mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2026-03-29 23:03:03 +00:00
Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
57f2472283 | ||
|
|
c32b95898c | ||
|
|
0105924ec6 | ||
|
249754f5f5 | ||
|
c78aaece81 | ||
|
|
f748cf92b0 | ||
|
|
00e6b3601b | ||
|
|
4cb021fe2c | ||
|
|
eb849021a9 | ||
|
2ccfc07f5d | ||
|
|
c7e88e7cc2 | ||
|
|
b5d2e9e236 |
52
README.md
52
README.md
@@ -13,7 +13,7 @@ This collection has been tested against following Ansible versions: **>=2.9.10**
|
||||
Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.
|
||||
<!--end requires_ansible-->
|
||||
|
||||
## Installation and Usage
|
||||
## Installation
|
||||
|
||||
### Installing the Collection from Ansible Galaxy
|
||||
|
||||
@@ -29,6 +29,10 @@ collections:
|
||||
- name: middleware_automation.keycloak
|
||||
```
|
||||
|
||||
### Install Playbook
|
||||
|
||||
`playbooks/keycloak.yml` installs the keycloak or Red Hat Single Sign-On based on the defined variables.
|
||||
|
||||
### Choosing between Red Hat products and upstream project
|
||||
|
||||
The roles supports installing Red Hat Single Sign-On from the Customer Portal, when the following variables are defined:
|
||||
@@ -41,12 +45,52 @@ rhsso_rhn_id: '<sso_product_id>'
|
||||
|
||||
where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_)
|
||||
|
||||
### Install role
|
||||
|
||||
## Included roles
|
||||
* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service. _Requires: python3-netaddr_
|
||||
|
||||
* [`keycloak`](https://github.com/ansible-middleware/keycloak/roles/keycloak/REAME.md): role for installing the service. _Requires: python3-netaddr_
|
||||
* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/roles/keycloak_realm/REAME.md): role for configuring a realm, with clients and users, in an installed service.
|
||||
### Example installation command
|
||||
|
||||
Execute the following command from the source root directory
|
||||
|
||||
```
|
||||
ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme>
|
||||
```
|
||||
|
||||
- `keycloak_admin_password` Password for the administration console user account.
|
||||
- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost
|
||||
|
||||
```
|
||||
[keycloak]
|
||||
localhost ansible_connection=local
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
### Config Playbook
|
||||
|
||||
`playbooks/keycloak-realm.yml` creates provided realm, client(s), client role(s) and client user(s) if they don't exist.
|
||||
|
||||
### Config role
|
||||
|
||||
* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, with clients and users, in an installed service.
|
||||
|
||||
### Example configuration command
|
||||
|
||||
Execute the following command from the source root directory
|
||||
|
||||
```
|
||||
ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
|
||||
```
|
||||
|
||||
- `keycloak_admin_password` password for the administration console user account.
|
||||
- `keycloak_realm` name of the realm to be created/used.
|
||||
- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost
|
||||
|
||||
```
|
||||
[keycloak]
|
||||
localhost ansible_connection=local
|
||||
```
|
||||
|
||||
## License
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
namespace: middleware_automation
|
||||
name: keycloak
|
||||
version: "0.1.3"
|
||||
version: "0.1.4"
|
||||
readme: README.md
|
||||
authors:
|
||||
- Romain Pelisse <rpelisse@redhat.com>
|
||||
|
||||
27
playbooks/keycloak-realm.yml
Normal file
27
playbooks/keycloak-realm.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
- name: Playbook for Keycloak Hosts
|
||||
hosts: keycloak
|
||||
tasks:
|
||||
- name: Keycloak Realm Role
|
||||
include_role:
|
||||
name: keycloak_realm
|
||||
vars:
|
||||
keycloak_admin_password: "changeme"
|
||||
keycloak_realm: TestRealm
|
||||
keycloak_clients:
|
||||
- name: TestClient1
|
||||
roles:
|
||||
- TestClient1Admin
|
||||
- TestClient1User
|
||||
realm: "{{ keycloak_realm }}"
|
||||
public_client: True
|
||||
web_origins:
|
||||
- http://testclient1origin/application
|
||||
- http://testclient1origin/other
|
||||
users:
|
||||
- username: TestUser
|
||||
password: password
|
||||
client_roles:
|
||||
- client: TestClient1
|
||||
role: TestClient1User
|
||||
realm: "{{ keycloak_realm }}"
|
||||
@@ -10,27 +10,4 @@
|
||||
include_role:
|
||||
name: keycloak
|
||||
vars:
|
||||
keycloak_admin_password: "changeme"
|
||||
- name: Keycloak Realm Role
|
||||
include_role:
|
||||
name: keycloak_realm
|
||||
vars:
|
||||
keycloak_admin_password: "changeme"
|
||||
keycloak_realm: TestRealm
|
||||
keycloak_clients:
|
||||
- name: TestClient1
