ansible-middleware / keycloak Goto Github PK
View Code? Open in Web Editor NEWCollection to install and configure Keycloak or Red Hat Single Sign-On / Red Hat Build of Keycloak
License: Apache License 2.0
Collection to install and configure Keycloak or Red Hat Single Sign-On / Red Hat Build of Keycloak
License: Apache License 2.0
When a cluster of keycloaks is installed for the first time, liquibase needs to be run for initializing the database.
Even if a dblock is in the jpa configuration, the nodes of clusters that are started at the same time, concurrently
try to perform the database update, resulting in errors. Current workaround is to have playbook run with
serial:
- 1
- 100%
which will run the full playbook on the first host, and then run again on remaining nodes.
Improvement is needed to check database state before starting the service, and in case an update is needed,
only serialize the startup of instances (along with the wait task to let the database update terminate), not the whole play.
Cf. Title
ansible --version
ansible [core 2.14.5]
config file = /etc/ansible/ansible.cfg
configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = ~/.local/lib/python3.10/site-packages/ansible
ansible collection location = ~/.ansible/collections:/usr/share/ansible/collections
executable location = ~/.local/bin/ansible
python version = 3.10.6 (main, Mar 10 2023, 10:55:28) [GCC 11.3.0] (/usr/bin/python3)
jinja version = 3.0.3
libyaml = True
~/.local/lib/python3.10/site-packages/ansible_collections
Collection Version
----------------------------- -------
amazon.aws 5.4.0
ansible.netcommon 4.1.0
ansible.posix 1.5.2
ansible.utils 2.9.0
ansible.windows 1.13.0
arista.eos 6.0.1
awx.awx 21.14.0
azure.azcollection 1.15.0
check_point.mgmt 4.0.0
chocolatey.chocolatey 1.4.0
cisco.aci 2.6.0
cisco.asa 4.0.0
cisco.dnac 6.7.1
cisco.intersight 1.0.27
cisco.ios 4.5.0
cisco.iosxr 4.1.0
cisco.ise 2.5.12
cisco.meraki 2.15.1
cisco.mso 2.4.0
cisco.nso 1.0.3
cisco.nxos 4.3.0
cisco.ucs 1.8.0
cloud.common 2.1.3
cloudscale_ch.cloud 2.2.4
community.aws 5.4.0
community.azure 2.0.0
community.ciscosmb 1.0.5
community.crypto 2.12.0
community.digitalocean 1.23.0
community.dns 2.5.3
community.docker 3.4.3
community.fortios 1.0.0
community.general 6.6.0
community.google 1.0.0
community.grafana 1.5.4
community.hashi_vault 4.2.0
community.hrobot 1.8.0
community.libvirt 1.2.0
community.mongodb 1.5.2
community.mysql 3.6.0
community.network 5.0.0
community.okd 2.3.0
community.postgresql 2.3.2
community.proxysql 1.5.1
community.rabbitmq 1.2.3
community.routeros 2.8.0
community.sap 1.0.0
community.sap_libs 1.4.1
community.skydive 1.0.0
community.sops 1.6.1
community.vmware 3.5.0
community.windows 1.12.0
community.zabbix 1.9.3
containers.podman 1.10.1
cyberark.conjur 1.2.0
cyberark.pas 1.0.17
dellemc.enterprise_sonic 2.0.0
dellemc.openmanage 6.3.0
dellemc.os10 1.1.1
dellemc.os6 1.0.7
dellemc.os9 1.0.4
dellemc.powerflex 1.6.0
dellemc.unity 1.6.0
f5networks.f5_modules 1.23.0
fortinet.fortimanager 2.1.7
fortinet.fortios 2.2.3
frr.frr 2.0.2
gluster.gluster 1.0.2
google.cloud 1.1.3
grafana.grafana 1.1.1
hetzner.hcloud 1.11.0
hpe.nimble 1.1.4
ibm.qradar 2.1.0
ibm.spectrum_virtualize 1.11.0
infinidat.infinibox 1.3.12
infoblox.nios_modules 1.4.1
inspur.ispim 1.3.0
inspur.sm 2.3.0
junipernetworks.junos 4.1.0
kubernetes.core 2.4.0
lowlydba.sqlserver 1.3.1
mellanox.onyx 1.0.0
microsoft.ad 1.0.0
netapp.aws 21.7.0
netapp.azure 21.10.0
netapp.cloudmanager 21.22.0
netapp.elementsw 21.7.0
netapp.ontap 22.5.0
netapp.storagegrid 21.11.1
netapp.um_info 21.8.0
netapp_eseries.santricity 1.4.0
netbox.netbox 3.12.0
ngine_io.cloudstack 2.3.0
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.3
openstack.cloud 1.10.0
openvswitch.openvswitch 2.1.0
ovirt.ovirt 2.4.1
purestorage.flasharray 1.17.2
purestorage.flashblade 1.11.0
purestorage.fusion 1.4.2
sensu.sensu_go 1.13.2
splunk.es 2.1.0
t_systems_mms.icinga_director 1.32.2
theforeman.foreman 3.10.0
vmware.vmware_rest 2.3.1
vultr.cloud 1.7.0
vyos.vyos 4.0.2
wti.remote 1.0.4
# ~/.ansible/collections/ansible_collections
Collection Version
------------------------------ -------
ansible.posix 1.5.2
middleware_automation.common 1.1.0
middleware_automation.keycloak 1.2.3
TASK [middleware_automation.keycloak.keycloak : Deploy HA keycloak config with infinispan remote cache store to /opt/keycloak/keycloak-18.0.2/standalone/configuration/keycloak.xml] ***
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from
ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting
[retracted] - likely temporary network error of some kind
hostname-strict
config option missing in (
It is not possible to modify the destination of the log link.
By default the keycloak logs are physically in /opt, I would like them to be in /var/log.
keycloak/roles/keycloak_quarkus/tasks/main.yml
Lines 63 to 69 in 01fd2cc
Task : roles/keycloak_quarkus/tasks/main.yml
With Ansible Automation Platform release 4.4 new Execution Environments have been released. These EEs are based on RHEL9.
registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel9:latest
registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel9:latest
The build of a custom execution environment with the tool ansible-builder
, the above mentioned RHEL9 based base EE images and this collections as dependency fails.
Error from ansible-builder:
[3/4] STEP 13/14: RUN $PYCMD /output/scripts/introspect.py introspect --sanitize --user-pip=requirements.txt --user-bindep=bindep.txt --write-bindep=/tmp/src/bindep.txt --write-pip=/tmp/src/requirements.txt
...
- 'python39-devel [platform:rpm compile] # from collection redhat.sso'
...
+ /usr/bin/microdnf install -y --nodocs --setopt install_weak_deps=0 bind-utils cryptsetup dnf gcc hostname krb5-devel libssh-devel nmap-ncat openldap-devel python3-Cython python3-devel python39-devel unzip
Downloading metadata...
Downloading metadata...
Downloading metadata...
Downloading metadata...
Downloading metadata...
Downloading metadata...
error: No package matches 'python39-devel'
core 2.15.0
redhat.sso v1.2.7
After deploying the keycloak_quarkus role, I enabled the "keycloak_quarkus_https_enabled: True" option and generated a certificate for HTTPS usage. i have a problem ERROR: /opt/keycloak/keycloak-22.0.0/conf/tls.crt
can you please help me
log_keycloak.log
<title, PR incoming>
Customers are confused on middleware.keycloak vs redhat.sso and are installing the open source version instead of the Automation Hub certified collection.
To lessen this, update the top of the README.md file to state SSO users should install the certified collection from automation hub.
Details in internal JIRA issue https://issues.redhat.com/browse/AAP-11169
Allowing the configuration of hostname-strict-backchannel
as per https://www.keycloak.org/server/all-config?q=strict#category-hostname or https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/22.0/html/server_guide/hostname-#hostname-backend would be very handy.
PR incoming.
@guidograzioli do you happen to know how rhbk patches will happen? I mean, there was a 22.0.6
and the upgrade to 22.0.7
happened via changing the version mnemonicer, but the question is, whether incremental patches are available or simple a installation from scratch?
Thanks!
It is not possible to configure a port offset
ansible [core 2.14.2]
middleware_automation.infinispan 1.1.2
middleware_automation.keycloak 1.1.0
middleware_automation.redhat_csp_download 1.2.2
middleware_automation.wildfly 1.3.1
There is no set up available for port offset impacting on all ports (including mod_cluster)
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
Usage with Ubuntu fails because of missing rpm and consequently resulting problems.
