Parametrize jdbc driver version

JVM as variable, name all tasks, update README
Add configuration for hotrod TLS
2026-03-28 14:23:05 +00:00 · 2022-01-05 13:55:19 +01:00 · 2022-01-04 16:01:37 +01:00 · 2022-01-04 14:30:28 +01:00 · 2021-12-31 12:31:08 +01:00 · 2021-12-30 16:47:16 +01:00
25 changed files with 565 additions and 99 deletions
--- a/README.md
+++ b/README.md
@@ -41,6 +41,13 @@ rhsso_rhn_id: '<sso_product_id>'

 where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_)

+
+## Included roles
+
+* [`keycloak`](https://github.com/ansible-middleware/keycloak/roles/keycloak/REAME.md): role for installing the service. _Requires: python3-netaddr_
+* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/roles/keycloak_realm/REAME.md): role for configuring a realm, with clients and users, in an installed service.
+
+
 ## License

 Apache License v2.0 or later
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: middleware_automation
 name: keycloak
-version: "0.0.2"
+version: "0.1.3"
 readme: README.md
 authors:
  - Romain Pelisse <rpelisse@redhat.com>
@@ -15,7 +15,7 @@ tags:
  - sso
 dependencies:
  "middleware_automation.redhat_csp_download": ">=1.2.1"
-  "middleware_automation.jcliff": ">=0.0.19"
+  "middleware_automation.wildfly": ">=0.0.4"
 repository: https://github.com/ansible-middleware/keycloak
 documentation: https://github.com/ansible-middleware/keycloak
 homepage: https://github.com/ansible-middleware/keycloak
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -7,4 +7,36 @@
      include_role:
        name: ../../roles/keycloak
      vars:
-        keycloak_admin_password: "changeme"
+        keycloak_admin_password: "changeme"
+    - name: Keycloak Realm Role
+      include_role:
+        name: ../../roles/keycloak_realm
+      vars:
+        keycloak_admin_password: "changeme"
+        keycloak_client_default_roles:
+          - TestRoleAdmin
+          - TestRoleUser
+        keycloak_client_users:
+          - username: TestUser
+            password: password
+            client_roles:
+              - client: TestClient
+                role: TestRoleUser
+                realm: "{{ keycloak_realm }}"
+          - username: TestAdmin
+            password: password
+            client_roles:
+              - client: TestClient
+                role: TestRoleUser
+                realm: "{{ keycloak_realm }}"
+              - client: TestClient
+                role: TestRoleAdmin
+                realm: "{{ keycloak_realm }}"
+        keycloak_realm: TestRealm
+        keycloak_clients:
+          - name: TestClient
+            roles: "{{ keycloak_client_default_roles }}"
+            realm: "{{ keycloak_realm }}"
+            public_client: "{{ keycloak_client_public }}"
+            web_origins: "{{ keycloak_client_web_origins }}"
+            users: "{{ keycloak_client_users }}"
--- a/playbooks/keycloak.yml
+++ b/playbooks/keycloak.yml
@@ -10,4 +10,27 @@
      include_role:
        name: keycloak
      vars:
-        keycloak_admin_password: "changeme"
+        keycloak_admin_password: "changeme"
+    - name: Keycloak Realm Role
+      include_role:
+        name: keycloak_realm
+      vars:
+        keycloak_admin_password: "changeme"
+        keycloak_realm: TestRealm
+        keycloak_clients:
+          - name: TestClient1
+            roles:
+              - TestClient1Admin
+              - TestClient1User
+            realm: "{{ keycloak_realm }}"
+            public_client: True
+            web_origins:
+              - http://testclient1origin/application
+              - http://testclient1origin/other
+            users:
+            - username: TestUser
+              password: password
+              client_roles:
+                - client: TestClient1
+                  role: TestClient1User
+                  realm: "{{ keycloak_realm }}"
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -4,35 +4,63 @@ keycloak
 Install [keycloak](https://keycloak.org/) or [Red Hat Single Sing-On](https://access.redhat.com/products/red-hat-single-sign-on) server configurations.


+Requirements
+------------
+
+This role requires the `python3-netaddr` library installed on the controller node.
+
+
 Role Defaults
 -------------

 | Variable | Description | Default |
 |:---------|:------------|:---------|
-|`keycloak_ha_enabled`| enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
+|`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
+|`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if keycloak_ha_enabled is True, else `False` |
 |`keycloak_admin_user`| Administration console user account | `admin` |
+|`keycloak_bind_address`| Address for binding service ports | `0.0.0.0` |
+|`keycloak_host`| hostname | `localhost` |
+|`keycloak_http_port`| HTTP port | `8080` |
+|`keycloak_https_port`| TLS HTTP port | `8443` |
+|`keycloak_management_http_port`| Management port | `9990` |
+|`keycloak_management_https_port`| TLS management port | `9993` |
+|`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx20480m -XX:MaxPermSize=768m` |
+|`jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-devel` |


 Role Variables
 --------------

-The following are a set of required variables for the role:
+The following are a set of _required_ variables for the role:

 | Variable | Description |
 |:---------|:------------|
 |`keycloak_admin_password`| Password for the administration console user account |

