defaults/main.yml

@@ -93,7 +93,5 @@ keycloak_cache_container_name: keycloak
 keycloak_jgroups_multicast_port: 46655
 keycloak_jgroups_multicast_address: 228.6.7.8
 keycloak_jgroups_bind_port: 55200
-keycloak_jgroups_bind_specific_ip: false
-keycloak_jgroups_bind_ip_address: "{{ ansible_default_ipv4.address }}"
 keycloak_jgroups_extended_stack: false
 keycloak_jgroups_extended_stack_name: "extended-{{ keycloak_cache_stack }}"

tasks/main.yml

@@ -15,7 +15,6 @@
     - keycloak_conf
     - keycloak_providers
     - keycloak_providers_jar
-    - keycloak_systemd_unit
   block:
     - name: Install the keycloak systemd unit
       ansible.builtin.template:
@@ -39,7 +38,6 @@
 
     - name: Wait for the service to be up before proceeding
       ansible.builtin.wait_for:
-        host: "{{ keycloak_listen }}"
         port: "{% if keycloak_https_enabled %}{{ keycloak_https_port }}{% else %}{{ keycloak_http_port }}{% endif %}"
         delay: 10
         timeout: 90

templates/cache-ispn.xml.j2

@@ -21,19 +21,11 @@
         xsi:schemaLocation="urn:infinispan:config:11.0 http://www.infinispan.org/schemas/infinispan-config-11.0.xsd"
         xmlns="urn:infinispan:config:11.0">
 
-{% if keycloak_jgroups_bind_specific_ip %}
-    <interfaces>
-        <interface name="public">
-          <inet-address value="{{ keycloak_jgroups_bind_ip_address }}"/>
-        </interface>
-    </interfaces>
-{% endif %}
-
 {% if keycloak_jgroups_extended_stack %}
     <!-- custom stack goes into the jgroups element -->
     <jgroups>
         <stack name="{{ keycloak_jgroups_extended_stack_name }}" extends="{{ keycloak_cache_stack }}">
-            <UDP bind_addr="{% if keycloak_jgroups_bind_specific_ip %}{{ keycloak_jgroups_bind_ip_address }}{% else %}${jgroups.bind.address,jgroups.udp.address:SITE_LOCAL}{% endif %}"
+            <UDP bind_addr="${jgroups.bind.address,jgroups.udp.address:SITE_LOCAL}"
                 bind_port="{{ keycloak_jgroups_bind_port }}"
                 mcast_addr="{{ keycloak_jgroups_multicast_address }}"
                 mcast_port="{{ keycloak_jgroups_multicast_port }}"
@@ -117,4 +109,4 @@
             <memory max-count="-1"/>
         </distributed-cache>
     </cache-container>
-</infinispan>
+</infinispan>

templates/keycloak.conf.j2

@@ -38,13 +38,9 @@ https-port={{ keycloak_https_port }}
 {% endif %}
 
 {% if keycloak_behind_reverse_proxy %}
-{% if keycloak_version is version_compare('22.0.0', '<') %}
-proxy=reencrypt
-{% else %}
 # The proxy address forwarding mode if the server is behind a reverse proxy.
 proxy-headers={{ keycloak_reverse_proxy_type }}
 {% endif %}
-{% endif %}
 
 {% if keycloak_set_hostname %}
 # Hostname for the Keycloak server.
@@ -57,7 +53,7 @@ features-disabled={% for dis in keycloak_disabled_features %}{{ dis }}{% if not
 {% if keycloak_preview_features | length  %}features={% for feat in keycloak_preview_features %}{{ feat }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
 
 {% if keycloak_external_avatar_dir_enabled %}
-spi-avatar-storage-avatar-storage-file-avatar-folder={{ keycloak_external_avatar_dir }}
+spi-avatar-storage-avatar-storage-file-avatar-folder={{ keycloak_external_avatar_dir}}
 {% endif %}
 
 {% if keycloak_s3_avatar_enabled %}
@@ -71,7 +67,7 @@ spi-avatar-storage-avatar-storage-s3-root-bucket={{ keycloak_s3_avatar_bucket }}
 # Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
 spi-sticky-session-encoder-infinispan-should-attach-route={{ keycloak_reverse_proxy_infinispan_attach_route }}
 cache={{ keycloak_cache_type }}
-# cache-stack={{ keycloak_cache_stack }}
+cache-stack={{ keycloak_cache_stack }}
 cache-config-file={{ keycloak_conf_directory }}/cache-ispn.xml
 {% endif %}
 # Logging

templates/keycloak.service.j2

@@ -1,6 +1,3 @@
-#
-# Systemd unit file that manages Keycloak
-#
 [Unit]
 Description=Keycloak Application Server, running with Quarkus
 After=syslog.target network.target
@@ -15,24 +12,19 @@ Before=httpd.service
 Before=apache2.service
 {% endif %}
 {% endif %}
-StartLimitIntervalSec=500
-StartLimitBurst=5
 
 [Service]
 Environment=JAVA={{ keycloak_openjdk_bin }}
 Environment=JAVA_HOME=/usr/lib/jvm/java-{{ keycloak_openjdk_runtime_version}}-openjdk-amd64
 Environment=JAVA_OPTS="{{ keycloak_java_opts }}"
 {% if not keycloak_jgroups_extended_stack %}
-Environment=JAVA_OPTS_APPEND="-Djgroups.bind_addr={{ keycloak_jgroups_multicast_bind_host | default(ansible_default_ipv4.address) }} -Djgroups.mcast_addr={{ keycloak_jgroups_multicast_address}} -Djgroups.mcast_port={{ keycloak_jgroups_multicast_port }}"
+Environment=JAVA_OPTS_APPEND="-Djgroups.mcast_addr={{ keycloak_jgroups_multicast_address}} -Djgroups.mcast_port={{ keycloak_jgroups_multicast_port }}"
 {% endif %}
 User={{ keycloak_user }}
 Group={{ keycloak_user }}
-ExecStart={{ keycloak_runtime_home }}/bin/kc.sh start
 SuccessExitStatus=0 143
 UMask=0027
-RestartSec=10
-Restart=on-failure
+ExecStart={{ keycloak_runtime_home }}/bin/kc.sh start
 
 [Install]
 WantedBy=multi-user.target
-