Ansible role to install and configure Keycloak identity service.
Building and improving this Ansible role have been sponsored by my current and previous employers like Cloudpunks GmbH and Proact Deutschland GmbH.
- Requirements
- Default Variables
- keycloak_cache_owners_auth_sessions_count
- keycloak_cache_owners_count
- keycloak_command
- keycloak_container_extensions_path
- keycloak_container_scripts_path
- keycloak_container_themes_path
- keycloak_cpu_shares
- keycloak_database_addresses
- keycloak_database_connection
- keycloak_database_name
- keycloak_database_password
- keycloak_database_schema
- keycloak_database_type
- keycloak_database_username
- keycloak_default_extensions
- keycloak_default_folders
- keycloak_default_labels
- keycloak_default_publish
- keycloak_default_startups
- keycloak_default_themes
- keycloak_default_volumes
- keycloak_extensions_path
- keycloak_extra_environment
- keycloak_extra_extensions
- keycloak_extra_folders
- keycloak_extra_labels
- keycloak_extra_publish
- keycloak_extra_startups
- keycloak_extra_themes
- keycloak_extra_volumes
- keycloak_general_environment
- keycloak_group
- keycloak_hostname
- keycloak_http_relative_path
- keycloak_image
- keycloak_jgroups_discovery_enabled
- keycloak_jgroups_discovery_external_ip
- keycloak_jgroups_discovery_properties
- keycloak_jgroups_discovery_protocol
- keycloak_legacy_startups
- keycloak_loglevel
- keycloak_memory_limit
- keycloak_memory_soft_limit
- keycloak_memory_swap
- keycloak_metrics_extension_version
- keycloak_network
- keycloak_number_of_cpus
- keycloak_password
- keycloak_proxy_address_forwarding
- keycloak_pull_image
- keycloak_shell
- keycloak_startups_path
- keycloak_themes_path
- keycloak_url
- keycloak_user
- keycloak_username
- keycloak_version
- Discovered Tags
- Dependencies
- License
- Author
- Minimum Ansible version:
2.10
Cache owners auth sessions count
keycloak_cache_owners_auth_sessions_count: 1
Cache owners count
keycloak_cache_owners_count: 1
Command to pass to Keycloak container
keycloak_command: "{{ 'start-dev' if keycloak_version is version('20.0.0', '>=') else
'' }}"
Path for providers within the container
keycloak_container_extensions_path: "{{ '/opt/keycloak/providers' if keycloak_version
is version('20.0.0', '>=') else '/opt/jboss/keycloak/providers' }}"
Path for startup scripts within the container
keycloak_container_scripts_path: /opt/jboss/startup-scripts
Path for themes within the container
keycloak_container_themes_path: "{{ '/opt/keycloak/themes' if keycloak_version is
version('20.0.0', '>=') else '/opt/jboss/keycloak/themes' }}"
CPU shares with Docker deployment
keycloak_cpu_shares:
keycloak_cpu_shares: '512'
List of database server addresses
keycloak_database_addresses: []
keycloak_database_addresses:
- host1
- host2
- host3
Database connectiony type for clustered databases
keycloak_database_connection:
Database name
keycloak_database_name: keycloak
Password for database connection
keycloak_database_password:
Database schema used for PostgreSQL
keycloak_database_schema:
Database driver
keycloak_database_type: mariadb
Username for database connection
keycloak_database_username:
List of default extensions
keycloak_default_extensions:
- name: keycloak-metrics-spi.jar
state: absent
- name: keycloak-metrics-spi-{{ keycloak_metrics_extension_version }}.jar
url: https://github.com/aerogear/keycloak-metrics-spi/releases/download/{{ keycloak_metrics_extension_version
}}/keycloak-metrics-spi-{{ keycloak_metrics_extension_version }}.jar
keycloak_default_extensions:
- name: example-from-url
url: http://example.com/example.jar
- name: example-to-remove
state: absent
List of default folders to create
keycloak_default_folders:
- /usr/share/keycloak
List of default labels to assign to docker command
keycloak_default_labels: []
List of default port publishing
keycloak_default_publish: []
keycloak_default_publish:
- 127.0.0.1:9090:9090
List of default startup scripts
keycloak_default_startups: "{{ [] if keycloak_version is version('20.0.0', '>=') else
keycloak_legacy_startups }}"
keycloak_default_startups:
- name: example
content: |
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
run-batch
stop-embedded-server
