You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by di...@apache.org on 2019/10/15 18:27:59 UTC
[airavata-custos] branch develop updated: added ansible playbooks
This is an automated email from the ASF dual-hosted git repository.
dimuthuupe pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/develop by this push:
new c01df51 added ansible playbooks
new 76e8320 Merge pull request #9 from aarushiibisht/custos-dev-abisht
c01df51 is described below
commit c01df515d9aeedd98da0a2ea97019b4b73df449c
Author: Aarushi <aa...@gmail.com>
AuthorDate: Tue Oct 15 12:15:36 2019 -0400
added ansible playbooks
---
dev-tools/ansible/database.yml | 34 ++
.../ansible/inventories/develop/files/airavata.jks | 76 +++
.../inventories/develop/files/airavata_sym.jks | 30 ++
.../develop/files/client_truststore.jks | 271 +++++++++++
.../ansible/inventories/develop/files/keycloak.jks | 143 ++++++
.../inventories/develop/group_vars/vars.yml | 18 +
dev-tools/ansible/inventories/develop/hosts | 5 +
dev-tools/ansible/keycloak.yml | 29 ++
dev-tools/ansible/roles/env_setup/tasks/main.yml | 60 +++
dev-tools/ansible/roles/env_setup/tasks/redhat.yml | 32 ++
dev-tools/ansible/roles/java/tasks/main.yml | 47 ++
dev-tools/ansible/roles/java/vars/main.yml | 37 ++
dev-tools/ansible/roles/keycloak/README.md | 14 +
dev-tools/ansible/roles/keycloak/defaults/main.yml | 41 ++
dev-tools/ansible/roles/keycloak/files/README.md | 36 ++
dev-tools/ansible/roles/keycloak/tasks/main.yml | 205 ++++++++
.../keycloak/templates/keycloak-hacluster-init.j2 | 49 ++
.../keycloak/templates/keycloak-standalone-init.j2 | 46 ++
.../ansible/roles/keycloak/templates/module.j2 | 12 +
.../roles/keycloak/templates/standalone-ha.xml.j2 | 539 +++++++++++++++++++++
.../roles/keycloak/templates/standalone.xml.j2 | 499 +++++++++++++++++++
21 files changed, 2223 insertions(+)
diff --git a/dev-tools/ansible/database.yml b/dev-tools/ansible/database.yml
new file mode 100644
index 0000000..5ebfab4
--- /dev/null
+++ b/dev-tools/ansible/database.yml
@@ -0,0 +1,34 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+# Gather facts on the following
+#- hosts: api-orch
+#- hosts: helix
+
+- hosts: database
+ tags: mysql , airavata
+ roles:
+ - env_setup
+ - role: database
+ become: yes
+ become_user: "{{user}}"
+
+...
diff --git a/dev-tools/ansible/inventories/develop/files/airavata.jks b/dev-tools/ansible/inventories/develop/files/airavata.jks
new file mode 100644
index 0000000..4124c40
--- /dev/null
+++ b/dev-tools/ansible/inventories/develop/files/airavata.jks
@@ -0,0 +1,76 @@
+$ANSIBLE_VAULT;1.1;AES256
+32656330396637356236343162313734356339656337633933323238656630646566366533646333
+3139613434336665386532326136353266373839376563630a313865376639663637643130386364
+65313436343330303437613639653833333530383130383266643963336334373366353062393762
+6534303635313039320a643139666331343435303037356139663235613437653235326666396132
+38376233343461656232353963306362383435323061623164623135613538376161656533306464
+64613637303666323439306466666266363764306133346132393931383631393964363864343037
+31353737323039303961643933316164653635326333633930343665616135646338386661316231
+31303462366239326664326139353433343232363061363464356236353938343338306562363864
+30616137343539656237303030343863613432646366383232396262373538663030666332303061
+38383630613535663332323830303130313039393430656666316361383335326164393138393062
+37663535326533333239613364656638313239663365353261633934656132633732333332366337
+35613733666466363662633363633530376133663436653462656538346134353965303561643031
+65376462663964323137356264303831383933303862393435313633333337303635336133613932
+35356439326431353932333839643433326430653638626231663733326464643338323639656334
+31363433656163643136396132633766343937313331363537353930643331346135643663373535
+65343164313065396634636330626130643165336365663166343035363238316630626433653032
+65323561366363366561396562346533653135623565666166373230303862376463316637313734
+39373166626633626266306538373138303131343665316165346530363061656130333739363865
+31326631316130306331353034306663643531646635373638356164613333353536356634346236
+30663034613936303861636561633761663335326534393236646633333261663136643831396637
+62326135646265306662336239326363613736323162633933326636303536633263323437373262
+63393438623834626337626438393332353838316336666136663364353431623530653633626561
+66646238323238643963653162323136636265396333313236626632353237393565363462633734
+33666533303132306563346538393433663161623832613065346136376532343131383830353438
+65306235336534313733393238646235616366383035303566616330633437393132363262316337
+38626135626537353664376133323466373939323638616630633538663533313061373763373535
+33343564623963613336396463333361383534333735353261353639373435393466346131356562
+33366262376533393161613932343938396136663532373231626362356663386263613332323539
+38613666356430653537326663303331613431353434663737323935326566656461653630306436
+66393337323938373030616563373639623665653332643335653861643034346239666337336132
+31663463343530313964303232633662383535313436626361313236653466353538313663636235
+31316261323134646639383865613434643762346562323337333662306162333936373863656135
+35666462653631366136623137613131333962363030646531396366633030666632376439373036
+35393932633333653535363266626665363662663237303766666332326161306666333061646231
+37626637653365343962653336326332353739333664393831653132636431656439633134383139
+64363035353236333835393932616263346334346162376261643931396137656338373437643736
+37643364616264306531616534396332303932636336656434376663393265636135346262346562
+36633833393265356530646633343866646635643932336430363634313237363637653965633438
+32323534383164376563323136666533373338333766343663326566613364636136303461393232
+65306635326663633836386166383564363832356166616439373833346561623436373635393533
+34393930393764393363363330646161346331376636666132656662626434353338343861373964
+66633561396338306339393665633565643366666130643235613732626637643133656465316264
+37306230323665343730363761643637336665313437366366346139643137313165623339663436
+61663863366134666163616438326639636132643331613265353831383134356133376131333538
+30663132306633646264333931656233613039353830363135396364383730663133313730323739
+38336537663830333466663033653361636332303534356630333730303731613539633635636230
+33326233663763653039303131656437326361306537396130353162373333616339363930363637
+38333963306235333837303361386332383762306130393338373034633334313835613565623865
+32333330616337656566346231393636363061326364633136626539313634396337636661313838
+34636464303863636639666231363965316336646461383234656161663035366330643039386266
+62343564353835386637626165663438353739386538326463303832633765323563383036386437
+32633065303532303631356236383862316563346237653562393033623035636431343138646237
+62386463353862643865333836613938653561316335366563323338643834616634383361346162
+61343436356638333965396238623639303631386363373432323032636139633962366262316438
+33313065653130366235613133303130306362623133386239323637626561643536653830663038
+36363463313838366461626639636139616462336335373438613230663536346332656436653235
+61316439343731646631663133393065313462643230643162313462343365656431363438613933
+65343032653038633330653734356439353537363236343163623138333836663862383035373537
+31626136363232666362613036366536323533386534366264636131656362373963643137333830
+34373039653939313863303736643761376332313161343232323863323832313631366138396661
+64323638383532333263316132303538376631396637656463366430343865633061363636373834
+33373163376239356433373230323561343830326434316661346433323233353933313632666533
+63626130393866653866656231386532373461346236653363653338396165663431383438386166
+63636230643439626337386638613662646636326435313937623334333933303431653335663333
+35313935613034353865383633643334333865386262353632353632383933636161343638303033
+66373037353435386263396664333335323932616137653839323133323032386265306562393561
+64643831353835366365623531626661626466366563666431396233396634353731613033376265
+65366231653562393233386231333435366438663932393962326464666161643666303932306132
+35383338333533343133636662316635343531303535383237653866353563623333333838383138
+33333439383661666637306531313865343164653633323962346430653762386230313035336664
+63336634633434346164313664613539613832643939633331643132363232396637376234353539
+32653136363135646431376131373632353363383239303536343865373632366337333261353935
+34323466396430363830303332376434343534623037613862323732336566623366333861373134
+64373535336133616537613362646164366237343433363838663731353961376538346534646337
+373637313538306332616430383839623432
diff --git a/dev-tools/ansible/inventories/develop/files/airavata_sym.jks b/dev-tools/ansible/inventories/develop/files/airavata_sym.jks
new file mode 100644
index 0000000..13ccf1b
--- /dev/null
+++ b/dev-tools/ansible/inventories/develop/files/airavata_sym.jks
@@ -0,0 +1,30 @@
+$ANSIBLE_VAULT;1.1;AES256
+66393935613465373265366662383133353632633262353839623837636364373339336564636265
+3862663231313565313064643833646530636361333866610a636266666561306263343632663734
+33306432363830323132653038326139323464393065313631373936346162386161626461396530
+3061376439346264310a346630616535326435626235393564643062326665313239373839336331
+38316134613764373336333338323263356563396638303932656562336538333137643131373366
+35653334383566313262336261623339626532333634363531313534353762356534643961646338
+34633938333436333135643736663437373532633061366464343632643366343337366262386465
+33373333333033303262316566346565613731633361333438363063616165333231323635646333
+34303463656431663932326464356332353235336238653462663463373332656231373562626664
+65346131663064376232643435653264383465323761373063366162663236323935373139386138
+39623734643064623635376261646465383663613238623531613066306464326662346532346365
+63623064383436303634393639316638366136653563663930303130643531373166613133653338
+36636433626539366661656164613032653931356561336336343561323962336462383164393463
+65353265363535616136306136353064346561666439663532626234363763653535663061386232
+61663566343361666634346134623538366664396236346365336431383937653761643235613661
+32373439656332306536623336343763386364363265306138356138616464656662363434636531
+30646163333462636236336532383964643234616131663465666663633333343366376134666263
+63353161336366613065303434656537396237643938376233333431663232356630373038333835
+37306162623439323062626532656633646138386131643037323566643264653432633735333362
+65613564393232393433646334376639356564376661663430353630626534336566663061303632
+64633235333463626435323134636333353536393936663539663539336233363934333931323961
+63313739333733613465376334336239306633636136383831396533326530616133373366653531
+33356137656636323037303430623065393930633731346634346161633334313362613136313138
+36633835353665626462363031653161646530366339363732373865343136356637326631386437
+30383235306538303261613262376634303164313862366330393463346261363866346336666136
+37333566396436383534633330316465306461383537616661343265663731363561323137303164
+36336532333233343463633064346162646562613332646331343931363838333739636335376331
+66626436313938346362303932336339636434666665373862306462646162393066303338383265
+64363138663564386332383032366265666565643633393236663830313936343637
diff --git a/dev-tools/ansible/inventories/develop/files/client_truststore.jks b/dev-tools/ansible/inventories/develop/files/client_truststore.jks
new file mode 100644
index 0000000..7d09731
--- /dev/null
+++ b/dev-tools/ansible/inventories/develop/files/client_truststore.jks
@@ -0,0 +1,271 @@
