mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2026-03-28 22:33:03 +00:00
Compare commits
34 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
ff77535293 | ||
|
|
d4634fcebc | ||
|
|
d7597771cf | ||
|
|
94aecfcd87 | ||
|
|
7a989f7771 | ||
|
|
5fa9243bcd | ||
|
|
1b44b47d1c | ||
|
|
8a9cb79fa4 | ||
|
|
4294746263 | ||
|
|
bcd82a5ae5 | ||
|
|
ead4688ce6 | ||
|
|
406075df89 | ||
|
|
26be376b5c | ||
|
|
3cd69821c0 | ||
|
|
eba0d84a2b | ||
|
|
57f2472283 | ||
|
|
c32b95898c | ||
|
|
0105924ec6 | ||
|
249754f5f5 | ||
|
c78aaece81 | ||
|
|
f748cf92b0 | ||
|
|
00e6b3601b | ||
|
|
4cb021fe2c | ||
|
|
eb849021a9 | ||
|
2ccfc07f5d | ||
|
|
c7e88e7cc2 | ||
|
|
b5d2e9e236 | ||
|
|
53c5ef645a | ||
|
|
967d68898a | ||
|
|
15d3411f45 | ||
|
|
5eba1c12e4 | ||
|
|
52ca7083a4 | ||
|
cfb8f7c6fb | ||
|
|
af157fd516 |
6
.github/workflows/ci.yml
vendored
6
.github/workflows/ci.yml
vendored
@@ -28,10 +28,9 @@ jobs:
|
||||
python -m pip install --upgrade pip
|
||||
pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous
|
||||
|
||||
- name: Create default collection path symlink
|
||||
- name: Create default collection path
|
||||
run: |
|
||||
mkdir -p /home/runner/.ansible
|
||||
ln -s /home/runner/work/middleware_automation/keycloak /home/runner/.ansible/collections
|
||||
mkdir -p /home/runner/.ansible/collections/ansible_collections
|
||||
|
||||
- name: Run sanity tests
|
||||
run: ansible-test sanity --docker -v --color --python ${{ matrix.python_version }}
|
||||
@@ -40,6 +39,7 @@ jobs:
|
||||
- name: Run molecule test
|
||||
run: molecule test --all
|
||||
working-directory: ./ansible_collections/middleware_automation/keycloak
|
||||
|
||||
env:
|
||||
PY_COLORS: '1'
|
||||
ANSIBLE_FORCE_COLOR: '1'
|
||||
|
||||
52
README.md
52
README.md
@@ -13,7 +13,7 @@ This collection has been tested against following Ansible versions: **>=2.9.10**
|
||||
Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.
|
||||
<!--end requires_ansible-->
|
||||
|
||||
## Installation and Usage
|
||||
## Installation
|
||||
|
||||
### Installing the Collection from Ansible Galaxy
|
||||
|
||||
@@ -29,6 +29,10 @@ collections:
|
||||
- name: middleware_automation.keycloak
|
||||
```
|
||||
|
||||
### Install Playbook
|
||||
|
||||
`playbooks/keycloak.yml` installs the keycloak or Red Hat Single Sign-On based on the defined variables.
|
||||
|
||||
### Choosing between Red Hat products and upstream project
|
||||
|
||||
The roles supports installing Red Hat Single Sign-On from the Customer Portal, when the following variables are defined:
|
||||
@@ -41,12 +45,52 @@ rhsso_rhn_id: '<sso_product_id>'
|
||||
|
||||
where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_)
|
||||
|
||||
### Install role
|
||||
|
||||
## Included roles
|
||||
* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service. _Requires: python3-netaddr_
|
||||
|
||||
* `keycloak`: role for installing the service.
|
||||
* `keycloak_realm`: role for configuring a realm, with clients and users, in an installed service.
|
||||
### Example installation command
|
||||
|
||||
Execute the following command from the source root directory
|
||||
|
||||
```
|
||||
ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme>
|
||||
```
|
||||
|
||||
- `keycloak_admin_password` Password for the administration console user account.
|
||||
- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost
|
||||
|
||||
```
|
||||
[keycloak]
|
||||
localhost ansible_connection=local
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
### Config Playbook
|
||||
|
||||
`playbooks/keycloak-realm.yml` creates provided realm, client(s), client role(s) and client user(s) if they don't exist.
|
||||
|
||||
### Config role
|
||||
|
||||
* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, with clients and users, in an installed service.
|
||||
|
||||
### Example configuration command
|
||||
|
||||
Execute the following command from the source root directory
|
||||
|
||||
```
|
||||
ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
|
||||
```
|
||||
|
||||
- `keycloak_admin_password` password for the administration console user account.
|
||||
- `keycloak_realm` name of the realm to be created/used.
|
||||
- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost
|
||||
|
||||
```
|
||||
[keycloak]
|
||||
localhost ansible_connection=local
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
namespace: middleware_automation
|
||||
name: keycloak
|
||||
version: "0.1.2"
|
||||
version: "0.1.7"
|
||||
readme: README.md
|
||||
authors:
|
||||
- Romain Pelisse <rpelisse@redhat.com>
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
name: shell
|
||||
command: ansible-galaxy collection install -r molecule/default/requirements.yml -p $HOME/.ansible/collections --force-with-deps
|
||||
driver:
|
||||
name: docker
|
||||
platforms:
|
||||
|
||||
@@ -2,7 +2,11 @@
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Disable beta repos
|
||||
command: yum config-manager --disable '*beta*'
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Install sudo
|
||||
yum:
|
||||
name: sudo
|
||||
state: present
|
||||
state: present
|
||||
|
||||
10
molecule/default/requirements.yml
Normal file
10
molecule/default/requirements.yml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
collections:
|
||||
- name: middleware_automation.redhat_csp_download
|
||||
version: ">=1.2.1"
|
||||
- name: middleware_automation.jcliff
|
||||
version: ">=0.0.19"
|
||||
- name: community.general
|
||||
- name: community.docker
|
||||
version: ">=1.9.1"
|
||||
|
||||
27
playbooks/keycloak-realm.yml
Normal file
27
playbooks/keycloak-realm.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
- name: Playbook for Keycloak Hosts
|
||||
hosts: keycloak
|
||||
tasks:
|
||||
- name: Keycloak Realm Role
|
||||
include_role:
|
||||
name: keycloak_realm
|
||||
vars:
|
||||
keycloak_admin_password: "changeme"
|
||||
keycloak_realm: TestRealm
|
||||
keycloak_clients:
|
||||
- name: TestClient1
|
||||
roles:
|
||||
- TestClient1Admin
|
||||
- TestClient1User
|
||||
realm: "{{ keycloak_realm }}"
|
||||
public_client: True
|
||||
web_origins:
|
||||
- http://testclient1origin/application
|
||||
- http://testclient1origin/other
|
||||
users:
|
||||
- username: TestUser
|
||||
password: password
|
||||
client_roles:
|
||||
- client: TestClient1
|
||||
role: TestClient1User
|
||||
realm: "{{ keycloak_realm }}"
|
||||
@@ -10,27 +10,4 @@
|
||||
include_role:
|
||||
name: keycloak
|
||||
vars:
|
||||
keycloak_admin_password: "changeme"
|
||||
- name: Keycloak Realm Role
|
||||
include_role:
|
||||
name: keycloak_realm
|
||||
vars:
|
||||
keycloak_admin_password: "changeme"
|
||||
keycloak_realm: TestRealm
|
||||
keycloak_clients:
|
||||
- name: TestClient1
|
||||
roles:
|
||||
- TestClient1Admin
|
||||
- TestClient1User
|
||||
realm: "{{ keycloak_realm }}"
|
||||
public_client: True
|
||||
web_origins:
|
||||
- http://testclient1origin/application
|
||||
- http://testclient1origin/other
|
||||
users:
|
||||
- username: TestUser
|
||||
password: password
|
||||
client_roles:
|
||||
- client: TestClient1
|
||||
role: TestClient1User
|
||||
realm: "{{ keycloak_realm }}"
|
||||
keycloak_admin_password: "changeme"
|
||||
1
playbooks/roles
Symbolic link
1
playbooks/roles
Symbolic link
@@ -0,0 +1 @@
|
||||
../roles
|
||||
@@ -9,22 +9,35 @@ Requirements
|
||||
|
||||
This role requires the `python3-netaddr` library installed on the controller node.
