Advanced Ansible role that manages Red Hat Single Sign-On instances.
Core implemented features in this role:
- dependencies installation
- red hat subscription manager
- multiple parallel versions and profile support
- download and patches apply
- jvm configuration
- configuration of the Red Hat JBoss EAP instances using the CLI
- cleanup after installation
This role is based on:
- https://github.com/Maarc/ansible_middleware_soe showing how to easily operate Red Hat JBoss middleware products using ansible role.
- https://github.com/Maarc/ansible-role-redhat-jboss-eap
- https://github.com/Maarc/ansible-role-redhat-jboss-common
- https://github.com/sabre1041/redhat-csp-download
This role has been tested on Ansible 2.7.2. It requires Red Hat Enterprise Linux 7 and a valid subscription.
There are no dependencies.
-
create a .vault with your secret.
-
create the file vars/rhn_credentials.yml with the following content of your redhat account. Example:
rhn_username: us3r
rhn_password: p@ss
rhn_poolid: a1b2-c3d4-e5f6-g7h8-i9j0k
- encrypt the file:
ansible-vault encrypt /etc/ansible/roles/ansible-redhat-single-sign-on/vars/rhn_credentials.yml --vault-password-file=/etc/ansible/roles/ansible-redhat-single-sign-on/.vault
ansible-playbook playbook.yml -vvv -k --vault-password-file /etc/ansible/roles/ansible-redhat-single-sign-on/.vault --flush-cache
PS. add --connection=local
if you're running into the same host.
Global configurations
Name | Default Value | Description |
---|---|---|
role_id |
ansible-redhat-single-sign-on |
Name of the role after download |
ansible_roles_path |
/etc/ansible/playbooks/roles |
Ansible roles directory |
subtasks_directory_path |
tasks/subtasks |
Role subtasks directory |
binaries_directory_path |
files |
Role binaries directory (for additional modules) |
Red Hat Single Sign-On configurations
Name | Default Value | Description |
---|---|---|
rhsso_artifact_version |
7.2.0 |
ID of base release of Red Hat Single Sign-On |
rhsso_artifact_url |
https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=55951&product=core.service.rhsso |
Download URL for Red Hat Single Sign-On |
rhsso_artifact_name |
rh-sso-{{ rhsso_artifact_version }}.zip |
Generated name of Red Hat Single Sign-On zip artifact |
rhsso_artifact_checksums |
Object.array(id, checksum) |
Dict [key:id, value:checksum] of red hat single sign-on base releases |
Red Hat Single Sign-On patches
Name | Default Value | Description |
---|---|---|
rhsso_apply_patches |
true |
Conditional for installing red hat single sign-on patches |
rhsso_remove_patches_after_install |
false |
Conditional for removing red hat single sign-on patches (after installation) |
rhsso_patches |
Object.array(id, url, filename, sha256checksum) |
Dict [id, url, filename, sha256checksum] of red hat single sign-on patches releases |
Red Hat Single Sign-On configurations
Name | Default Value | Description |
---|---|---|
general.install_dir |
/usr/share |
Red Hat Single Sign-On installation directory |
general.home_dir_name |
rh-sso-7.2 |
Red Hat Single Sign-On home name |
general.instance_name |
rh-sso |
Red Hat Single Sign-On service name |
general.download_dir |
/tmp |
Temporary folder for Red Hat Single Sign-On downloads |
jboss.console_admin_user |
jboss |
JBoss EAP admin console user |
jboss.console_admin_password |
jboss@123 |
JBoss EAP admin console password |
jboss.jgroups_user |
jbservice |
JBoss EAP jgroups cluster user |
jboss.jgroups_password |
jbservice |
JBoss EAP jgroups cluster user password |
jboss.keycloak_user |
admin |
Keycloak admin user |
jboss.keycloak_password |
jboss@123 |
Keycloak admin user password |
jboss.host_type |
master |
Jboss EAP host type: (master |
jboss.domain_master_address |
`` | Jboss EAP domain master ipv4 address |
owner.user |
`` | Red Hat Single Sign-On RHEL user |
owner.group |
`` | Red Hat Single Sign-On RHEL user group |
owner.group_id |
`` | Red Hat Single Sign-On RHEL user group id |
System configurations
Name | Default Value | Description |
---|---|---|
config.install_java |
true |
Conditional for installing jvm |
config.install_rhsm |
true |
Conditional for subscribing to Red Hat Subscription Manager |
config.install_jdbc_oracle |
true |
Conditional for installing Oracle DBMS module (files/ojdb8.jar) |
config.timezone_main |
America/Sao_Paulo |
JBoss EAP timezone |
config.timezone_language |
pt |
JBoss EAP timezone language |
config.timezone_country |
BR |
JBoss EAP timezone country |
config.inet-address-range |
192.168.100.0/24 |
Network interface CIDR that will match the host ip address, Ex: 192.168.100. (in case your host have more than one default network addresses). Must set config.inet-address-range-ignore to false |
config.inet-address-range-ignore |
true |
Ignore config.inet-address-range configuration and use the ansible provided ansible_default_ipv4.address |
JVM configurations
Name | Default Value | Description |
---|---|---|
jvm_pkg_name |
java-1.8.0-openjdk-devel |