|
||||
roles:
|
||||
- TestClient1Admin
|
||||
- TestClient1User
|
||||
realm: "{{ keycloak_realm }}"
|
||||
public_client: True
|
||||
web_origins:
|
||||
- http://testclient1origin/application
|
||||
- http://testclient1origin/other
|
||||
users:
|
||||
- username: TestUser
|
||||
password: password
|
||||
client_roles:
|
||||
- client: TestClient1
|
||||
role: TestClient1User
|
||||
realm: "{{ keycloak_realm }}"
|
||||
keycloak_admin_password: "changeme"
|
||||
1
playbooks/roles
Symbolic link
1
playbooks/roles
Symbolic link
@@ -0,0 +1 @@
|
||||
../roles
|
||||
@@ -1,6 +1,6 @@
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
|
||||
<server xmlns="urn:jboss:domain:16.0">
|
||||
<server xmlns="urn:jboss:domain:10.0">
|
||||
<extensions>
|
||||
<extension module="org.jboss.as.clustering.infinispan"/>
|
||||
<extension module="org.jboss.as.clustering.jgroups"/>
|
||||
@@ -23,9 +23,10 @@
|
||||
<extension module="org.wildfly.extension.bean-validation"/>
|
||||
<extension module="org.wildfly.extension.core-management"/>
|
||||
<extension module="org.wildfly.extension.elytron"/>
|
||||
<extension module="org.wildfly.extension.health"/>
|
||||
<extension module="org.wildfly.extension.io"/>
|
||||
<extension module="org.wildfly.extension.metrics"/>
|
||||
<extension module="org.wildfly.extension.microprofile.config-smallrye"/>
|
||||
<extension module="org.wildfly.extension.microprofile.health-smallrye"/>
|
||||
<extension module="org.wildfly.extension.microprofile.metrics-smallrye"/>
|
||||
<extension module="org.wildfly.extension.request-controller"/>
|
||||
<extension module="org.wildfly.extension.security.manager"/>
|
||||
<extension module="org.wildfly.extension.undertow"/>
|
||||
@@ -141,7 +142,7 @@
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:core-management:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
|
||||
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
|
||||
<datasources>
|
||||
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
|
||||
@@ -187,7 +188,7 @@
|
||||
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
|
||||
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ee:6.0">
|
||||
<subsystem xmlns="urn:jboss:domain:ee:4.0">
|
||||
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
|
||||
<concurrent>
|
||||
<context-services>
|
||||
@@ -197,15 +198,15 @@
|
||||
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
|
||||
</managed-thread-factories>
|
||||
<managed-executor-services>
|
||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="5000"/>
|
||||
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
|
||||
</managed-executor-services>
|
||||
<managed-scheduled-executor-services>
|
||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-termination-period="0" hung-task-threshold="60000" keepalive-time="3000"/>
|
||||
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
|
||||
</managed-scheduled-executor-services>
|
||||
</concurrent>
|
||||
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:ejb3:9.0">
|
||||
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
|
||||
<session-bean>
|
||||
<stateless>
|
||||
<bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
|
||||
@@ -232,7 +233,7 @@
|
||||
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
|
||||
</data-stores>
|
||||
</timer-service>
|
||||
<remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
|
||||
<remote cluster="ejb" connector-ref="http-remoting-connector" thread-pool-name="default">
|
||||
<channel-creation-options>
|
||||
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting"/>
|
||||
</channel-creation-options>
|
||||
@@ -248,7 +249,7 @@
|
||||
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<log-system-exceptions value="true"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
||||
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
|
||||
<providers>
|
||||
<aggregate-providers name="combined-providers">
|
||||
<providers name="elytron"/>
|
||||
@@ -357,7 +358,7 @@
|
||||
</key-store>
|
||||
</key-stores>
|
||||
<key-managers>
|
||||
<key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
|
||||
<key-manager name="applicationKM" key-store="applicationKS">
|
||||
<credential-reference clear-text="password"/>
|
||||
</key-manager>
|
||||
</key-managers>
|
||||
@@ -366,22 +367,21 @@
|
||||
</server-ssl-contexts>
|
||||
</tls>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:health:1.0" security-enabled="false"/>
|
||||
<subsystem xmlns="urn:jboss:domain:infinispan:12.0">
|
||||
<cache-container name="ejb" default-cache="passivation" aliases="sfsb" modules="org.wildfly.clustering.ejb.infinispan">