|
||||
|
||||
* to install via yum/dnf: `dnf install python3-netaddr`
|
||||
* or via pip: `pip install netaddr==0.8.0`
|
||||
|
||||
|
||||
Versions
|
||||
--------
|
||||
|
||||
| RH-SSO VERSION | Release Date | Keycloak Version | EAP Version | Notes |
|
||||
|:---------------|:------------------|:-----------------|:------------|:----------------|
|
||||
|`7.5.0 GA` |September 20, 2021 |`15.0.2` | `7.4.0` |[Release Notes](https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/index)|
|
||||
|
||||
|
||||
Role Defaults
|
||||
-------------
|
||||
|
||||
| Variable | Description | Default |
|
||||
|:---------|:------------|:---------|
|
||||
|`keycloak_ha_enabled`| enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
|
||||
|`keycloak_db_enabled`| enable auto configuration for database backend | `True` if keycloak_ha_enabled is True, else `False` |
|
||||
|`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
|
||||
|`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` |
|
||||
|`keycloak_admin_user`| Administration console user account | `admin` |
|
||||
|`keycloak_bind_address`| address for binding service ports | `0.0.0.0`
|
||||
|`keycloak_host`| hostname | `localhost`
|
||||
|`keycloak_http_port`| HTTP port | `8080`
|
||||
|`keycloak_https_port`| TLS HTTP port | `8443`
|
||||
|`keycloak_management_http_port`| management port | `9990`
|
||||
|`keycloak_management_https_port`| TLS management port | `9993`
|
||||
|`keycloak_java_opts`| | `-Xms1024m -Xmx20480m -XX:MaxPermSize=768m`
|
||||
|`keycloak_bind_address`| Address for binding service ports | `0.0.0.0` |
|
||||
|`keycloak_host`| hostname | `localhost` |
|
||||
|`keycloak_http_port`| HTTP port | `8080` |
|
||||
|`keycloak_https_port`| TLS HTTP port | `8443` |
|
||||
|`keycloak_management_http_port`| Management port | `9990` |
|
||||
|`keycloak_management_https_port`| TLS management port | `9993` |
|
||||
|`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` |
|
||||
|`keycloak_prefer_ipv4`| Prefer IPv4 stack and addresses for port binding | `True` |
|
||||
|`jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-devel` |
|
||||
|
||||
|
||||
Role Variables
|
||||
@@ -37,33 +50,30 @@ The following are a set of _required_ variables for the role:
|
||||
|`keycloak_admin_password`| Password for the administration console user account |
|
||||
|
||||
|
||||
The following variables are _required_ only when keycloak_ha_enabled is True:
|
||||
The following variables are _required_ only when `keycloak_ha_enabled` is True:
|
||||
|
||||
| Variable | Description | Default |
|
||||
|:---------|:------------|:---------|
|
||||
|`keycloak_modcluster_url` | URL for the modcluster reverse proxy | `localhost` |
|
||||
|`keycloak_frontend_url` | frontend URL for keycloak endpoints when a reverse proxy is used | `http://localhost` |
|
||||
|`keycloak_jdbc_engine` | backend database flavour when db is enabled: [ postgres, mariadb ] | `postgres` |
|
||||
|`infinispan_url` | URL for the infinispan remote-cache server | `localhost:11122` |
|
||||
|`infinispan_user` | username for connecting to infinispan | `supervisor` |
|
||||
|`infinispan_pass` | password for connecting to infinispan | `supervisor` |
|
||||
|`infinispan_sasl_mechanism`| Authentication type | `SCRAM-SHA-512` |
|
||||
|`infinispan_use_ssl`| Enable hotrod TLS communication | `False` |
|
||||
|`infinispan_trust_store_path`| Path to truststore with infinispan server certificate | `/etc/pki/java/cacerts` |
|
||||
|`infinispan_trust_store_password`| Password for opening truststore | `changeit` |
|
||||
|
||||
|
||||
The following variables are _required_ only when keycloak_db_enabled is True and keycloak_jdbc_engine is postgres:
|
||||
The following variables are _required_ only when `keycloak_db_enabled` is True:
|
||||
|
||||
| Variable | Description | Default |
|
||||
|:---------|:------------|:---------|
|
||||
|`postgres_jdbc_url` | URL for the postgres backend database | `jdbc:postgresql://localhost:5432/keycloak` |
|
||||
|`postgres_db_user` | username for connecting to postgres | `keycloak-user` |
|
||||
|`postgres_db_pass` | password for connecting to postgres | `keycloak-pass` |
|
||||
|
||||
|
||||
The following variables are _required_ only when keycloak_db_enabled is True and keycloak_jdbc_engine is mariadb:
|
||||
|
||||
| Variable | Description | Default |
|
||||
|:---------|:------------|:---------|
|
||||
|`mariadb_jdbc_url` | URL for the mariadb backend database | `jdbc:mariadb://localhost:3306/keycloak` |
|
||||
|`mariadb_db_user` | username for connecting to mariadb | `keycloak-user` |
|
||||
|`mariadb_db_pass` | password for connecting to mariadb | `keycloak-pass` |
|
||||
|`keycloak_jdbc_url` | URL for the postgres backend database | `jdbc:postgresql://localhost:5432/keycloak` |
|
||||
|`keycloak_jdbc_driver_version`| Version for the JDBC driver to download | `9.4.1212` |
|
||||
|`keycloak_db_user` | username for connecting to postgres | `keycloak-user` |
|
||||
|`keycloak_db_pass` | password for connecting to postgres | `keycloak-pass` |
|
||||
|
||||
|
||||
Dependencies
|
||||
@@ -71,8 +81,8 @@ Dependencies
|
||||
|
||||
The roles depends on:
|
||||
|
||||
* the redhat_csp_download role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection
|
||||
* the wildfly_driver role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection
|
||||
* the `redhat_csp_download` role from [middleware_automation.redhat_csp_download](https://github.com/ansible-middleware/redhat-csp-download) collection
|
||||
* the `wildfly_driver` role from [middleware_automation.wildfly](https://github.com/ansible-middleware/wildfly) collection
|
||||
|
||||
|
||||
Example Playbook
|
||||
@@ -103,4 +113,4 @@ Author Information
|
||||
------------------
|
||||
|
||||
* [Guido Grazioli](https://github.com/guidograzioli)
|
||||
* [Romain Pelisse](https://github.com/rpelisse)
|
||||
* [Romain Pelisse](https://github.com/rpelisse)
|
||||
|
||||
@@ -1,21 +1,27 @@
|
||||
---
|
||||
### Configuration specific to keycloak
|
||||
keycloak_version: 9.0.2
|
||||
keycloak_archive: keycloak-{{ keycloak_version }}.zip
|
||||
keycloak_download_url: https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}
|
||||
keycloak_version: 15.0.2
|
||||
keycloak_archive: "keycloak-{{ keycloak_version }}.zip"
|
||||
keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
|
||||
keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
|
||||
keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
|
||||
|
||||
### Configuration specific to Red Hat Single Sing-On
|
||||
keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}"
|
||||
keycloak_rhsso_version: 7.5
|
||||
keycloak_rhsso_archive: rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip
|
||||
keycloak_rhsso_archive: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip"
|
||||
keycloak_rhsso_installdir: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version }}"
|
||||
keycloak_rhsso_base_url: 'https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId='
|
||||
|
||||
### Install location and service settings
|
||||
jvm_package: java-1.8.0-openjdk-devel
|
||||
keycloak_dest: /opt/keycloak
|
||||
keycloak_jboss_home: "{{ keycloak_rhsso_installdir if rhsso_rhn_id is defined else keycloak_installdir }}"
|
||||
keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
|
||||
|
||||
keycloak_config_standalone_xml: "keycloak.xml"
|
||||
keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
|
||||
|
||||
keycloak_service_user: keycloak
|
||||
keycloak_service_group: keycloak
|
||||
keycloak_service_pidfile: "/run/keycloak.pid"
|
||||
@@ -28,7 +34,8 @@ keycloak_http_port: 8080
|
||||
keycloak_https_port: 8443
|
||||
keycloak_management_http_port: 9990
|
||||
keycloak_management_https_port: 9993
|
||||
keycloak_java_opts: "-Xms1024m -Xmx20480m -XX:MaxPermSize=768m"
|
||||
keycloak_java_opts: "-Xms1024m -Xmx2048m"
|
||||
keycloak_prefer_ipv4: True
|
||||
|
||||
### Enable configuration for database backend, clustering and remote caches on infinispan
|
||||
keycloak_ha_enabled: False
|
||||
@@ -44,18 +51,30 @@ keycloak_force_install: False
|
||||
|
||||
### mod_cluster reverse proxy
|
||||
keycloak_modcluster_url: localhost
|
||||
keycloak_frontend_url: http://localhost
|
||||
|
||||
### infinispan remote caches access
|
||||
### infinispan remote caches access (hotrod)
|
||||
infinispan_user: supervisor
|
||||
infinispan_pass: supervisor
|
||||
infinispan_url: localhost
|
||||
infinispan_sasl_mechanism: SCRAM-SHA-512
|
||||
infinispan_use_ssl: False
|
||||
# if ssl is enabled, import ispn server certificate here
|
||||
infinispan_trust_store_path: /etc/pki/java/cacerts
|
||||
infinispan_trust_store_password: changeit
|
||||
|
||||
### database backend engine: values [ 'postgres', 'mariadb' ]
|
||||
keycloak_jdbc_engine: postgres
|
||||
### database backend credentials
|
||||
postgres_jdbc_url: 'jdbc:postgresql://localhost:5432/keycloak'
|
||||
postgres_db_user: keycloak-user
|
||||
postgres_db_pass: keycloak-pass
|
||||
mariadb_jdbc_url: 'jdbc:mariadb://localhost:3306/keycloak'
|
||||
mariadb_db_user: keycloak-user
|
||||
mariadb_db_pass: keycloak-pass
|
||||
keycloak_db_user: keycloak-user
|
||||
keycloak_db_pass: keycloak-pass
|
||||
keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
|
||||
keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
|
||||
# override the variables above, following defaults show minimum supported versions
|
||||
keycloak_default_jdbc:
|
||||
postgres:
|
||||
url: 'jdbc:postgresql://localhost:5432/keycloak'
|
||||
version: 9.4.1212
|
||||
mariadb:
|
||||
url: 'jdbc:mariadb://localhost:3306/keycloak'
|
||||
version: 2.7.4
|
||||
|
||||
@@ -129,8 +129,8 @@
|
||||
- name: "Deploy Keycloak's standalone.xml"
|
||||
become: yes
|
||||
template:
|
||||