-The following variables are required when keycloak_ha_enabled is True:
+
+The following variables are _required_ only when keycloak_ha_enabled is True:

 | Variable | Description | Default |
 |:---------|:------------|:---------|
 |`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` |
-|`postgres_jdbc_url` | URL for the postgres backend database | `jdbc:postgresql://localhost:5432/keycloak` |
-|`postgres_db_user` | username for connecting to postgres | `keycloak-user` |
-|`postgres_db_pass` | password for connecting to postgres | `keycloak-pass` |
+|`keycloak_jdbc_engine` | backend database flavour when db is enabled: [ postgres, mariadb ] | `postgres` |
 |`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
 |`infinispan_user` | username for connecting to infinispan | `supervisor` |
 |`infinispan_pass` | password for connecting to infinispan | `supervisor` |
+|`infinispan_sasl_mechanism`| Authentication type | `SCRAM-SHA-512` |
+|`infinispan_use_ssl`| Enable hotrod TLS communication | `False` |
+|`infinispan_trust_store_path`| Path to truststore with infinispan server certificate | `/etc/pki/java/cacerts` |
+|`infinispan_trust_store_password`| Password for opening truststore | `changeit` |
+
+
+The following variables are _required_ only when keycloak_db_enabled is True:
+
+| Variable | Description | Default |
+|:---------|:------------|:---------|
+|`keycloak_jdbc_url` | URL for the postgres backend database | `jdbc:postgresql://localhost:5432/keycloak` |
+|`keycloak_jdbc_driver_version`| Version for the JDBC driver to download | `9.4.1212` |
+|`keycloak_db_user` | username for connecting to postgres | `keycloak-user` |
+|`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` |


 Dependencies
@@ -40,8 +68,8 @@ Dependencies

 The roles depends on:

-* the redhat_csp_download role of [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection
-* the jcliff role of [middleware_automation.jcliff](https://github.com/ansible-middleware/ansible_collections_jcliff) collection
+* the redhat_csp_download role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection
+* the wildfly_driver role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection


 Example Playbook
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -3,22 +3,24 @@
 keycloak_version: 9.0.2
 keycloak_archive: keycloak-{{ keycloak_version }}.zip
 keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}
-keycloak_local_download_dest: '{{ "~/keycloak_download" | expanduser }}'
 keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"

 ### Configuration specific to Red Hat Single Sing-On
 keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}"
-keycloak_rhsso_client_adapter_rhn_id: '101951'
-keycloak_rhsso_saml_adapter_rhn_id: '101901'
 keycloak_rhsso_version: 7.5
 keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip
 keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}"
 keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId='

 ### Install location and service settings
+jvm_package: java-1.8.0-openjdk-devel
 keycloak_dest: /opt/keycloak
 keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined else keycloak_installdir }}"
 keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
+
+keycloak_config_standalone_xml: "keycloak.xml"
+keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
+
 keycloak_service_user: keycloak
 keycloak_service_group: keycloak
 keycloak_service_pidfile: "/run/keycloak.pid"
@@ -32,40 +34,44 @@ keycloak_https_port: 8443
 keycloak_management_http_port: 9990
 keycloak_management_https_port: 9993
 keycloak_java_opts: "-Xms1024m -Xmx20480m -XX:MaxPermSize=768m"
-keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
-keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
-# enable auto configuration for database backend, clustering and remote caches on infinispan
+
+### Enable configuration for database backend, clustering and remote caches on infinispan
 keycloak_ha_enabled: False
+### Enable database configuration, must be enabled when HA is configured
+keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}"

-# keycloak administration console user
+### Keycloak administration console user
 keycloak_admin_user: admin
-
 keycloak_auth_realm: master
 keycloak_auth_client: admin-cli

 keycloak_force_install: False

-keycloak_modcluster:
-  enabled: "{{ keycloak_ha_enabled }}"
-  reverse_proxy_url: "{{ keycloak_modcluster_url | default('localhost') }}"
+### mod_cluster reverse proxy
+keycloak_modcluster_url: localhost

-keycloak_remotecache:
-  enabled: "{{ keycloak_ha_enabled }}"
-  username: "{{ infinispan_user | default('supervisor') }}"
-  password: "{{ infinispan_pass | default('supervisor') }}"
-  realm: default
-  server_name: "{{ infinispan_url | default('localhost') }}"
-  trust_store_path: /path/to/jks/keystore
-  trust_store_password: changeme
+### infinispan remote caches access (hotrod)
+infinispan_user: supervisor
+infinispan_pass: supervisor
+infinispan_url: localhost
+infinispan_sasl_mechanism: SCRAM-SHA-512
+infinispan_use_ssl: False
+# if ssl is enabled, import ispn server certificate here
+infinispan_trust_store_path: /etc/pki/java/cacerts
+infinispan_trust_store_password: changeit

