ansible-role-keycloak/defaults/main.yml

97 lines
3.9 KiB
YAML

---
keycloak_major_version: '24'
keycloak_minor_version: '0'
keycloak_point_version: '1'
keycloak_openjdk_runtime_version: 17
keycloak_openjdk_version:
- '{{ keycloak_openjdk_runtime_version }}'
keycloak_openjdk_bin: '/usr/lib/jvm/java-{{ keycloak_openjdk_runtime_version}}-openjdk-amd64/bin/java'
keycloak_install_dir: '/opt/keycloak'
keycloak_java_heap_min: "64m"
keycloak_java_heap_max: "512m"
keycloak_java_metaspacesize: "96m"
keycloak_java_metaspace_max_size: "256m"
keycloak_java_opts: "-Xms{{ keycloak_java_heap_min }} -Xmx{{ keycloak_java_heap_max }} -XX:MetaspaceSize={{ keycloak_java_metaspacesize }} -XX:MaxMetaspaceSize={{ keycloak_java_metaspace_max_size }} -Djava.net.preferIPv4Stack=true -server -Djava.awt.headless=true -Dfile.encoding=UTF-8"
keycloak_distribution_data_directory: '{{ keycloak_install_dir }}/{{ keycloak_distribution }}/{{ keycloak_wildfly_mode }}'
keycloak_conf_directory: '{{ keycloak_runtime_home }}/conf'
keycloak_providers_directory: '{{ keycloak_runtime_home }}/providers'
keycloak_data_directory: '{{ keycloak_runtime_home }}/data'
keycloak_log_directory: '/var/log/keycloak'
keycloak_service_name: keycloak
keycloak_optimize_build_at_startup: true
keycloak_upgrade_db_at_startup: false
keycloak_configuration_files:
- keycloak.conf
- cache-ispn.xml
- quarkus.properties
keycloak_disabled_features: []
keycloak_preview_features: []
keycloak_remote_providers: []
# - name: 'foo'
# state: 'present'
# maven_repo_url: ''
# maven_id: ''
# maven_group_id: ''
# maven_extension: ''
# maven_version: ''
keycloak_additional_properties: []
keycloak_quarkus_additional_properties: []
keycloak_external_avatar_dir_enabled: false
keycloak_external_avatar_dir: '{{ keycloak_data_directory }}/avatar'
keycloak_https_enabled: true
keycloak_https_protocols: 'TLSv1.3'
keycloak_letsencrypt_certs: '{{ keycloak_https_enabled }}'
keycloak_source_cert_file: "{{ pki_dir }}/certs/{{ ansible_fqdn }}.pem"
keycloak_source_cert_key: "{{ pki_dir }}/keys/{{ ansible_fqdn }}-key.pem"
keycloak_http_enabled: "{% if keycloak_https_enabled %}false{% else %}true{% endif %}"
# Set to /auth to be backward compatible with the old admin console
keycloak_http_relative_path: /
keycloak_listen: '127.0.0.1'
keycloak_http_port: 8080
keycloak_https_port: 8443
keycloak_set_hostname: false
keycloak_hostname: '{{ ansible_fqdn }}'
# console, file, gelf
keycloak_log_handlers: console
keycloak_log_console_format: '%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
keycloak_log_console_output: default
keycloak_log_file: '{{ keycloak_log_directory }}/keycloak.log'
keycloak_log_file_format: '%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
keycloak_log_level: warning
keycloak_log_backup_index: 10
keycloak_log_max_size: '10M'
keycloak_log_rotate_on_boot: 'true'
# We keep those together because some health checks are available only when the metrics are enabled.
keycloak_metrics_and_health_checks_enabled: 'true'
keycloak_use_external_db: true
# postgresql is the only supported choice for the time being
keycloak_db_vendor: 'postgres'
keycloak_database_name: keycloak
keycloak_database_user: keycloak_u
# keycloak_database_password: 'define it into a vault file'
keycloak_database_host: 'localhost'
keycloak_admin_user: kadmin
# keycloak_admin_password: 'define it into a vault file'
keycloak_before_nginx: false
keycloak_before_apache_httpd: false
keycloak_behind_reverse_proxy: true
keycloak_reverse_proxy_type: '{% if keycloak_https_enabled %}reencrypt{% else %}edge{% endif %}'
keycloak_reverse_proxy_infinispan_attach_route: 'true'
keycloak_cluster: false
keycloak_cache_type: ispn
keycloak_cache_stack: tcp
keycloak_jgroups_cache_hostname: "{{ ansible_fqdn }}"
keycloak_cache_container_name: keycloak
keycloak_jgroups_multicast_port: 46655
keycloak_jgroups_multicast_address: 228.6.7.8
keycloak_jgroups_bind_port: 55200
keycloak_jgroups_extended_stack: false
keycloak_jgroups_extended_stack_name: "extended-{{ keycloak_cache_stack }}"