src: "{{ 'templates/standalone-rhsso.xml.j2' if keycloak_rhsso_enable else 'templates/standalone.xml.j2' }}"
|
||||
dest: "{{ keycloak_jboss_home }}/standalone/configuration/standalone.xml"
|
||||
src: templates/standalone.xml.j2
|
||||
dest: "{{ keycloak_config_path_to_standalone_xml }}"
|
||||
owner: "{{ keycloak_service_user }}"
|
||||
group: "{{ keycloak_service_group }}"
|
||||
mode: 0640
|
||||
@@ -141,8 +141,8 @@
|
||||
- name: "Deploy Keycloak's standalone.xml with remote cache store"
|
||||
become: yes
|
||||
template:
|
||||
src: "{{ 'templates/standalone-rhsso-jdg.xml.j2' if keycloak_rhsso_enable else 'templates/standalone-infinispan.xml.j2' }}"
|
||||
dest: "{{ keycloak_jboss_home }}/standalone/configuration/standalone.xml"
|
||||
src: templates/standalone-infinispan.xml.j2
|
||||
dest: "{{ keycloak_config_path_to_standalone_xml }}"
|
||||
owner: "{{ keycloak_service_user }}"
|
||||
group: "{{ keycloak_service_group }}"
|
||||
mode: 0640
|
||||
|
||||
@@ -6,9 +6,17 @@
|
||||
tags:
|
||||
- prereqs
|
||||
|
||||
- include_tasks: tasks/install.yml
|
||||
- name: Include install tasks
|
||||
include_tasks: tasks/install.yml
|
||||
|
||||
- include_tasks: tasks/systemd.yml
|
||||
- name: Include systemd tasks
|
||||
include_tasks: tasks/systemd.yml
|
||||
|
||||
- name: Link default logs directory
|
||||
file:
|
||||
state: link
|
||||
src: "{{keycloak_jboss_home}}/standalone/log"
|
||||
dest: /var/log/keycloak
|
||||
|
||||
- block:
|
||||
- name: Check admin credentials by generating a token
|
||||
@@ -27,9 +35,16 @@
|
||||
args:
|
||||
argv:
|
||||
- "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"
|
||||
- -rmaster
|
||||
- -u{{ keycloak_admin_user }}
|
||||
- -p{{ keycloak_admin_password }}
|
||||
- "-rmaster"
|
||||
- "-u{{ keycloak_admin_user }}"
|
||||
- "-p{{ keycloak_admin_password }}"
|
||||
become: yes
|
||||
- name: restart keycloak
|
||||
include_tasks: tasks/restart_keycloak.yml
|
||||
- name: "Wait until Keycloak becomes active {{ health_url }}"
|
||||
uri:
|
||||
url: "{{ health_url }}"
|
||||
register: keycloak_status
|
||||
until: keycloak_status.status == 200
|
||||
retries: 25
|
||||
delay: 10
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
- name: "Validate configuration"
|
||||
- name: Validate configuration
|
||||
assert:
|
||||
that:
|
||||
- (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled)
|
||||
@@ -7,7 +7,7 @@
|
||||
fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_db_enabled"
|
||||
success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"
|
||||
|
||||
- name: "Validate credentials"
|
||||
- name: Validate credentials
|
||||
assert:
|
||||
that:
|
||||
- (rhn_username is defined and rhsso_rhn_id is defined) or rhsso_rhn_id is not defined
|
||||
@@ -16,14 +16,15 @@
|
||||
fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined"
|
||||
success_msg: "{{ 'Installing Red Hat Single Sign-On' if rhsso_rhn_id is defined else 'Installing keycloak.org' }}"
|
||||
|
||||
- set_fact:
|
||||
- name: Set required packages facts
|
||||
set_fact:
|
||||
required_packages:
|
||||
- "{{ jvm_package | default('java-1.8.0-openjdk-devel') }}"
|
||||
- "{{ jvm_package }}"
|
||||
- unzip
|
||||
- procps-ng
|
||||
- initscripts
|
||||
|
||||
- name: "Ensures required packages are installed"
|
||||
- name: Ensures required packages are installed
|
||||
ansible.builtin.include_tasks: fastpackages/install.yml
|
||||
vars:
|
||||
packages_list: "{{ required_packages }}"
|
||||
@@ -38,6 +38,9 @@
|
||||
daemon_reload: yes
|
||||
when: systemdunit.changed
|
||||
|
||||
- set_fact:
|
||||
health_url: "{{ keycloak_management_url }}/health"
|
||||
|
||||
- name: start keycloak
|
||||
systemd:
|
||||
name: keycloak
|
||||
@@ -56,9 +59,6 @@
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- set_fact:
|
||||
health_url: "{{ keycloak_management_url }}/health"
|
||||
|
||||
- name: "Wait until Keycloak becomes active {{ health_url }}"
|
||||
uri:
|
||||
url: "{{ health_url }}"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<server xmlns="urn:jboss:domain:16.0">
|
||||
<server xmlns="urn:jboss:domain:10.0">
|
||||
<extensions>
|
||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
||||
@@ -23,9 +23,10 @@
|
||||
<extension module="org.wildfly.extension.bean-validation"/>
|
||||
<extension module="org.wildfly.extension.core-management"/>
|
||||
<extension module="org.wildfly.extension.elytron"/>
|
||||
<extension module="org.wildfly.extension.health"/>
|
||||
<extension module="org.wildfly.extension.io"/>
|
||||
<extension module="org.wildfly.extension.metrics"/>
|
||||
<extension module="org.wildfly.extension.microprofile.config-smallrye"/>
|
||||
<extension module="org.wildfly.extension.microprofile.health-smallrye"/>
|
||||
<extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
|
||||
<extension module="org.wildfly.extension.request-controller"/>
|
||||
<extension module="org.wildfly.extension.security.manager"/>
|
||||
<extension module="org.wildfly.extension.undertow"/>
|
||||
@@ -44,7 +45,8 @@
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password"
|
||||
alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
@@ -141,7 +143,7 @@
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
|
||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
||||
<datasources>
|
||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
||||
@@ -152,15 +154,15 @@
|
||||
</security>
|
||||
</datasource>
|
||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
|
||||
<connection-url>{{ keycloak_jdbc[keycloak_jdbc_engine].connection_url }}</connection-url>
|
||||
<driver>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}</driver>
|
||||
{% if keycloak_jdbc.postgres.enabled %}
|
||||
<connection-url>{{ keycloak_jdbc.postgres.connection_url }}</connection-url>
|
||||
<driver>{{ keycloak_jdbc.postgres.driver_module_name }}</driver>
|
||||
<pool>
|
||||
<max-pool-size>20</max-pool-size>
|
||||
</pool>
|
||||
<security>
|
||||
<user-name>{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}</user-name>
|
||||
<password>{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}</password>
|
||||
<user-name>{{ keycloak_jdbc.postgres.db_user }}</user-name>
|
||||
<password>{{ keycloak_jdbc.postgres.db_password }}</password>
|
||||
</security>
|
||||
{% else %}
|
||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
||||
@@ -172,10 +174,10 @@
|
||||
{% endif %}
|
||||
</datasource>
|
||||
<drivers>
|
||||
{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
|
||||
<driver name="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" module="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}">
|
||||
<driver-class>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_class }}</driver-class>
|
||||
<xa-datasource-class>{{ keycloak_jdbc[keycloak_jdbc_engine].xa_datasource_class }}</xa-datasource-class>
|
||||
{% if keycloak_jdbc.postgres.enabled %}
|
||||
<driver name="{{ keycloak_jdbc.postgres.driver_module_name }}" module="{{ keycloak_jdbc.postgres.driver_module_name }}">
|
||||
<driver-class>org.postgresql.Driver</driver-class>
|
||||
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
|
||||
</driver>
|
||||
{% endif %}
|
||||
<driver name="h2" module="com.h2database.h2">
|
||||
@@ -187,7 +189,7 @@
|
||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ee:6.0">
|
||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
||||
<concurrent>
|
||||
<context-services>
|
||||
@@ -197,15 +199,17 @@
|
||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
||||
</managed-thread-factories>
|
||||
<managed-executor-services>
|
||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
|
||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
||||
</managed-executor-services>
|
||||
<managed-scheduled-executor-services>
|
||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
|
||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
||||
</managed-scheduled-executor-services>
|
||||
</concurrent>
|
||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS"
|
||||
managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
|
||||
managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ejb3:9.0">
|
||||
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
|
||||
<session-bean>
|
||||
<stateless>
|
||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
||||
@@ -232,7 +236,7 @@
|
||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
||||
</data-stores>
|
||||
</timer-service>
|
||||
<remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
|
||||
<remote cluster="ejb" connector-ref="http-remoting-connector" thread-pool-name="default">
|
||||
<channel-creation-options>
|
||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
||||
</channel-creation-options>
|
||||
@@ -248,7 +252,7 @@
|
||||
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<log-system-exceptions value="true"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
||||
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
||||
<providers>
|
||||
<aggregate-providers name="combined-providers">
|
||||
<providers name="elytron"/>
|
||||
@@ -357,7 +361,7 @@
|
||||
</key-store>
|
||||
</key-stores>
|
||||
<key-managers>
|
||||
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
|
||||
<key-manager name="applicationKM" key-store="applicationKS">
|
||||
<credential-reference clear-text="password"/>
|
||||
</key-manager>
|
||||
</key-managers>
|
||||
@@ -366,25 +370,24 @@
|
||||
</server-ssl-contexts>
|
||||
</tls>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
|
||||
<subsystem xmlns="urn:jboss:domain:infinispan:12.0">
|
||||
<cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
|
||||
<subsystem xmlns="urn:jboss:domain:infinispan:9.0">
|
||||
<cache-container name="ejb" default-cache="passivation" aliases="sfsb" module="org.wildfly.clustering.ejb.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
