Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F8392979
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
15 KB
Subscribers
None
View Options
diff --git a/templates/config.cli.erb b/templates/config.cli.erb
index e8e5308..709d215 100644
--- a/templates/config.cli.erb
+++ b/templates/config.cli.erb
@@ -1,218 +1,210 @@
<% if scope['keycloak::operating_mode'] == 'standalone'-%>
embed-server
-<% @prefix=''-%>
-<% elsif scope['keycloak::operating_mode'] == 'clustered'-%>
+<%- @prefix=''-%>
+<%- elsif scope['keycloak::operating_mode'] == 'clustered'-%>
embed-server --server-config=standalone-ha.xml
-<% @prefix=''-%>
+<%- @prefix=''-%>
<% else -%>
embed-host-controller
-<% @prefix='/profile=auth-server-clustered'-%>
+<%- @prefix='/profile=auth-server-clustered'-%>
<% end -%>
-
<%- # https proxying -%>
-<%- if scope['keycloak::proxy_https'] -%>
+<%- if scope['keycloak::proxy_https'] -%>
if (result.proxy-address-forwarding != true) of <%= @prefix -%>/subsystem=undertow/server=default-server/http-listener=default:read-resource
<%= @prefix -%>/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (result.proxy-address-forwarding != true) of <%= @prefix -%>/subsystem=undertow/server=default-server/https-listener=https:read-resource
<%= @prefix -%>/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (outcome != success) of <%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource
<%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)
end-if
if (result.redirect-socket != proxy-https) of <%= @prefix -%>/subsystem=undertow/server=default-server/http-listener=default:read-resource
<%= @prefix -%>/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)
end-if
<%- end -%>
-
<%- # datasources -%>
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=<%= scope['keycloak::datasource_driver'] %>)
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="<%= scope['keycloak::datasource_connection_url'] %>")
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS)
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=<%= scope['keycloak::datasource_username'] %>)
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=<%= scope['keycloak::datasource_password'] %>)
<%- if scope['keycloak::datasource_driver'] == 'mysql' -%>
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
try
<%= @prefix -%>/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=<%= scope['keycloak::mysql_datasource_class'] %>)
catch
<%= @prefix -%>/subsystem=datasources/jdbc-driver=mysql:remove
<%= @prefix -%>/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=<%= scope['keycloak::mysql_datasource_class'] %>)
end-try
<%- elsif scope['keycloak::datasource_driver'] == 'h2' -%>
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation)
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=check-valid-connection-sql)
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation-millis)
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=flush-strategy)
<%- elsif scope['keycloak::datasource_driver'] == 'oracle' -%>
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1 FROM DUAL")
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
try
<%= @prefix -%>/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource)
catch
<%= @prefix -%>/subsystem=datasources/jdbc-driver=oracle:remove
<%= @prefix -%>/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource)
end-try
<%- elsif scope['keycloak::datasource_driver'] == 'postgresql' -%>
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
<%= @prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
try
<%= @prefix -%>/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
catch
<%= @prefix -%>/subsystem=datasources/jdbc-driver=postgresql:remove
<%= @prefix -%>/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
end-try
<%- end -%>
-
<%- # truststore -%>
<%- if scope['keycloak::truststore'] -%>
if (outcome != success) of <%= @prefix -%>/subsystem=keycloak-server/spi=truststore:read-resource
<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/:add
<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true)
end-if
<% if scope['keycloak::operating_mode'] == 'domain'-%>
<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= scope['keycloak::install_base'] %>/domain/configuration/truststore.jks)
<% else -%>
<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= scope['keycloak::install_base'] %>/standalone/configuration/truststore.jks)
<% end -%>
<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=password,value=<%= scope['keycloak::truststore_password'] %>)
<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=hostname-verification-policy,value=<%= scope['keycloak::truststore_hostname_verification_policy'] %>)
<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=disabled,value=false)
<%- else -%>
if (outcome == success) of <%= @prefix -%>/subsystem=keycloak-server/spi=truststore:read-resource
<%= @prefix -%>/subsystem=keycloak-server/spi=truststore/:remove
end-if
<%- end -%>
-
<%- # theming -%>
<%= @prefix -%>/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=<%= scope['keycloak::theme_static_max_age'] %>)
<%= @prefix -%>/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=<%= scope['keycloak::theme_cache_themes'] %>)
<%= @prefix -%>/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=<%= scope['keycloak::theme_cache_templates'] %>)
-
<%- # deployment scanner is not compatible with domain mode -%>
<% if scope['keycloak::operating_mode'] != 'domain'-%>
<%= @prefix -%>/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-exploded",value=<%= scope['keycloak::auto_deploy_exploded'] %>)
<%= @prefix -%>/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-zipped",value=<%= scope['keycloak::auto_deploy_zipped'] %>)
<% end -%>
-
try
<%= @prefix -%>/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= scope['keycloak::user_cache']%>)
