diff --git a/templates/config.cli.erb b/templates/config.cli.erb index f794401..e8e5308 100644 --- a/templates/config.cli.erb +++ b/templates/config.cli.erb @@ -1,284 +1,218 @@ <% if scope['keycloak::operating_mode'] == 'standalone'-%> embed-server +<% @prefix=''-%> <% elsif scope['keycloak::operating_mode'] == 'clustered'-%> embed-server --server-config=standalone-ha.xml +<% @prefix=''-%> <% else -%> embed-host-controller +<% @prefix='/profile=auth-server-clustered'-%> <% end -%> -<% if scope['keycloak::operating_mode'] == 'domain' -%> -if (outcome == success) of /host=master/server-config=load-balancer:read-resource -/host=master/server-config=load-balancer:remove -end-if -if (outcome == success) of /server-group=load-balancer-group:read-resource -/server-group=load-balancer-group:remove -end-if -if (outcome == success) of /profile=load-balancer:read-resource -/profile=load-balancer:remove -end-if -if (outcome == success) of /socket-binding-group=load-balancer-sockets:read-resource -/socket-binding-group=load-balancer-sockets:remove -end-if -if (outcome != success) of /socket-binding-group=ha-sockets/socket-binding=proxy-https:read-resource -/socket-binding-group=ha-sockets/socket-binding=proxy-https:add(port=443) -end-if -<% end -%> - +<%- # https proxying -%> <%- if scope['keycloak::proxy_https'] -%> -<%- if scope['keycloak::operating_mode'] != 'domain' -%> -if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/http-listener=default:read-resource -/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true) +if (result.proxy-address-forwarding != true) of <%= @prefix -%>/subsystem=undertow/server=default-server/http-listener=default:read-resource +<%= @prefix -%>/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true) end-if -if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/https-listener=https:read-resource -/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=proxy-address-forwarding,value=true) +if (result.proxy-address-forwarding != true) of <%= @prefix -%>/subsystem=undertow/server=default-server/https-listener=https:read-resource +<%= @prefix -%>/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=proxy-address-forwarding,value=true) end-if -if (outcome != success) of /socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource -/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443) +if (outcome != success) of <%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource +<%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443) end-if -if (result.redirect-socket != proxy-https) of /subsystem=undertow/server=default-server/http-listener=default:read-resource -/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https) +if (result.redirect-socket != proxy-https) of <%= @prefix -%>/subsystem=undertow/server=default-server/http-listener=default:read-resource +<%= @prefix -%>/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https) end-if -<%- else -%><%- # is domain -%> -if (result.proxy-address-forwarding != true) of /profile=auth-server-clustered/subsystem=undertow/server=default-server/http-listener=default:read-resource -/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true) -end-if -if (result.proxy-address-forwarding != true) of /profile=auth-server-clustered/subsystem=undertow/server=default-server/http-listener=default:read-resource -/profile=auth-server-clustered/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true) -end-if -if (outcome != success) of /socket-binding-group=ha-sockets/socket-binding=proxy-https:read-resource -/socket-binding-group=ha-sockets/socket-binding=proxy-https:add(port=443) -end-if -if (result.redirect-socket != proxy-https) of /profile=auth-server-clustered/subsystem=undertow/server=default-server/http-listener=default:read-resource -/profile=auth-server-clustered/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https) -end-if -<%- end -%><%- # end not domain -%> -<%- end -%><%- # end proxy_https -%> +<%- end -%> -<%- if scope['keycloak::operating_mode'] != 'domain' -%> -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=<%= scope['keycloak::datasource_driver'] %>) -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="<%= scope['keycloak::datasource_connection_url'] %>") -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS) -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=<%= scope['keycloak::datasource_username'] %>) -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=<%= scope['keycloak::datasource_password'] %>) +<%- # datasources -%> +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=<%= scope['keycloak::datasource_driver'] %>) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="<%= scope['keycloak::datasource_connection_url'] %>") +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=<%= scope['keycloak::datasource_username'] %>) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=<%= scope['keycloak::datasource_password'] %>) <%- if scope['keycloak::datasource_driver'] == 