2.12.10
Collection Version
------------------------------ -------
ansible.posix 1.5.2
middleware_automation.common 1.0.2
middleware_automation.keycloak 1.2.1
---
- hosts: export_vm
vars:
keycloak_admin_password: "{{ keycloud_default_pass }}"
collections:
- middleware_automation.keycloak
roles:
- middleware_automation.keycloak.keycloak
Installation on Ubuntu
Failed.
PLAY [export_vm] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Validating arguments against arg spec 'main'] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Check prerequisites] ***********
included: /home/dopeforhope/.ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak/tasks/prereqs.yml for export_vm
TASK [middleware_automation.keycloak.keycloak : Validate admin console password] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Validate configuration] ********
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Validate remote cache store configuration] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Validate credentials] **********
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Validate persistence configuration] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Ensure required packages are installed] ***
included: /home/dopeforhope/.ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak/tasks/fastpackages.yml for export_vm
TASK [middleware_automation.keycloak.keycloak : Check if packages are already installed] ***
fatal: [export_vm]: FAILED! => {"changed": true, "cmd": "rpm -q java-1.8.0-openjdk-headless unzip procps-ng initscripts", "msg": "[Errno 2] No such file or directory: b'rpm'", "rc": 2, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
TASK [middleware_automation.keycloak.keycloak : Add missing packages to the yum install list] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Install packages: []] **********
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Include firewall config tasks] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Include install tasks] *********
included: /home/dopeforhope/.ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak/tasks/install.yml for export_vm
TASK [middleware_automation.keycloak.keycloak : Validate parameters] ***********
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Check for an existing deployment] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Stop the old keycloak service] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Remove the old keycloak deployment] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Check for an existing deployment after possible forced removal] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Create keycloak service user/group] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Create keycloak install location] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Set download archive path] *****
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Check download archive path] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Check local download archive path] ***
ok: [export_vm -> localhost]
TASK [middleware_automation.keycloak.keycloak : Download keycloak archive] *****
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Retrieve product download using JBoss Network API] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Determine install zipfile from search results] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Download Red Hat Single Sign-On] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Download rhsso archive from alternate location] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Check downloaded archive] ******
ok: [export_vm -> localhost]
TASK [middleware_automation.keycloak.keycloak : Copy archive to target nodes] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Check target directory: /opt/keycloak/keycloak-18.0.2] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Extract Keycloak archive on target] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Inform decompression was not executed] ***
ok: [export_vm] => {
"msg": "/opt/keycloak/keycloak-18.0.2 already exists and version unchanged, skipping decompression"
}
TASK [middleware_automation.keycloak.keycloak : Reown installation directory to keycloak] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Install postgres driver] *******
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Deploy custom keycloak config to /opt/keycloak/keycloak-18.0.2/standalone/configuration/keycloak.xml from] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Deploy standalone keycloak config to /opt/keycloak/keycloak-18.0.2/standalone/configuration/keycloak.xml] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Create tcpping cluster node list] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Deploy HA keycloak config to /opt/keycloak/keycloak-18.0.2/standalone/configuration/keycloak.xml from standalone.xml.j2] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Deploy HA keycloak config with infinispan remote cache store to /opt/keycloak/keycloak-18.0.2/standalone/configuration/keycloak.xml] ***
skipping: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Include systemd tasks] *********
included: /home/dopeforhope/.ansible/collections/ansible_collections/middleware_automation/keycloak/roles/keycloak/tasks/systemd.yml for export_vm
TASK [middleware_automation.keycloak.keycloak : Configure keycloak service script wrapper] ***
ok: [export_vm]
TASK [middleware_automation.keycloak.keycloak : Determine JAVA_HOME for selected JVM RPM] ***
fatal: [export_vm]: FAILED! => {"changed": false, "cmd": "set -o pipefail\nrpm -ql java-1.8.0-openjdk-headless | grep -Po '/usr/lib/jvm/.*(?=/bin/java$)'\n", "delta": "0:00:00.010692", "end": "2023-04-11 16:43:23.942225", "msg": "non-zero return code", "rc": 1, "start": "2023-04-11 16:43:23.931533", "stderr": "/bin/bash: line 1: rpm: command not found", "stderr_lines": ["/bin/bash: line 1: rpm: command not found"], "stdout": "", "stdout_lines": []}
PLAY RECAP *********************************************************************
export_vm : ok=25 changed=0 unreachable=0 failed=1 skipped=17 rescued=1 ignored=0
I installed keycloak using the quarkus version.
The installation worked, keycloak is running, the start page is showing as expexted.
But the administration console is unusable, if a port is included in the URI, as at least one file (step1.html) is loaded without the port.
ansible 2.9.27
none
Install keycloak using the quarkus-role
A usable administration console -> the step1.html should use the same path WITH the port, if one is used.
Currently I don't use a reverse proxy and use keycloak via Port 8080/8443.
After I login, while all other files are referenced with a path like the page itself (so in my case with the port included in the URI - https://MYSERVER:8443/admin/master/console/) the following is always included without port:
https://MYSERVER/auth/realms/master/protocol/openid-connect/3p-cookies/step1.html?version=txb9r
This results in a blank unusable page which reloads every few seconds.
When installing onto a remote node, the locally-created ZIP file appears to be created as root.
It's unclear why this is the case - Ansible is not running as root on the controller node.
ansible [core 2.15.5]
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0] (/usr/bin/python3)
jinja version = 3.0.3
libyaml = True
# /home/ubuntu/.ansible/collections/ansible_collections
Collection Version
------------------------------ -------
community.general 7.5.0
freeipa.ansible_freeipa 1.11.1
middleware_automation.common 1.1.4
middleware_automation.keycloak 1.3.0
- name: Provision Keycloak
hosts: keycloak
# We gather facts after our VM comes up
gather_facts: false
tasks:
- name: Wait for SSH connectivity
ansible.builtin.wait_for_connection:
- name: Gathering Facts
ansible.builtin.setup:
- name: Install QEMU Guest Agent
become: true
ansible.builtin.yum:
name:
- qemu-guest-agent
- name: Install Keycloak
vars:
keycloak_quarkus_admin_pass: "{{ lookup('ansible.builtin.password', hostvars.localhost.keycloak_dir.path + '/keycloak_admin_password') }}"
ansible.builtin.include_role:
name: middleware_automation.keycloak.keycloak_quarkus
I expected the installation to continue.
The installation fails, with a permissions issue on the locally-copied ZIP file.
The file itself is owned by root:root
.
TASK [middleware_automation.keycloak.keycloak_quarkus : Copy archive to target nodes] ***
fatal: [keycloak]: FAILED! => {"msg": "an error occurred while trying to read the file '/home/ubuntu/keycloak-22.0.3.zip': [Errno 13] Permission denied: b'/home/ubuntu/keycloak-22.0.3.zip'. [Errno 13] Permission denied: b'/home/ubuntu/keycloak-22.0.3.zip'"}
Is KeyCloak v17.0.0 supported?
It seems the latest version changed its directory structure ( i.e. missing directory /opt/keycloak/keycloak-17.0.0/standalone )
ansible 2.9.27
config file = /root/.ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 16 2020, 22:23:17) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
community
google
middleware_automation
os_migrate
$ansible-playbook --become -i hosts playbook.yml
- hosts: keycloak_server
strategy: free
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
include_role:
name: keycloak
vars:
keycloak_admin_password: "deepDarksecret"
keycloak_version: 17.0.0
keycloak_configure_firewalld: true
Installation of KeyCloak v17.0.0
Everything runs fine until here:
TASK [middleware_automation.keycloak.keycloak : Deploy keycloak config to /opt/keycloak/keycloak-17.0.0/standalone/configuration/keycloak.xml] ***
fatal: [keycloak.example.edu]: FAILED! => changed=false
checksum: 0ed45176030cca4dce4b3730505aa40ad08e3ec7
msg: Destination directory /opt/keycloak/keycloak-17.0.0/standalone/configuration does not exist
PLAY RECAP **************************************************************************************************************************************
keycloak.example.edu : ok=34 changed=0 unreachable=0 failed=1 skipped=10 rescued=0 ignored=0
Keycloak uses a database to persist all the information of the system, this database is connected by a datasource defined in the underlying EAP platform without any kind of sanity or check process. It is a good practice to enable some validations in the datasource for a healhty life cycle and avoid issues in runtime when the connections are not running successfuly or they are suffering some issues.