|
||||
<cache-container name="keycloak" module="org.keycloak.keycloak-model-infinispan">
|
||||
<transport lock-timeout="60000"/>
|
||||
<local-cache name="realms">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="users">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="authenticationSessions"/>
|
||||
{% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
|
||||
{% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
|
||||
<distributed-cache name="{{ cachename }}">
|
||||
<remote-store cache="{{ cachename }}"
|
||||
remote-servers="remote-cache"
|
||||
@@ -405,9 +408,10 @@
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
|
||||
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
|
||||
</remote-store>
|
||||
</distributed-cache>
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
<replicated-cache name="work">
|
||||
<remote-store cache="work"
|
||||
remote-servers="remote-cache"
|
||||
@@ -428,22 +432,23 @@
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
|
||||
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
|
||||
</remote-store>
|
||||
</replicated-cache>
|
||||
<local-cache name="authorization">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="keys">
|
||||
<heap-memory size="1000"/>
|
||||
<object-memory size="1000"/>
|
||||
<expiration max-idle="3600000"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server">
|
||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
||||
<local-cache name="default">
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan">
|
||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
@@ -455,13 +460,13 @@
|
||||
</local-cache>
|
||||
<local-cache name="routing"/>
|
||||
</cache-container>
|
||||
<cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
|
||||
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
|
||||
<local-cache name="entity">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="local-query">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="timestamps"/>
|
||||
@@ -471,7 +476,7 @@
|
||||
<worker name="default"/>
|
||||
<buffer-pool name="default"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
||||
<bean-validation enabled="true"/>
|
||||
@@ -491,7 +496,7 @@
|
||||
</default-workmanager>
|
||||
<cached-connection-manager/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jgroups:8.0">
|
||||
<subsystem xmlns="urn:jboss:domain:jgroups:7.0">
|
||||
<channels default="ee">
|
||||
<channel name="ee" stack="tcp" cluster="ejb"/>
|
||||
</channels>
|
||||
@@ -528,7 +533,7 @@
|
||||
<remoting-connector/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
||||
<jpa default-extended-persistence-inheritance="DEEP"/>
|
||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
||||
<web-context>auth</web-context>
|
||||
@@ -604,19 +609,18 @@
|
||||
<default-provider>default</default-provider>
|
||||
<provider name="default" enabled="true">
|
||||
<properties>
|
||||
<property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
|
||||
<property name="forceBackendUrlToFrontendUrl" value="false"/>
|
||||
<property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
|
||||
<property name="forceBackendUrlToFrontendUrl" value="true"/>
|
||||
</properties>
|
||||
</provider>
|
||||
</spi>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:mail:4.0">
|
||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
||||
</mail-session>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
|
||||
<proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
|
||||
<dynamic-load-provider>
|
||||
@@ -624,7 +628,7 @@
|
||||
</dynamic-load-provider>
|
||||
</proxy>
|
||||
</subsystem>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
||||
<remote-naming/>
|
||||
</subsystem>
|
||||
@@ -671,7 +675,7 @@
|
||||
</maximum-set>
|
||||
</deployment-permissions>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:6.0">
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
|
||||
<core-environment node-identifier="{{ inventory_hostname | default('${jboss.tx.node.id:1}') }}">
|
||||
<process-id>
|
||||
<uuid/>
|
||||
@@ -681,7 +685,9 @@
|
||||
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host"
|
||||
default-servlet-container="default" default-security-domain="other"
|
||||
statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<buffer-cache name="default"/>
|
||||
<server name="default-server">
|
||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
||||
@@ -706,13 +712,23 @@
|
||||
</filters>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:weld:4.0"/>
|
||||
</profile>
|
||||
<subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
|
||||
<subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false"
|
||||
empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}"
|
||||
empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
|
||||
<subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false"
|
||||
exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
|
||||
</profile>
|
||||
<interfaces>
|
||||
<interface name="management">
|
||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="jgroups">
|
||||
{% if ansible_default_ipv4 is defined %}
|
||||
<subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr('net') }}"/>
|
||||
{% else %}
|
||||
<any-address />
|
||||
{% endif %}
|
||||
</interface>
|
||||
<interface name="public">
|
||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
||||
@@ -1,6 +1,6 @@
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<server xmlns="urn:jboss:domain:16.0">
|
||||
<server xmlns="urn:jboss:domain:10.0">
|
||||
<extensions>
|
||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
||||
<extension module="org.jboss.as.connector"/>
|
||||
@@ -22,9 +22,10 @@
|
||||
<extension module="org.wildfly.extension.bean-validation"/>
|
||||
<extension module="org.wildfly.extension.core-management"/>
|
||||
<extension module="org.wildfly.extension.elytron"/>
|
||||
<extension module="org.wildfly.extension.health"/>
|
||||
<extension module="org.wildfly.extension.io"/>
|
||||
<extension module="org.wildfly.extension.metrics"/>
|
||||
<extension module="org.wildfly.extension.microprofile.config-smallrye"/>
|
||||
<extension module="org.wildfly.extension.microprofile.health-smallrye"/>
|
||||
<extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
|
||||
<extension module="org.wildfly.extension.request-controller"/>
|
||||
<extension module="org.wildfly.extension.security.manager"/>
|
||||
<extension module="org.wildfly.extension.undertow"/>
|
||||
@@ -43,7 +44,8 @@
|
||||
<security-realm name="ApplicationRealm">
|
||||
<server-identities>
|
||||
<ssl>
|
||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password"
|
||||
alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
|
||||
</ssl>
|
||||
</server-identities>
|
||||
<authentication>
|
||||
@@ -128,7 +130,7 @@
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
|
||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
||||
<datasources>
|
||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
||||
@@ -156,7 +158,7 @@
|
||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ee:6.0">
|
||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
||||
<concurrent>
|
||||
<context-services>
|
||||
@@ -166,15 +168,17 @@
|
||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
||||
</managed-thread-factories>
|
||||
<managed-executor-services>
|
||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
|
||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
||||
</managed-executor-services>
|
||||
<managed-scheduled-executor-services>
|
||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
|
||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
||||
</managed-scheduled-executor-services>
|
||||
</concurrent>
|
||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS"
|
||||
managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
|
||||
managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ejb3:9.0">
|
||||
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
|
||||
<session-bean>
|
||||
<stateless>
|
||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
||||
@@ -201,7 +205,7 @@
|
||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
||||
</data-stores>
|
||||
</timer-service>
|
||||
<remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
|
||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
|
||||
<channel-creation-options>
|
||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
||||
</channel-creation-options>
|
||||
@@ -217,7 +221,130 @@
|
||||
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<log-system-exceptions value="true"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
||||
<subsystem xmlns="urn:jboss:domain:io:3.0">
|
||||
<worker name="default"/>
|
||||
<buffer-pool name="default"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:infinispan:9.0">
|
||||
<cache-container name="keycloak">
|
||||
<local-cache name="realms">
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="users">
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="sessions"/>
|
||||
<local-cache name="authenticationSessions"/>
|
||||
<local-cache name="offlineSessions"/>
|
||||
<local-cache name="clientSessions"/>
|
||||
<local-cache name="offlineClientSessions"/>
|
||||
<local-cache name="loginFailures"/>
|
||||
<local-cache name="work"/>
|
||||
<local-cache name="authorization">
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="keys">
|
||||
<object-memory size="1000"/>
|
||||
<expiration max-idle="3600000"/>
|
||||
</local-cache>
|
||||
<local-cache name="actionTokens">
|
||||
<object-memory size="-1"/>
|
||||
<expiration max-idle="-1" interval="300000"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
||||
<local-cache name="default">
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
