Role that installs the Keycloak IdM,
Go to file
Andrea Dell'Amico bd41510ba7
Move other options from the systemd unit to the conf file.
2024-04-02 14:21:21 +02:00
defaults proxy -> proxy-headers. Also fix the systemd unit reload. 2024-03-29 18:20:31 +01:00
handlers Manage certificates that are not issued by letsencrypt. 2024-03-22 18:45:21 +01:00
meta Set the mcast addr and port. 2022-12-29 16:34:04 +01:00
tasks Move out some options from the command line to the conf file. 2024-04-02 14:18:40 +02:00
templates Move other options from the systemd unit to the conf file. 2024-04-02 14:21:21 +02:00
tests Initial commit 2020-06-18 18:23:12 +02:00
vars Option to change the service name. 2022-09-24 18:12:14 +02:00
.gitignore Initial commit 2020-06-18 18:23:12 +02:00
LICENSE Initial commit 2020-06-18 18:23:12 +02:00
README.md keycloak over quarkus, vers 19+ 2022-09-23 13:52:06 +02:00

README.md

Role Name

A role that installs the keycloak IdM https://keycloak.org

Role Variables

The most important variables are listed below:

keycloak_major_version: '19'
keycloak_minor_version: '0'
keycloak_point_version: '2'
keycloak_openjdk_runtime_version: 11
keycloak_openjdk_version:
  - '{{ keycloak_openjdk_runtime_version }}'
keycloak_openjdk_bin: '/usr/lib/jvm/java-{{ keycloak_openjdk_runtime_version}}-openjdk-amd64/bin/java'
keycloak_install_dir: '/opt/keycloak'
keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}'
keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf'
keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers'
keycloak_data_directory: '{{ keycloak_runtime_home }}/data'
keycloak_log_directory: '/var/log/keycloak'
keycloak_optimize_build_at_startup: true
keycloak_upgrade_db_at_startup: false
keycloak_disabled_features: []
keycloak_preview_features: []

keycloak_external_avatar_dir_enabled: false
keycloak_external_avatar_dir: '{{ keycloak_data_directory }}/avatar'

keycloak_https_enabled: true
keycloak_https_protocols: 'TLSv1.3'
keycloak_letsencrypt_certs: '{{ keycloak_https_enabled }}'
keycloak_http_enabled: "{% if keycloak_https_enabled %}'false'{% else %}'true'{% endif %}"
keycloak_listen: '127.0.0.1'
keycloak_http_port: 8080
keycloak_https_port: 8443
keycloak_set_hostname: false
keycloak_hostname: '{{ ansible_fqdn }}'

keycloak_log_handlers: console
keycloak_log_console_format: '%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
keycloak_log_console_output: default
keycloak_log_file: '{{ keycloak_log_directory }}/keycloak.log'
keycloak_log_file_format: '%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
keycloak_log_level: warning
# We keep those together because some health checks are available only when the metrics are enabled.
keycloak_metrics_and_health_checks_enabled: 'true'

keycloak_use_external_db: true
# postgresql is the only supported choice for the time being
keycloak_db_vendor: 'postgres'
keycloak_database_name: keycloak
keycloak_database_user: keycloak_u
# keycloak_database_password: 'define it into a vault file'
keycloak_database_host: 'localhost'
keycloak_database_max_pool_size: '50'
keycloak_database_jboss_connection_checker: true
keycloak_database_idle_timeouts_min: 1
keycloak_admin_user: kadmin
# keycloak_admin_password: 'define it into a vault file'

keycloak_before_nginx: false
keycloak_before_apache_httpd: false
keycloak_behind_reverse_proxy: true
keycloak_reverse_proxy_type: '{% if keycloak_local_certs %}reencrypt{% else %}edge{% endif %}'
keycloak_reverse_proxy_infinispan_attach_route: 'true'

keycloak_cluster: false
keycloak_cache_type: ispn
keycloak_cache_stack: tcp
keycloak_cache_container_name: keycloak

Dependencies

OpenJDK

License

EUPL-1.2

Author Information

Andrea DellAmico, andrea.dellamico@isti.cnr.it