References:
This feature request wants to provide a way to setup this kind of validations in the KeycloakDS datasource as part of the collection, and it is open for discussion with the community.
For example a way of implementation could be defining a set of new properties to enable these properties, for example with something similar to:
- name: Playbook for Red Hat SSO Hosts
hosts: sso
vars_files:
- ../vars/variables.yml
collections:
- redhat.sso
tasks:
- name: Include SSO role
ansible.builtin.include_role:
name: redhat.sso.sso
vars:
sso_offline_install: True
sso_apply_patches: "{{ rh_sso_apply_patches }}"
eap_properties:
- name: property1-name
value: property1-value
- name: property2-name
value: property2-value
datasource:
validation:
enabled: true
valid_connection_sql: Select 1
A new set of variables under a new datasource
group are proposed, such as:
validation.enabled
- boolean variable to enable this featurevalidation.valid_connection_sql
- String variable to identify a SQL sentence to check the connectioThe implementation could be done updating the standalone.xml.j2
, standalone-ha.xml.j2
templates, or include some extra tasks using the cli enabling this feature.
The following tasks using the CLI could be an example of implementation:
#
tasks:
- name: 'Setup Database Connection Validator - Validate on match enabled'
ansible.builtin.command: >
{{ keycloak.cli_path }} --connect --command='/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=validate-on-match,value=false)'
become: true
- name: 'Setup Database Connection Validator - Valid Connection SQL Check '
ansible.builtin.command: >
{{ keycloak.cli_path }} --connect --command='/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql,value={{ valid_connection_sql }})'
changed_when: false
register: cli_result
- name: 'Setup Database Connection Validator - Background validation enabled'
ansible.builtin.command: >
{{ keycloak.cli_path }} --connect --command='/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation,value=true)'
changed_when: false
register: cli_result
- name: 'Setup Database Connection Validator - Shared prepared statements disabled'
ansible.builtin.command: >
{{ keycloak.cli_path }} --connect --command='/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=share-prepared-statements,value=false)'
changed_when: false
register: cli_result
NOTE: Sorry, I am not an Ansible expert, sorry for any typo in the Ansible syntax.
The changes introduced via PR #93 around
<interface name="jgroups">
{% if keycloak_jgroups_subnet is defined and keycloak_jgroups_subnet | string | length > 0 %}
<subnet-match value="{{ keycloak_jgroups_subnet | string }}"/>
{% elif ansible_default_ipv4 is defined and (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') | length > 0 %}
<subnet-match value="{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ansible.utils.ipaddr('net') }}"/>
{% else %}
<any-address />
{% endif %}
</interface>
by default:
keycloak_jgroups_subnet
is defined (=null which is mapped to None on jinja, or sth. similar, but the end result is a string of length 4 with content None
)<subnet-match value="None"/>
While Keycloak supports sqlserver
out of the box, RHBK does not and the respective jdbc driver needs to be installed manually:
Database drivers are shipped as part of Red Hat build of Keycloak except for the Oracle Database and Micrsoft SQL Server drivers which need to be installed separately.
PR incoming.
The keycloak_admin_password
is declared empty in the keycloak role varfile. Given variable precedence it becomes only possible to set the value in include_task parameters or commandline. Find a better solution
1.0.0
- playbook: [..]
vars:
keycloak_admin_password: "changeme"
roles:
- keycloak
keycloak_admin_password is overriden by playbook vars, or by inventory host|group_vars
It is only possible to override with extra_vars, or include_role vars
Our team has been eagerly awaiting the latest features and bug fixes to be merged into the main branch. However, the latest release is out of date and we are currently unable to benefit from the improvements made to the codebase. To ensure that we can use the latest version in our production environment, we respectfully request a new release.
PR incoming.
The current hostname
spi is fixed by the standalone(-ha).xml.j2
templates without the capability to define different values, or to add extra properties. In some cases, it is needed to add some additional properties to set up this component in a good way for the ecosystem where Keycloak is running.
The current definition of this spi is similar to:
<spi name="hostname">
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
<property name="frontendUrl" value="{{ keycloak_modcluster.frontend_url }}"/>
<property name="forceBackendUrlToFrontendUrl" value="true"/>
</properties>
</provider>
</spi>
This template does not allow to change the forceBackendurlToFrontendUrl
property or to add others like adminUrl
.
This feature request wants to allow to extend the capabilities of this spi to define a list of properties to apply as part of the configuration of the playbook.
For example a way of implementation could be defining a set of new properties to enable these properties, for example with something similar to:
- name: Playbook for Red Hat SSO Hosts
hosts: sso
vars_files:
- ../vars/variables.yml
collections:
- redhat.sso
tasks:
- name: Include SSO role
ansible.builtin.include_role:
name: redhat.sso.sso
vars:
sso_offline_install: True
sso_apply_patches: "{{ rh_sso_apply_patches }}"
eap_properties:
- name: property1-name
value: property1-value
- name: property2-name
value: property2-value
spi:
hostname:
properties:
forceBackendUrlToFrontendUrl: false
adminUrl: adminUrl-value
The spi.hostname.properties
is a list of key-value properties to add in this spi automatically as part of the automation process.
The implementation could be done updating the standalone.xml.j2
, standalone-ha.xml.j2
templates, or include a loop to add each attribute using the cli tool
The following tasks using the CLI could be an example of implementation:
#
tasks:
- name: 'Setting hostname spi properties'
ansible.builtin.command: >
{{ keycloak.cli_path }} --connect --command='/subsystem=keycloak-server/spi=hostname/provider=default:write-attribute(name=properties.{{ item.name }},value={{ item.value}})'
loop: "{{ spi.hostname.properties | dict2items }}"
changed_when: false
register: cli_result
NOTE: Sorry, I am not an Ansible expert, sorry for any typo in the Ansible syntax.
Currently the installation of RH-SSO via the keycloak role is only possible on baseline versions;
dedicated tasks are needed to perform cluster patch updates
Hi, I want to report a strange behavior that when the keycloak is deployed using keycloak-quarkus role connection to external infinispan is not working out of the box. Maybe I'm missing something but what I think is that quarkus.properties file is not used by the current configuration of the service. The only workaround for me was specifying of remote store explicitly in the cache-ispn.xml file using <remote-server host="> directive.
Keycloak documentation is saying this.
If an enhancement request is not possible, you can configure the server using raw Quarkus properties:
Create a quarkus.properties file in the conf directory.
Define the required properties in that file.
You can use only a [subset](https://github.com/keycloak/keycloak/blob/main/quarkus/runtime/pom.xml#L17) of the Quarkus extensions that are defined in the [Quarkus documentation](https://quarkus.io/guides/all-config). Also, note these differences for Quarkus properties:
A lock icon for a Quarkus property in the [Quarkus documentation](https://quarkus.io/guides/all-config) indicates a build time property. You run the build command to apply this property. For details about the build command, see the subsequent sections on optimizing Keycloak.
No lock icon for a property in the Quarkus guide indicates a runtime property for Quarkus and Keycloak.
Use the [-cf|--config-file] command line parameter to include that file.
When trying to install RH SSO from a local file archive, i.e. with keycloak_offline_install = true
the module middleware_automation.redhat_csp_download.redhat_csp_download
shouldn't be needed. It still throws an error because on line 87 install.yaml
of the middleware_automation.keycloak.keycloak
role. This is because it doesn't understand what the middleware_automation.redhat_csp_download.redhat_csp_download
module is.
N/A
v0.2.5
- name: Playbook for Keycloak Hosts
become: true
hosts: keykloak_host
vars:
- keycloak_offline_install: True
- keycloak_admin_password: "mypass"
- keycloak_rhsso_enable: True
- keycloak_rhsso_download_url: my_local_place/rh-sso-7.5.0-server-dist.zip
roles:
- middleware_automation.keycloak.keycloak
The installation should procede without errors
The installer fails because ansible doesn't recognise
middleware_automation.redhat_csp_download.redhat_csp_download
TASK [middleware_automation.keycloak.keycloak : Include install tasks] *********
fatal: [hostname]: FAILED! => {"reason": "couldn't resolve module/action 'middleware_automation.redhat_csp_download.redhat_csp_download'. This often indicates a misspelling, missing collection, or incorrect module path.
The error appears to be in '.../middleware_automation/keycloak/roles/keycloak/tasks/install.yml': line 87, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Perform download from RHN
^ here
"}
In production Env, with a HA configuration, it would be suggested to have (at least) 2 mod_cluster instances registered in Keycloak / SSO configuration File.
