| .. | ||
| defaults | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| tests | ||
| vars | ||
| README.md | ||
Keycloak
Ansible role to deploy Keycloak with PostgreSQL database using Docker Compose.
Requirements
- Docker and Docker Compose installed on the target host
- Ansible collection:
community.docker - Traefik reverse proxy (for external access)
Role Variables
Key variables defined in defaults/main.yml:
Base Configuration:
docker_compose_base_dir: Base directory for Docker Compose files (default:/etc/docker/compose)docker_volume_base_dir: Base directory for Docker volumes (default:/srv/data)
Keycloak Configuration:
keycloak_service_name: Service name (default:keycloak)keycloak_domain: Domain name for Keycloak (default:auth.digitalboard.ch)keycloak_image: Keycloak Docker image (default:quay.io/keycloak/keycloak:24.0.1)keycloak_port: Internal Keycloak port (default:8080)keycloak_admin_user: Admin username (default:admin)keycloak_admin_password: Admin password (default:changeme)keycloak_log_level: Log level (default:INFO)keycloak_proxy_mode: Proxy mode (default:edge)
PostgreSQL Configuration:
keycloak_postgres_image: PostgreSQL Docker image (default:postgres:15)keycloak_postgres_db: Database name (default:keycloak)keycloak_postgres_user: Database user (default:keycloak)keycloak_postgres_password: Database password (default:changeme)
Traefik Configuration:
keycloak_traefik_network: Traefik network name (default:proxy)keycloak_backend_network: Backend network name (default:backend)keycloak_use_ssl: Enable SSL (default:true)keycloak_cert_resolver: Certificate resolver name (default:dns)
Dependencies
This role requires the Traefik reverse proxy to be configured and the proxy network to be created.
Example Playbook
- hosts: backend_servers
roles:
- role: keycloak
vars:
keycloak_domain: "auth.example.com"
keycloak_admin_password: "secure_password"
keycloak_postgres_password: "secure_db_password"
License
MIT-0