catch
<%= @prefix -%>/subsystem=keycloak-server/spi=userCache/provider=default/:remove
<%= @prefix -%>/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= scope['keycloak::user_cache']%>)
end-try
-
<%- # JDBC_PING & remove udp stack -%>
<%- if scope['keycloak::operating_mode'] != 'standalone' && scope['keycloak::enable_jdbc_ping'] -%>
if (outcome != success) of <%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource
<%- if scope['keycloak::datasource_driver'] == 'postgresql' -%>
<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"])
<%- end -%>
<%- if scope['keycloak::datasource_driver'] == 'mysql' -%>
<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, ping_data varbinary(5000) DEFAULT NULL, PRIMARY KEY (own_addr, cluster_name)) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin"])
<%- end -%>
end-if
if (outcome == success) of <%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=MPING:read-resource
<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=MPING: remove()
end-if
if (outcome == success) of <%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS:read-resource
<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: remove()
<%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: add(properties=[join_timeout=30000, print_local_addr=true, print_physical_addrs=true])
end-if
if (outcome != success) of <%= @prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource
end-if
<%= @prefix -%>/subsystem=jgroups/channel=ee:write-attribute(name=stack, value="tcp")
if (outcome == success) of <%= @prefix -%>/subsystem=jgroups/stack=udp:read-resource
<%= @prefix -%>/subsystem=jgroups/stack=udp: remove()
end-if
if (outcome == success) of <%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-udp:read-resource
<%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-udp:remove()
end-if
if (outcome == success) of <%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:read-resource
<%= @prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:remove()
end-if
<%- if scope['keycloak::operating_mode'] != 'domain' -%>
/interface=private:write-attribute(name=inet-address, value=${jboss.bind.address.private:<%= scope['keycloak::jboss_bind_private_address'] %>})
/interface=public:write-attribute(name=inet-address, value=${jboss.bind.address:<%= scope['keycloak::jboss_bind_public_address'] %>})
<%- end -%>
<%- end -%>
-
<%- # domain mode specific things -%>
<% if scope['keycloak::operating_mode'] == 'domain' -%>
<%- # remove load balancer -%>
if (outcome == success) of /host=master/server-config=load-balancer:read-resource
/host=master/server-config=load-balancer:remove
end-if
if (outcome == success) of /server-group=load-balancer-group:read-resource
/server-group=load-balancer-group:remove
end-if
if (outcome == success) of /profile=load-balancer:read-resource
/profile=load-balancer:remove
end-if
if (outcome == success) of /socket-binding-group=load-balancer-sockets:read-resource
/socket-binding-group=load-balancer-sockets:remove
end-if
<%- # ensure proxying for ha sockets -%>
if (outcome != success) of /socket-binding-group=ha-sockets/socket-binding=proxy-https:read-resource
/socket-binding-group=ha-sockets/socket-binding=proxy-https:add(port=443)
end-if
<%- # caches -%>
<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
<%= @prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
<%- # take control of the interfaces -%>
if (outcome != success) of /interface=management:read-resource()
/interface=management:add()
end-if
if (result != undefined) of /interface=management:read-attribute(name=inet-address)
/interface=management:write-attribute(name=inet-address, value=undefined)
end-if
if (outcome != success) of /interface=private:read-resource()
/interface=private:add()
end-if
if (result != undefined) of /interface=private:read-attribute(name=inet-address)
/interface=private:write-attribute(name=inet-address, value=undefined)
end-if
if (outcome != success) of /interface=public:read-resource()
/interface=public:add()
end-if
if (result != undefined) of /interface=public:read-attribute(name=inet-address)
/interface=public:write-attribute(name=inet-address, value=undefined)
end-if
if (result != public) of /socket-binding-group=ha-sockets:read-attribute(name=default-interface)
/socket-binding-group=ha-sockets:write-attribute(name=default-interface, value=public)
end-if
if (result != defined) of /socket-binding-group=ha-sockets/socket-binding=ajp:read-attribute(name=interface)
/socket-binding-group=ha-sockets/socket-binding=ajp:write-attribute(name=interface, value=undefined)
end-if
if (result != defined) of /socket-binding-group=ha-sockets/socket-binding=http:read-attribute(name=interface)
/socket-binding-group=ha-sockets/socket-binding=http:write-attribute(name=interface, value=undefined)
end-if
if (result != defined) of /socket-binding-group=ha-sockets/socket-binding=https:read-attribute(name=interface)
/socket-binding-group=ha-sockets/socket-binding=https:write-attribute(name=interface, value=undefined)
end-if
if (result != management) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp:read-attribute(name=interface)
/socket-binding-group=ha-sockets/socket-binding=jgroups-tcp:write-attribute(name=interface,value=management)
end-if
<%- # ensure datasource for ee default bindings is correct -%>
if (result != java:jboss/datasources/KeycloakDS) of <%= @prefix -%>/subsystem=ee/service=default-bindings:read-attribute(name=datasource)
<%= @prefix -%>/subsystem=ee/service=default-bindings:write-attribute(name=datasource,value=java:jboss/datasources/KeycloakDS)
end-if
stop-embedded-host-controller
<% end -%>
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Jun 4 2025, 7:06 PM (10 w, 2 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3312942
Attached To
R212 puppet-treydock-keycloak
Event Timeline
Log In to Comment