This collection does not allow multiple mod_cluster proxy configuration.
if HA is configured :
keycloak_ha_enabled: True
attributes of reverse proxy must be specified:
keycloak_modcluster_url: "{{ PROXY_IP_ADDRESS }}"
ansible [core 2.14.2]
middleware_automation.infinispan 1.1.2
middleware_automation.keycloak 1.1.0
middleware_automation.redhat_csp_download 1.2.2
middleware_automation.wildfly 1.3.1
- name: Playbook for Wildfly Hosts - Host 1
hosts: keycloak
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
ansible.builtin.include_role:
name: middleware_automation.keycloak.keycloak
vars:
keycloak_jvm_package: "java-11-openjdk-headless.x86_64"
keycloak_ha_enabled: True
keycloak_config_standalone_xml: "standalone-ha.xml"
keycloak_admin_user: "admin"
keycloak_admin_password: "myadminpassword"
keycloak_db_enabled: True
keycloak_jdbc_engine: "postgres"
keycloak_jdbc_url: "jdbc:postgresql://mycustomdbhost:5432/sso?currentSchema=rh_sso"
keycloak_jdbc_driver_version: "42.0.0"
keycloak_db_user: "sso_user"
keycloak_db_pass: "myCustomPassword_1234"
keycloak_management_port_bind_address: "0.0.0.0"
keycloak_host: "node1.mysso.redhat.rh"
keycloak_modcluster_frontend_url: "http://mycustommodclusterfrontend/auth"
keycloak_modcluster_url: "mycustommodclusterurl"
keycloak_modcluster_enabled: "True"
keycloak_infinispan_url: "myInfinispancustomurl"
keycloak_infinispan_user: "supervisor"
keycloak_infinispan_pass: "supervisorpassword"
<outbound-socket-binding name="mod_cluster_balancer">
<remote-destination host="mod_cluster_host_1" port="6666"/>
</outbound-socket-binding>
<outbound-socket-binding name="mod_cluster_balancer_2">
<remote-destination host="mod_cluster_host_2" port="6666"/>
</outbound-socket-binding>
{% if keycloak_modcluster.enabled %}
<outbound-socket-binding name="proxy1">
<remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="6666"/>
</outbound-socket-binding>
{% endif %}
i tried install keycklock with ha_mod but always i have a problem in this step : Wait until keycloak becomes active http://localhost:9990/health
- name: Playbook for Wildfly Hosts - Host 1
hosts: keycloak
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
ansible.builtin.include_role:
name: middleware_automation.keycloak.keycloak
vars:
keycloak_ha_enabled: True
keycloak_admin_user: "admin"
keycloak_host: "kube1"
keycloak_modcluster_url: 192.168.56.200
keycloak_modcluster_enabled: "True"
[curl -I http://localhost:9990/health
HTTP/1.1 503 Service Unavailable
Connection: keep-alive
Content-Type: application/json
Content-Length: 114364
Date: Mon, 19 Jun 2023 15:06:46 GMT](fatal: [192.168.56.72]: FAILED! => {"attempts": 25, "changed": false, "connection": "close", "content_length": "114364", "content_type": "application/json", "date": "Mon, 19 Jun 2023 15:05:15 GMT", "elapsed": 0, "msg": "Status code was 503 and not [200]: HTTP Error 503: Service Unavailable", "redirected": false, "status": 503, "url": "http://localhost:9990/health"})
Currently the available roles only supports RHEL and derivatives, but it should not hard to support also debian derivates still leveraging systemd.
(currently not high priority for us but can be in the next future)
Right now we don't have option to customize the http-listener and socket binding settings, For example to customize as below
...
<subsystem xmlns="urn:jboss:domain:undertow:12.0" ...>
...
<server name="default-server">
...
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
...
...
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="proxy-https" port="443"/>
...
Changes have to be made to existing two templates roles/keycloak/templates/......xml.j2, so that based on the condition consumers can opt to customize as needed.
The health check in keycloak_qurkus fails to properly detect if a keycloak instance is online.
ansible [core 2.16.0]
config file = /home/jonathan/alma-ansible/ansible-keycloak/ansible.cfg
configured module search path = ['/home/jonathan/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.12/site-packages/ansible
ansible collection location = /home/jonathan/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.12.0 (main, Oct 2 2023, 00:00:00) [GCC 13.2.1 20230918 (Red Hat 13.2.1-3)] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
middleware_automation.keycloak 2.0.0
Run a playbook with keycloak_quarkus.
The playbook should recognize that the server is online.
The check loops due to a missing /
after the port in the URL. This stems from a missing /
in https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_quarkus/vars/main.yml#L7
JGROUPS ping is only available through Database.
The scripts created by the role to start Keycloak as a service still refer to standalone.sh
rather than kc.sh
ansible [core 2.11.12]
config file = /home/crm194/src/gitlab.com/bmrc/ceph/keycloak/ansible/ansible.cfg
configured module search path = ['/home/crm194/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/crm194/venvs/ansible-keycloak/lib64/python3.6/site-packages/ansible
ansible collection location = /home/crm194/src/gitlab.com/bmrc/ceph/keycloak/ansible
executable location = /home/crm194/venvs/ansible-keycloak/bin/ansible
python version = 3.6.8 (default, Nov 16 2020, 16:55:22) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
jinja version = 3.0.3
libyaml = True
Collection Version
----------------------------------------- -------
ansible.posix 1.5.1
community.general 6.4.0
community.hashi_vault 4.1.0
middleware_automation.keycloak 1.1.0
middleware_automation.redhat_csp_download 1.2.2
ansible-playbook -v playbooks/install_keycloak.yml
---
- name: Playbook for Keycloak Hosts
hosts: <host group>
collections:
- middleware_automation.keycloak
roles:
- keycloak
Keycloak starts after installation and service configuration
sudo systemctl status keycloak
โ keycloak.service - keycloak Server
Loaded: loaded (/etc/systemd/system/keycloak.service; enabled; vendor preset: disabled)
Active: failed (Result: timeout) since Thu 2023-03-02 17:12:00 UTC; 10min ago
Process: 160751 ExecStart=/opt/keycloak/keycloak-service.sh start (code=killed, signal=TERM)
Mar 02 17:11:30 <hostname> systemd[1]: Starting keycloak Server...
Mar 02 17:11:30 <hostname> keycloak-service.sh[160754]: /opt/keycloak/keycloak-service.sh: line 77: /opt/keycloak/keycloak-21.0.1/bin/standalone.sh: No such file or directory
Mar 02 17:12:00 <hostname> systemd[1]: keycloak.service: start operation timed out. Terminating.
Mar 02 17:12:00 <hostname> systemd[1]: keycloak.service: Failed with result 'timeout'.
Mar 02 17:12:00 <hostname>systemd[1]: Failed to start keycloak Server.
Hi Team,
thank you for great ansible for keycloak. I wonder if you are planing to add that would b possible during installation add providers or themes to keycloak?
I'm interested in providers because I'm deploying keycloak cluster to AWS and there I have to install few providers and also change HA settings.
And also we are using PrivacyIDEA keycloak plugin.
Another think is we are using mysql would be possible to add not that is hard to add but it is handy if would be there already.
I modify my script and add extra task for providers
and task to for build
And for AWS deployment I modify cache-ispn.xml.
I did very simple but probably you can do better than me, because my knowledge is very basic for ansible and keycloak.
Hope not asking to much. thanks and keep doing good work.