<local-cache name="sso">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
<local-cache name="routing"/>
|
||||
</cache-container>
|
||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
|
||||
<local-cache name="entity">
|
||||
<object-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="local-query">
|
||||
<object-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="timestamps"/>
|
||||
</cache-container>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
||||
<bean-validation enabled="true"/>
|
||||
<default-workmanager>
|
||||
<short-running-threads>
|
||||
<core-threads count="50"/>
|
||||
<queue-length count="50"/>
|
||||
<max-threads count="50"/>
|
||||
<keepalive-time time="10" unit="seconds"/>
|
||||
</short-running-threads>
|
||||
<long-running-threads>
|
||||
<core-threads count="50"/>
|
||||
<queue-length count="50"/>
|
||||
<max-threads count="50"/>
|
||||
<keepalive-time time="10" unit="seconds"/>
|
||||
</long-running-threads>
|
||||
</default-workmanager>
|
||||
<cached-connection-manager/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
||||
<expose-resolved-model/>
|
||||
<expose-expression-model/>
|
||||
<remoting-connector/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
||||
</mail-session>
|
||||
</subsystem>
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
|
||||
<proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
|
||||
<dynamic-load-provider>
|
||||
<load-metric type="cpu"/>
|
||||
</dynamic-load-provider>
|
||||
</proxy>
|
||||
</subsystem>
|
||||
{% endif %}
|
||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
||||
<remote-naming/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
||||
<deployment-permissions>
|
||||
<maximum-set>
|
||||
<permission class="java.security.AllPermission"/>
|
||||
</maximum-set>
|
||||
</deployment-permissions>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
||||
<providers>
|
||||
<aggregate-providers name="combined-providers">
|
||||
<providers name="elytron"/>
|
||||
@@ -275,7 +402,6 @@
|
||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
||||
</permission-set>
|
||||
</permission-sets>
|
||||
<http>
|
||||
@@ -317,126 +443,78 @@
|
||||
</mechanism-provider-filtering-sasl-server-factory>
|
||||
<provider-sasl-server-factory name="global"/>
|
||||
</sasl>
|
||||
<tls>
|
||||
<key-stores>
|
||||
<key-store name="applicationKS">
|
||||
<credential-reference clear-text="password"/>
|
||||
<implementation type="JKS"/>
|
||||
<file path="application.keystore" relative-to="jboss.server.config.dir"/>
|
||||
</key-store>
|
||||
</key-stores>
|
||||
<key-managers>
|
||||
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
|
||||
<credential-reference clear-text="password"/>
|
||||
</key-manager>
|
||||
</key-managers>
|
||||
<server-ssl-contexts>
|
||||
<server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
|
||||
</server-ssl-contexts>
|
||||
</tls>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
|
||||
<subsystem xmlns="urn:jboss:domain:infinispan:12.0">
|
||||
<cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
|
||||
<local-cache name="realms">
|
||||
<heap-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="users">
|
||||
<heap-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="sessions"/>
|
||||
<local-cache name="authenticationSessions"/>
|
||||
<local-cache name="offlineSessions"/>
|
||||
<local-cache name="clientSessions"/>
|
||||
<local-cache name="offlineClientSessions"/>
|
||||
<local-cache name="loginFailures"/>
|
||||
<local-cache name="work"/>
|
||||
<local-cache name="authorization">
|
||||
<heap-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="keys">
|
||||
<heap-memory size="1000"/>
|
||||
<expiration max-idle="3600000"/>
|
||||
</local-cache>
|
||||
<local-cache name="actionTokens">
|
||||
<heap-memory size="-1"/>
|
||||
<expiration interval="300000" max-idle="-1"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server">
|
||||
<local-cache name="default">
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
<local-cache name="sso">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
<local-cache name="routing"/>
|
||||
</cache-container>
|
||||
<cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
|
||||
<local-cache name="entity">
|
||||
<heap-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="local-query">
|
||||
<heap-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="timestamps"/>
|
||||
</cache-container>
|
||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
||||
<security-domains>
|
||||
<security-domain name="other" cache-type="default">
|
||||
<authentication>
|
||||
<login-module code="Remoting" flag="optional">
|
||||
<module-option name="password-stacking" value="useFirstPass"/>
|
||||
</login-module>
|
||||
<login-module code="RealmDirect" flag="required">
|
||||
<module-option name="password-stacking" value="useFirstPass"/>
|
||||
</login-module>
|
||||
</authentication>
|
||||
</security-domain>
|
||||
<security-domain name="jboss-web-policy" cache-type="default">
|
||||
<authorization>
|
||||
<policy-module code="Delegating" flag="required"/>
|
||||
</authorization>
|
||||
</security-domain>
|
||||
<security-domain name="jaspitest" cache-type="default">
|
||||
<authentication-jaspi>
|
||||
<login-module-stack name="dummy">
|
||||
<login-module code="Dummy" flag="optional"/>
|
||||
</login-module-stack>
|
||||
<auth-module code="Dummy"/>
|
||||
</authentication-jaspi>
|
||||
</security-domain>
|
||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
||||
<authorization>
|
||||
<policy-module code="Delegating" flag="required"/>
|
||||
</authorization>
|
||||
</security-domain>
|
||||
</security-domains>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:io:3.0">
|
||||
<worker name="default"/>
|
||||
<buffer-pool name="default"/>
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
|
||||
<core-environment node-identifier="${jboss.tx.node.id:1}">
|
||||
<process-id>
|
||||
<uuid/>
|
||||
</process-id>
|
||||
</core-environment>
|
||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
||||
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
||||
<bean-validation enabled="true"/>
|
||||
<default-workmanager>
|
||||
<short-running-threads>
|
||||
<core-threads count="50"/>
|
||||
<queue-length count="50"/>
|
||||
<max-threads count="50"/>
|
||||
<keepalive-time time="10" unit="seconds"/>
|
||||
</short-running-threads>
|
||||
<long-running-threads>
|
||||
<core-threads count="50"/>
|
||||
<queue-length count="50"/>
|
||||
<max-threads count="50"/>
|
||||
<keepalive-time time="10" unit="seconds"/>
|
||||
</long-running-threads>
|
||||
</default-workmanager>
|
||||
<cached-connection-manager/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
||||
<expose-resolved-model/>
|
||||
<expose-expression-model/>
|
||||
<remoting-connector/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
||||
<jpa default-extended-persistence-inheritance="DEEP"/>
|
||||
<subsystem xmlns="urn:jboss:domain:weld:4.0"/>
|
||||
<subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
|
||||
<subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false"
|
||||
empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
|
||||
<subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host"
|
||||
default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<buffer-cache name="default"/>
|
||||
<server name="default-server">
|
||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
||||
<host name="default-host" alias="localhost">
|
||||
<location name="/" handler="welcome-content"/>
|
||||
<http-invoker security-realm="ApplicationRealm"/>
|
||||
</host>
|
||||
</server>
|
||||
<servlet-container name="default">
|
||||
<jsp-config/>
|
||||
<websockets/>
|
||||
</servlet-container>
|
||||
<handlers>
|
||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
||||
</handlers>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
||||
<web-context>auth</web-context>
|
||||
<providers>
|
||||
<provider>
|
||||
classpath:${jboss.home.dir}/providers/*
|
||||
</provider>
|
||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
||||
</providers>
|
||||
<master-realm-name>master</master-realm-name>
|
||||
<scheduled-task-interval>900</scheduled-task-interval>
|
||||
@@ -505,103 +583,12 @@
|
||||
<default-provider>default</default-provider>
|
||||
<provider name="default" enabled="true">
|
||||
<properties>
|
||||
<property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
|
||||
<property name="forceBackendUrlToFrontendUrl" value="false"/>
|
||||
<property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
|
||||
<property name="forceBackendUrlToFrontendUrl" value="true"/>
|
||||
</properties>
|
||||
</provider>
|
||||
</spi>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:mail:4.0">
|
||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
||||
</mail-session>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
|
||||
<proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
|
||||
<dynamic-load-provider>
|
||||
<load-metric type="cpu"/>
|
||||
</dynamic-load-provider>
|
||||
</proxy>
|
||||
</subsystem>
|
||||
{% endif %}
|
||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
||||
<remote-naming/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
||||
<security-domains>
|
||||
<security-domain name="other" cache-type="default">
|
||||
<authentication>
|
||||
<login-module code="Remoting" flag="optional">
|
||||
<module-option name="password-stacking" value="useFirstPass"/>
|
||||
</login-module>
|
||||
<login-module code="RealmDirect" flag="required">
|
||||
<module-option name="password-stacking" value="useFirstPass"/>
|
||||
</login-module>
|
||||
</authentication>
|
||||
</security-domain>
|
||||
<security-domain name="jboss-web-policy" cache-type="default">