+$ANSIBLE_VAULT;1.1;AES256
+38313561306138363735393837383435343433666561356462353063626563333436613439323562
+3536333833393632626536356466306336343765376265630a633839353330643532313362313837
+64376266396531633462316161613030636263303537323232623938653139376539363630326330
+6464396437326563380a656336643862333963633463636162313864343735336237393631643937
+63653662643239373730386533313261366432396562313666656638656164323566666136646632
+64346536336331393663363734383739383632366333656539323438366466646331353938666364
+36636332333330376635313437363838633234363633393430613565646633333561363961373863
+35663464666136396361616430313631623064366130343339336638376536323563336164393365
+61303662666339623339333761323539313363643436346230613939613762383530313738306437
+66616133633736633763356163626639303234313163323934393034343936303031373864613866
+32316538643632316563316266613035613638346438383231323461306231356461353234343331
+30356330353061643564393365376561653233366631653737383235373837346530663864393637
+61333633303665313064356362636536643534663539383365623261366165383937393137313538
+31613264626662393864666165623166376364333236346132626632343837633362306364356261
+64393039353437343633623862616232663363323834653533323438626461303166666566333936
+33623562643430346432386438333263356166303531643534303035306532623233643235656565
+66363465303162326339626561616130343463363634356131346337666466336666353963373831
+32653365376565663733343533313834313834663138653364623862633462323966643736383964
+66343133646361383263303736373838363265653632323639386431633233613632383564346136
+33333134363035646464356337643162303161653662613661313862326566393463623930343432
+65366332643064663732613233643263376333623139666138303564373764356236393662396537
+37303138383064313933353932643938326361353033653564666665373039663966396463383663
+63626139653361643139316465306161343230646139376132343436366462396631376365626465
+36353064373033323466626534363266626537623461363764343861316163303239346363393764
+38363166623563636239636363353031623230323134383039653439643065363338333763393732
+34363261646465656538613833336636666632363566376163653532306565393962343563316132
+36623237623437386664326566373363356534623261336434316436346233663033613662653934
+62396465303136333030663565656530373939653862353063393733383865393633356164646133
+66663936656430336531333535666536636338623066386265366366623334313130353732626639
+62323834666637376135373039383466366235393365643131383630343736373630333032636534
+66663032363765653065633933316231363365343932643539363262646164643861343235396635
+64323038646365313632343135663431616130363332353461386338346230653138373939346137
+34316630643232373633626462353565373538313433656166343465393431633666323764336231
+30653837613131663032343766323134326266636133383331613830326366383134663736656662
+39613736663734376433613336616662386632326334646135313533616330323738636365326437
+38313035343163363038373864356533313765656235363065646537306563383063303434373366
+38336138326335316337306531303263383335626430356638623865333865313838653837343132
+36316631666564353961333664636537656235323734353337313162613037373035656266376137
+61316330313661343737373231343933373330616636623833333165356439373061303230636337
+66626530346264303233303833353439626232613962646536343466653134623238633734333432
+64336462663562663935393662323033393362363036346631303765316130636264623034313363
+61333939613064666664323861643263613562626137336366636561333431373535656231353038
+35653039383765656334373836383836353735666131323335663463663339633637346266653365
+62653263316330646631333737303361343833623533306630353164393061646436336238653436
+32623164363434343730663038666366336130343039313561643537326564666530363462393662
+36346261616633323031323930393332383632373061343061306638366236333738613863666532
+63316337346363386666643265396662303464666334313762653761666662373866323931656233
+64626339343564323736383337666231373738343438353730313963326431313061633637333636
+32626634346462623030303266366466623431376435643932653334636433346630386631303534
+62383365393263313535373634326436393863616566343830313335306165376130373438653537
+32313830643862363039616264616237613030313137323830663533653932323561653263306666
+37663239663534326333366239346330366165333762616338353362623236376164373633666163
+31656337376534643764396230366536376463363333636636316564333034303439363865306339
+63623137363135343364313039346234616465326631646438353764346635313631353534313038
+62396361626163613532346439626332366666643736656339323436333838376632323061643536
+63383236653730313664373230663231323330373637363363343630343036623331303162656632
+61383931656265663835353930646530376437313531313639363437373862653735663938323264
+65323865343661643361316365623862346538343238626635613761303438656138343462633731
+36363566323661313538373235303465363931396130326532633935633838663033363638623433
+66663138626363336163633333393639643830653735373462303839343236626235373333626565
+36336537336134393435626631363062643338333165666137323632396432373137356336323535
+61616133336536303066343633373733643466376136616131326631373839336430326139333633
+63383931656438323065366161626261346161656539666339363939396165623966653134633835
+62343639613865303538353062333935363534636164306462356430346233343234613566373266
+34363264356432323838393437353139313764393630386631303762383632376461353961646435
+62396131633032323930343134303664383030343832326337636633613838636362346633336662
+31373461363761633463326365376164353866653435323361346635393238323661653232393734
+36656634306134366630643433336639333737336137336235376332313662613363376332663366
+37323838356639333532626463323464613466353462386136643230346233363461363766663766
+64303466636263366263386166666666626566386531653832663764356136336266333630613232
+33393831396133316366626562613034376531656331363465326633393737363536303234386361
+38623432656638376662303863643238343465393365633539653035363432313530356365376530
+61363661663436316439356366656565313035343331363562393236343765626231356133643865
+30666661346632396638623938663434616461343239303765383534383765623664656661313336
+38663933306636663866396639323138323433386137343561633662336633343263646431333932
+61663064306135643862383932303766663361663235393135623837613632386132663330353932
+66343764363332306562353639646231656565346236323130313062663962373139633830376239
+61343737393833373032363535653436393232383339643932666635613330373162653763336637
+61333333653762643866303837353138373539633465653864653632623039323933653961323763
+32376434346635653935656533663633383836653036366666383733376664303533646431316163
+65333437313866323534616132353766323731653936323763643433316436376365373131326632
+37383238626565616564373934313837393836386636663961326664646239373534346266353565
+32646264303436346237613234323064363736303166643839663661306333313332313931643834
+39326533383633353465323531393434383736633739383038656632656630623830373334386266
+65633764663630323937633530376466653336656465363038383661306163316665303339656536
+30656139633639333838666264666263376138353139303134323933376535333836383437373137
+33616134323361636230346263376433313535623732643730343431393231646631333066363964
+61613739376531363530303933356262386462373736613439346536333665393930333865643135
+33643032646630623730646233333230313330326364666637343434386239306435663030306230
+63346339323061613932323563346139633732353431643733623432343631333534623335383736
+66353864393065313737346638646238323233633932643862663337376432653963663339353537
+36623636343833323030643966373465383339626130613039363961633931326266623361333538
+66316633343262363866303233616439373030343361363466396335363339383934373137396131
+64626538666430636134306233643731653261303934383330656263346330663434616235663061
+34666639353734363761343537343662363539316136613361373766646465316435323335616164
+62393562373338616534316234346434316135313931383437633661386664643339633035616136
+64393661326466333230333236336135636536653537383939323930303232666263376364653262
+63613933306161363730373461373537336438336136333663623232313536643833346461363336
+64623363396536386538386235366630303439343238306162646536663330643634303232373232
+62316434326231626563623433633464313533346538336566653335323161303034623838616566
+62623664336437343339373131326434343262323764376137303037386665643365316238323737
+36643930393665303230366165353664383338373935393638353533356536323137333538376435
+31356531633139323466616438303664663564383435643663666132326336313564326433623766
+63643865663232643239353931653039303565353064633263356662656164663330353039663530
+39656530303036626335623931383865636435613831346338313239633661346330663065663161
+62353330623066363266656263666137303835633731323834373339653237633239386436386437
+35646635316664316638633566383132646464656462306636333232626236386134336563393036
+36333063316434663663376466653030343036313065623237653836343864616231326163393437
+39623733663965653830303239333661303730336335393534353238653134363034623361313039
+32373536343263306131356365353037373634336364646439633737393263373162386266653535
+38613165396161343636616636333365613137376561313937333834626432656331363032326462
+62356139343831323530376636353837353836343863643839313634616538613530313765643236
+30336264363838346434653934663762303438653962373538393835366131343236623561623763
+65616433313663356537626139623538336164383631656233356435373338303930353965616162
+65643664383263323636633563656235666431343433313937653931666231373864393032323830
+65323535393465623361333239353961656134343061323266383234326563376365343263316137
+65343534303936326533666337363861363132386437346361343536663962353031633363333730
+66623135356434623130366638616230623766306164613835353136323064656566303535616534
+62666430333833653038623561356438623236393463376531333137363463633434313432636162
+36626131393234633565636630623137646465316335373435323561396665383264373031366536
+31333262363766656133343365353734613930653634306163313632633962376163376663653961
+39353331383364373063353037636561316364336536346535653531396335396661306632663639
+62663734636362376462663264323633313465363261356537613532643136326664333135623466
+38303564323631333563393766343366646566666266393866396434353934306135336364333737
+61653934646535613230396463633536636338376636343030336137356239376665353537383334
+30336635306266303661663034303235396436656561343365386166376135303734666666656238
+37613733363635666438633039313362353331383536616566383061623238313837626331353161
+30663131356232313139333937393337656664626235323165623634643461626437656634653962
+37396537373232623039333135366537336636373931663434393534613738303764373564376665
+36326131376130303231386137626332313930313432326361356437636637386565343438366132
+61653764623133636632323331303536633235306565313732643766613064393332616132383766
+38353336633664363530663863613636653565353937313236656637376537336266326230623839
+39323932633339356239396632373164323437343331656166666535303035306262393733396666
+36636536383562353862636537653161326239333437333237663365306631633339663235363835
+62623331313365386435613531313738323935336439653963376231323761353839353362333732
+36353233393262336436633665653132333661373932306463303734646637326662363964663132
+62646639333766343064313261376135646630306331393862393037386136636335303664656563
+37393533306362373330393636653435303331396231623430623636616166373732343861316635
+63306539386235626135373638356264623761626262373830313339306232303666303236663032
+36633265323363373934653965386262323537616334646265616563376237386562623263366238
+66613733633361323737353035303837626134323862366262313133313364646639653332663461
+36343835616133333437346633363831623536333634303465653566396662383166383664356532