Ales
I've got an error when running the playbook to install Keycloak on AlmaLinux 9.3. Details as following:
TASK [middleware_automation.keycloak.keycloak : Deploy standalone keycloak config to /opt/keycloak/keycloak-23.0.3/standalone/configuration/keycloak.xml] ***
fatal: [192.168.1.xxx]: FAILED! => {"changed": false, "checksum": "22acea149f5e2da64f026fb4dcc50f46a1a6976b", "msg": "Destination directory /opt/keycloak/keycloak-23.0.3/standalone/configuration does not exist"}
ansible [core 2.16.2]
config file = /Users/xxx/Code/self-hosted/proxmox/nodes/mac-mini/ansible/ansible.cfg
configured module search path = ['/Users/xxx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/xxx/.asdf/installs/ansible/9.1.0/venv/lib/python3.11/site-packages/ansible
ansible collection location = /Users/xxx/.ansible/collections:/usr/share/ansible/collections
executable location = /Users/xxx/.asdf/installs/ansible/9.1.0/bin/ansible
python version = 3.11.5 (main, Sep 28 2023, 17:39:14) [Clang 15.0.0 (clang-1500.0.40.1)] (/Users/xxx/.asdf/installs/ansible/9.1.0/venv/bin/python3)
jinja version = 3.1.2
libyaml = True
Collection Version
------------------------------ -------
community.general 7.4.0
freeipa.ansible_freeipa 1.12.0
geerlingguy.mac 2.1.1
middleware_automation.common 1.1.4
middleware_automation.keycloak 2.0.1
---
- name: Setup ID server (FreeIPA, Keycloak)
hosts: id_server
become: true
roles:
- role: id_server
vars:
# keycloak vars
keycloak_admin_password: "xxxxxx"
keycloak_offline_install: true
keycloak_version: 23.0.3
keycloak_archive: keycloak-23.0.3.zip
My custom role id_server main.yml:
- name: Invoke keycloak role from collection middleware_automation.keycloak
ansible.builtin.include_role:
name: middleware_automation.keycloak.keycloak
And I ran sensible playbook on macOS Sonoma 14.2.1
Playbook should finish without errors
TASK [middleware_automation.keycloak.keycloak : Deploy custom keycloak config to /opt/keycloak/keycloak-23.0.3/standalone/configuration/keycloak.xml from] ***
skipping: [192.168.1.xxx]
TASK [middleware_automation.keycloak.keycloak : Deploy standalone keycloak config to /opt/keycloak/keycloak-23.0.3/standalone/configuration/keycloak.xml] ***
fatal: [192.168.1.xxx]: FAILED! => {"changed": false, "checksum": "22acea149f5e2da64f026fb4dcc50f46a1a6976b", "msg": "Destination directory /opt/keycloak/keycloak-23.0.3/standalone/configuration does not exist"}```
keycloak
failing at user creation step
ansible [core 2.11.12]
config file = /home/<username>/src/gitlab.com/bmrc/ceph/keycloak/ansible/ansible.cfg
configured module search path = ['/home/<username>/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/<username>/venvs/ansible-keycloak/lib64/python3.6/site-packages/ansible
ansible collection location = /home/<username>/src/gitlab.com/bmrc/ceph/keycloak/ansible
executable location = /home/<username>/venvs/ansible-keycloak/bin/ansible
python version = 3.6.8 (default, Nov 16 2020, 16:55:22) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
jinja version = 3.0.3
libyaml = True
# /home/<username>/venvs/ansible-keycloak/lib/python3.6/site-packages/ansible_collections [152/1968]
Collection Version
----------------------------- -------
amazon.aws 1.5.1
ansible.netcommon 2.5.0
ansible.posix 1.3.0
ansible.utils 2.4.3
ansible.windows 1.8.0
arista.eos 2.2.0
awx.awx 19.4.0
azure.azcollection 1.10.0
check_point.mgmt 2.2.0
chocolatey.chocolatey 1.1.0
cisco.aci 2.1.0
cisco.asa 2.1.0
cisco.intersight 1.0.18
cisco.ios 2.6.0
cisco.iosxr 2.6.0
cisco.meraki 2.5.0
cisco.mso 1.2.0
cisco.nso 1.0.3
cisco.nxos 2.8.2
cisco.ucs 1.6.0
cloudscale_ch.cloud 2.2.0
community.aws 1.5.0
community.azure 1.1.0
community.crypto 1.9.8
community.digitalocean 1.13.0
community.docker 1.10.2
community.fortios 1.0.0
community.general 3.8.3
community.google 1.0.0
community.grafana 1.3.0
community.hashi_vault 1.5.0
community.hrobot 1.2.1
community.kubernetes 1.2.1
community.kubevirt 1.0.0
community.libvirt 1.0.2
community.mongodb 1.3.2
community.mysql 2.3.2
community.network 3.0.0
community.okd 1.1.2
community.postgresql 1.6.0
community.proxysql 1.3.0
community.rabbitmq 1.1.0
community.routeros 1.2.0
community.skydive 1.0.0
community.sops 1.2.0
community.vmware 1.17.0
community.windows 1.8.0
community.zabbix 1.5.1
containers.podman 1.9.0
cyberark.conjur 1.1.0
cyberark.pas 1.0.13
dellemc.enterprise_sonic 1.1.0
dellemc.openmanage 3.6.0
dellemc.os10 1.1.1
dellemc.os6 1.0.7
dellemc.os9 1.0.4
f5networks.f5_modules 1.13.0
fortinet.fortimanager 2.1.4
fortinet.fortios 2.1.3
frr.frr 1.0.3
gluster.gluster 1.0.2
google.cloud 1.0.2
hetzner.hcloud 1.6.0
hpe.nimble 1.1.4
ibm.qradar 1.0.3
infinidat.infinibox 1.3.0
inspur.sm 1.3.0
junipernetworks.junos 2.8.0
kubernetes.core 1.2.1
mellanox.onyx 1.0.0
netapp.aws 21.7.0
netapp.azure 21.10.0
netapp.cloudmanager 21.12.1
netapp.elementsw 21.7.0
netapp.ontap 21.14.1
netapp.um_info 21.8.0
netapp_eseries.santricity 1.2.13
netbox.netbox 3.4.0
ngine_io.cloudstack 2.2.2
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.0
openstack.cloud 1.5.3
openvswitch.openvswitch 2.1.0
ovirt.ovirt 1.6.6
purestorage.flasharray 1.11.0
purestorage.flashblade 1.8.1
sensu.sensu_go 1.12.0
servicenow.servicenow 1.0.6
splunk.es 1.0.2
t_systems_mms.icinga_director 1.26.0
theforeman.foreman 2.2.0
vyos.vyos 2.6.0
wti.remote 1.0.3
# /home/<username>/src/gitlab.com/bmrc/ceph/keycloak/ansible/ansible_collections
Collection Version
----------------------------------------- -------
ansible.posix 1.5.1
community.general 6.4.0
community.hashi_vault 4.1.0
middleware_automation.keycloak 1.1.0
middleware_automation.redhat_csp_download 1.2.2
# /home/<username>/venvs/ansible-keycloak/lib64/python3.6/site-packages/ansible_collections
Collection Version
----------------------------- -------
amazon.aws 1.5.1
ansible.netcommon 2.5.0
ansible.posix 1.3.0
ansible.utils 2.4.3
ansible.windows 1.8.0
arista.eos 2.2.0
awx.awx 19.4.0
azure.azcollection 1.10.0
check_point.mgmt 2.2.0
chocolatey.chocolatey 1.1.0
cisco.aci 2.1.0
cisco.asa 2.1.0
cisco.intersight 1.0.18
cisco.ios 2.6.0
cisco.iosxr 2.6.0
cisco.meraki 2.5.0
cisco.mso 1.2.0
cisco.nso 1.0.3
cisco.nxos 2.8.2
cisco.ucs 1.6.0
cloudscale_ch.cloud 2.2.0
community.aws 1.5.0
community.azure 1.1.0
community.crypto 1.9.8
community.digitalocean 1.13.0
community.docker 1.10.2
community.fortios 1.0.0
community.general 3.8.3
community.google 1.0.0
community.grafana 1.3.0
community.hashi_vault 1.5.0
community.hrobot 1.2.1
community.kubernetes 1.2.1
community.kubevirt 1.0.0
community.libvirt 1.0.2
community.mongodb 1.3.2
community.mysql 2.3.2
community.network 3.0.0
community.okd 1.1.2
community.postgresql 1.6.0
community.proxysql 1.3.0
community.rabbitmq 1.1.0
community.routeros 1.2.0
community.skydive 1.0.0
community.sops 1.2.0
community.vmware 1.17.0
community.windows 1.8.0
community.zabbix 1.5.1
containers.podman 1.9.0
cyberark.conjur 1.1.0
cyberark.pas 1.0.13
dellemc.enterprise_sonic 1.1.0
dellemc.openmanage 3.6.0
dellemc.os10 1.1.1
dellemc.os6 1.0.7
dellemc.os9 1.0.4
f5networks.f5_modules 1.13.0
fortinet.fortimanager 2.1.4
fortinet.fortios 2.1.3
frr.frr 1.0.3
gluster.gluster 1.0.2
google.cloud 1.0.2
hetzner.hcloud 1.6.0
hpe.nimble 1.1.4
ibm.qradar 1.0.3
infinidat.infinibox 1.3.0
inspur.sm 1.3.0
junipernetworks.junos 2.8.0
kubernetes.core 1.2.1
mellanox.onyx 1.0.0
netapp.aws 21.7.0
netapp.azure 21.10.0
netapp.cloudmanager 21.12.1
netapp.elementsw 21.7.0
netapp.ontap 21.14.1
netapp.um_info 21.8.0
netapp_eseries.santricity 1.2.13
netbox.netbox 3.4.0
ngine_io.cloudstack 2.2.2
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.0
openstack.cloud 1.5.3
openvswitch.openvswitch 2.1.0
ovirt.ovirt 1.6.6
purestorage.flasharray 1.11.0
purestorage.flashblade 1.8.1
sensu.sensu_go 1.12.0
servicenow.servicenow 1.0.6
splunk.es 1.0.2
t_systems_mms.icinga_director 1.26.0
theforeman.foreman 2.2.0
vyos.vyos 2.6.0
wti.remote 1.0.3
---
- name: Playbook for Keycloak Hosts
hosts: <host group>
collections:
- middleware_automation.keycloak
roles:
- keycloak
Playbook completes, including creation of the Keycloak
user
fatal: [<hostname>]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"append": false,
"authorization": null,
"comment": null,
"create_home": false,
"expires": null,
"force": false,
"generate_ssh_key": null,
"group": null,
"groups": null,
"hidden": null,
"home": "/opt/keycloak",
"local": null,
"login_class": null,
"move_home": false,
"name": "keycloak",
"non_unique": false,
"password": null,
"password_expire_max": null,
"password_expire_min": null,
"password_lock": null,
"profile": null,
"remove": false,
"role": null,
"seuser": null,
"shell": null,
"skeleton": null,
"ssh_key_bits": 0,
"ssh_key_comment": "ansible-generated on <hostname>",
"ssh_key_file": null,
"ssh_key_passphrase": null,
"ssh_key_type": "rsa",
"state": "present",
"system": true,
"uid": null,
"update_password": "always"
}
},
"name": "keycloak",
"rc": 6
}
MSG:
usermod: user 'keycloak' does not exist in /etc/passwd
When adding the keycloak role for installing the version 22.0.5 in a playbook, an error is thrown due to the missing folder for templates that would contain the configuration for the standalone server.