-keycloak_jdbc:
+### database backend engine: values [ 'postgres', 'mariadb' ]
+keycloak_jdbc_engine: postgres
+### database backend credentials
+keycloak_db_user: keycloak-user
+keycloak_db_pass: keycloak-pass
+keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
+keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
+# override the variables above, following defaults show minimum supported versions
+keycloak_default_jdbc:
  postgres:
-    enabled: "{{ keycloak_ha_enabled }}"
-    driver_module_name: "org.postgresql"
-    driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/postgresql/main"
-    driver_version: 9.4.1212
-    driver_jar_filename: "postgresql-9.4.1212.jar"
-    driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/9.4.1212/postgresql-9.4.1212.jar"
-    connection_url: "{{ postgres_jdbc_url | default('jdbc:postgresql://localhost:5432/keycloak') }}"
-    db_user: "{{ postgres_db_user | default('keycloak-user') }}"
-    db_password: "{{ postgres_db_pass | default('keycloak-pass') }}"
+    url: 'jdbc:postgresql://localhost:5432/keycloak'
+    version: 9.4.1212
+  mariadb:
+    url: 'jdbc:mariadb://localhost:3306/keycloak'
+    version: 2.7.4
--- a/roles/keycloak/meta/main.yml
+++ b/roles/keycloak/meta/main.yml
@@ -1,3 +1,28 @@
+---
 collections:
  - middleware_automation.redhat_csp_download
-  - middleware_automation.jcliff
+  - middleware_automation.wildfly
+
+galaxy_info:
+  role_name: keycloak
+  namespace: middleware_automation
+  author: Romain Pelisse, Guido Grazioli
+  description: Install keycloak or Red Hat Single Sing-On server configurations
+  company: Red Hat, Inc.
+
+  license: Apache License 2.0
+
+  min_ansible_version: "2.9"
+
+  platforms:
+   - name: EL
+     versions:
+     - 7
+     - 8
+
+  galaxy_tags:
+    - keycloak
+    - redhat
+    - rhel
+    - rhn
+    - sso
--- a/roles/keycloak/tasks/install.yml
+++ b/roles/keycloak/tasks/install.yml
@@ -112,25 +112,25 @@
  become: yes
  when: keycloak_rhsso_enable

- name: "Install Postresql driver"
+- name: "Install {{ keycloak_jdbc_engine }} driver"
  include_role:
    name: wildfly_driver
    tasks_from: jdbc_driver.yml
  vars:
      wildfly_user: "{{ keycloak_service_user }}"
-      jdbc_driver_module_dir: "{{ keycloak_jdbc.postgres.driver_module_dir }}"
-      jdbc_driver_version: "{{ keycloak_jdbc.postgres.driver_version }}"
-      jdbc_driver_jar_filename: "{{ keycloak_jdbc.postgres.driver_jar_filename }}"
-      jdbc_driver_jar_url: "{{ keycloak_jdbc.postgres.driver_jar_url }}"
-      jdbc_driver_jar_installation_path: "{{ keycloak_jdbc.postgres.driver_module_dir }}/{{ keycloak_jdbc.postgres.driver_jar_filename }}"
-      jdbc_driver_module_name: "{{ keycloak_jdbc.postgres.driver_module_name }}"
-  when: keycloak_jdbc.postgres.enabled
+      jdbc_driver_module_dir: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
+      jdbc_driver_version: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_version }}"
+      jdbc_driver_jar_filename: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
+      jdbc_driver_jar_url: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}"
+      jdbc_driver_jar_installation_path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
+      jdbc_driver_module_name: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}"
+  when: keycloak_jdbc[keycloak_jdbc_engine].enabled

 - name: "Deploy Keycloak's standalone.xml"
  become: yes
  template:
    src: "{{ 'templates/standalone-rhsso.xml.j2' if keycloak_rhsso_enable else 'templates/standalone.xml.j2' }}"
-    dest: "{{ keycloak_jboss_home }}/standalone/configuration/standalone.xml"
+    dest: "{{ keycloak_config_path_to_standalone_xml }}"
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
    mode: 0640
@@ -142,7 +142,7 @@
  become: yes
  template:
    src: "{{ 'templates/standalone-rhsso-jdg.xml.j2' if keycloak_rhsso_enable else 'templates/standalone-infinispan.xml.j2' }}"
-    dest: "{{ keycloak_jboss_home }}/standalone/configuration/standalone.xml"
+    dest: "{{ keycloak_config_path_to_standalone_xml }}"
    owner: "{{ keycloak_service_user }}"
    group: "{{ keycloak_service_group }}"
    mode: 0640
--- a/roles/keycloak/tasks/prereqs.yml
+++ b/roles/keycloak/tasks/prereqs.yml
@@ -1,12 +1,30 @@
 ---
- set_fact:
+- name: Validate configuration
+  assert:
+    that:
+      - (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled)
+    quiet: True
+    fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_db_enabled"
+    success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"
+
+- name: Validate credentials
+  assert:
+    that:
+      - (rhn_username is defined and rhsso_rhn_id is defined) or rhsso_rhn_id is not defined
+      - (rhn_password is defined and rhsso_rhn_id is defined) or rhsso_rhn_id is not defined
+    quiet: True
+    fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined"
+    success_msg: "{{ 'Installing Red Hat Single Sign-On' if rhsso_rhn_id is defined else 'Installing keycloak.org' }}"
+
+- name: Set required packages facts
+  set_fact:
    required_packages:
-    - "{{ jvm_package | default('java-1.8.0-openjdk-devel') }}"
+    - "{{ jvm_package }}"
    - unzip
    - procps-ng
    - initscripts

- name: "Ensures required packages are installed"
+- name: Ensures required packages are installed
  ansible.builtin.include_tasks: fastpackages/install.yml
  vars:
    packages_list: "{{ required_packages }}"
--- a/roles/keycloak/tasks/systemd.yml
+++ b/roles/keycloak/tasks/systemd.yml
@@ -56,10 +56,13 @@