+35333737663762313563643932626338373837613839383631376531396230663038396134333066
+30663566666364303038363937336465613236303966366437313236383737366666626434383138
+64663231343764326364343336613239363735306237313165613366353264633238613233386363
+36613332656639396165393737313365356130363932366631316539613566663562303165343763
+35353064383062356162373933623832346165376466376532643332346334336232373434653530
+32343362333830373762316530393061626334646564363533373363333930316639363034613635
+65343438363665303235333739326264623234393430306361303836613338653834336238326530
+35303534363462336562396264363261633136343138313464336136343630383331386436346135
+37303036633239356661623733646434323332386165376166323033666161616233353264616666
+38333266373561633133636538373138323763323838373636366332383061343831633062333236
+65356133313839656364346532323132313632333162373432623362346265316564313032363163
+39376538333035306333306338313637613634373439616164363731623033376362306633643331
+62323464393135343466356438353265366132383966366635353238636532626664636137363735
+34653031386538363063303565316238663963626661396136333532363766616138303830316432
+61303466333061626134363536666139376465326232343635343161383738616532613062366131
+64393964633731643038333030396532616561366533373265366539326537306630653765313131
+33386638616563616461363834363039353430646565313861636334653436346434353831663333
+66663731393634666235666565336162383466626234643766623532313236376261623432363261
+38303962333931396136363930666566326432393538363536646661643165373032366132396531
+34363962653830616661363063353034323932353962303661323533346161316163363531353965
+61353736636239653238346661646566616361633334363530666439303732363165666265363361
+61666338613237626266313432393063303566633432643738313936353439323862376262363061
+36393362393638306266303630323933336231386633363639356630383436646537613563616462
+33623938636136346565303436616639623062636230613337653661316436653137616233643039
+61356635646464623134323665373966666665383732333438343139613938356436383932356161
+35353436643535363864306331316364633033383435646135356335666134633665656133303264
+35386339346666396566653634653132383563373937616365643064326331616337326165333237
+32353862653937376564656438386465333735383965613738383032373038393239393832343361
+35646632666133306230653762386162323162303136316665313136353263313161646162376663
+35643563336666323961346231373137386636323565303361303930633061616138303063636166
+31616265636461643030336261623262616165656635623035623938373166636165333534666531
+30363731343633303931353064313066383932386361653266336431636132303237653138623761
+30373066623664643333366366363262303363366633353738373537383830393461393661303531
+63633937303536663237623861336431613635396538303635653631333139633965353234343339
+33666362656333383338396439616263363838363930653463616236656462653230303639326366
+62326432646237626535323662363664393963313233396537306332643532373939303566356338
+39316165303539383635613938656334663464346233653033306630323834316563626131373463
+34383939613934316237383031633539346565373238393736333132313638633863363139316632
+30633733373264333134393863613066363162336461393562383835383736663464313932646566
+34613764643734373733646335353030376338373161626436366632613436616332393932346633
+62326564306264333435656363643932653663336462376636323237343562616463346462636634
+35633332616161383636363262643135613337353731633138373330663965623064653735646135
+39306432303933663964636233323838663761646562396436373935333634306538376530396363
+61636537376439386263353335303266383163323364363766313731356336656633353763373832
+63646162333935333962393633323961646132356261373264346530353966623164643935363239
+66333461353033623735333765633863303966343036346331346239663663343734306264393835
+37613364366361386437303235353439336362303836373631353530383734323238373662353839
+31383439393733343464343939393332313737313766333763396564333839313834623633616439
+32363131393931613037313030313264666666386664346534653530663431656435613537643738
+36343465333235333233626164343434623337323165386364613662643463376462366163363736
+64626163303063626265393463303166383530376262393436666665356632313131353135386537
+35366133333931663038323566643436396137623933313232353361643663393862353462656530
+30363835326231343362636536666463373134343639363432383162343135353434646132383432
+37313431633463353933333264366463313562333739366364313636633935346139316630663061
+61643935373634373130663535383430393566666263633839653635643665663539363136633439
+32666633356533386166346266353739616564383537326464303237343339666339643038636562
+35386162313230303063346235396137323037663037383763623265616331393261663363383366
+33333464363637313138306432363761316433326135633534393866663338346436643866333461
+61316163623231326431626537636134646163373330386230383539333334633730323835326134
+31633463616131613232646535313239313165373364643735376330313062356463623830353333
+39316636393261643163313634396663336337356532353436643633366365333031623934663866
+65646430396363383532646630303566636532306332346238663636366439353661623435323036
+36393364333035653237383533393062313336373434623939383031616634363061343935386430
+35663463366266656265623861623835623265376165393538373434623864306436313939643365
+64616564643963623438656534303230643431663434363031353162333630626431393235303833
+35316535623435366430396563393363656266616165366331663265366430613166353239633633
+32666431616161303762326635653832333838623835333630656238613236313765613938616238
+65356536333739346466643137636235643635353131643130363038363065663033326239633564
+62353134646430643139313135346663313365626162663233306562333039613762643664623136
+36393437316135386362663435636561373761366132373839393666336634303532613937616438
+34653035646332353538633431376632616436373264313863393931633065643537386131323062
+66353539623337656364653139626135323136356239333732356435633732376364333036653266
+30303966653533633136363939376364616433353737353564653535303136303766663332333830
+35333231316262366339383337613466323639343131376230663434653236366239323163663737
+61663337373963303830313165343534616165343739363066353639663965316335393134366463
+63376165323833363739366238333533663339343834343530356336393135366532383462303430
+39653032343837663636306531383265663934363261626362376131343037306132386261353063
+62353864333166376164306532626265313236613764363562366235376461333532303132303266
+34396363336564636239393265613132623736316466663936393361346134356162363932323336
+34333366393565376435373339336539366332396665373764663836353538613032636464336235
+39636634313038323838616464336536666136646361336561353838663036336433616565666335
+65363765306461323437303330643633623164386636346238393734313137383538383765373464
+39383163646466336536613264353634313235366433323961323632633331363764396164326366
+62343863393263633030366134353838306261353637336536326233366264376530326634376164
+36333638383836636332336661633766653739626435363735653637653039666633316332613531
+61343964663531333264643836363330623235306164393865623531386435366334306135366330
+34646335636165323765653131316534663131353761386265636230653332356430303231613838
+63363134656436343663346630636661316639636235323439393835333637326664626466336138
+66363535613763393065313830633035626566353232613631376533643763393130353662393763
+34633863613636333639636363323938616362343761363838376335373437316438653134353133
+37363832613535303831306239636161323465616636633037306438306130633030383439303263
+38376462363631663864653431663564653062326530636661656133383432383834353764656336
+64656335343833316265356436306435326536633765623139613065643139663535633236623739
+62333336633933663233326436386131343738343964316364306539633964623961393666623261
+39636633663962343634376462636531303366356438343234333263326537323732653534386566
+32373936323337626436346561376134633963313963333439633665663163623162313433633866
+37323133386266363965643964646665323861656638306565643631643636373564336332393030
+32316238383134626631356134366332353361663837383935323831643035363431373061356566
+63306436663739313964643666653766396662366337623935353765663636333966393232343862
+39333432383363613430363835623637623366373363356561366337653533626166313631616163
+37396332333637623338313162653632633737393038653566616130633566633636353461646532
+37306539333561633933386434646436663831633233373435353766313565666134373566383962
+31656433343766626266343138643930346461666234623166303134616638386636366537376135
+36386636333138303065623531643038626330623664613838623237343365653866386364353466
+36356135663963396535396533326437663763613766363766376361396464636339313633373036
+33373738633266323333323764313866363966373261386537303765343466643438663763333262
+66633337306462366362393738363332343231393036666433636631616166363265623035303963
+38333535373465333264366234356432343039623331303631373966346134333732346164313662
+38353864653937303463643662376139313133643430323739623636656132313237663061396266
+34623335383562623333653631306164353633323334646665343462376561616532663833636439
+31383931383932346632613834393033333035326162386362663066396239353762386132386333
+38613432306131323861303763353665656465303832346230646532636261313061663266356232
+63313866386239663732353065373035373831633761653132336463353733653134393966393165
+36343732373863666635323139316538383431653133383565616337313162613064616165626638
+61636333633366376265376133313633336262373466356231303935613435633132653665666162
+31373861313762633739656134636339383334393839336237393437313134666463396664356436
+63633734393739616236363930313536366230363162303837653034303762663565323733636434
+35396465356335386636303962363737666363386466633262323538313336346264303534333735
+66653738366661313966663361323536666632336532376130313539356332353433353365616266
+63376466363165343538393135363032663130663231666434313662633734363565326235663764
+31316561653731643739336234613431313561363130646435383963396430663434623262616437
+34306162666231323032616230383064616365613031613331613131623664326134323561646363
+30636339643434346439626664356236313064333132303831313563303830336433383262303936
+39373562323038393836323034393435623431626561653033616339353265376161346564326566
+30333733306462313164666530363737636637363338666562623863323131336362323136333934
+32366431636130373233353830633466356264303134626531646637623461383135633138613036
+37623734373966636434336231386636633365326334363365336363363839346664663030373033
+3465323963636362613632373331386665323162323862313336
diff --git a/dev-tools/ansible/inventories/develop/files/keycloak.jks b/dev-tools/ansible/inventories/develop/files/keycloak.jks
new file mode 100644
index 0000000..c896d03
--- /dev/null
+++ b/dev-tools/ansible/inventories/develop/files/keycloak.jks
@@ -0,0 +1,143 @@
+$ANSIBLE_VAULT;1.1;AES256
+66353964396536666532306233383464343935653932393865616364373334333365346439633266
+6634663634323434643464633734316137336562653463340a383030363463386465303639626439
+36303865353236336132663634626462313266626362613536643532613239346438333834383733
+3339653664613332370a653838373036626231613532653233633732646562353762303530653039
+65613364353436323463616239303538376462643666373063326437313935353839363262333735
+34303838356532636566646530353262613864313236373738626334306563346266393566316163
+62666238633236633231626262333963363366343138646432356366326538353966653630643737
+64306235383835343236643962343164653531616333373933633139326465336331666634373839
+63373361313232383661366264336261383635313138323362636664643065303661666138366332
+39343164346434373137663266636538333661643836633531333363616138313165363833623966
+63613462343332393962363436366637353065303435333236666661356436366136643338326664