Reviewing the content of the zip file downloaded, the newer version of keycloak does not contain the template folder for the configuration, it does not use the xml files for configuring the server.
โ ansible --version
ansible [core 2.15.5]
config file = /Users/ansible/ansible.cfg
configured module search path = ['/Users/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/ansible/.virtualenvs/ansible/lib/python3.10/site-packages/ansible
ansible collection location = /Users/ansible/.ansible/collections:/usr/share/ansible/collections
executable location = /Users/ansible/.virtualenvs/ansible/bin/ansible
python version = 3.10.6 (main, Sep 2 2022, 16:29:31) [Clang 13.1.6 (clang-1316.0.21.2.5)] (/Users/ansible/.virtualenvs/ansible/bin/python)
jinja version = 3.1.2
libyaml = True
Collection Version
------------------------------ -------
middleware_automation.common 1.1.4
middleware_automation.keycloak 1.3.0
tasks:
- name: Include keycloak role for installation
include_role:
name: keycloak
vars:
keycloak_version: 22.0.5
keycloak_archive: "keycloak-{{ keycloak_version }}.tar.gz"
keycloak_admin_password: "remembertochangeme"
keycloak_ha_enabled: True
# keycloak_remote_cache_enabled: False
# keycloak_config_override_template: ''
tags:
- kc
I expect that the installer continues the configuration without the template, since the newer version of keycloak works directly by executing the script that runs the server
TASK [middleware_automation.keycloak.keycloak : Deploy HA keycloak config with infinispan remote cache store to /opt/keycloak/keycloak-22.0.5/standalone/configuration/keycloak.xml] ***
fatal: [default]: FAILED! => {"changed": false, "checksum": "2e2dba94996eff3c7d3de307739275cf90e383b1", "msg": "Destination directory /opt/keycloak/keycloak-22.0.5/standalone/configuration does not exist"}
There is no variable to define and setup mod_cluster PORT, it is always set to default (6666)
ansible [core 2.14.2]
middleware_automation.infinispan 1.1.2
middleware_automation.keycloak 1.1.0
middleware_automation.redhat_csp_download 1.2.2
- name: Playbook for Wildfly Hosts - Host 1
hosts: keycloak
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
ansible.builtin.include_role:
name: middleware_automation.keycloak.keycloak
vars:
keycloak_jvm_package: "java-11-openjdk-headless.x86_64"
keycloak_ha_enabled: True
keycloak_config_standalone_xml: "standalone-ha.xml"
keycloak_admin_user: "admin"
keycloak_admin_password: "myadminpassword"
keycloak_db_enabled: True
keycloak_jdbc_engine: "postgres"
keycloak_jdbc_url: "jdbc:postgresql://mycustomdbhost:5432/sso?currentSchema=rh_sso"
keycloak_jdbc_driver_version: "42.0.0"
keycloak_db_user: "sso_user"
keycloak_db_pass: "myCustomPassword_1234"
keycloak_management_port_bind_address: "0.0.0.0"
keycloak_host: "node1.mysso.redhat.rh"
keycloak_modcluster_frontend_url: "http://mycustommodclusterfrontend/auth"
keycloak_modcluster_url: "mycustommodclusterurl"
keycloak_modcluster_enabled: "True"
keycloak_infinispan_url: "myInfinispancustomurl"
keycloak_infinispan_user: "supervisor"
keycloak_infinispan_pass: "supervisorpassword"
{% if keycloak_modcluster.enabled %}
<outbound-socket-binding name="proxy1">
<remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="**6666**"/>
</outbound-socket-binding>
{% endif %}
{% if keycloak_modcluster.enabled %}
<outbound-socket-binding name="proxy1">
<remote-destination host="{{ keycloak_modcluster.reverse_proxy_url | default('localhost') }}" port="**6666**"/>
</outbound-socket-binding>
{% endif %}
I have troubles accessing the admin console when exposing keycloak under /auth
behind a custom nginx proxy.
ansible [core 2.14.4]
config file = /Users/Giovanni.Toraldo/src/alfresco/alfresco-ansible-deployment/ansible.cfg
configured module search path = ['/Users/Giovanni.Toraldo/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /Users/Giovanni.Toraldo/.virtualenvs/alfresco-ansible-deployment-LdMEq9P-/lib/python3.10/site-packages/ansible
ansible collection location = /Users/Giovanni.Toraldo/.ansible/collections:/usr/share/ansible/collections
executable location = /Users/Giovanni.Toraldo/.virtualenvs/alfresco-ansible-deployment-LdMEq9P-/bin/ansible
python version = 3.10.12 (main, Jul 28 2023, 18:44:44) [Clang 14.0.3 (clang-1403.0.22.14.1)] (/Users/Giovanni.Toraldo/.virtualenvs/alfresco-ansible-deployment-LdMEq9P-/bin/python)
jinja version = 3.1.2
libyaml = True
Collection Version
------------------------------ -------
amazon.aws 6.3.0
ansible.posix 1.5.4
ansible.utils 2.6.0
community.aws 6.3.0
community.crypto 2.10.0
community.docker 3.4.8
community.general 7.4.0
community.postgresql 2.1.0
middleware_automation.common 1.1.2
middleware_automation.keycloak 1.3.0
- name: Install Keycloak
vars:
keycloak_quarkus_admin_pass: "{{ identity_admin_password }}"
keycloak_quarkus_version: "21.1.2"
keycloak_quarkus_start_dev: true
keycloak_quarkus_proxy_mode: edge
keycloak_quarkus_host: localhost
keycloak_quarkus_http_port: 8082
keycloak_quarkus_http_relative_path: auth
ansible.builtin.include_role:
name: middleware_automation.keycloak.keycloak_quarkus
nginx vhost snippet as a reference:
location /auth/ {
proxy_pass http://172.17.0.2:8082/;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
I should be able to access keycloak admin console under /auth/admin
and my realm under /auth/realms/myrealm
Realm seems properly exposed under /auth
because I can reach the public info at https://localhost/auth/realms/alfresco
:
If I try to access the console under /auth/admin
I get a redirect to https://localhost/admin/master/console/
(which returns 404 because it's outside of the keycloak location).
If I try to access /auth/admin/master/console/
directly I get the Loading the Admin UI
message but it fails to load /resources/
(again, because it should have been /auth/resources
).