 - meta: flush_handlers

- name: Wait until Keycloak becomes active
+- set_fact:
+    health_url: "{{ keycloak_management_url }}/health"
+
+- name: "Wait until Keycloak becomes active {{ health_url }}"
  uri:
-    url: "{{ keycloak_management_url }}/health"
+    url: "{{ health_url }}"
  register: keycloak_status
  until: keycloak_status.status == 200
-  retries: 20
+  retries: 25
  delay: 10
--- a/roles/keycloak/templates/keycloak-service.sh.j2
+++ b/roles/keycloak/templates/keycloak-service.sh.j2
@@ -83,6 +83,7 @@ startKeycloak() {
        -Djboss.management.https.port=${KEYCLOAK_MANAGEMENT_HTTPS_PORT} \
        -Djboss.node.name={{ inventory_hostname }} \
      {% if ansible_facts.virtualization_type in ['docker','oci','containerd'] %}-Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true {% endif %}\
+      {% if keycloak_config_standalone_xml is defined %}--server-config={{ keycloak_config_standalone_xml }}{% endif %} \
      2>&1 >> "${KEYCLOAK_LOGFILE}" &
    while [ ! -f ${KEYCLOAK_PIDFILE} ]; do sleep 1; done
  fi
--- a/roles/keycloak/templates/standalone-infinispan.xml.j2
+++ b/roles/keycloak/templates/standalone-infinispan.xml.j2
@@ -405,6 +405,7 @@
                        <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
                        <property name="infinispan.client.hotrod.trust_store_type">JKS</property>
                        <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
+                        <property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
                    </remote-store>
                </distributed-cache>
                {% endfor %}
@@ -428,6 +429,7 @@
                        <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
                        <property name="infinispan.client.hotrod.trust_store_type">JKS</property>
                        <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
+                        <property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
                    </remote-store>
                </replicated-cache>
                <local-cache name="authorization">
@@ -498,6 +500,27 @@
            <stacks>
                <stack name="tcp">
                    <transport site="${jboss.node.name}" type="TCP" socket-binding="jgroups-tcp"/>
+{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
+                    <protocol type="JDBC_PING">
+                        <property name="datasource_jndi_name">java:jboss/datasources/KeycloakDS</property>
+                        <property name="initialize_sql">{{ keycloak_jdbc[keycloak_jdbc_engine].initialize_db }}</property>
+                        <property name="insert_single_sql">INSERT INTO JGROUPSPING (own_addr, cluster_name, ping_data) values (?, ?, ?)</property>
+                        <property name="delete_single_sql">DELETE FROM JGROUPSPING WHERE own_addr=? AND cluster_name=?</property>
+                        <property name="select_all_pingdata_sql">SELECT ping_data FROM JGROUPSPING WHERE cluster_name=?</property>
+                    </protocol>
+{% endif %}
+                    <protocol type="MERGE3"/>
+                    <protocol type="FD_SOCK"/>
+                    <protocol type="FD_ALL"/>
+                    <protocol type="VERIFY_SUSPECT"/>
+                    <protocol type="pbcast.NAKACK2"/>
+                    <protocol type="UNICAST3"/>
+                    <protocol type="pbcast.STABLE"/>
+                    <protocol type="pbcast.GMS">
+                        <property name="join_timeout">30000</property>
+                    </protocol>
+                    <protocol type="MFC"/>
+                    <protocol type="FRAG2"/>
                </stack>
            </stacks>
        </subsystem>
@@ -651,7 +674,7 @@
            </deployment-permissions>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:transactions:6.0">
-            <core-environment node-identifier="${jboss.tx.node.id:1}">
+            <core-environment node-identifier="{{ inventory_hostname | default('${jboss.tx.node.id:1}') }}">
                <process-id>
                    <uuid/>
                </process-id>
@@ -690,6 +713,13 @@
        <interface name="management">
            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
        </interface>
+        <interface name="jgroups">
+{% if ansible_default_ipv4 is defined %}
+            <subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr('net') }}"/>
+{% else %}
+            <any-address />
+{% endif %}
+        </interface>
        <interface name="public">
            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
        </interface>
@@ -700,14 +730,14 @@
        <socket-binding name="https" port="${jboss.https.port:8443}"/>
        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
-        <socket-binding name="jgroups-tcp" interface="management" port="7600"/>
+        <socket-binding name="jgroups-tcp" interface="jgroups" port="7600"/>
        <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>
        <outbound-socket-binding name="mail-smtp">
            <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
        </outbound-socket-binding>
-{% if keycloak_modcluster.enabled %}        
+{% if keycloak_modcluster.enabled %}
        <outbound-socket-binding name="proxy1">
            <remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
        </outbound-socket-binding>
--- a/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2
+++ b/roles/keycloak/templates/standalone-rhsso-jdg.xml.j2
@@ -152,15 +152,15 @@
                    </security>
                </datasource>
                <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
-{% if keycloak_jdbc.postgres.enabled %}
-                    <connection-url>{{ keycloak_jdbc.postgres.connection_url }}</connection-url>
-                    <driver>{{ keycloak_jdbc.postgres.driver_module_name }}</driver>
+{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
+                    <connection-url>{{ keycloak_jdbc[keycloak_jdbc_engine].connection_url }}</connection-url>
+                    <driver>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}</driver>
                    <pool>
                       <max-pool-size>20</max-pool-size>
                    </pool>
                    <security>
-                        <user-name>{{ keycloak_jdbc.postgres.db_user }}</user-name>
-                        <password>{{ keycloak_jdbc.postgres.db_password }}</password>
+                        <user-name>{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}</user-name>
+                        <password>{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}</password>
                    </security>
 {% else %}
                    <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
@@ -172,10 +172,10 @@
 {% endif %}
                </datasource>
                <drivers>
-{% if keycloak_jdbc.postgres.enabled %}
-                    <driver name="{{ keycloak_jdbc.postgres.driver_module_name }}" module="{{ keycloak_jdbc.postgres.driver_module_name }}">
-                         <driver-class>org.postgresql.Driver</driver-class>
-                        <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
+{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
+                    <driver name="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" module="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}">
+                        <driver-class>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_class }}</driver-class>
+                        <xa-datasource-class>{{ keycloak_jdbc[keycloak_jdbc_engine].xa_datasource_class }}</xa-datasource-class>
                    </driver>
 {% endif %}