|
||||
<authorization>
|
||||
<policy-module code="Delegating" flag="required"/>
|
||||
</authorization>
|
||||
</security-domain>
|
||||
<security-domain name="jaspitest" cache-type="default">
|
||||
<authentication-jaspi>
|
||||
<login-module-stack name="dummy">
|
||||
<login-module code="Dummy" flag="optional"/>
|
||||
</login-module-stack>
|
||||
<auth-module code="Dummy"/>
|
||||
</authentication-jaspi>
|
||||
</security-domain>
|
||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
||||
<authorization>
|
||||
<policy-module code="Delegating" flag="required"/>
|
||||
</authorization>
|
||||
</security-domain>
|
||||
</security-domains>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
||||
<deployment-permissions>
|
||||
<maximum-set>
|
||||
<permission class="java.security.AllPermission"/>
|
||||
</maximum-set>
|
||||
</deployment-permissions>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:6.0">
|
||||
<core-environment node-identifier="${jboss.tx.node.id:1}">
|
||||
<process-id>
|
||||
<uuid/>
|
||||
</process-id>
|
||||
</core-environment>
|
||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
||||
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<buffer-cache name="default"/>
|
||||
<server name="default-server">
|
||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
||||
<host name="default-host" alias="localhost">
|
||||
<location name="/" handler="welcome-content"/>
|
||||
<http-invoker security-realm="ApplicationRealm"/>
|
||||
</host>
|
||||
</server>
|
||||
<servlet-container name="default">
|
||||
<jsp-config/>
|
||||
<websockets/>
|
||||
</servlet-container>
|
||||
<handlers>
|
||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
||||
</handlers>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:weld:4.0"/>
|
||||
</profile>
|
||||
<interfaces>
|
||||
<interface name="management">
|
||||
@@ -621,12 +608,12 @@
|
||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
||||
<socket-binding name="txn-status-manager" port="4713"/>
|
||||
<outbound-socket-binding name="mail-smtp">
|
||||
<remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
|
||||
<remote-destination host="localhost" port="25"/>
|
||||
</outbound-socket-binding>
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
<outbound-socket-binding name="proxy1">
|
||||
<remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
|
||||
</outbound-socket-binding>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
</socket-binding-group>
|
||||
</server>
|
||||
@@ -82,8 +82,8 @@ startKeycloak() {
|
||||
-Djboss.management.http.port=${KEYCLOAK_MANAGEMENT_HTTP_PORT} \
|
||||
-Djboss.management.https.port=${KEYCLOAK_MANAGEMENT_HTTPS_PORT} \
|
||||
-Djboss.node.name={{ inventory_hostname }} \
|
||||
{% if ansible_facts.virtualization_type in ['docker','oci','containerd'] %}-Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true {% endif %}\
|
||||
2>&1 >> "${KEYCLOAK_LOGFILE}" &
|
||||
{% if keycloak_prefer_ipv4 %}-Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true {% endif %}\
|
||||
{% if keycloak_config_standalone_xml is defined %}--server-config={{ keycloak_config_standalone_xml }}{% endif %} &
|
||||
while [ ! -f ${KEYCLOAK_PIDFILE} ]; do sleep 1; done
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -152,15 +152,15 @@
|
||||
</security>
|
||||
</datasource>
|
||||
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
{% if keycloak_jdbc.postgres.enabled %}
|
||||
<connection-url>{{ keycloak_jdbc.postgres.connection_url }}</connection-url>
|
||||
<driver>{{ keycloak_jdbc.postgres.driver_module_name }}</driver>
|
||||
{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
|
||||
<connection-url>{{ keycloak_jdbc[keycloak_jdbc_engine].connection_url }}</connection-url>
|
||||
<driver>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}</driver>
|
||||
<pool>
|
||||
<max-pool-size>20</max-pool-size>
|
||||
</pool>
|
||||
<security>
|
||||
<user-name>{{ keycloak_jdbc.postgres.db_user }}</user-name>
|
||||
<password>{{ keycloak_jdbc.postgres.db_password }}</password>
|
||||
<user-name>{{ keycloak_jdbc[keycloak_jdbc_engine].db_user }}</user-name>
|
||||
<password>{{ keycloak_jdbc[keycloak_jdbc_engine].db_password }}</password>
|
||||
</security>
|
||||
{% else %}
|
||||
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
|
||||
@@ -172,10 +172,10 @@
|
||||
{% endif %}
|
||||
</datasource>
|
||||
<drivers>
|
||||
{% if keycloak_jdbc.postgres.enabled %}
|
||||
<driver name="{{ keycloak_jdbc.postgres.driver_module_name }}" module="{{ keycloak_jdbc.postgres.driver_module_name }}">
|
||||
<driver-class>org.postgresql.Driver</driver-class>
|
||||
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
|
||||
{% if keycloak_jdbc[keycloak_jdbc_engine].enabled %}
|
||||
<driver name="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}" module="{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}">
|
||||
<driver-class>{{ keycloak_jdbc[keycloak_jdbc_engine].driver_class }}</driver-class>
|
||||
<xa-datasource-class>{{ keycloak_jdbc[keycloak_jdbc_engine].xa_datasource_class }}</xa-datasource-class>
|
||||
</driver>
|
||||
{% endif %}
|
||||
<driver name="h2" module="com.h2database.h2">
|
||||
@@ -384,7 +384,7 @@
|
||||
<heap-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="authenticationSessions"/>
|
||||
{% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
|
||||
{% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
|
||||
<distributed-cache name="{{ cachename }}">
|
||||
<remote-store cache="{{ cachename }}"
|
||||
remote-servers="remote-cache"
|
||||
@@ -400,14 +400,15 @@
|
||||
<property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
|
||||
<property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
|
||||
<property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
|
||||
<property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
|
||||
<property name="infinispan.client.hotrod.use_ssl">false</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
|
||||
<property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
|
||||
<property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
|
||||
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
|
||||
</remote-store>
|
||||
</distributed-cache>
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
<replicated-cache name="work">
|
||||
<remote-store cache="work"
|
||||
remote-servers="remote-cache"
|
||||
@@ -423,11 +424,12 @@
|
||||
<property name="infinispan.client.hotrod.auth_password">{{ keycloak_remotecache.password }}</property>
|
||||
<property name="infinispan.client.hotrod.auth_realm">{{ keycloak_remotecache.realm | default('default') }}</property>
|
||||
<property name="infinispan.client.hotrod.auth_server_name">{{ keycloak_remotecache.server_name }}</property>
|
||||
<property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism | default('SCRAM-SHA-512') }}</property>
|
||||
<property name="infinispan.client.hotrod.use_ssl">false</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path | default('/etc/truststore/truststore.jks') }}</property>
|
||||
<property name="infinispan.client.hotrod.sasl_mechanism">{{ keycloak_remotecache.sasl_mechanism }}</property>
|
||||
<property name="infinispan.client.hotrod.use_ssl">{{ keycloak_remotecache.use_ssl }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_file_name">{{ keycloak_remotecache.trust_store_path }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_type">JKS</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password | default("changeme") }}</property>
|
||||
<property name="infinispan.client.hotrod.trust_store_password">{{ keycloak_remotecache.trust_store_password }}</property>
|
||||
<property name="infinispan.client.hotrod.client_intelligence">TOPOLOGY_AWARE</property>
|
||||
</remote-store>
|
||||
</replicated-cache>
|
||||
<local-cache name="authorization">
|
||||
@@ -604,8 +606,8 @@
|
||||
<default-provider>default</default-provider>
|
||||
<provider name="default" enabled="true">
|
||||
<properties>
|
||||
<property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
|
||||
<property name="forceBackendUrlToFrontendUrl" value="false"/>
|
||||
<property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
|
||||
<property name="forceBackendUrlToFrontendUrl" value="true"/>
|
||||
</properties>
|
||||
</provider>
|
||||
</spi>
|
||||
@@ -616,7 +618,7 @@
|
||||
</mail-session>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
|
||||
<proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
|
||||
<dynamic-load-provider>
|
||||
@@ -711,8 +713,12 @@
|
||||
<interface name="management">
|
||||
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
|
||||
</interface>
|
||||
<interface name="jgroups">
|
||||
<interface name="jgroups">
|
||||
{% if ansible_default_ipv4 is defined %}
|
||||
<subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr('net') }}"/>
|
||||
{% else %}
|
||||
<any-address />
|
||||
{% endif %}
|
||||
</interface>
|
||||
<interface name="public">
|
||||
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<server xmlns="urn:jboss:domain:10.0">
|
||||
<server xmlns="urn:jboss:domain:16.0">
|
||||
<extensions>
|
||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
||||
<extension module="org.jboss.as.connector"/>
|
||||
@@ -22,10 +22,9 @@
|
||||
<extension module="org.wildfly.extension.bean-validation"/>
|
||||
<extension module="org.wildfly.extension.core-management"/>
|
||||
<extension module="org.wildfly.extension.elytron"/>
|
||||
<extension module="org.wildfly.extension.health"/>
|
||||
<extension module="org.wildfly.extension.io"/>
|
||||
<extension module="org.wildfly.extension.microprofile.config-smallrye"/>
|
||||
<extension module="org.wildfly.extension.microprofile.health-smallrye"/>
|
||||
<extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