I tried also configuring manually http-relative-path
documented here in /etc/systeconfig/keycloak
and drop the hostname-path=auth
, and actually it seems that I get what I expected without any additional configuration change.
Also setting manually hostname-admin-url
(while keeping hostname-path
) seems a way to fix my issue, but it's slightly less convenient to set because it requires a full URL.
So, what's actually the reason for having the role argument keycloak_quarkus_http_relative_path
to set hostname-path
config param instead of the http-relative-path
param?
I would like to submit a PR to have the possibility to set http-relative-path
within the quarkus role, but not sure how to proceed / if it make sense overall (I am definitively not a keycloak expert).
I'm trying to configure keycloak on a single server. I can run this playbook, and it completes successfully, but the server redirects me to localhost when I try to access it in my web browser.
ansible [core 2.14.3]
config file = None
configured module search path = ['/home/luna/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.10/site-packages/ansible
ansible collection location = /home/luna/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/lib/python-exec/python3.10/ansible
python version = 3.10.10 (main, Mar 20 2023, 13:23:51) [GCC 12.2.1 20230121] (/usr/bin/python3.10)
jinja version = 3.1.2
libyaml = True
# /usr/lib/python3.10/site-packages/ansible_collections
Collection Version
----------------------------- -------
amazon.aws 5.2.0
ansible.netcommon 4.1.0
ansible.posix 1.5.1
ansible.utils 2.9.0
ansible.windows 1.13.0
arista.eos 6.0.0
awx.awx 21.12.0
azure.azcollection 1.14.0
check_point.mgmt 4.0.0
chocolatey.chocolatey 1.4.0
cisco.aci 2.4.0
cisco.asa 4.0.0
cisco.dnac 6.6.3
cisco.intersight 1.0.23
cisco.ios 4.3.1
cisco.iosxr 4.1.0
cisco.ise 2.5.12
cisco.meraki 2.15.1
cisco.mso 2.2.1
cisco.nso 1.0.3
cisco.nxos 4.1.0
cisco.ucs 1.8.0
cloud.common 2.1.2
cloudscale_ch.cloud 2.2.4
community.aws 5.2.0
community.azure 2.0.0
community.ciscosmb 1.0.5
community.crypto 2.11.0
community.digitalocean 1.23.0
community.dns 2.5.1
community.docker 3.4.2
community.fortios 1.0.0
community.general 6.4.0
community.google 1.0.0
community.grafana 1.5.4
community.hashi_vault 4.1.0
community.hrobot 1.7.0
community.libvirt 1.2.0
community.mongodb 1.5.1
community.mysql 3.6.0
community.network 5.0.0
community.okd 2.3.0
community.postgresql 2.3.2
community.proxysql 1.5.1
community.rabbitmq 1.2.3
community.routeros 2.7.0
community.sap 1.0.0
community.sap_libs 1.4.0
community.skydive 1.0.0
community.sops 1.6.1
community.vmware 3.4.0
community.windows 1.12.0
community.zabbix 1.9.2
containers.podman 1.10.1
cyberark.conjur 1.2.0
cyberark.pas 1.0.17
dellemc.enterprise_sonic 2.0.0
dellemc.openmanage 6.3.0
dellemc.os10 1.1.1
dellemc.os6 1.0.7
dellemc.os9 1.0.4
dellemc.powerflex 1.5.0
dellemc.unity 1.5.0
f5networks.f5_modules 1.22.1
fortinet.fortimanager 2.1.7
fortinet.fortios 2.2.2
frr.frr 2.0.0
gluster.gluster 1.0.2
google.cloud 1.1.2
grafana.grafana 1.1.1
hetzner.hcloud 1.10.0
hpe.nimble 1.1.4
ibm.qradar 2.1.0
ibm.spectrum_virtualize 1.11.0
infinidat.infinibox 1.3.12
infoblox.nios_modules 1.4.1
inspur.ispim 1.3.0
inspur.sm 2.3.0
junipernetworks.junos 4.1.0
kubernetes.core 2.4.0
lowlydba.sqlserver 1.3.1
mellanox.onyx 1.0.0
netapp.aws 21.7.0
netapp.azure 21.10.0
netapp.cloudmanager 21.22.0
netapp.elementsw 21.7.0
netapp.ontap 22.3.0
netapp.storagegrid 21.11.1
netapp.um_info 21.8.0
netapp_eseries.santricity 1.4.0
netbox.netbox 3.11.0
ngine_io.cloudstack 2.3.0
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.3
openstack.cloud 1.10.0
openvswitch.openvswitch 2.1.0
ovirt.ovirt 2.4.1
purestorage.flasharray 1.17.0
purestorage.flashblade 1.10.0
purestorage.fusion 1.3.0
sensu.sensu_go 1.13.2
splunk.es 2.1.0
t_systems_mms.icinga_director 1.32.0
theforeman.foreman 3.9.0
vmware.vmware_rest 2.2.0
vultr.cloud 1.7.0
vyos.vyos 4.0.0
wti.remote 1.0.4
# /home/luna/.ansible/collections/ansible_collections
Collection Version
------------------------------ -------
ansible.posix 1.5.2
freeipa.ansible_freeipa 1.10.0
middleware_automation.common 1.0.2
middleware_automation.keycloak 1.2.1
1: Make playbook
2: Run playbook
3: Go to server in browser, click on administration console
- name: Install Keycloak
hosts: all
vars:
keycloak_admin_password: [redacted]
roles:
- middleware_automation.keycloak.keycloak
When I go to the browser, I should be able to access the administrator console using the servers hostname.
The page redirects to localhost:
I have tried setting keycloak_host, at which point the playbook hangs waiting for health to come online:
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (25 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (24 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (23 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (22 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (21 retries left).
FAILED - RETRYING: [msh-keyc-1.serv.missinghell.internal]: Wait until keycloak becomes active http://msh-keyc-1.serv.missinghell.internal:9990/health (20 retries left).
I ended the output there for brevity but eventually the playbook fails.
Do I need a reverse proxy or something, or am I making a configuration mistake? From the README it sounds like what I'm doing is normal but for some reason it isn't working how I expected.
keycloak_frontend_url property is currently defaulting for the installed keycloak app to be behind a reverse proxy. Without setting this property value explicitly in the ansible playbook, only api requests are able to communicate with the app but not the browsers
ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/kakella/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Sep 9 2021, 07:49:02) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
1.0.0
execute the following command
ansible-playbook -become -i ../inventory updated.yml -K
- name: Playbook for Keycloak Hosts
hosts: keycloak
collections:
- middleware_automation.keycloak
tasks:
- name: Include keycloak role
ansible.builtin.include_role:
name: middleware_automation.keycloak.keycloak
vars:
keycloak_admin_password: "changeme"
We expect the keycloak application to work without issue when accessed from the browser after running the playbook and verifying the keycloak service is up and running
We are getting ERR_CONNECTION_REFUSED from the browser when we access any url's which have redirects.
Once we add the below var in the vars section of the playbook, it runs without issue.
keycloak_frontend_url: http://localhost:8080/auth
Re-executing the keycloak_realm role with renamed roles does not reassign users to new role names. Also renamed roles are not purged.
ansible [core 2.13.3]
1.1.0
Execute with following:
- include_role:
name: sso_realm
apply:
delegate_to: "{{ ansible_play_hosts | first }}"
run_once: true
vars:
sso_admin_password: "{{ admin_pass }}"
sso_realm: addressbook
sso_clients:
- name: addressbook
client_id: addressbook
roles:
- admin
- user
realm: addressbook
public_client: False
web_origins: '+'
users:
- username: flangeadmin
email: [email protected]
firstName: Flange
lastName: Admin
password: password
client_roles:
- client: addressbook
role: admin
realm: addressbook
- client: addressbook
role: user
realm: addressbook
- username: flangeuser
email: [email protected]
firstName: Flange
lastName: User
password: password
client_roles:
- client: addressbook
role: user
realm: addressbook
then execute again with:
- include_role:
name: sso_realm
apply:
delegate_to: "{{ ansible_play_hosts | first }}"
run_once: true
vars:
sso_admin_password: "{{ admin_pass }}"
sso_realm: addressbook
sso_clients:
- name: addressbook
client_id: addressbook
roles:
- flangeadmin
- flangeuser
realm: addressbook
public_client: False
web_origins: '+'
users:
- username: flangeadmin
email: [email protected]
firstName: Flange
lastName: Admin
password: password
client_roles:
- client: addressbook
role: flangeadmin
realm: addressbook
- client: addressbook
role: flangeuser
realm: addressbook
- username: flangeuser
email: [email protected]
firstName: Flange
lastName: User
password: password
client_roles:
- client: addressbook
role: flangeuser
realm: addressbook
ie. rename the roles admin->flangeadmin user->flangeuser and reassign flangeadmin user to flangeadmin role (same for flangeuser)
flangeadmin has roles [ flangeadmin, flangeuser]
flangeuser has role [ flangeuser ]
roles admin and user are purged
flangeadmin has roles [ admin, user]
flangeuser has role [ user ]
Templating of configuration xml cannot cover everything, so allow to pass a custom template to the role (completely bypassing internal templating). Of course passing a preconfigured configuration means there is no guarantee variables for the role and what is in the template matches, the documentation must clearly state that.