                    <driver name="h2" module="com.h2database.h2">
@@ -384,7 +384,7 @@
                    <heap-memory size="10000"/>
                </local-cache>
                <local-cache name="authenticationSessions"/>
-                {% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
+{% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
                <distributed-cache name="{{ cachename }}">
                    <remote-store cache="{{ cachename }}"
                                  remote-servers="remote-cache"
@@ -400,14 +400,15 @@
                        <property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
                        <property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
                        <property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
-                        <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
-                        <property name="infinispan.client.hotrod.use_ssl">false</property>
-                        <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
+                        <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
+                        <property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
+                        <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
                        <property name="infinispan.client.hotrod.trust_store_type">JKS</property>
-                        <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
+                        <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
+                        <property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
                    </remote-store>
                </distributed-cache>
-                {% endfor %}
+{% endfor %}
                <replicated-cache name="work">
                    <remote-store cache="work"
                                  remote-servers="remote-cache"
@@ -423,11 +424,12 @@
                        <property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
                        <property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
                        <property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
-                        <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
-                        <property name="infinispan.client.hotrod.use_ssl">false</property>
-                        <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
+                        <property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
+                        <property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
+                        <property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
                        <property name="infinispan.client.hotrod.trust_store_type">JKS</property>
-                        <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
+                        <property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
+                        <property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
                    </remote-store>
                </replicated-cache>
                <local-cache name="authorization">
@@ -498,6 +500,27 @@
            <stacks>
                <stack name="tcp">
                    <transport site="${jboss.node.name}" type="TCP" socket-binding="jgroups-tcp"/>
+{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
+                    <protocol type="JDBC_PING">
+                        <property name="datasource_jndi_name">java:jboss/datasources/KeycloakDS</property>
+                        <property name="initialize_sql">{{ keycloak_jdbc[keycloak_jdbc_engine].initialize_db }}</property>
+                        <property name="insert_single_sql">INSERT INTO JGROUPSPING (own_addr, cluster_name, ping_data) values (?, ?, ?)</property>
+                        <property name="delete_single_sql">DELETE FROM JGROUPSPING WHERE own_addr=? AND cluster_name=?</property>
+                        <property name="select_all_pingdata_sql">SELECT ping_data FROM JGROUPSPING WHERE cluster_name=?</property>
+                    </protocol>
+{% endif %}
+                    <protocol type="MERGE3"/>
+                    <protocol type="FD_SOCK"/>
+                    <protocol type="FD_ALL"/>
+                    <protocol type="VERIFY_SUSPECT"/>
+                    <protocol type="pbcast.NAKACK2"/>
+                    <protocol type="UNICAST3"/>
+                    <protocol type="pbcast.STABLE"/>
+                    <protocol type="pbcast.GMS">
+                        <property name="join_timeout">30000</property>
+                    </protocol>
+                    <protocol type="MFC"/>
+                    <protocol type="FRAG2"/>
                </stack>
            </stacks>
        </subsystem>
@@ -651,7 +674,7 @@
            </deployment-permissions>
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:transactions:6.0">
-            <core-environment node-identifier="${jboss.tx.node.id:1}">
+            <core-environment node-identifier="{{ inventory_hostname | default('${jboss.tx.node.id:1}') }}">
                <process-id>
                    <uuid/>
                </process-id>
@@ -689,6 +712,13 @@
    <interfaces>
        <interface name="management">
            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
+        </interface>
+	    <interface name="jgroups">
+{% if ansible_default_ipv4 is defined %}
+            <subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr('net') }}"/>
+{% else %}
+            <any-address />
+{% endif %}
        </interface>
        <interface name="public">
            <inet-address value="${jboss.bind.address:127.0.0.1}"/>
@@ -700,18 +730,18 @@
        <socket-binding name="https" port="${jboss.https.port:8443}"/>
        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
-        <socket-binding name="jgroups-tcp" interface="management" port="7600"/>
+        <socket-binding name="jgroups-tcp" interface="jgroups" port="7600"/>
        <socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>
        <socket-binding name="txn-recovery-environment" port="4712"/>
        <socket-binding name="txn-status-manager" port="4713"/>
        <outbound-socket-binding name="mail-smtp">
            <remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
        </outbound-socket-binding>
-{% if keycloak_modcluster.enabled %}            
+{% if keycloak_modcluster.enabled %}
        <outbound-socket-binding name="proxy1">
            <remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
        </outbound-socket-binding>
-{% endif %}        
+{% endif %}
        <outbound-socket-binding name="remote-cache">
            <remote-destination host="{{ keycloak_remotecache.server_name | default('localhost') }}" port="${remote.cache.port:11222}"/>
        </outbound-socket-binding>
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -1,3 +1,69 @@
 ---
-# vars file for keycloak
-keycloak_admin_password:
+# required variables for keycloak
+# administrator console password
+keycloak_admin_password:
+
+# internal variables below
+
+# locations
+keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
+keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
+
+# database
+keycloak_jdbc:
+  postgres:
+    enabled: "{{ (keycloak_ha_enabled or keycloak_db_enabled) and keycloak_jdbc_engine == 'postgres' }}"
+    driver_class: org.postgresql.Driver
+    xa_datasource_class: org.postgresql.xa.PGXADataSource
+    driver_module_name: "org.postgresql"
+    driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/postgresql/main"
+    driver_version: "{{ keycloak_jdbc_driver_version }}"