'mysql' -%> -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true) -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1") -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000) -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1") +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections) try -/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=<%= scope['keycloak::mysql_datasource_class'] %>) +<%= @prefix -%>/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=<%= scope['keycloak::mysql_datasource_class'] %>) catch -/subsystem=datasources/jdbc-driver=mysql:remove -/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=<%= scope['keycloak::mysql_datasource_class'] %>) +<%= @prefix -%>/subsystem=datasources/jdbc-driver=mysql:remove +<%= @prefix -%>/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=<%= scope['keycloak::mysql_datasource_class'] %>) end-try <%- elsif scope['keycloak::datasource_driver'] == 'h2' -%> /subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation) /subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=check-valid-connection-sql) /subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation-millis) /subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=flush-strategy) <%- elsif scope['keycloak::datasource_driver'] == 'oracle' -%> -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true) -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1 FROM DUAL") -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000) -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1 FROM DUAL") +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections) try -/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource) +<%= @prefix -%>/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource) catch -/subsystem=datasources/jdbc-driver=oracle:remove -/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource) +<%= @prefix -%>/subsystem=datasources/jdbc-driver=oracle:remove +<%= @prefix -%>/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource) end-try <%- elsif scope['keycloak::datasource_driver'] == 'postgresql' -%> -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true) -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1") -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000) -/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections) -try -/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource) -catch -/subsystem=datasources/jdbc-driver=postgresql:remove -/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource) -end-try -<%- end -%><%- # datasource drivers -%> - -<%- else -%><%- # is domain mode -%> -/profile=auth-server-clustered/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=<%= scope['keycloak::datasource_driver'] %>) -/profile=auth-server-clustered/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="<%= scope['keycloak::datasource_connection_url'] %>") -/profile=auth-server-clustered/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS) -/profile=auth-server-clustered/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=<%= scope['keycloak::datasource_username'] %>) -/profile=auth-server-clustered/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=<%= scope['keycloak::datasource_password'] %>) -/profile=auth-server-clustered/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true) -/profile=auth-server-clustered/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1") -/profile=auth-server-clustered/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000) -/profile=auth-server-clustered/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1") +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000) +<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections) try -/profile=auth-server-clustered/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource) +<%= @prefix -%>/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource) catch -/profile=auth-server-clustered/subsystem=datasources/jdbc-driver=postgresql:remove -/profile=auth-server-clustered/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource) +<%= @prefix -%>/subsystem=datasources/jdbc-driver=postgresql:remove +<%= @prefix -%>/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource) end-try <%- end -%> -<%- if scope['keycloak::operating_mode'] != 'domain' -%> +<%- # truststore -%> <%- if scope['keycloak::truststore'] -%> -if (outcome != success) of /subsystem=keycloak-server/spi=truststore:read-resource -/subsystem=keycloak-server/spi=truststore/:add -/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true) +if (outcome != success) of <%= @prefix -%>/subsystem=keycloak-server/spi=truststore:read-resource +<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/:add +<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true) end-if -/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= scope['keycloak::install_base'] %>/standalone/configuration/truststore.jks) -/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=password,value=<%= scope['keycloak::truststore_password'] %>) -/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=hostname-verification-policy,value=<%= scope['keycloak::truststore_hostname_verification_policy'] %>) -/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=disabled,value=false) +<% if