When provisioning a Keycloak client, sometimes attributes need to be set. The keycloak_realm
role fails to pass attributes
to the keycloak_client
plugin.
ansible [core 2.14.1]
config file = None
configured module search path = ['/home/***/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/***/.local/lib/python3.11/site-packages/ansible
ansible collection location = /home/***/.ansible/collections:/usr/share/ansible/collections
executable location = /home/***/.local/bin/ansible
python version = 3.11.2 (main, Feb 8 2023, 00:00:00) [GCC 12.2.1 20221121 (Red Hat 12.2.1-4)] (/usr/bin/python3)
jinja version = 3.0.3
libyaml = True
[a very long list; if you really need it, let me know]
- name: Create Realm
include_role:
name: middleware_automation.keycloak.keycloak_realm
vars:
keycloak_realm: "{{ keycloak_realm }}"
keycloak_host: localhost
keycloak_admin_user: "{{ keycloak_quarkus_admin_user }}"
keycloak_admin_password: "{{ keycloak_quarkus_admin_pass }}"
keycloak_clients:
- name: "Public Client"
realm: "{{ keycloak_realm }}"
client_id: Client-public
public_client: True
web_origins: '+'
root_url: "https://{{ keycloak_public_fqhn }}"
base_url: /
redirect_uris:
- "https://{{ keycloak_public_fqhn }}/*"
attributes:
post.logout.redirect.uris: "{{ keycloak_logout_uri }}"
[Where keycloak_logout_uri
could be '+'
to allow all valid redirect uris, or a specific value '/public/logout'
, or multiple values (since it is a list in the admin UI) as '/somewhere/logout1##/somewhereElse/logout2'
โ yes, really, separated by two #
๐บ ]
That the Valid post logout redirect URIs would have been set in this realm's client.
The attributes weren't set at all, as the attributes aren't passed down. The problem can be fixed simply with:
diff --git a/roles/keycloak_realm/tasks/main.yml b/roles/keycloak_realm/tasks/main.yml
index 9233080..c137270 100644
--- a/roles/keycloak_realm/tasks/main.yml
+++ b/roles/keycloak_realm/tasks/main.yml
@@ -90,6 +90,7 @@
service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}"
public_client: "{{ item.public_client | default(False) }}"
protocol: "{{ item.protocol | default(omit) }}"
+ attributes: "{{ item.attributes | default(omit) }}"
state: present
no_log: "{{ keycloak_no_log | default('True') }}"
register: create_client_result
I have installed keycloak with Quarkus as follows:
ansible-playbook -i host.ini playbooks/keycloak_quarkus.yml -e keycloak_quarkus_admin_pass=Password1234 --ask-become-pass
When the installation completes, it fails to start the keycloak server:
TASK [middleware_automation.keycloak.keycloak_quarkus : Wait until keycloak becomes active http://localhost:8443:8080/realms/master/.well-known/openid-configuration] ***
FAILED - RETRYING: [localhost]: Wait until keycloak becomes active http://localhost:8443:8080/realms/master/.well-known/openid-configuration (25 retries left).
I've also tried starting the server from /opt/keycloak with the 'keycloak' user but it does not start and no information is logged:
[keycloak@fedora bin]$ ./kc.sh start-dev
Updating the configuration and installing your custom providers, if any. Please wait.
ansible --version
ansible [core 2.13.5]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/francesco/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/francesco/.local/lib/python3.10/site-packages/ansible
ansible collection location = /home/francesco/.ansible/collections:/usr/share/ansible/collections
executable location = /home/francesco/.local/bin/ansible
python version = 3.10.8 (main, Nov 14 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-3)]
jinja version = 3.1.2
libyaml = True
ansible-galaxy collection list
# /home/francesco/.ansible/collections/ansible_collections
Collection Version
------------------------------ -------
ansible.posix 1.5.4
middleware_automation.common 1.1.2
middleware_automation.keycloak 1.2.8
# /home/francesco/.local/lib/python3.10/site-packages/ansible_collections
Collection Version
----------------------------- -------
amazon.aws 3.5.0
ansible.netcommon 3.1.3
ansible.posix 1.4.0
ansible.utils 2.6.1
ansible.windows 1.11.1
arista.eos 5.0.1
awx.awx 21.7.0
azure.azcollection 1.13.0
check_point.mgmt 2.3.0
chocolatey.chocolatey 1.3.1
cisco.aci 2.2.0
cisco.asa 3.1.0
cisco.dnac 6.6.0
cisco.intersight 1.0.19
cisco.ios 3.3.2
cisco.iosxr 3.3.1
cisco.ise 2.5.5
cisco.meraki 2.11.0
cisco.mso 2.0.0
cisco.nso 1.0.3
cisco.nxos 3.2.0
cisco.ucs 1.8.0
cloud.common 2.1.2
cloudscale_ch.cloud 2.2.2
community.aws 3.6.0
community.azure 1.1.0
community.ciscosmb 1.0.5
community.crypto 2.7.0
community.digitalocean 1.22.0
community.dns 2.3.3
community.docker 2.7.1
community.fortios 1.0.0
community.general 5.7.0
community.google 1.0.0
community.grafana 1.5.3
community.hashi_vault 3.3.1
community.hrobot 1.5.2
community.libvirt 1.2.0
community.mongodb 1.4.2
community.mysql 3.5.1
community.network 4.0.1
community.okd 2.2.0
community.postgresql 2.2.0
community.proxysql 1.4.0
community.rabbitmq 1.2.2
community.routeros 2.3.0
community.sap 1.0.0
community.sap_libs 1.3.0
community.skydive 1.0.0
community.sops 1.4.1
community.vmware 2.10.0
community.windows 1.11.0
community.zabbix 1.8.0
containers.podman 1.9.4
cyberark.conjur 1.2.0
cyberark.pas 1.0.14
dellemc.enterprise_sonic 1.1.2
dellemc.openmanage 5.5.0
dellemc.os10 1.1.1
dellemc.os6 1.0.7
dellemc.os9 1.0.4
f5networks.f5_modules 1.20.0
fortinet.fortimanager 2.1.5
fortinet.fortios 2.1.7
frr.frr 2.0.0
gluster.gluster 1.0.2
google.cloud 1.0.2
hetzner.hcloud 1.8.2
hpe.nimble 1.1.4
ibm.qradar 2.1.0
ibm.spectrum_virtualize 1.10.0
infinidat.infinibox 1.3.3
infoblox.nios_modules 1.4.0
inspur.ispim 1.1.0
inspur.sm 2.2.0
junipernetworks.junos 3.1.0
kubernetes.core 2.3.2
mellanox.onyx 1.0.0
netapp.aws 21.7.0
netapp.azure 21.10.0
netapp.cloudmanager 21.20.1
netapp.elementsw 21.7.0
netapp.ontap 21.24.1
netapp.storagegrid 21.11.1
netapp.um_info 21.8.0
netapp_eseries.santricity 1.3.1
netbox.netbox 3.8.0
ngine_io.cloudstack 2.2.4
ngine_io.exoscale 1.0.0
ngine_io.vultr 1.1.2
openstack.cloud 1.10.0
openvswitch.openvswitch 2.1.0
ovirt.ovirt 2.2.3
purestorage.flasharray 1.14.0
purestorage.flashblade 1.10.0
purestorage.fusion 1.1.1
sensu.sensu_go 1.13.1
servicenow.servicenow 1.0.6
splunk.es 2.1.0
t_systems_mms.icinga_director 1.31.0
theforeman.foreman 3.7.0
vmware.vmware_rest 2.2.0
vultr.cloud 1.1.0
vyos.vyos 3.0.1
wti.remote 1.0.4
Using the following host.ini
[keycloak]
localhost ansible_connection=local
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.