+    driver_jar_filename: "postgresql-{{ keycloak_jdbc_driver_version }}.jar"
+    driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/{{ keycloak_jdbc_driver_version }}/postgresql-{{ keycloak_jdbc_driver_version }}.jar"
+    connection_url: "{{ keycloak_jdbc_url }}"
+    db_user: "{{ keycloak_db_user }}"
+    db_password: "{{ keycloak_db_pass }}"
+    initialize_db: >
+      CREATE TABLE IF NOT EXISTS JGROUPSPING (
+        own_addr varchar(200) NOT NULL,
+        cluster_name varchar(200) NOT NULL,
+        updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+        ping_data BYTEA,
+        constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))
+  mariadb:
+    enabled: "{{ (keycloak_ha_enabled or keycloak_db_enabled) and keycloak_jdbc_engine == 'mariadb' }}"
+    driver_class: org.mariadb.jdbc.Driver
+    xa_datasource_class: org.mariadb.jdbc.MySQLDataSource
+    driver_module_name: "org.mariadb"
+    driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/mariadb/main"
+    driver_version: "{{ keycloak_jdbc_driver_version }}"
+    driver_jar_filename: "mariadb-java-client-{{ keycloak_jdbc_driver_version }}.jar"
+    driver_jar_url: "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/{{ keycloak_jdbc_driver_version }}/mariadb-java-client-{{ keycloak_jdbc_driver_version }}.jar"
+    connection_url: "{{ keycloak_jdbc_url }}"
+    db_user: "{{ keycloak_db_user  }}"
+    db_password: "{{ keycloak_db_pass }}"
+    initialize_db: >
+      CREATE TABLE IF NOT EXISTS JGROUPSPING (
+        own_addr varchar(200) NOT NULL,
+        cluster_name varchar(200) NOT NULL,
+        updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+        ping_data varbinary(5000) DEFAULT NULL,
+        PRIMARY KEY (own_addr, cluster_name))
+      ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin
+
+# reverse proxy mod_cluster
+keycloak_modcluster:
+  enabled: "{{ keycloak_ha_enabled }}"
+  reverse_proxy_url: "{{ keycloak_modcluster_url }}"
+
+# infinispan
+keycloak_remotecache:
+  enabled: "{{ keycloak_ha_enabled }}"
+  username: "{{ infinispan_user }}"
+  password: "{{ infinispan_pass }}"
+  realm: default
+  sasl_mechanism: "{{ infinispan_sasl_mechanism }}"
+  server_name: "{{ infinispan_url }}"
+  use_ssl: "{{ infinispan_use_ssl }}"
+  trust_store_path: "{{ infinispan_trust_store_path }}"
+  trust_store_password: "{{ infinispan_trust_store_password }}"
--- a/roles/keycloak_realm/README.md
+++ b/roles/keycloak_realm/README.md
@@ -0,0 +1,106 @@
+keycloak_realm
+==============
+
+Create realms and clients in [keycloak](https://keycloak.org/) or [Red Hat Single Sing-On](https://access.redhat.com/products/red-hat-single-sign-on) services.
+
+
+Role Defaults
+-------------
+
+| Variable | Description | Default |
+|:---------|:------------|:---------|
+|`keycloak_admin_user` | Administration console user account | `admin` |
+|`keycloak_host` | hostname | `localhost` |
+|`keycloak_http_port` | HTTP port | `8080` |
+|`keycloak_https_port` | TLS HTTP port | `8443` |
+|`keycloak_auth_realm` | Name of the main authentication realm | `master` |
+
+
+Role Variables
+--------------
+
+The following are a set of _required_ variables for the role:
+
+| Variable | Description |
+|:---------|:------------|
+|`keycloak_admin_password`| Password for the administration console user account |
+|`keycloak_realm` | Name of the realm to be created |
+
+
+The following variables are available for creating clients:
+
+| Variable | Description | Default |
+|:---------|:------------|:---------|
+|`keycloak_clients` | List of _client_ declarations for the realm | `[]` |
+|`keycloak_client_default_roles` | List of default role name for clients | `[]` |
+|`keycloak_client_users` | List of user/role mappings for a client | `[]` |
+
+
+Variable formats
+----------------
+
+* `keycloak_clients`, a list of:
+
+```yaml
+    - name: <name of the client>
+      roles: <keycloak_client_default_roles>
+      realm: <name of the realm that contains the client>
+      public_client: <true for public, false for confidential>
+      web_origins: <list of allowed we origins for the client>
+      users: <keycloak_client_users>
+```
+
+* `keycloak_client_users`, a list of:
+
+```yaml
+    - username: <username, required>
+      password: <password, required>
+      firstName: <firstName, optional>
+      lastName: <lastName, optional>
+      email: <email, optional>
+      client_roles: <list of client user/role mappings>
+```
+
+* Client user/role mappings, a list of:
+
+```yaml
+    - client: <name of the client>
+      role: <name of the role>
+      realm: <name of the realm>
+```
+
+For a comprehensive example, refer to the [playbook](playbooks/keycloak.yml).
+
+
+Example Playbook
+----------------
+
+The following is an example playbook that makes use of the role to create a realm in keycloak.
+
+```yaml
+---
+- hosts: ...
+      collections:
+        - middleware_automation.keycloak
+      tasks:
+        - name: Include keycloak role
+          include_role:
+            name: keycloak_realm
+          vars:
+            keycloak_admin_password: "changeme"
+            keycloak_realm: TestRealm
+            keycloak_clients: [...]
+```
+
+
+License
+-------
+
+Apache License 2.0
+
+
+Author Information
+------------------
+
+* [Guido Grazioli](https://github.com/guidograzioli)
+* [Romain Pelisse](https://github.com/rpelisse)
--- a/roles/keycloak_realm/defaults/main.yml
+++ b/roles/keycloak_realm/defaults/main.yml
@@ -0,0 +1,44 @@
+---
+### Keycloak configuration settings
+keycloak_host: localhost
+keycloak_http_port: 8080
+keycloak_https_port: 8443
+
+### Keycloak administration console user
+keycloak_admin_user: admin
+keycloak_auth_realm: master
+keycloak_auth_client: admin-cli
+
+### Keycloak realm client defaults
+# list of clients to create in the realm
+#
+# Refer to the playbook for a comprehensive example.
+#
+# Each client has the form:
+#    { name: '', roles: [], realm: '', public_client: bool, web_origins: '', users: [] }
+# where roles is a list of default role names for the client
+# and users is a list of account, see below for the format definition
+# an empty name will skip the creation of the client
+keycloak_clients:
+  - name: ''
+    roles: "{{ keycloak_client_default_roles }}"
+    realm: "{{ keycloak_realm }}"
+    public_client: "{{ keycloak_client_public }}"
+    web_origins: "{{ keycloak_client_web_origins }}"
+    users: "{{ keycloak_client_users }}"
+
+# list of roles to create in the client
+keycloak_client_default_roles: []
+
+# if True, create a public client; otherwise, a confidetial client
+keycloak_client_public: True
+
+# allowed web origins for the client
+keycloak_client_web_origins: '+'
+
+# list of user and role mappings to create in the client
+# Each user has the form:
+#    { username: '', password: '', email: '', firstName: '', lastName: '', client_roles: [] }
+# where each client_role has the form:
+#    { client: '', role: '', realm: '' }
+keycloak_client_users: []
--- a/roles/keycloak_realm/meta/main.yml
+++ b/roles/keycloak_realm/meta/main.yml
@@ -0,0 +1,24 @@
+---
+galaxy_info:
+  role_name: keycloak_realm
+  namespace: middleware_automation
+  author: Romain Pelisse, Guido Grazioli
+  description: Create realms and clients in keycloak or Red Hat Single Sing-On
+  company: Red Hat, Inc.
+
+  license: Apache License 2.0
+
+  min_ansible_version: "2.9"
+
+  platforms:
+   - name: EL
+     versions:
+     - 7
+     - 8
+
+  galaxy_tags:
+    - keycloak
+    - redhat
+    - rhel
+    - rhn
+    - sso
--- a/roles/keycloak/tasks/manage_realm.yml
+++ b/roles/keycloak/tasks/manage_realm.yml
@@ -51,6 +51,7 @@
    state: present
  register: create_client_result
  loop: "{{ keycloak_clients | flatten }}"
+  when: item.name|length > 0

