keycloak
Install keycloak or Red Hat Single Sing-On server configurations.
Requirements
This role requires the python3-netaddr library installed on the controller node.
- to install via yum/dnf:
dnf install python3-netaddr - or via pip:
pip install netaddr==0.8.0
Versions
| RH-SSO VERSION | Release Date | Keycloak Version | EAP Version | Notes |
|---|---|---|---|---|
7.5.0 GA |
September 20, 2021 | 15.0.2 |
7.4.0 |
Release Notes |
Role Defaults
| Variable | Description | Default |
|---|---|---|
keycloak_ha_enabled |
Enable auto configuration for database backend, clustering and remote caches on infinispan | False |
keycloak_db_enabled |
Enable auto configuration for database backend | True if keycloak_ha_enabled is True, else False |
keycloak_admin_user |
Administration console user account | admin |
keycloak_bind_address |
Address for binding service ports | 0.0.0.0 |
keycloak_host |
hostname | localhost |
keycloak_http_port |
HTTP port | 8080 |
keycloak_https_port |
TLS HTTP port | 8443 |
keycloak_management_http_port |
Management port | 9990 |
keycloak_management_https_port |
TLS management port | 9993 |
keycloak_java_opts |
Additional JVM options | -Xms1024m -Xmx2048m |
keycloak_prefer_ipv4 |
Prefer IPv4 stack and addresses for port binding | True |
jvm_package |
RHEL java package runtime | java-1.8.0-openjdk-devel |
Role Variables
The following are a set of required variables for the role:
| Variable | Description |
|---|---|
keycloak_admin_password |
Password for the administration console user account |
The following variables are required only when keycloak_ha_enabled is True:
| Variable | Description | Default |
|---|---|---|
keycloak_modcluster_url |
URL for the modcluster reverse proxy | localhost |
keycloak_frontend_url |
frontend URL for keycloak endpoints when a reverse proxy is used | http://localhost |
keycloak_jdbc_engine |
backend database flavour when db is enabled: [ postgres, mariadb ] | postgres |
infinispan_url |
URL for the infinispan remote-cache server | localhost:11122 |
infinispan_user |
username for connecting to infinispan | supervisor |
infinispan_pass |
password for connecting to infinispan | supervisor |
infinispan_sasl_mechanism |
Authentication type | SCRAM-SHA-512 |
infinispan_use_ssl |
Enable hotrod TLS communication | False |
infinispan_trust_store_path |
Path to truststore with infinispan server certificate | /etc/pki/java/cacerts |
infinispan_trust_store_password |
Password for opening truststore | changeit |
The following variables are required only when keycloak_db_enabled is True:
| Variable | Description | Default |
|---|---|---|
keycloak_jdbc_url |
URL for the postgres backend database | jdbc:postgresql://localhost:5432/keycloak |
keycloak_jdbc_driver_version |
Version for the JDBC driver to download | 9.4.1212 |
keycloak_db_user |
username for connecting to postgres | keycloak-user |
keycloak_db_pass |
password for connecting to postgres | keycloak-pass |
Dependencies
The roles depends on:
- the
redhat_csp_downloadrole from middleware_automation.redhat_csp_download collection - the
wildfly_driverrole from middleware_automation.wildfly collection
Example Playbook
The following is an example playbook that makes use of the role to install keycloak
---
- hosts: ...
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
include_role:
name: keycloak
vars:
keycloak_admin_password: "changeme"
License
Apache License 2.0