scope['keycloak::operating_mode'] == 'domain'-%> +<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= scope['keycloak::install_base'] %>/domain/configuration/truststore.jks) +<% else -%> +<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= scope['keycloak::install_base'] %>/standalone/configuration/truststore.jks) +<% end -%> +<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=password,value=<%= scope['keycloak::truststore_password'] %>) +<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=hostname-verification-policy,value=<%= scope['keycloak::truststore_hostname_verification_policy'] %>) +<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=disabled,value=false) <%- else -%> -if (outcome == success) of /subsystem=keycloak-server/spi=truststore:read-resource -/subsystem=keycloak-server/spi=truststore/:remove +if (outcome == success) of <%= @prefix -%>/subsystem=keycloak-server/spi=truststore:read-resource +<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/:remove end-if -<%- end -%><%- # end keystore -%> -<%- end -%><%- # end is not domain -%> +<%- end -%> -<%- if scope['keycloak::operating_mode'] == 'domain' -%> -<%- if scope['keycloak::truststore'] -%> -if (outcome != success) of /profile=auth-server-clustered/subsystem=keycloak-server/spi=truststore:read-resource -/profile=auth-server-clustered/subsystem=keycloak-server/spi=truststore/:add -/profile=auth-server-clustered/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true) -end-if -/profile=auth-server-clustered/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= scope['keycloak::install_base'] %>/standalone/configuration/truststore.jks) -/profile=auth-server-clustered/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=password,value=<%= scope['keycloak::truststore_password'] %>) -/profile=auth-server-clustered/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=hostname-verification-policy,value=<%= scope['keycloak::truststore_hostname_verification_policy'] %>) -/profile=auth-server-clustered/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=disabled,value=false) -<% else -%> -if (outcome == success) of /profile=auth-server-clustered/subsystem=keycloak-server/spi=truststore:read-resource -/profile=auth-server-clustered/subsystem=keycloak-server/spi=truststore/:remove -end-if -<% end -%><%- # end keystore -%> -<% end -%><%- # end is not domain -%> +<%- # theming -%> +<%= @prefix -%>/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=<%= scope['keycloak::theme_static_max_age'] %>) +<%= @prefix -%>/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=<%= scope['keycloak::theme_cache_themes'] %>) +<%= @prefix -%>/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=<%= scope['keycloak::theme_cache_templates'] %>) + +<%- # deployment scanner is not compatible with domain mode -%> +<% if scope['keycloak::operating_mode'] != 'domain'-%> +<%= @prefix -%>/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-exploded",value=<%= scope['keycloak::auto_deploy_exploded'] %>) +<%= @prefix -%>/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-zipped",value=<%= scope['keycloak::auto_deploy_zipped'] %>) +<% end -%> -<%- if scope['keycloak::operating_mode'] != 'domain' -%> -/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=<%= scope['keycloak::theme_static_max_age'] %>) -/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=<%= scope['keycloak::theme_cache_themes'] %>) -/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=<%= scope['keycloak::theme_cache_templates'] %>) -/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-exploded",value=<%= scope['keycloak::auto_deploy_exploded'] %>) -/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-zipped",value=<%= scope['keycloak::auto_deploy_zipped'] %>) -try -/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= scope['keycloak::user_cache']%>) -catch -/subsystem=keycloak-server/spi=userCache/provider=default/:remove -/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= scope['keycloak::user_cache']%>) -end-try -<% else -%><%- # is domain -%> -/profile=auth-server-clustered/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=<%= scope['keycloak::theme_static_max_age'] %>) -/profile=auth-server-clustered/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=<%= scope['keycloak::theme_cache_themes'] %>) -/profile=auth-server-clustered/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=<%= scope['keycloak::theme_cache_templates'] %>) try -/profile=auth-server-clustered/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= scope['keycloak::user_cache']%>) +<%= @prefix -%>/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= scope['keycloak::user_cache']%>) catch -/profile=auth-server-clustered/subsystem=keycloak-server/spi=userCache/provider=default/:remove -/profile=auth-server-clustered/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= scope['keycloak::user_cache']%>) +<%= @prefix -%>/subsystem=keycloak-server/spi=userCache/provider=default/:remove +<%= @prefix -%>/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= scope['keycloak::user_cache']%>) end-try -<% end -%> -<%- if scope['keycloak::operating_mode'] == 'clustered' && scope['keycloak::enable_jdbc_ping'] -%> -if (outcome != success) of /subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource +<%- # JDBC_PING & remove udp stack -%> +<%- if scope['keycloak::operating_mode'] != 'standalone' && scope['keycloak::enable_jdbc_ping'] -%> +if (outcome != success) of <%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource <%- if scope['keycloak::datasource_driver'] == 'postgresql' -%> -/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"]) +<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"]) <%- end -%> <%- if scope['keycloak::datasource_driver'] == 'mysql' -%> -/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, ping_data varbinary(5000) DEFAULT NULL, PRIMARY KEY (own_addr, cluster_name)) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin"]) +<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, ping_data varbinary(5000) DEFAULT NULL, PRIMARY KEY (own_addr, cluster_name)) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin"]) <%- end -%> end-if -if (outcome == success) of /subsystem=jgroups/stack=tcp/protocol=MPING:read-resource -/subsystem=jgroups/stack=tcp/protocol=MPING: remove() +if (outcome == success) of <%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=MPING:read-resource +<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=MPING: remove() end-if -if (outcome == success) of /subsystem=jgroups/stack=tcp/protocol=pbcast.GMS:read-resource -/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: remove() -/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: add(properties=[join_timeout=30000, print_local_addr=true, print_physical_addrs=true]) +if (outcome == success) of <%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS:read-resource +<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: remove() +<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: add(properties=[join_timeout=30000, print_local_addr=true, print_physical_addrs=true]) end-if -if (outcome != success) of /subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource +if (outcome != success) of <%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource end-if -/subsystem=jgroups/channel=ee:write-attribute(name=stack, value="tcp") -if (outcome == success) of /subsystem=jgroups/stack=udp:read-resource -/subsystem=jgroups/stack=udp: remove() +<%= @prefix -%>/subsystem=jgroups/channel=ee:write-attribute(name=stack, value="tcp") +if (outcome == success) of <%= @prefix -%>/subsystem=jgroups/stack=udp:read-resource +<%= @prefix -%>/subsystem=jgroups/stack=udp: remove() end-if -if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp:read-resource -/socket-binding-group=standard-sockets/socket-binding=jgroups-udp:remove() +if (outcome == success) of <%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-udp:read-resource +<%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-udp:remove() end-if -if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-mping:read-resource -/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:remove() +if (outcome == success) of <%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:read-resource +<%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:remove() end-if +<%- if scope['keycloak::operating_mode'] != 'domain' -%> /interface=private:write-attribute(name=inet-address, value=${jboss.bind.address.private:<%= scope['keycloak::jboss_bind_private_address'] %>}) /interface=public:write-attribute(name=inet-address, value=${jboss.bind.address:<%= scope['keycloak::jboss_bind_public_address'] %>}) <%- end -%> - -<%- if scope['keycloak::operating_mode'] == 'domain' && scope['keycloak::enable_jdbc_ping'] -%> -if (outcome != success) of /profile=auth-server-clustered/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource -<%- if scope['keycloak::datasource_driver'] == 'postgresql' -%> -/profile=auth-server-clustered/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"]) <%- end -%> -<%- if scope['keycloak::datasource_driver'] == 'mysql' -%> -/profile=auth-server-clustered/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, ping_data varbinary(5000) DEFAULT NULL, PRIMARY KEY (own_addr, cluster_name)) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin"]) -<%- end -%> -end-if -if (outcome == success) of /profile=auth-server-clustered/subsystem=jgroups/stack=tcp/protocol=MPING:read-resource -/profile=auth-server-clustered/subsystem=jgroups/stack=tcp/protocol=MPING: remove() -end-if -if (outcome == success) of /profile=auth-server-clustered/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS:read-resource -/profile=auth-server-clustered/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: remove() -/profile=auth-server-clustered/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: add(properties=[join_timeout=30000, print_local_addr=true, print_physical_addrs=true]) + +<%- # domain mode specific things -%> +<% if scope['keycloak::operating_mode'] == 