 - name: Create client roles
  include_tasks: manage_client_roles.yml
@@ -59,15 +60,8 @@
  loop_control:
    loop_var: client

- name: Manage Users
-  include_tasks: manage_user.yml
-  loop: "{{ keycloak_users }}"
+- name: Create client users
+  include_tasks: manage_client_users.yml
+  loop: "{{ keycloak_clients | flatten }}"
  loop_control:
-    loop_var: user
-
- name: Manage User Roles
-  include_tasks: manage_user_roles.yml
-  loop: "{{ keycloak_users | flatten }}"
-  loop_control:
-    loop_var: user
-  when: "'client_roles' in user"
+    loop_var: client
--- a/roles/keycloak_realm/tasks/manage_client_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_client_roles.yml
--- a/roles/keycloak_realm/tasks/manage_client_users.yml
+++ b/roles/keycloak_realm/tasks/manage_client_users.yml
@@ -0,0 +1,13 @@
+---
+- name: Manage Users
+  include_tasks: manage_user.yml
+  loop: "{{ client.users | flatten }}"
+  loop_control:
+    loop_var: user
+
+- name: Manage User Roles
+  include_tasks: manage_user_roles.yml
+  loop: "{{ client.users | flatten }}"
+  loop_control:
+    loop_var: user
+  when: "'client_roles' in user"
--- a/roles/keycloak_realm/tasks/manage_user.yml
+++ b/roles/keycloak_realm/tasks/manage_user.yml
@@ -5,7 +5,7 @@
    validate_certs: no
    headers:
      Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
-  register: keycloak_user_serach_result
+  register: keycloak_user_search_result