+66313664616535626438363230313765663431333266636466363233383735313534356635663230
+64656638303730613337616137363930373631616137393438623032326236613037663232336233
+61646565656630333864666364616231653465653264633838363832623232666366666235623832
+36343139363466633132396461333335393862383939363834366434333561393734666465366464
+30626135393766366665613336623564643832343130396365643838363863383134363932633165
+62393730323636343862396635306463666230363231393633363631333732653935333939336435
+30643331383165626666353937623039323434333631356631336435646635656461616663393763
+61303634626632356630343039333438363034663566313230396363353963313766393536646131
+34336561366662366232383463376664383565346135386663363363373432316238323162333063
+32656563383838333338343630376536643764326639613530633866663636646433323830623739
+38326130313337306132373038393637626461396637383031363732646437643036616232323765
+30626662663331326233336163393961666262366230656532323562383761323265343863346562
+30353431343531346535383932663035333135633035643064383132386431346530343562393765
+38366231613566623965363534303762636235613561343963323834356431616537303537306636
+38396463666562306131376138396633373765643233656532396630333232393934396262386561
+62383034326665303436613834366331353562613730633965356339316430363061336237626235
+38656336626330343962343035313237353261366230663738353161353366343561333864333832
+64333131666332636335666530323933626138643637363132353132653061373238636265363734
+37363039336661353966366461353138363130333763313761653234386666366661663734396161
+35333137613262376662396462383637333436393932306134666232303061316332643937653236
+30316336303663303332643431316539326432343864356133633737656331366331663833613230
+65383763316565313962323564616536393265396539313034636635343731396536643733663164
+66316161623162633664333931613233333432303335363461363535643365323133346334626537
+38633039356462333031313239323064303038316564326364306332376432376163356639313732
+66386136626436303061396232363433353533643562633530633430323534353365316531316336
+31653164303166616366633135323661306563376363373839343663643033343736396364646334
+62353939346166333461666131643636663538336531346561316437666531386166633536646435
+33633533326537356530616235306164666231333936386135316362306431393334396466383039
+62653763393165333862383165633030666635323666653930396635373238396636316136633864
+39666237313465313537366330346663316265343638626531343665663062373434323130366366
+61313761363432613464633333383762333137616334343564366638333037326536323035343833
+61633235333238313562393431356538346334613834366434643433663436616339396663326335
+65613134653335373139393437353666623037643939383939373238366235366332383731356132
+30313036656435353663353339343164303536663736376336343461636665303038306137643765
+36343333313364336431353332613665636265336636346536396166323732623630386461636638
+32613139316430663132643138346261353031326639656464303536643736343165336631383739
+30643961643233633238333632313933303434663530666331356666653062663036613862663739
+39343439626533376232626534316333316464303064393338616362626166663332613631363464
+62633634643462346463303961383865343466396336323465663036666534623366633462306330
+63386332666538313265303666343337373864326638313131393365653964316632643536613363
+35353038383565623430376665646264313033323761356138646366623464643232353231323061
+33613936626365303639663361646631653231643938616537653163363439333131373161366639
+35316464383436396536343966383630333539306637353135643663636364303630646133636131
+34383036633539663064656532313730656630666436373638333765343465383865616139623133
+62633764386463346239333536323835613963316661363732663538306335313439386430643032
+62646338633730663438343931333732373966623838313430636137366230353736323034653537
+34646537663263383062643761363738396163386265386565353335616435323736363466353164
+39666365376137326637363661326437383337393234336266393437333063663366383862666162
+65306235626436333237353466303934653436613639303236373932626563356662393463323032
+32373963323964333030663362336435353063366638363830393866393563646663343165353161
+31303832613839613930623732656232306438336463393233326339653636626266666238353462
+39623361376663363833323330333862383237653733636332363934613965633035393337633539
+62613064393338333062333764646332633461626462663863626330636231373366656235323266
+61646636633234656532643235643363626235643938633235633234643834396639353864336365
+36333231626531613538333330323230626264393466373234396634373263323238386465353339
+65626637306537653261623336356363343136363836616635306664303866346262626366386138
+30633539376438653938626264383631353736353133653134306534636632613834366534303439
+35626265663564316266636337646266316430353065303331343462666537633135363363363563
+33613538323564613834363432633261633532353931363730626263396461303034346433666332
+32623439333931363333363533353539306234313063353865333362623839306438633565373730
+35616233313235386338356464336362366166663663343339383937393564313338386566666631
+63373532663363646438363637346139373534363935313833333465363634363861346435366265
+38303634623037663665396337383339366166373164633764383433633663636663663862353135
+66326561663838623865633839616139336633633530626538643661366163376530646233336233
+36333263633036616531633666666539343436336236353431396435336164663363366533356633
+32303730653236656264343365303763646236313461336139353737383233343666636334346565
+38653030616339303763313661333139666535363730656263616663373362353637656434313265
+32613839613336333837636430626166393162653032323130303965663237633962373931346161
+38373364383462376162336335626162346334333564626661643338653637316339613562613137
+62316130306633636431643036376236353438616163383139613630383065346138363530633964
+33326165363431316334616237326635306163633661316161656362373263393561666335623661
+37333839656131353162323731323438343238383435306633373932353135336139643565363939
+32363261633737376138386133366135323563316462616162666137353433333862356234613562
+61306337363736663332623039306136383064396139326433333036386337363031343638333238
+30613862316538666362353634376364656331323965393466386263356166383138346661343764
+64363331633061616233303562373133363164373165613632653235633261353433373932323039
+30646363653938623566336161613166616134353131623564653432646265663532366634393235
+61393335356361333239393634356130636237646437356662366666336164303463333330323930
+32383733663563306336383264633137353138663234643136376232383462663231313634336631
+66636363343230636237303565393363326230376235353735623032336235373266343633333262
+36346462373864313738613330653461363664666434336638396662656161366533643063353337
+63643931313539393266613630633636356439323337353537363061353337396137303531333062
+35393633343132353338373034653061316661366232616234626630613938616164323966333237
+35376233613132383630376661333039316164623332373531323833326538613136333137653837
+39363930376531326632663963323432326562383036623463316161306235303839363333663366
+63356436316439366136333464623134633962633331393131313233346233616536396339613763
+37663265383065396336333861626337336365653436336464643839376136663035393939366164
+39643535343262613630643165333137666663383939393732373563386663333332383537323036
+63633734346164646433383565616565323564636131383738653263313630353638343032353662
+30393661396131633334373065323661646434346433376238616238376261643535396163373139
+63363336666262653664623633303130646132393362323436323964346538333533336265633630
+36616135383665363738643331363936303232393864626364356363663530663565643662663235
+64666666386438626634343064363136393332623034306638356634643335666630623831313365
+61663934346537376264323031356133333639613838303336636537633766623733343536656638
+61326537643265623931393233636363656330663737353737643431633531626164666337656433
+38383631636365373534336131646333333532646633343564353437316339303239626238303638
+30656165333133373063646539373131383339626133643231663331343431616231393939366530
+61363863623830656238336335643163653632663862396165623433356636303337333265633464
+39623037346237363531636432383465313263316633653834636639633461386536626239336233
+35396633363034613430393330643034343338356536663437623238323065303062393131363465
+31353465626562643937623932373862623433653138323339333039386563303834653830366662
+64343064323037633836333138626434366330323230313463353162653639343232326661353231
+30383764343138653363323137366663376666313061313532326661343532633563396537366561
+35396134623139386533626464303766313834303735656161383132643130316136323265393638
+61613635313065303931303066616137343238653639656336666439303530343131623635626237
+64383830666335383037323632306337393366373331323639653964343237396230353466363436
+62326162373137306531353261363130323232613866613639313134623266366162333966303163
+31373839626435646535323730363530613737363838383463303730326433353761336333313032
+65666433663333636362363539643238663937323466653134633161633665613961663265346135
+34393565343530336166313332343562383466333737613266323362353065323732343661356665
+33376337653435633265356230346363666231396563393566373534333430363365383062346335
+61383636616565613362636633613366643666643863376139336435616333353262303031303533
+64323338306463303166373862323537303965336332616236613333643064316137333636633065
+31343266663635383065363432653166633761646336613538643162396566373033363265623465
+62633839376639653132623234343937653831336266333735303232366332356138633061356539
+35343330323739613938646234396362393933356230636364366239393537613638393461626432
+39303632333735653764623738373036616433613939393561353765636361646562316235613762
+36323964303135646666346637303865393966373063363138343333626233326534313962663561
+34333935653563386132316230613362343433396130343239326665323638616165313331623736
+34663339633132376133326361333030363233323836323737333461636263303934396133656630
+36383638313362306166316231313064313064386565386662313239636130663130373665336434
+38303231656432316533643637326131323333313161613333303239633639343964376238393332
+61333637363735663861353231313061393538376436343538343939353433663036656332666436
+61316537316137616635376463633833316262313766636532623664363031313461326539323733
+66363261656435646232633466613838393338376538353031636236393931343465306231633137
+32633766613264363031316635386130623738613161313039626634376233636265623565333137
+62633966383065326539313464306230316564623130633637363830616532383265303038313633
+66333436383664363265323263613936666333643739313530663438303061643535646330306636
+37653161326533346434653238613662313537623566646661353065363963653963653331626462
+37623034303238316132393766346331373561343730393631636663663033366664313535303966
+3963336630363238656363396139346463616266666266363632
diff --git a/dev-tools/ansible/inventories/develop/group_vars/vars.yml b/dev-tools/ansible/inventories/develop/group_vars/vars.yml
new file mode 100644
index 0000000..65b7d8a
--- /dev/null
+++ b/dev-tools/ansible/inventories/develop/group_vars/vars.yml
@@ -0,0 +1,18 @@
+---
+
+# Database related variables
+db_server: "{{ groups['database'][0] }}"
+db_server_port: "3306"
+db_user: "airavata"
+db_password: "{{ vault_db_password }}"
+mysql_root_password: "{{ vault_mysql_root_password }}"
+
+# Keycloak
+keycloak_ssl_keystore_file: "{{ inventory_dir }}/files/keycloak.jks"
+keycloak_ssl_keystore_password: "{{ vault_keycloak_ssl_keystore_password }}"
+keycloak_db_host: "{{ groups['database'][0] }}"
+keycloak_db_username: "keycloak"
+keycloak_db_password: "{{ vault_keycloak_db_password }}"
+keycloak_master_account_username: "admin"
+keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}"
+...