|
||||
<extension module="org.wildfly.extension.metrics"/>
|
||||
<extension module="org.wildfly.extension.request-controller"/>
|
||||
<extension module="org.wildfly.extension.security.manager"/>
|
||||
<extension module="org.wildfly.extension.undertow"/>
|
||||
@@ -129,7 +128,7 @@
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
||||
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
|
||||
<datasources>
|
||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
||||
@@ -157,7 +156,7 @@
|
||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
||||
<subsystem xmlns="urn:jboss:domain:ee:6.0">
|
||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
||||
<concurrent>
|
||||
<context-services>
|
||||
@@ -167,15 +166,15 @@
|
||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
||||
</managed-thread-factories>
|
||||
<managed-executor-services>
|
||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
|
||||
</managed-executor-services>
|
||||
<managed-scheduled-executor-services>
|
||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
|
||||
</managed-scheduled-executor-services>
|
||||
</concurrent>
|
||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
|
||||
<subsystem xmlns="urn:jboss:domain:ejb3:9.0">
|
||||
<session-bean>
|
||||
<stateless>
|
||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
||||
@@ -202,7 +201,7 @@
|
||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
||||
</data-stores>
|
||||
</timer-service>
|
||||
<remote connector-ref="http-remoting-connector" thread-pool-name="default">
|
||||
<remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
|
||||
<channel-creation-options>
|
||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
||||
</channel-creation-options>
|
||||
@@ -218,130 +217,7 @@
|
||||
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<log-system-exceptions value="true"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:io:3.0">
|
||||
<worker name="default"/>
|
||||
<buffer-pool name="default"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:infinispan:9.0">
|
||||
<cache-container name="keycloak">
|
||||
<local-cache name="realms">
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="users">
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="sessions"/>
|
||||
<local-cache name="authenticationSessions"/>
|
||||
<local-cache name="offlineSessions"/>
|
||||
<local-cache name="clientSessions"/>
|
||||
<local-cache name="offlineClientSessions"/>
|
||||
<local-cache name="loginFailures"/>
|
||||
<local-cache name="work"/>
|
||||
<local-cache name="authorization">
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="keys">
|
||||
<object-memory size="1000"/>
|
||||
<expiration max-idle="3600000"/>
|
||||
</local-cache>
|
||||
<local-cache name="actionTokens">
|
||||
<object-memory size="-1"/>
|
||||
<expiration max-idle="-1" interval="300000"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
||||
<local-cache name="default">
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
<local-cache name="sso">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
<local-cache name="routing"/>
|
||||
</cache-container>
|
||||
<cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
|
||||
<local-cache name="entity">
|
||||
<object-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="local-query">
|
||||
<object-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="timestamps"/>
|
||||
</cache-container>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
||||
<bean-validation enabled="true"/>
|
||||
<default-workmanager>
|
||||
<short-running-threads>
|
||||
<core-threads count="50"/>
|
||||
<queue-length count="50"/>
|
||||
<max-threads count="50"/>
|
||||
<keepalive-time time="10" unit="seconds"/>
|
||||
</short-running-threads>
|
||||
<long-running-threads>
|
||||
<core-threads count="50"/>
|
||||
<queue-length count="50"/>
|
||||
<max-threads count="50"/>
|
||||
<keepalive-time time="10" unit="seconds"/>
|
||||
</long-running-threads>
|
||||
</default-workmanager>
|
||||
<cached-connection-manager/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
||||
<expose-resolved-model/>
|
||||
<expose-expression-model/>
|
||||
<remoting-connector/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
||||
</mail-session>
|
||||
</subsystem>
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
|
||||
<proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
|
||||
<dynamic-load-provider>
|
||||
<load-metric type="cpu"/>
|
||||
</dynamic-load-provider>
|
||||
</proxy>
|
||||
</subsystem>
|
||||
{% endif %}
|
||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
||||
<remote-naming/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
||||
<deployment-permissions>
|
||||
<maximum-set>
|
||||
<permission class="java.security.AllPermission"/>
|
||||
</maximum-set>
|
||||
</deployment-permissions>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
||||
<subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
||||
<providers>
|
||||
<aggregate-providers name="combined-providers">
|
||||
<providers name="elytron"/>
|
||||
@@ -399,6 +275,7 @@
|
||||
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
|
||||
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
|
||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
||||
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
|
||||
</permission-set>
|
||||
</permission-sets>
|
||||
<http>
|
||||
@@ -440,76 +317,126 @@
|
||||
</mechanism-provider-filtering-sasl-server-factory>
|
||||
<provider-sasl-server-factory name="global"/>
|
||||
</sasl>
|
||||
<tls>
|
||||
<key-stores>
|
||||
<key-store name="applicationKS">
|
||||
<credential-reference clear-text="password"/>
|
||||
<implementation type="JKS"/>
|
||||
<file path="application.keystore" relative-to="jboss.server.config.dir"/>
|
||||
</key-store>
|
||||
</key-stores>
|
||||
<key-managers>
|
||||
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
|
||||
<credential-reference clear-text="password"/>
|
||||
</key-manager>
|
||||
</key-managers>
|
||||
<server-ssl-contexts>
|
||||
<server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
|
||||
</server-ssl-contexts>
|
||||
</tls>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
||||
<security-domains>
|
||||
<security-domain name="other" cache-type="default">
|
||||
<authentication>
|
||||
<login-module code="Remoting" flag="optional">
|
||||
<module-option name="password-stacking" value="useFirstPass"/>
|
||||
</login-module>
|
||||
<login-module code="RealmDirect" flag="required">
|
||||
<module-option name="password-stacking" value="useFirstPass"/>
|
||||
</login-module>
|
||||
</authentication>
|
||||
</security-domain>
|
||||
<security-domain name="jboss-web-policy" cache-type="default">
|
||||
<authorization>
|
||||
<policy-module code="Delegating" flag="required"/>
|
||||
</authorization>
|
||||
</security-domain>
|
||||
<security-domain name="jaspitest" cache-type="default">
|
||||
<authentication-jaspi>
|
||||
<login-module-stack name="dummy">
|
||||
<login-module code="Dummy" flag="optional"/>
|
||||
</login-module-stack>
|
||||
<auth-module code="Dummy"/>
|
||||
</authentication-jaspi>
|
||||
</security-domain>
|
||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
||||
<authorization>
|
||||
<policy-module code="Delegating" flag="required"/>
|
||||
</authorization>
|
||||
</security-domain>
|
||||
</security-domains>
|
||||
<subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
|
||||
<subsystem xmlns="urn:jboss:domain:infinispan:12.0">
|
||||
<cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
|
||||
<local-cache name="realms">
|
||||
<heap-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="users">
|
||||
<heap-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="sessions"/>
|
||||
<local-cache name="authenticationSessions"/>
|
||||
<local-cache name="offlineSessions"/>
|
||||
<local-cache name="clientSessions"/>
|
||||
<local-cache name="offlineClientSessions"/>
|
||||
<local-cache name="loginFailures"/>
|
||||
<local-cache name="work"/>
|
||||
<local-cache name="authorization">
|
||||
<heap-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="keys">
|
||||
<heap-memory size="1000"/>
|
||||
<expiration max-idle="3600000"/>
|
||||
</local-cache>
|
||||
<local-cache name="actionTokens">
|
||||
<heap-memory size="-1"/>
|
||||
<expiration interval="300000" max-idle="-1"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server">
|
||||
<local-cache name="default">
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
<local-cache name="sso">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
<local-cache name="routing"/>
|
||||
</cache-container>
|
||||
<cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
|
||||
<local-cache name="entity">
|
||||
<heap-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="local-query">
|
||||
<heap-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="timestamps"/>
|
||||
</cache-container>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
|
||||
<core-environment node-identifier="${jboss.tx.node.id:1}">
|
||||
<process-id>
|
||||
<uuid/>
|
||||
</process-id>
|
||||
</core-environment>
|
||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
||||
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
||||
<subsystem xmlns="urn:jboss:domain:io:3.0">
|
||||
<worker name="default"/>
|
||||
<buffer-pool name="default"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:weld:4.0"/>
|
||||
<subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0"/>
|
||||
<subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}"/>
|
||||
<subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}"/>
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<buffer-cache name="default"/>
|
||||
<server name="default-server">
|
