Ansible role that installs, configures and manages KeyCloak.
To
keycloak_java_opts: "-Xms1024m -Xmx20480m -XX:MaxPermSize=768m -Dkeycloak.frontendUrl=https://{{ hosts_domain }}/auth"
Using keycloak_files
you can configure / download various files. See Example Play. This dict demonstrates three use cases:
- Creation of
profile.properties
which allows features to be enabled / disabled. - Creation / configuration of KeyCloak module
modules/system/layers/keycloak/org/postgresql
consisting of 1) download of JDBC client jar file, 2) creation ofmodule.xml
and configuration ofdatasources
instandalone.xml
.
Example below uses a number of roles from C2Platform Core Collection.
Example below installs a KeyCloak standalone server which uses a PostgreSQL database. The database and user is created by the role by providing the inventory_hostname
of the database server via keycloak_database_inventory_hostname
. Using keycloak_files
a number the profile.properties
is created and database is configured.
---
- name: KeyCloak
hosts: keycloak
become: yes
roles:
- { role: c2platform.core.common, tags: ["common"] }
- { role: c2platform.core.java, tags: ["java"] }
- { role: c2platform.core.postgresql_client, tags: ["database"] }
- { role: c2platform.keycloak, tags: ["keycloak"] }
vars:
postgresql_client_version: 10
java_version: openjdk-11-jdk
keycloak_jdbc_jar: postgresql-42.3.0.jar
keycloak_database_host: "{{ c2_keycloak_database_host }}"
keycloak_database_inventory_hostname: "{{ groups['database'][0] }}"
c2_keycloak_jdbc_module: org.postgresql
c2_keycloak_jdbc_xml:
datasource-example: | # required
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
datasource: |
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>{{ keycloak_database_jdbc_url }}</connection-url>
<driver>postgresql</driver>
<pool>
<max-pool-size>20</max-pool-size>
</pool>
<security>
<user-name>{{ keycloak_database_username }}</user-name>
<password>{{ keycloak_database_password }}</password>
</security>
</datasource>
drivers: |
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
<driver name="postgresql" module="{{ c2_keycloak_jdbc_module }}">
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
</driver>
</drivers>
keycloak_files:
features:
- dest: "{{ keycloak_home_version }}/standalone/configuration/profile.properties"
content: |
feature.account2=enabled
feature.account_api=enabled
feature.admin_fine_grained_authz=disabled
feature.ciba=enabled
feature.client_policies=enabled
feature.par=enabled
feature.declarative_user_profile=disabled
feature.docker=disabled
feature.impersonation=enabled
feature.openshift_integration=disabled
feature.scripts=disabled
feature.token_exchange=disabled
feature.upload_scripts=disabled
feature.web_authn=enabled
notify: keycloak-systemctl-restart
jdbc-postgresql:
- dest: "{{ keycloak_home_version }}/modules/system/layers/keycloak/org/postgresql/main/{{ keycloak_jdbc_jar }}"
src: "https://jdbc.postgresql.org/download/{{ keycloak_jdbc_jar }}"
notify: keycloak-systemctl-restart
- dest: "{{ keycloak_home_version }}/modules/system/layers/keycloak/org/postgresql/main/module.xml"
content: |
<?xml version="1.0" ?>
<module xmlns="urn:jboss:module:1.3" name="{{ c2_keycloak_jdbc_module }}">
<resources>
<resource-root path="{{ keycloak_jdbc_jar }}"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
</module>
notify: keycloak-systemctl-restart
- dest: "{{ keycloak_home_version }}/standalone/configuration/standalone.xml"
xpath: //*[name()='datasources']
set_children:
- "{{ c2_keycloak_jdbc_xml['datasource-example'] }}"
- "{{ c2_keycloak_jdbc_xml['datasource'] }}"
- "{{ c2_keycloak_jdbc_xml['drivers'] }}"
notify: keycloak-systemctl-restart