\ No newline at end of file
diff --git a/dev-tools/ansible/inventories/develop/hosts b/dev-tools/ansible/inventories/develop/hosts
new file mode 100644
index 0000000..1c95780
--- /dev/null
+++ b/dev-tools/ansible/inventories/develop/hosts
@@ -0,0 +1,5 @@
+[database]
+149.165.156.27
+
+[keycloak]
+149.165.156.151
\ No newline at end of file
diff --git a/dev-tools/ansible/keycloak.yml b/dev-tools/ansible/keycloak.yml
new file mode 100644
index 0000000..292a821
--- /dev/null
+++ b/dev-tools/ansible/keycloak.yml
@@ -0,0 +1,29 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+- hosts: keycloak
+ tags: keycloak
+ roles:
+ - env_setup
+ - java
+ - keycloak
+
+...
\ No newline at end of file
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
new file mode 100644
index 0000000..716cffd
--- /dev/null
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -0,0 +1,60 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+#Tasks file can include smaller files if wanted
+#All commons tasks goes here
+- name: Create a new user group "{{ group }}"
+ group: name={{ group }}
+ become: yes
+
+- name: Create a new user "{{ user }}"
+ user: name={{ user }} group={{ group }}
+ become: yes
+
+- name: Install Firewalld (RedHat)
+ yum: name=firewalld state=latest update_cache=yes
+ become: yes
+ when: ansible_os_family == "RedHat"
+
+- name: Install Firewalld (Debian)
+ apt: name=firewalld state=latest update_cache=yes
+ become: yes
+ when: ansible_os_family == "Debian"
+
+
+ # TODO: stop iptables service, can't have both iptables and firewalld on same host
+# firewalld is just a frontend for iptables - so we can't remove it
+ # if we try to stop non existing service ansible fails.
+# - name: Stop iptables, ip6tables services
+# service: name="{{ item }}" state=stopped
+# with_items:
+# - iptables
+# - ip6tables
+
+- name: Start firewalld service
+ service: name=firewalld state=started
+ become: yes
+
+- name: open firewall port 22 for SSH connections
+ firewalld: port="22/tcp"
+ zone=public permanent=true state=enabled immediate=yes
+ become: yes
+...
diff --git a/dev-tools/ansible/roles/env_setup/tasks/redhat.yml b/dev-tools/ansible/roles/env_setup/tasks/redhat.yml
new file mode 100644
index 0000000..308681c
--- /dev/null
+++ b/dev-tools/ansible/roles/env_setup/tasks/redhat.yml
@@ -0,0 +1,32 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+- name: Install git latest version
+ yum: name=git state=latest update_cache=yes
+# become: true
+# become_user: airavata
+ tags: env_setup
+
+- name: Install maven latest version
+ yum: name=maven state=latest update_cache=yes
+ tags: env_setup
+
+...
diff --git a/dev-tools/ansible/roles/java/tasks/main.yml b/dev-tools/ansible/roles/java/tasks/main.yml
new file mode 100644
index 0000000..167a804
--- /dev/null
+++ b/dev-tools/ansible/roles/java/tasks/main.yml
@@ -0,0 +1,47 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+# Install Orcal Java
+- name: download oracle java 8 rpm
+ get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie'
+ become: yes
+ tags:
+ - always
+
+- name: Install oracle java 8
+ yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present
+ become: yes
+ tags:
+ - always
+
+- name: set Oracle Java {{ java_version_string }} as default
+ alternatives:
+ name="{{ item.exe }}"
+ link="/usr/bin/{{ item.exe }}"
+ path="{{ item.path }}/{{ item.exe }}"
+ with_items:
+ - { path: "{{ java_home }}/jre/bin", exe: 'java' }
+ - { path: "{{ java_home }}/jre/bin", exe: 'keytool' }
+ - { path: "{{ java_home }}/bin", exe: 'javac' }
+ - { path: "{{ java_home }}/bin", exe: 'javadoc' }
+ become: yes
+ tags:
+ - always
diff --git a/dev-tools/ansible/roles/java/vars/main.yml b/dev-tools/ansible/roles/java/vars/main.yml
new file mode 100644
index 0000000..10026c3
--- /dev/null
+++ b/dev-tools/ansible/roles/java/vars/main.yml
@@ -0,0 +1,37 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+#Variables associated with this role
+# Oracle Java 8
+java_dir_source: "/usr/local/src"
+
+java_version: 8
+java_version_update: 131
+java_version_build: '11'
+java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}"
+java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}"
+
+java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm"
+#java_rpm_url: "http://download.oracle.com/otn/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}"
+# Format of URL changed, just hardcoding it here
+java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.rpm"
+
+...
diff --git a/dev-tools/ansible/roles/keycloak/README.md b/dev-tools/ansible/roles/keycloak/README.md
new file mode 100644
index 0000000..f6f95d9
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/README.md
@@ -0,0 +1,14 @@
+## Keycloak Deployment
+
+###Configuration variables are distributed between :
+1. `roles/keycloak/default/main.yml` - defaults for keycloak internal variables
+2. `inventories/airavata-iam/group_vars/all.yml` - Global variables
+
+###Running instructions:
+
+1. Make sure SSL certificates and keystore files are present in roles/keycloak/files directory
+2. Make sure all the variables are configured correctly
+3. Dont use the Database role, rather set up the VM with default version provided by centos, tested with MySql 5.6 & MariaDB 5.5.52), Ansible role for the same is coming soon.
+4. Ensure the host file: `inventories/airavata-iam/hosts` has correct IP address
+4. For Standalone mode deployment : `ansible-playbook -i inventories/airavata-iam airavata-iam-setup.yml -t "standalone"`
+5. For HaCluster mode deployment : `ansible-playbook -i inventories/airavata-iam airavata-iam-setup.yml -t "hacluster"`
\ No newline at end of file
diff --git a/dev-tools/ansible/roles/keycloak/defaults/main.yml b/dev-tools/ansible/roles/keycloak/defaults/main.yml
new file mode 100644
index 0000000..a55be33
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/defaults/main.yml
@@ -0,0 +1,41 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+keycloak_version: "2.5.4.Final"
+keycloak_downlaod_url: "https://downloads.jboss.org/keycloak/{{keycloak_version}}/keycloak-{{keycloak_version}}.tar.gz"
+keycloak_install_dir: "keycloak-{{keycloak_version}}"
+keycloak_db_connector_name: "mysql-connector-java-5.1.41"
+keycloak_ssl_keystore_file: "keycloak.jks"
+keycloak_ssl_keystore_file_name: "keycloak.jks"
+keycloak_ssl_keystore_password: "Airavata"
+mysql_db_connector_download_url: "https://dev.mysql.com/get/Downloads/Connector-J/{{keycloak_db_connector_name}}.tar.gz"
+keycloak_master_account_username: "username"
+keycloak_master_account_password: "password"
+keycloak_server_port: "443"
+
+keycloak_db_host: "localhost"
+keycloak_db_port: "3306"
+keycloak_db_schema_name: "keycloak"
+keycloak_db_url: "jdbc:mysql://{{keycloak_db_host}}:{{keycloak_db_port}}/{{keycloak_db_schema_name}}"
+keycloak_db_username: "username"
+keycloak_db_password: "password"
+keycloak_db_pool_size: "20"
+...
\ No newline at end of file
diff --git a/dev-tools/ansible/roles/keycloak/files/README.md b/dev-tools/ansible/roles/keycloak/files/README.md
new file mode 100644
index 0000000..6463636
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/files/README.md
@@ -0,0 +1,36 @@
+## Generating Keystore for SSL certificates
+
+**Note:** will only work on Mac and Linux
+
+### Files Needed:
+1. SSL certificate for the domain (ex: .cer or .crt or .pem)
+2. Private key used to acquire that SSL Certificate, i.e. key used to create certificate request (.key).
+
+### Process:
+1. Place both file in airavata/dev-tools/roles/keycloak/files
+2. The first step is to convert them into a single PKCS12 file using the following command, You will be asked for various passwords (the password to access the key (if set) and then the password for the PKCS12 file being created):
+```
+openssl pkcs12 -export -in host.crt -inkey host.key > host.p12
+```
+3. Then import the PKCS12 file into a keystore using the command:
+```
+keytool -importkeystore -srckeystore host.p12 -destkeystore keycloak.jks -srcstoretype pkcs12
+```
+
+###Sample output:
+```$shell
+$ openssl pkcs12 -export -in host.crt -inkey host.key > host.p12
+Enter pass phrase for host.key:
+Enter Export Password:
+Verifying - Enter Export Password:
+```
+```
+$ keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks
+-srcstoretype pkcs12
+Enter destination keystore password:
+Re-enter new password:
+Enter source keystore password:
+Entry for alias 1 successfully imported.