- name: example-from-url
url: http://example.com/example.yml
- name: example-from-file
src: path/to/file.j2
- name: example-from-template
ansible.builtin.template: path/to/template.j2
- name: example-to-remove
state: absent
List of default themes
keycloak_default_themes: []
keycloak_default_themes:
- name: example-from-url
url: http://example.com/example.tar.gz
- name: example-to-remove
state: absent
List of default volumes to mount
keycloak_default_volumes: []
Path to store extensions
keycloak_extensions_path: /usr/share/keycloak/extensions
List of extra environment variables
keycloak_extra_environment: []
keycloak_extra_environment:
- name: EXAMPLE1
value: dummy1
- name: EXAMPLE2
value: dummy2
- name: EXAMPLE3
value: dummy3
List of extra extensions
keycloak_extra_extensions: []
keycloak_extra_extensions:
- name: example-from-url
url: http://example.com/example.jar
- name: example-to-remove
state: absent
List of extra folders to create
keycloak_extra_folders: []
keycloak_extra_folders:
- /path/to/host/folder1
- /path/to/host/folder2
- /path/to/host/folder3
List of extra labels to assign to docker command
keycloak_extra_labels: []
List of extra port publishing
keycloak_extra_publish: []
keycloak_extra_publish:
- 8090:8090
- 127.0.0.1:9000:9000
List of extra startup scripts
keycloak_extra_startups: []
List of extra themes
keycloak_extra_themes: []
keycloak_extra_themes:
- name: example-from-url
url: http://example.com/example.tar.gz
- name: example-to-remove
state: absent
List of extra volumes to mount
keycloak_extra_volumes: []
keycloak_extra_volumes:
- /path/to/host/folder1:/path/within/container1
- /path/to/host/folder2:/path/within/container2
- /path/to/host/folder3:/path/within/container3
List of general environment variables
keycloak_general_environment: []
keycloak_general_environment:
- key: EXAMPLE1
value: dummy1
- key: EXAMPLE2
value: dummy2
- key: EXAMPLE3
value: dummy3
Group to create for container usage
keycloak_group: keycloak
Hostname for Keycloak
keycloak_hostname:
Relative path to Keycloak
keycloak_http_relative_path:
Docker image to use for deployment
keycloak_image: quay.io/keycloak/keycloak:{{ keycloak_version }}
Enable jgroups discovery
keycloak_jgroups_discovery_enabled: false
External IP used for jgroups discovery
keycloak_jgroups_discovery_external_ip:
Additional properties for jgroups discovery
keycloak_jgroups_discovery_properties:
Protocol used for jgroups discovery
keycloak_jgroups_discovery_protocol:
List of startup scripts befor 20.0.0
keycloak_legacy_startups:
- name: keycloak
ansible.builtin.template: keycloak.j2
Logging level for the instance
keycloak_loglevel: INFO
Memory limit with Docker deployment
keycloak_memory_limit:
keycloak_memory_limit: 1024m
Soft memory limit with Docker deployment
keycloak_memory_soft_limit:
keycloak_memory_soft_limit: 512m
Swap usage with Docker deployment
keycloak_memory_swap:
keycloak_memory_swap: 2048m
Version of the metrics extension to install
keycloak_metrics_extension_version: 5.0.0
Optionally assign this Docker network to container
keycloak_network:
Number of CPUs with Docker deployment
keycloak_number_of_cpus:
keycloak_number_of_cpus: '1.0'
Password for master realm access
keycloak_password:
Enable proxy address forwarding
keycloak_proxy_address_forwarding: true
Pull image as part of the tasks
keycloak_pull_image: true
Shell of the Keycloak user
keycloak_shell: /usr/sbin/nologin
Path to store startup scripts
keycloak_startups_path: /usr/share/keycloak/startups
keycloak_startups_path:
- name: example
content: |
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
run-batch
stop-embedded-server
- name: example-from-url
url: http://example.com/example.yml
- name: example-from-file
src: path/to/file.j2
- name: example-from-template
ansible.builtin.template: path/to/template.j2
- name: example-to-remove
state: absent
Path to store themes
keycloak_themes_path: /usr/share/keycloak/themes
URL for external access
keycloak_url:
keycloak_url: datasource_jndi_name=java:jboss/datasources/KeycloakDS
User to create for container usage
keycloak_user: keycloak
Username for master realm access
keycloak_username:
Version of keycloak to use
keycloak_version: 26.1.0
keycloak
Apache-2.0