|
||||
<subsystem xmlns="urn:jboss:domain:infinispan:9.0">
|
||||
<cache-container name="ejb" default-cache="passivation" aliases="sfsb" module="org.wildfly.clustering.ejb.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
<file-store passivation="true" purge="false"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="keycloak" modules="org.keycloak.keycloak-model-infinispan">
|
||||
<cache-container name="keycloak" module="org.keycloak.keycloak-model-infinispan">
|
||||
<transport lock-timeout="60000"/>
|
||||
<local-cache name="realms">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="users">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="authenticationSessions"/>
|
||||
{% for cachename in [ "sessions", "offlineSessions", "clientSessions", "offlineClientSessions", "loginFailures", "actionTokens" ] %}
|
||||
@@ -433,19 +433,19 @@
|
||||
</remote-store>
|
||||
</replicated-cache>
|
||||
<local-cache name="authorization">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
</local-cache>
|
||||
<local-cache name="keys">
|
||||
<heap-memory size="1000"/>
|
||||
<object-memory size="1000"/>
|
||||
<expiration max-idle="3600000"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="server" default-cache="default" modules="org.wildfly.clustering.server">
|
||||
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
|
||||
<local-cache name="default">
|
||||
<transaction mode="BATCH"/>
|
||||
</local-cache>
|
||||
</cache-container>
|
||||
<cache-container name="web" default-cache="passivation" modules="org.wildfly.clustering.web.infinispan">
|
||||
<cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
|
||||
<local-cache name="passivation">
|
||||
<locking isolation="REPEATABLE_READ"/>
|
||||
<transaction mode="BATCH"/>
|
||||
@@ -457,13 +457,13 @@
|
||||
</local-cache>
|
||||
<local-cache name="routing"/>
|
||||
</cache-container>
|
||||
<cache-container name="hibernate" modules="org.infinispan.hibernate-cache">
|
||||
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
|
||||
<local-cache name="entity">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="local-query">
|
||||
<heap-memory size="10000"/>
|
||||
<object-memory size="10000"/>
|
||||
<expiration max-idle="100000"/>
|
||||
</local-cache>
|
||||
<local-cache name="timestamps"/>
|
||||
@@ -473,7 +473,7 @@
|
||||
<worker name="default"/>
|
||||
<buffer-pool name="default"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
|
||||
<subsystem xmlns="urn:jboss:domain:jca:5.0">
|
||||
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
|
||||
<bean-validation enabled="true"/>
|
||||
@@ -493,7 +493,7 @@
|
||||
</default-workmanager>
|
||||
<cached-connection-manager/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jgroups:8.0">
|
||||
<subsystem xmlns="urn:jboss:domain:jgroups:7.0">
|
||||
<channels default="ee">
|
||||
<channel name="ee" stack="tcp" cluster="ejb"/>
|
||||
</channels>
|
||||
@@ -530,7 +530,7 @@
|
||||
<remoting-connector/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
|
||||
<jpa default-extended-persistence-inheritance="DEEP"/>
|
||||
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
|
||||
<web-context>auth</web-context>
|
||||
@@ -612,12 +612,11 @@
|
||||
</provider>
|
||||
</spi>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:mail:4.0">
|
||||
<subsystem xmlns="urn:jboss:domain:mail:3.0">
|
||||
<mail-session name="default" jndi-name="java:jboss/mail/Default">
|
||||
<smtp-server outbound-socket-binding-ref="mail-smtp"/>
|
||||
</mail-session>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:wildfly:metrics:1.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:jboss}"/>
|
||||
{% if keycloak_modcluster.enabled %}
|
||||
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
|
||||
<proxy name="default" advertise-socket="modcluster" listener="ajp" proxies="proxy1">
|
||||
@@ -673,7 +672,7 @@
|
||||
</maximum-set>
|
||||
</deployment-permissions>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:6.0">
|
||||
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
|
||||
<core-environment node-identifier="{{ inventory_hostname | default('${jboss.tx.node.id:1}') }}">
|
||||
<process-id>
|
||||
<uuid/>
|
||||
@@ -683,7 +682,7 @@
|
||||
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
|
||||
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
|
||||
</subsystem>
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
|
||||
<buffer-cache name="default"/>
|
||||
<server name="default-server">
|
||||
<ajp-listener name="ajp" socket-binding="ajp"/>
|
||||
|
||||
Reference in New Issue
Block a user