+Import command completed: 1 entries successfully imported, 0 entries failed
+or cancelled
+```
\ No newline at end of file
diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml
new file mode 100644
index 0000000..a07df95
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@ -0,0 +1,205 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+# Download keycloak distribution
+- name: Download and unarchive keycloak
+ unarchive: src="{{ keycloak_downlaod_url }}"
+ dest="{{ user_home }}"
+ copy=no
+ owner="{{ user }}"
+ group="{{ group }}"
+ creates="{{user_home}}/{{ keycloak_install_dir }}/bin/standalone.sh"
+ become: true
+ become_user: "{{ user }}"
+ tags:
+ - always
+
+# <---------------------------- Setup Mysql database for keycloak ------------------->
+
+# create folder structure
+- file:
+ path: "{{user_home}}/{{ keycloak_install_dir }}/modules/system/layers/keycloak/org/mysql/main"
+ state: directory
+ mode: 0755
+ become: true
+ become_user: "{{ user }}"
+ tags:
+ - always
+
+- name: Download and unarchive mysql jdbc driver
+ unarchive: src="{{ mysql_db_connector_download_url }}"
+ dest="{{ user_home }}"
+ copy=no
+ owner="{{ user }}"
+ group="{{ group }}"
+ creates="{{user_home}}/{keycloak_db_connector_name}}/{{keycloak_db_connector_name}}-bin.jar"
+ become: true
+ become_user: "{{ user }}"
+ tags:
+ - always
+
+- name: move jdbc connector to keycloak module
+ command: mv {{user_home}}/{{keycloak_db_connector_name}}/{{keycloak_db_connector_name}}-bin.jar {{user_home}}/{{ keycloak_install_dir }}/modules/system/layers/keycloak/org/mysql/main/
+ become: true
+ become_user: "{{ user }}"
+ tags:
+ - always
+
+- name: copy jdbc module configuration file
+ template: >
+ src=module.j2
+ dest="{{user_home}}/{{ keycloak_install_dir }}/modules/system/layers/keycloak/org/mysql/main/module.xml"
+ owner="{{ user }}"
+ group="{{ group }}"
+ mode="u=rw,g=r,o=r"
+ become: true
+ become_user: "{{ user }}"
+ tags:
+ - always
+
+# </---------------------------- Setup Mysql database for keycloak - END ------------------->
+
+# <---------------------------- Server Configuration -------------------------------->
+
+# Only Executed for haCluster mode (Mysql setup & without SSl configuration)
+- name: copy keycloak configuration file (HaCluster)
+ template: >
+ src=standalone-ha.xml.j2
+ dest="{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/standalone-ha.xml"
+ owner="{{ user }}"
+ group="{{ group }}"
+ mode="u=rw,g=r,o=r"
+ become: true
+ become_user: "{{ user }}"
+ tags:
+ - hacluster
+
+# Only Executed for standalone mode (SSL Configuration & MySql)
+- name: copy keycloak configuration file (Standalone)
+ template: >
+ src=standalone.xml.j2
+ dest="{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/standalone.xml"
+ owner="{{ user }}"
+ group="{{ group }}"
+ mode="u=rw,g=r,o=r"
+ become: true
+ become_user: "{{ user }}"
+ tags:
+ - standalone
+
+# Copy the SSL certificate files to remote
+
+- name: copy ssl certificate files to remote
+ copy:
+ src: "{{keycloak_ssl_keystore_file}}"
+ dest: "{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/{{keycloak_ssl_keystore_file_name}}"
+ owner: "{{ user }}"
+ group: "{{ group }}"
+ mode: 0644
+ become: true
+ become_user: "{{ user }}"
+ tags:
+ - standalone
+# </------------------------------ Server Configuration ends ---------------------------->
+
+# <---------- setup init script for keycloak, starts the server after reboot ----------->
+
+# Init script to start keycloak in HaCluster mode
+- name: copy init script file (HaCluster)
+ template: >
+ src=keycloak-hacluster-init.j2
+ dest="/etc/init.d/keycloak"
+ owner="{{ user }}"
+ group="{{ group }}"
+ mode="u=rwx,g=r,o=r"
+ become: yes
+ become_user: root
+ tags:
+ - hacluster
+
+# Init script to start keycloak in Standalone mode
+- name: copy init script file (Standalone)
+ template: >
+ src=keycloak-standalone-init.j2
+ dest="/etc/init.d/keycloak"
+ owner="{{ user }}"
+ group="{{ group }}"
+ mode="u=rwx,g=rx,o=rx"
+ become: yes
+ become_user: root
+ tags:
+ - standalone
+
+# System command to add the init script to enable on startup
+- name: add init script to chkconfig and startup on boot
+ command: chkconfig --level 345 keycloak on
+ become: yes
+ become_user: root
+ tags:
+ - always
+
+# </---------- setup init script for keycloak, starts the server after reboot ----------->
+
+# <-------------------------Initialize a new admin for keycloak-------------------------->
+
+- name: Add master realm admin account
+ command: "{{user_home}}/{{ keycloak_install_dir }}/bin/add-user-keycloak.sh -r master -u {{ keycloak_master_account_username }} -p {{ keycloak_master_account_password }}"
+ args:
+ creates: "{{user_home}}/{{ keycloak_install_dir }}/standalone/configuration/keycloak-add-user.json"
+ become: yes
+ become_user: root
+ tags:
+ - always
+
+
+# <--------------------------open keycloak Identity server firewall port------------------------------>
+- name: open firewall port {{ keycloak_server_port }}
+ firewalld: port="{{ keycloak_server_port }}/tcp"
+ zone=public permanent=true state=enabled immediate=yes
+ become: yes
+ become_user: root
+ tags:
+ - always
+
+# <--------------------------start keycloak Identity server------------------------------>
+- name: reload Keycloak init script
+ command: systemctl daemon-reload
+ become: yes
+ become_user: root
+ tags:
+ - always
+
+# FIXME: restarting Keycloak server doesn't work
+- name: stop Keycloak server
+ service: name=keycloak state=stopped
+ ignore_errors: yes
+ become: yes
+ become_user: root
+ tags:
+ - always
+
+- name: start Keycloak server
+ service: name=keycloak state=started
+ become: yes
+ become_user: root
+ tags:
+ - always
+...
\ No newline at end of file
diff --git a/dev-tools/ansible/roles/keycloak/templates/keycloak-hacluster-init.j2 b/dev-tools/ansible/roles/keycloak/templates/keycloak-hacluster-init.j2
new file mode 100644
index 0000000..c9b9cca
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/keycloak-hacluster-init.j2
@@ -0,0 +1,49 @@
+#!/bin/bash
+#
+# chkconfig: 35 90 12
+# description: keycloak server
+#
+
+# Get function from functions library
+. /etc/init.d/functions
+
+# Start the service Keycloak
+start() {
+ initlog -c "echo -n Starting Keycloak server: "
+ nohup {{ user_home }}/{{ keycloak_install_dir }}/bin/standalone.sh -b 0.0.0.0 --server-config=standalone-ha.xml &
+ ### Create the lock file ###
+ touch /var/lock/subsys/keycloak
+ success $"keycloak server running"
+ echo
+}
+
+# Restart the service FOO
+stop() {
+ initlog -c "echo -n Stopping keycloak server: "
+ ps aux | grep keycloak | grep -v grep | awk '{print $2}' | xargs kill
+ ### Now, delete the lock file ###
+ rm -f /var/lock/subsys/keycloak
+ echo
+}
+
+### main logic ###
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ status keycloak
+ ;;
+ restart|reload|condrestart)
+ stop
+ start
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|reload|status}"
+ exit 1
+esac
+
+exit 0
\ No newline at end of file
diff --git a/dev-tools/ansible/roles/keycloak/templates/keycloak-standalone-init.j2 b/dev-tools/ansible/roles/keycloak/templates/keycloak-standalone-init.j2
new file mode 100644
index 0000000..bc7abe4
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/keycloak-standalone-init.j2
@@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# chkconfig: 35 90 12
+# description: keycloak server
+#
+
+# Get function from functions library
+. /etc/init.d/functions
+
+# Start the service Keycloak
+start() {
+ nohup {{ user_home }}/{{ keycloak_install_dir }}/bin/standalone.sh -b 0.0.0.0 &
+ ### Create the lock file ###
+ touch /var/lock/subsys/keycloak
+ echo $"keycloak server running"
+}
+
+# Restart the service FOO
+stop() {
+ ps aux | grep keycloak | grep -v grep | awk '{print $2}' | xargs kill
+ ### Now, delete the lock file ###
+ rm -f /var/lock/subsys/keycloak
+ echo $"keycloak server stopped"
+}
+
+### main logic ###
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ status)
+ status keycloak
+ ;;
+ restart|reload|condrestart)
+ stop
+ start
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|reload|status}"
+ exit 1
+esac
+
+exit 0
\ No newline at end of file
diff --git a/dev-tools/ansible/roles/keycloak/templates/module.j2 b/dev-tools/ansible/roles/keycloak/templates/module.j2
new file mode 100644
index 0000000..45da624
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/module.j2
@@ -0,0 +1,12 @@
+<?xml version="1.0" ?>
+<module xmlns="urn:jboss:module:1.3" name="org.mysql">
+
+ <resources>
+ <resource-root path="{{keycloak_db_connector_name}}-bin.jar"/>
+ </resources>
+
+ <dependencies>
+ <module name="javax.api"/>
+ <module name="javax.transaction.api"/>
+ </dependencies>
+</module>
\ No newline at end of file
diff --git a/dev-tools/ansible/roles/keycloak/templates/standalone-ha.xml.j2 b/dev-tools/ansible/roles/keycloak/templates/standalone-ha.xml.j2
new file mode 100644
index 0000000..e6fa3e8
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/standalone-ha.xml.j2
@@ -0,0 +1,539 @@
+<?xml version="1.0" ?>
+
+<server xmlns="urn:jboss:domain:4.0">
+ <extensions>
+ <extension module="org.jboss.as.clustering.infinispan"/>
+ <extension module="org.jboss.as.clustering.jgroups"/>
+ <extension module="org.jboss.as.connector"/>
+ <extension module="org.jboss.as.deployment-scanner"/>
+ <extension module="org.jboss.as.ee"/>
+ <extension module="org.jboss.as.ejb3"/>
+ <extension module="org.jboss.as.jaxrs"/>
+ <extension module="org.jboss.as.jdr"/>
+ <extension module="org.jboss.as.jmx"/>
+ <extension module="org.jboss.as.jpa"/>
+ <extension module="org.jboss.as.jsf"/>
+ <extension module="org.jboss.as.logging"/>
+ <extension module="org.jboss.as.mail"/>
+ <extension module="org.jboss.as.modcluster"/>
+ <extension module="org.jboss.as.naming"/>
+ <extension module="org.jboss.as.remoting"/>
+ <extension module="org.jboss.as.security"/>
+ <extension module="org.jboss.as.transactions"/>
+ <extension module="org.keycloak.keycloak-server-subsystem"/>
+ <extension module="org.wildfly.extension.bean-validation"/>
+ <extension module="org.wildfly.extension.io"/>
+ <extension module="org.wildfly.extension.request-controller"/>
+ <extension module="org.wildfly.extension.security.manager"/>