||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
||||
<host name="default-host" alias="localhost">
|
||||
<location name="/" handler="welcome-content"/>
|
||||
<http-invoker security-realm="ApplicationRealm"/>
|
||||
</host>
|
||||
</server>
|
||||
<servlet-container name="default">
|
||||
<jsp-config/>
|
||||
<websockets/>
|
||||
</servlet-container>
|
||||
<handlers>
|
||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
||||
</handlers>
|
||||
<subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
||||
<bean-validation enabled="true"/>
|
||||
<default-workmanager>
|
||||
<short-running-threads>
|
||||
<core-threads count="50"/>
|
||||
<queue-length count="50"/>
|
||||
<max-threads count="50"/>
|
||||
<keepalive-time time="10" unit="seconds"/>
|
||||
</short-running-threads>
|
||||
<long-running-threads>
|
||||
<core-threads count="50"/>
|
||||
<queue-length count="50"/>
|
||||
<max-threads count="50"/>
|
||||
<keepalive-time time="10" unit="seconds"/>
|
||||
</long-running-threads>
|
||||
</default-workmanager>
|
||||
<cached-connection-manager/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
|
||||
<expose-resolved-model/>
|
||||
<expose-expression-model/>
|
||||
<remoting-connector/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
||||
<jpa default-extended-persistence-inheritance="DEEP"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
||||
<web-context>auth</web-context>
|
||||
<providers>
|
||||
<provider>classpath:${jboss.home.dir}/providers/*</provider>
|
||||
<provider>
|
||||
classpath:${jboss.home.dir}/providers/*
|
||||
</provider>
|
||||
</providers>
|
||||
<master-realm-name>master</master-realm-name>
|
||||
<scheduled-task-interval>900</scheduled-task-interval>
|
||||
@@ -578,12 +505,103 @@
|
||||
<default-provider>default</default-provider>
|
||||
<provider name="default" enabled="true">
|
||||
<properties>
|
||||
<property name="frontendUrl" value="${keycloak.frontendUrl:}"/>
|
||||
<property name="forceBackendUrlToFrontendUrl" value="false"/>
|
||||
<property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
|
||||
<property name="forceBackendUrlToFrontendUrl" value="true"/>
|
||||
</properties>
|
||||
</provider>
|
||||
</spi>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:mail:4.0">
|
||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
||||
</mail-session>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
|
||||
<proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
|
||||
<dynamic-load-provider>
|
||||
<load-metric type="cpu"/>
|
||||
</dynamic-load-provider>
|
||||
</proxy>
|
||||
</subsystem>
|
||||
{% endif %}
|
||||
<subsystem xmlns="urn:jboss:domain:naming:2.0">
|
||||
<remote-naming/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
|
||||
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:security:2.0">
|
||||
<security-domains>
|
||||
<security-domain name="other" cache-type="default">
|
||||
<authentication>
|
||||
<login-module code="Remoting" flag="optional">
|
||||
<module-option name="password-stacking" value="useFirstPass"/>
|
||||
</login-module>
|
||||
<login-module code="RealmDirect" flag="required">
|
||||
<module-option name="password-stacking" value="useFirstPass"/>
|
||||
</login-module>
|
||||
</authentication>
|
||||
</security-domain>
|
||||
<security-domain name="jboss-web-policy" cache-type="default">
|
||||
<authorization>
|
||||
<policy-module code="Delegating" flag="required"/>
|
||||
</authorization>
|
||||
</security-domain>
|
||||
<security-domain name="jaspitest" cache-type="default">
|
||||
<authentication-jaspi>
|
||||
<login-module-stack name="dummy">
|
||||
<login-module code="Dummy" flag="optional"/>
|
||||
</login-module-stack>
|
||||
<auth-module code="Dummy"/>
|
||||
</authentication-jaspi>
|
||||
</security-domain>
|
||||
<security-domain name="jboss-ejb-policy" cache-type="default">
|
||||
<authorization>
|
||||
<policy-module code="Delegating" flag="required"/>
|
||||
</authorization>
|
||||
</security-domain>
|
||||
</security-domains>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
|
||||
<deployment-permissions>
|
||||
<maximum-set>
|
||||
<permission class="java.security.AllPermission"/>
|
||||
</maximum-set>
|
||||
</deployment-permissions>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:6.0">
|
||||
<core-environment node-identifier="${jboss.tx.node.id:1}">
|
||||
<process-id>
|
||||
<uuid/>
|
||||
</process-id>
|
||||
</core-environment>
|
||||
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
|
||||
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<buffer-cache name="default"/>
|
||||
<server name="default-server">
|
||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
||||
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
|
||||
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
|
||||
<host name="default-host" alias="localhost">
|
||||
<location name="/" handler="welcome-content"/>
|
||||
<http-invoker security-realm="ApplicationRealm"/>
|
||||
</host>
|
||||
</server>
|
||||
<servlet-container name="default">
|
||||
<jsp-config/>
|
||||
<websockets/>
|
||||
</servlet-container>
|
||||
<handlers>
|
||||
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
|
||||
</handlers>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:weld:4.0"/>
|
||||
</profile>
|
||||
<interfaces>
|
||||
<interface name="management">
|
||||
@@ -603,9 +621,9 @@
|
||||
<socket-binding name="txn-recovery-environment" port="4712"/>
|
||||
<socket-binding name="txn-status-manager" port="4713"/>
|
||||
<outbound-socket-binding name="mail-smtp">
|
||||
<remote-destination host="localhost" port="25"/>
|
||||
<remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}"/>
|
||||
</outbound-socket-binding>
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
<outbound-socket-binding name="proxy1">
|
||||
<remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
|
||||
</outbound-socket-binding>
|
||||
|
||||
@@ -1,9 +1,10 @@
|
||||
---
|
||||
# vars file for keycloak
|
||||
|
||||
# administrator console password, this is a required variable
|
||||
# required variables for keycloak
|
||||
# administrator console password
|
||||
keycloak_admin_password:
|
||||
|
||||
# internal variables below
|
||||
|
||||
# locations
|
||||
keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
|
||||
keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
|
||||
@@ -16,12 +17,12 @@ keycloak_jdbc:
|
||||
xa_datasource_class: org.postgresql.xa.PGXADataSource
|
||||
driver_module_name: "org.postgresql"
|
||||
driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/postgresql/main"
|
||||
driver_version: 9.4.1212
|
||||
driver_jar_filename: "postgresql-9.4.1212.jar"
|
||||
driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/9.4.1212/postgresql-9.4.1212.jar"
|
||||
connection_url: "{{ postgres_jdbc_url }}"
|
||||
db_user: "{{ postgres_db_user }}"
|
||||
db_password: "{{ postgres_db_pass }}"
|
||||
driver_version: "{{ keycloak_jdbc_driver_version }}"
|
||||
driver_jar_filename: "postgresql-{{ keycloak_jdbc_driver_version }}.jar"
|
||||
driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/{{ keycloak_jdbc_driver_version }}/postgresql-{{ keycloak_jdbc_driver_version }}.jar"
|
||||
connection_url: "{{ keycloak_jdbc_url }}"
|
||||
db_user: "{{ keycloak_db_user }}"
|
||||
db_password: "{{ keycloak_db_pass }}"
|
||||
initialize_db: >
|
||||
CREATE TABLE IF NOT EXISTS JGROUPSPING (
|
||||
own_addr varchar(200) NOT NULL,
|
||||
@@ -35,12 +36,12 @@ keycloak_jdbc:
|
||||
xa_datasource_class: org.mariadb.jdbc.MySQLDataSource
|
||||
driver_module_name: "org.mariadb"
|
||||
driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/mariadb/main"
|
||||
driver_version: 2.7.4
|
||||
driver_jar_filename: "mariadb-java-client-2.7.4.jar"
|
||||
driver_jar_url: "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/2.7.4/mariadb-java-client-2.7.4.jar"
|
||||
connection_url: "{{ mariadb_jdbc_url }}"
|
||||
db_user: "{{ mariadb_db_user }}"
|
||||
db_password: "{{ mariadb_db_pass }}"
|
||||
driver_version: "{{ keycloak_jdbc_driver_version }}"
|
||||
driver_jar_filename: "mariadb-java-client-{{ keycloak_jdbc_driver_version }}.jar"
|
||||
driver_jar_url: "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/{{ keycloak_jdbc_driver_version }}/mariadb-java-client-{{ keycloak_jdbc_driver_version }}.jar"
|
||||
connection_url: "{{ keycloak_jdbc_url }}"
|
||||
db_user: "{{ keycloak_db_user }}"
|
||||
db_password: "{{ keycloak_db_pass }}"
|
||||
initialize_db: >
|
||||
CREATE TABLE IF NOT EXISTS JGROUPSPING (
|
||||
own_addr varchar(200) NOT NULL,
|
||||
@@ -54,6 +55,7 @@ keycloak_jdbc:
|
||||
keycloak_modcluster:
|
||||
enabled: "{{ keycloak_ha_enabled }}"
|
||||
reverse_proxy_url: "{{ keycloak_modcluster_url }}"
|
||||
frontend_url: "{{ keycloak_frontend_url }}"
|
||||
|
||||
# infinispan
|
||||
keycloak_remotecache:
|
||||
@@ -61,6 +63,8 @@ keycloak_remotecache:
|
||||
username: "{{ infinispan_user }}"
|
||||
password: "{{ infinispan_pass }}"
|
||||
realm: default
|
||||
sasl_mechanism: "{{ infinispan_sasl_mechanism }}"
|
||||
server_name: "{{ infinispan_url }}"
|
||||
trust_store_path: /path/to/jks/keystore
|
||||
trust_store_password: changeme
|
||||
use_ssl: "{{ infinispan_use_ssl }}"
|
||||
trust_store_path: "{{ infinispan_trust_store_path }}"
|
||||
trust_store_password: "{{ infinispan_trust_store_password }}"
|
||||
@@ -4,12 +4,6 @@ keycloak_realm
|
||||
Create realms and clients in [keycloak](https://keycloak.org/) or [Red Hat Single Sing-On](https://access.redhat.com/products/red-hat-single-sign-on) services.
|
||||
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
This role requires `python3-netaddr` library installed on the controller node.
|
||||
|
||||
|
||||
Role Defaults
|
||||
-------------
|
||||
|
||||
|
||||
Reference in New Issue
Block a user