'domain' -%> + +<%- # remove load balancer -%> +if (outcome == success) of /host=master/server-config=load-balancer:read-resource +/host=master/server-config=load-balancer:remove end-if -if (outcome != success) of /profile=auth-server-clustered/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource +if (outcome == success) of /server-group=load-balancer-group:read-resource +/server-group=load-balancer-group:remove end-if -/profile=auth-server-clustered/subsystem=jgroups/channel=ee:write-attribute(name=stack, value="tcp") -if (outcome == success) of /profile=auth-server-clustered/subsystem=jgroups/stack=udp:read-resource -/profile=auth-server-clustered/subsystem=jgroups/stack=udp: remove() +if (outcome == success) of /profile=load-balancer:read-resource +/profile=load-balancer:remove end-if -if (outcome == success) of /profile=auth-server-clustered/socket-binding-group=standard-sockets/socket-binding=jgroups-udp:read-resource -/profile=auth-server-clustered/socket-binding-group=standard-sockets/socket-binding=jgroups-udp:remove() +if (outcome == success) of /socket-binding-group=load-balancer-sockets:read-resource +/socket-binding-group=load-balancer-sockets:remove end-if -if (outcome == success) of /profile=auth-server-clustered/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:read-resource -/profile=auth-server-clustered/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:remove() + +<%- # ensure proxying for ha sockets -%> +if (outcome != success) of /socket-binding-group=ha-sockets/socket-binding=proxy-https:read-resource +/socket-binding-group=ha-sockets/socket-binding=proxy-https:add(port=443) end-if -/interface=private:write-attribute(name=inet-address, value=${jboss.bind.address.private:<%= scope['keycloak::jboss_bind_private_address'] %>}) -/interface=public:write-attribute(name=inet-address, value=${jboss.bind.address:<%= scope['keycloak::jboss_bind_public_address'] %>}) -<%- end -%> -<%- if scope['keycloak::operating_mode'] == 'domain' -%> +<%- # caches -%> +<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2}) +<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2}) +<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2}) +<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2}) +<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2}) +<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS:2}) +<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=owners, value=${env.CACHE_OWNERS:2}) + +<%- # take control of the interfaces -%> if (outcome != success) of /interface=management:read-resource() /interface=management:add() end-if if (result != undefined) of /interface=management:read-attribute(name=inet-address) /interface=management:write-attribute(name=inet-address, value=undefined) end-if if (outcome != success) of /interface=private:read-resource() /interface=private:add() end-if if (result != undefined) of /interface=private:read-attribute(name=inet-address) /interface=private:write-attribute(name=inet-address, value=undefined) end-if if (outcome != success) of /interface=public:read-resource() /interface=public:add() end-if if (result != undefined) of /interface=public:read-attribute(name=inet-address) /interface=public:write-attribute(name=inet-address, value=undefined) end-if if (result != public) of /socket-binding-group=ha-sockets:read-attribute(name=default-interface) /socket-binding-group=ha-sockets:write-attribute(name=default-interface, value=public) end-if if (result != defined) of /socket-binding-group=ha-sockets/socket-binding=ajp:read-attribute(name=interface) /socket-binding-group=ha-sockets/socket-binding=ajp:write-attribute(name=interface, value=undefined) end-if if (result != defined) of /socket-binding-group=ha-sockets/socket-binding=http:read-attribute(name=interface) /socket-binding-group=ha-sockets/socket-binding=http:write-attribute(name=interface, value=undefined) end-if if (result != defined) of /socket-binding-group=ha-sockets/socket-binding=https:read-attribute(name=interface) /socket-binding-group=ha-sockets/socket-binding=https:write-attribute(name=interface, value=undefined) end-if if (result != management) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp:read-attribute(name=interface) /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp:write-attribute(name=interface,value=management) end-if -if (result != java:jboss/datasources/KeycloakDS) of /profile=auth-server-clustered/subsystem=ee/service=default-bindings:read-attribute(name=datasource) -/profile=auth-server-clustered/subsystem=ee/service=default-bindings:write-attribute(name=datasource,value=java:jboss/datasources/KeycloakDS) -end-if -<% end -%> -<% if scope['keycloak::operating_mode'] == 'domain' -%> +<%- # ensure datasource for ee default bindings is correct -%> +if (result != java:jboss/datasources/KeycloakDS) of <%= @prefix -%>/subsystem=ee/service=default-bindings:read-attribute(name=datasource) +<%= @prefix -%>/subsystem=ee/service=default-bindings:write-attribute(name=datasource,value=java:jboss/datasources/KeycloakDS) +end-if stop-embedded-host-controller <% end -%>