+ <extension module="org.wildfly.extension.undertow"/>
+ </extensions>
+ <management>
+ <security-realms>
+ <security-realm name="ManagementRealm">
+ <authentication>
+ <local default-user="$local" skip-group-loading="true"/>
+ <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
+ </authentication>
+ <authorization map-groups-to-roles="false">
+ <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
+ </authorization>
+ </security-realm>
+ <security-realm name="ApplicationRealm">
+ <authentication>
+ <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
+ <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
+ </authentication>
+ <authorization>
+ <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
+ </authorization>
+ </security-realm>
+ </security-realms>
+ <audit-log>
+ <formatters>
+ <json-formatter name="json-formatter"/>
+ </formatters>
+ <handlers>
+ <file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
+ </handlers>
+ <logger log-boot="true" log-read-only="false" enabled="false">
+ <handlers>
+ <handler name="file"/>
+ </handlers>
+ </logger>
+ </audit-log>
+ <management-interfaces>
+ <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
+ <socket-binding http="management-http"/>
+ </http-interface>
+ </management-interfaces>
+ <access-control provider="simple">
+ <role-mapping>
+ <role name="SuperUser">
+ <include>
+ <user name="$local"/>
+ </include>
+ </role>
+ </role-mapping>
+ </access-control>
+ </management>
+ <profile>
+ <subsystem xmlns="urn:jboss:domain:logging:3.0">
+ <console-handler name="CONSOLE">
+ <level name="INFO"/>
+ <formatter>
+ <named-formatter name="COLOR-PATTERN"/>
+ </formatter>
+ </console-handler>
+ <periodic-rotating-file-handler name="FILE" autoflush="true">
+ <formatter>
+ <named-formatter name="PATTERN"/>
+ </formatter>
+ <file relative-to="jboss.server.log.dir" path="server.log"/>
+ <suffix value=".yyyy-MM-dd"/>
+ <append value="true"/>
+ </periodic-rotating-file-handler>
+ <logger category="com.arjuna">
+ <level name="WARN"/>
+ </logger>
+ <logger category="org.jboss.as.config">
+ <level name="DEBUG"/>
+ </logger>
+ <logger category="sun.rmi">
+ <level name="WARN"/>
+ </logger>
+ <root-logger>
+ <level name="INFO"/>
+ <handlers>
+ <handler name="CONSOLE"/>
+ <handler name="FILE"/>
+ </handlers>
+ </root-logger>
+ <formatter name="PATTERN">
+ <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
+ </formatter>
+ <formatter name="COLOR-PATTERN">
+ <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
+ </formatter>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:datasources:4.0">
+ <datasources>
+ <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
+ <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
+ <driver>h2</driver>
+ <security>
+ <user-name>sa</user-name>
+ <password>sa</password>
+ </security>
+ </datasource>
+ <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
+ <connection-url>{{keycloak_db_url}}</connection-url>
+ <driver>mysql</driver>
+ <pool>
+ <max-pool-size>{{keycloak_db_pool_size}}</max-pool-size>
+ </pool>
+ <security>
+ <user-name>{{keycloak_db_username}}</user-name>
+ <password>{{keycloak_db_password}}</password>
+ </security>
+ <validation>
+ <check-valid-connection-sql>select 1</check-valid-connection-sql>
+ <validate-on-match>false</validate-on-match>
+ <background-validation>true</background-validation>
+ <background-validation-millis>10000</background-validation-millis>
+ </validation>
+ </datasource>
+ <drivers>
+ <driver name="mysql" module="org.mysql">
+ <xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>
+ </driver>
+ <driver name="h2" module="com.h2database.h2">
+ <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
+ </driver>
+ </drivers>
+ </datasources>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
+ <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:ee:4.0">
+ <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
+ <concurrent>
+ <context-services>
+ <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
+ </context-services>
+ <managed-thread-factories>
+ <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
+ </managed-thread-factories>
+ <managed-executor-services>
+ <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
+ </managed-executor-services>
+ <managed-scheduled-executor-services>
+ <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
+ </managed-scheduled-executor-services>
+ </concurrent>
+ <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:ejb3:4.0">
+ <session-bean>
+ <stateless>
+ <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
+ </stateless>
+ <stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple"/>
+ <singleton default-access-timeout="5000"/>
+ </session-bean>
+ <pools>
+ <bean-instance-pools>
+ <!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
+ <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+ <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+ </bean-instance-pools>
+ </pools>
+ <caches>
+ <cache name="simple"/>
+ <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
+ </caches>
+ <passivation-stores>
+ <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
+ </passivation-stores>
+ <async thread-pool-name="default"/>
+ <timer-service thread-pool-name="default" default-data-store="default-file-store">
+ <data-stores>
+ <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
+ </data-stores>
+ </timer-service>
+ <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
+ <thread-pools>
+ <thread-pool name="default">
+ <max-threads count="10"/>
+ <keepalive-time time="100" unit="milliseconds"/>
+ </thread-pool>
+ </thread-pools>
+ <default-security-domain value="other"/>
+ <default-missing-method-permissions-deny-access value="true"/>
+ <log-system-exceptions value="true"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:io:1.1">
+ <worker name="default"/>
+ <buffer-pool name="default"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:infinispan:4.0">
+ <cache-container name="keycloak" jndi-name="infinispan/Keycloak">
+ <transport lock-timeout="60000"/>
+ <local-cache name="realms">
+ <eviction max-entries="10000" strategy="LRU"/>
+ </local-cache>
+ <local-cache name="users">
+ <eviction max-entries="10000" strategy="LRU"/>
+ </local-cache>
+ <distributed-cache name="sessions" mode="SYNC" owners="1"/>
+ <distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
+ <distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
+ <distributed-cache name="authorization" mode="SYNC" owners="1"/>
+ <replicated-cache name="work" mode="SYNC"/>
+ <local-cache name="keys">
+ <eviction max-entries="1000" strategy="LRU"/>
+ <expiration max-idle="3600000"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
+ <transport lock-timeout="60000"/>
+ <replicated-cache name="default" mode="SYNC">
+ <transaction mode="BATCH"/>
+ </replicated-cache>
+ </cache-container>
+ <cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
+ <transport lock-timeout="60000"/>
+ <distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store/>
+ </distributed-cache>
+ </cache-container>
+ <cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
+ <transport lock-timeout="60000"/>
+ <distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store/>
+ </distributed-cache>
+ </cache-container>
+ <cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
+ <transport lock-timeout="60000"/>
+ <local-cache name="local-query">
+ <eviction strategy="LRU" max-entries="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <invalidation-cache name="entity" mode="SYNC">
+ <transaction mode="NON_XA"/>
+ <eviction strategy="LRU" max-entries="10000"/>
+ <expiration max-idle="100000"/>
+ </invalidation-cache>
+ <replicated-cache name="timestamps" mode="ASYNC"/>
+ </cache-container>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:jca:4.0">
+ <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
+ <bean-validation enabled="true"/>
+ <default-workmanager>
+ <short-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </short-running-threads>
+ <long-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </long-running-threads>
+ </default-workmanager>
+ <cached-connection-manager/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:jgroups:4.0">
+ <channels default="ee">
+ <channel name="ee" stack="udp"/>
+ </channels>
+ <stacks>
+ <stack name="udp">
+ <transport type="UDP" socket-binding="jgroups-udp"/>
+ <protocol type="PING"/>
+ <protocol type="MERGE3"/>
+ <protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
+ <protocol type="FD_ALL"/>
+ <protocol type="VERIFY_SUSPECT"/>
+ <protocol type="pbcast.NAKACK2"/>
+ <protocol type="UNICAST3"/>
+ <protocol type="pbcast.STABLE"/>
+ <protocol type="pbcast.GMS"/>
+ <protocol type="UFC"/>
+ <protocol type="MFC"/>
+ <protocol type="FRAG2"/>
+ </stack>
+ <stack name="tcp">
+ <transport type="TCP" socket-binding="jgroups-tcp"/>
+ <protocol type="MPING" socket-binding="jgroups-mping"/>
+ <protocol type="MERGE3"/>
+ <protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
+ <protocol type="FD"/>
+ <protocol type="VERIFY_SUSPECT"/>
+ <protocol type="pbcast.NAKACK2"/>
+ <protocol type="UNICAST3"/>
+ <protocol type="pbcast.STABLE"/>
+ <protocol type="pbcast.GMS"/>
+ <protocol type="MFC"/>
+ <protocol type="FRAG2"/>
+ </stack>
+ </stacks>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jmx:1.3">
+ <expose-resolved-model/>
+ <expose-expression-model/>
+ <remoting-connector/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jpa:1.1">
+ <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:mail:2.0">
+ <mail-session name="default" jndi-name="java:jboss/mail/Default">
+ <smtp-server outbound-socket-binding-ref="mail-smtp"/>
+ </mail-session>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:modcluster:2.0">
+ <mod-cluster-config advertise-socket="modcluster" connector="ajp">
+ <dynamic-load-provider>
+ <load-metric type="cpu"/>
+ </dynamic-load-provider>
+ </mod-cluster-config>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:naming:2.0">
+ <remote-naming/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:remoting:3.0">
+ <endpoint/>
+ <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
+ <deployment-permissions>
+ <maximum-set>
+ <permission class="java.security.AllPermission"/>