 - name: "Create User"
  uri:
@@ -23,7 +23,7 @@
    headers:
      Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
    status_code: 201
-  when: keycloak_user_serach_result.json | length == 0
+  when: keycloak_user_search_result.json | length == 0

 - name: "Get User"
  uri:
--- a/roles/keycloak_realm/tasks/manage_user_client_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_user_client_roles.yml
--- a/roles/keycloak_realm/tasks/manage_user_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_user_roles.yml
--- a/roles/keycloak_realm/templates/realm.json.j2
+++ b/roles/keycloak_realm/templates/realm.json.j2
--- a/roles/keycloak_realm/vars/main.yml
+++ b/roles/keycloak_realm/vars/main.yml
@@ -0,0 +1,16 @@
+---
+# vars file for keycloak_realm
+
+# administrator console password, this is a required variable
+keycloak_admin_password:
+
+# name of the realm to create, this is a required variable
+keycloak_realm:
+
+# keycloak realm clients, this is a required variable
+keycloak_clients:
+
+# other settings
+keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
+keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
+keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}"
Author	SHA1	Message	Date
Guido Grazioli	53c5ef645a	Parametrize jdbc driver version	2022-01-05 13:55:19 +01:00
Guido Grazioli	967d68898a	JVM as variable, name all tasks, update README	2022-01-04 16:01:37 +01:00
Guido Grazioli	15d3411f45	Add configuration for hotrod TLS	2022-01-04 14:30:28 +01:00
Guido Grazioli	5eba1c12e4	Bind jgroups to any-address when ansible facts not defined	2021-12-31 12:31:08 +01:00
Guido Grazioli	52ca7083a4	Merge pull request #3 from ansible-middleware/refactor_standalone_xml Allow to change default standalone.xml path and name	2021-12-30 16:47:16 +01:00
Romain Pelisse	cfb8f7c6fb	Allow to change default standalone.xml path and name	2021-12-30 16:22:41 +01:00
Guido Grazioli	af157fd516	Start work on v0.1.3	2021-12-30 12:53:42 +01:00
Guido Grazioli	daa5396a47	Switch collection dep from jcliff to wildfly	2021-12-30 12:24:59 +01:00
Guido Grazioli	d663dea5c9	Merge pull request #2 from ansible-middleware/display_health_url Enhance wait message with keycloak healthcheck URL	2021-12-30 10:47:33 +01:00
Romain Pelisse	543e82cb9f	Enhance wait message with keycloak healthcheck URL	2021-12-29 18:30:58 +01:00
Guido Grazioli	496c902427	fix db init sql for postgresql	2021-12-29 16:30:36 +01:00
Guido Grazioli	c81976a0ce	Start work on v0.1.2	2021-12-23 09:31:09 +01:00
Guido Grazioli	c061e664b3	Complete galaxy_info metadata	2021-12-23 09:30:13 +01:00
Guido Grazioli	434f92ae9b	Start work on v0.1.1	2021-12-22 16:47:08 +01:00
Guido Grazioli	ad4f4cfa61	Bump to v0.1.0	2021-12-22 16:45:47 +01:00
Guido Grazioli	f5eaaf3650	Update READMEs	2021-12-22 14:02:13 +01:00
Guido Grazioli	702d09c731	Extract new keycloak_realm role out of keycloak	2021-12-22 10:05:48 +01:00
Guido Grazioli	1ded0a1cfe	Variables polish pass	2021-12-22 08:49:55 +01:00
Guido Grazioli	1670ba060e	Start work on v0.0.5	2021-12-20 16:14:22 +01:00
Guido Grazioli	70f13c4aba	Disambiguate core-identifiers, set correct bind for jgroups	2021-12-20 15:55:52 +01:00
Guido Grazioli	f4b60dc764	Enable db by default when ha is enabled	2021-12-20 15:55:05 +01:00
Guido Grazioli	aaae00ad3a	Update documentation	2021-12-20 15:54:24 +01:00
Guido Grazioli	6d4ff2d82a	Start work on v0.0.4	2021-12-20 09:31:59 +01:00
Guido Grazioli	89a4c722b4	Add mysql module, bind jgroups to net	2021-12-19 15:43:26 +01:00
Guido Grazioli	9c97baf03b	Add mariadb default, add config validation	2021-12-17 14:56:28 +01:00
Guido Grazioli	78adb450b2	Start work on v0.0.3	2021-12-16 15:36:08 +01:00