_automation.wildfly collection
Example Playbook
The following is an example playbook that makes use of the role to install keycloak
---
- hosts: ...
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
include_role:
name: keycloak
vars:
keycloak_admin_password: "changeme"
License
Apache License 2.0