Name of JVM package to be installed |
jvm_java_opts |
`` | Additional JVM opts (see tasks/03__download_and_install.yml) |
jvm_xmx |
1024M |
-Xmx |
jvm_xms |
1024M |
-Xms |
compressedClassSpaceSize |
512M |
-XX:CompressedClassSpaceSize |
metaspaceSize |
256M |
-XX:MetaspaceSize |
maxMetaspaceSize |
512M |
-XX:MaxMetaspaceSize |
Infinispan configurations
Name | Default Value | Description |
---|---|---|
owners_sessions |
1 |
Total amount of owners of sessions cache |
owners_authenticationsessions |
1 |
Total amount of owners of authenticationSessions cache |
owners_offlinesessions |
1 |
Total amount of owners of offlineSessions cache |
owners_clientsessions |
1 |
Total amount of owners of clientSessions cache |
owners_offlineclientsessions |
1 |
Total amount of owners of offlineClientSessions cache |
owners_loginfailures |
1 |
Total amount of owners of loginFailures cache |
owners_actiontokens |
2 |
Total amount of owners of actionTokens cache |
cache_realms_max_entries |
10000 |
Total max-entries of realms cache |
cache_users_max_entries |
10000 |
Total max-entries of users cache |
cache_authorization_max_entries |
10000 |
Total max-entries of authorization cache |
cache_keys_max_entries |
1000 |
Total max-entries of keys cache |
cache_actiontokens_max_entries |
-1 |
Total max-entries of actionTokens cache |
Usage of CLI files for the JBoss EAP configuration
Name | Default Value | Description |
---|---|---|
cli_list |
{ } |
List of CLI files to be used for the configuration |
cli_dir |
empty | Local directory containing the CLI files in cli_list. Mandatory if cli_list is not empty |
Here is a playbook creating two JBoss EAP instances on every host in "jboss-master" and "jboss-slave":
vim /etc/ansible/playbooks/playbook.yml
---
- name: install and configure Red Hat Single Sign-On master
hosts: host-master
remote_user: root
vars:
role_id: ansible-redhat-single-sign-on
ansible_roles_path: /etc/ansible/roles
rhsso_apply_patches: true
rhsso_remove_patches_after_install: false
jboss:
console_admin_user: jboss
console_admin_password: jboss@123
jgroups_user: jbservice
jgroups_password: jboss@123
keycloak_user: admin
keycloak_password: jboss@123
host_type: master
config:
install_java: true
install_rhsm: true
install_jdbc_oracle: true
timezone_main: "America/Sao_Paulo"
timezone_language: pt
timezone_country: BR
jvm_xmx: "1024M"
jvm_xms: "1024M"
compressedClassSpaceSize: "512M"
metaspaceSize: "256M"
maxMetaspaceSize: "512M"
roles:
- role: ansible-redhat-single-sign-on
- name: install and configure Red Hat Single Sign-On slave
hosts: host-slave
remote_user: root
vars:
role_id: ansible-redhat-single-sign-on
ansible_roles_path: /etc/ansible/roles
rhsso_apply_patches: true
rhsso_remove_patches_after_install: false
jboss:
console_admin_user: jboss
console_admin_password: jboss@123
jgroups_user: jbservice
jgroups_password: jboss@123
keycloak_user: admin
keycloak_password: jboss@123
host_type: slave
domain_master_address: "192.168.10.81"
config:
install_java: true
install_rhsm: true
install_jdbc_oracle: true
timezone_main: "America/Sao_Paulo"
timezone_language: pt
timezone_country: BR
jvm_xmx: "1024M"
jvm_xms: "1024M"
compressedClassSpaceSize: "512M"
metaspaceSize: "256M"
maxMetaspaceSize: "512M"
roles:
- role: ansible-redhat-single-sign-on
PS. If your're in OSX, you maybe need to create the default installation structure at:
$ brew install ansible
mkdir /etc/ansible
mkdir /etc/ansible/playbooks
mkdir /etc/ansible/roles
touch /etc/ansible/ansible.cfg
touch /etc/ansible/hosts
change ansible.cfg
defaults:
[defaults]
inventory = /etc/ansible/hosts
You can download an configuration example here:
https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg
defaults/main.yml
centralize the default variables that could be overriddentasks/main.yml
coordinate the execution of the different taskstasks/00__check_required_variables.yml
validate required variables to be set.tasks/01__subscribe_rhsm.yml
subscribe the host using Red Hat Subscription Manager (requires a valid user account and pool-id).tasks/02__install_dependencies.yml
install required tools like python, lsof and nmaptasks/03__download_and_install.yml
perform the Red Hat Single Sign-On download and configurationtasks/04__download_patches_and_checksum.yml
perform the Red Hat Single Sign-On patches download and checksumtasks/05__apply_patches.yml
perform the Red Hat Single Sign-On patches installationtasks/06__execute_cli_files.yml
perform the Red Hat Single Sign-On additional cli files installation (TODO)tasks/07__clean_up.yml
perform clean up of the environmenttasks/08__start_servers.yml
perform servers startupvars/main.yml
centralize some convenience variables that should not be overridden
check
Check all required variablespreinstall
Execute pre-installation tasksinstall
Execute installation taskspatches
Execute patch installation taskscli
Execute cli taskscleanup
Execute cleanup taskspostinstall
Execute post-installation tasks