+ </maximum-set>
+ </deployment-permissions>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:security:1.2">
+ <security-domains>
+ <security-domain name="other" cache-type="default">
+ <authentication>
+ <login-module code="Remoting" flag="optional">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ <login-module code="RealmDirect" flag="required">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ </authentication>
+ </security-domain>
+ <security-domain name="jboss-web-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ <security-domain name="jboss-ejb-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ <security-domain name="jaspitest" cache-type="default">
+ <authentication-jaspi>
+ <login-module-stack name="dummy">
+ <login-module code="Dummy" flag="optional"/>
+ </login-module-stack>
+ <auth-module code="Dummy"/>
+ </authentication-jaspi>
+ </security-domain>
+ </security-domains>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:transactions:3.0">
+ <core-environment>
+ <process-id>
+ <uuid/>
+ </process-id>
+ </core-environment>
+ <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:undertow:3.0">
+ <buffer-cache name="default"/>
+ <server name="default-server">
+ <ajp-listener name="ajp" socket-binding="ajp"/>
+ <http-listener name="default" socket-binding="http" redirect-socket="https" proxy-address-forwarding="true"/>
+ <host name="default-host" alias="localhost">
+ <location name="/" handler="welcome-content"/>
+ <filter-ref name="server-header"/>
+ <filter-ref name="x-powered-by-header"/>
+ </host>
+ </server>
+ <servlet-container name="default">
+ <jsp-config/>
+ <websockets/>
+ </servlet-container>
+ <handlers>
+ <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
+ </handlers>
+ <filters>
+ <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
+ <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
+ </filters>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
+ <web-context>auth</web-context>
+ <providers>
+ <provider>classpath:${jboss.home.dir}/providers/*</provider>
+ </providers>
+ <master-realm-name>master</master-realm-name>
+ <scheduled-task-interval>900</scheduled-task-interval>
+ <theme>
+ <staticMaxAge>2592000</staticMaxAge>
+ <cacheThemes>true</cacheThemes>
+ <cacheTemplates>true</cacheTemplates>
+ <dir>${jboss.home.dir}/themes</dir>
+ </theme>
+ <spi name="eventsStore">
+ <default-provider>jpa</default-provider>
+ <provider name="jpa" enabled="true">
+ <properties>
+ <property name="exclude-events" value="["REFRESH_TOKEN"]"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="realm">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="user">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="userFederatedStorage">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="userCache">
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="userSessionPersister">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="authorizationPersister">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="timer">
+ <default-provider>basic</default-provider>
+ </spi>
+ <spi name="connectionsHttpClient">
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="connectionsJpa">
+ <provider name="default" enabled="true">
+ <properties>
+ <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
+ <property name="initializeEmpty" value="true"/>
+ <property name="migrationStrategy" value="update"/>
+ <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="realmCache">
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="connectionsInfinispan">
+ <default-provider>default</default-provider>
+ <provider name="default" enabled="true">
+ <properties>
+ <property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="jta-lookup">
+ <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
+ <provider name="jboss" enabled="true"/>
+ </spi>
+ <spi name="publicKeyStorage">
+ <provider name="infinispan" enabled="true">
+ <properties>
+ <property name="minTimeBetweenRequests" value="10"/>
+ </properties>
+ </provider>
+ </spi>
+ </subsystem>
+ </profile>
+ <interfaces>
+ <interface name="management">
+ <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
+ </interface>
+ <interface name="public">
+ <inet-address value="${jboss.bind.address:127.0.0.1}"/>
+ </interface>
+ <interface name="private">
+ <inet-address value="${jboss.bind.address.private:127.0.0.1}"/>
+ </interface>
+ </interfaces>
+ <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+ <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
+ <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
+ <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
+ <socket-binding name="http" port="${jboss.http.port:8080}"/>
+ <socket-binding name="https" port="${jboss.https.port:8443}"/>
+ <socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>
+ <socket-binding name="jgroups-tcp" interface="private" port="7600"/>
+ <socket-binding name="jgroups-tcp-fd" interface="private" port="57600"/>
+ <socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
+ <socket-binding name="jgroups-udp-fd" interface="private" port="54200"/>
+ <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
+ <socket-binding name="txn-recovery-environment" port="4712"/>
+ <socket-binding name="txn-status-manager" port="4713"/>
+ <outbound-socket-binding name="mail-smtp">
+ <remote-destination host="localhost" port="25"/>
+ </outbound-socket-binding>
+ </socket-binding-group>
+</server>
diff --git a/dev-tools/ansible/roles/keycloak/templates/standalone.xml.j2 b/dev-tools/ansible/roles/keycloak/templates/standalone.xml.j2
new file mode 100644
index 0000000..cf4aebe
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/standalone.xml.j2
@@ -0,0 +1,499 @@
+<?xml version="1.0" ?>
+
+<server xmlns="urn:jboss:domain:4.0">
+ <extensions>
+ <extension module="org.jboss.as.clustering.infinispan"/>
+ <extension module="org.jboss.as.connector"/>
+ <extension module="org.jboss.as.deployment-scanner"/>
+ <extension module="org.jboss.as.ee"/>
+ <extension module="org.jboss.as.ejb3"/>
+ <extension module="org.jboss.as.jaxrs"/>
+ <extension module="org.jboss.as.jdr"/>
+ <extension module="org.jboss.as.jmx"/>
+ <extension module="org.jboss.as.jpa"/>
+ <extension module="org.jboss.as.jsf"/>
+ <extension module="org.jboss.as.logging"/>
+ <extension module="org.jboss.as.mail"/>
+ <extension module="org.jboss.as.naming"/>
+ <extension module="org.jboss.as.remoting"/>
+ <extension module="org.jboss.as.security"/>
+ <extension module="org.jboss.as.transactions"/>
+ <extension module="org.keycloak.keycloak-server-subsystem"/>
+ <extension module="org.wildfly.extension.bean-validation"/>
+ <extension module="org.wildfly.extension.io"/>
+ <extension module="org.wildfly.extension.request-controller"/>
+ <extension module="org.wildfly.extension.security.manager"/>
+ <extension module="org.wildfly.extension.undertow"/>
+ </extensions>
+ <management>
+ <security-realms>
+ <security-realm name="ManagementRealm">
+ <authentication>
+ <local default-user="$local" skip-group-loading="true"/>
+ <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
+ </authentication>
+ <authorization map-groups-to-roles="false">
+ <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
+ </authorization>
+ </security-realm>
+ <security-realm name="ApplicationRealm">
+ <authentication>
+ <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
+ <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
+ </authentication>
+ <authorization>
+ <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
+ </authorization>
+ </security-realm>
+ <security-realm name="UndertowRealm">
+ <server-identities>
+ <ssl>
+ <keystore path="{{keycloak_ssl_keystore_file_name}}" relative-to="jboss.server.config.dir" keystore-password="{{keycloak_ssl_keystore_password}}" />
+ </ssl>
+ </server-identities>
+ </security-realm>
+ </security-realms>
+ <audit-log>
+ <formatters>
+ <json-formatter name="json-formatter"/>
+ </formatters>
+ <handlers>
+ <file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
+ </handlers>
+ <logger log-boot="true" log-read-only="false" enabled="false">
+ <handlers>
+ <handler name="file"/>
+ </handlers>
+ </logger>
+ </audit-log>
+ <management-interfaces>
+ <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
+ <socket-binding http="management-http"/>
+ </http-interface>
+ </management-interfaces>
+ <access-control provider="simple">
+ <role-mapping>
+ <role name="SuperUser">
+ <include>
+ <user name="$local"/>
+ </include>
+ </role>
+ </role-mapping>
+ </access-control>
+ </management>
+ <profile>
+ <subsystem xmlns="urn:jboss:domain:logging:3.0">
+ <console-handler name="CONSOLE">
+ <level name="INFO"/>
+ <formatter>
+ <named-formatter name="COLOR-PATTERN"/>
+ </formatter>
+ </console-handler>
+ <periodic-rotating-file-handler name="FILE" autoflush="true">
+ <formatter>
+ <named-formatter name="PATTERN"/>
+ </formatter>
+ <file relative-to="jboss.server.log.dir" path="server.log"/>
+ <suffix value=".yyyy-MM-dd"/>
+ <append value="true"/>
+ </periodic-rotating-file-handler>
+ <logger category="com.arjuna">
+ <level name="WARN"/>
+ </logger>
+ <logger category="org.jboss.as.config">
+ <level name="DEBUG"/>
+ </logger>
+ <logger category="sun.rmi">
+ <level name="WARN"/>
+ </logger>
+ <root-logger>
+ <level name="INFO"/>
+ <handlers>
+ <handler name="CONSOLE"/>
+ <handler name="FILE"/>
+ </handlers>
+ </root-logger>
+ <formatter name="PATTERN">
+ <pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
+ </formatter>
+ <formatter name="COLOR-PATTERN">
+ <pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
+ </formatter>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:bean-validation:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:datasources:4.0">
+ <datasources>
+ <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
+ <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
+ <driver>h2</driver>
+ <security>
+ <user-name>sa</user-name>
+ <password>sa</password>
+ </security>
+ </datasource>
+ <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
+ <connection-url>{{keycloak_db_url}}</connection-url>
+ <driver>mysql</driver>
+ <pool>
+ <max-pool-size>{{keycloak_db_pool_size}}</max-pool-size>
+ </pool>
+ <security>
+ <user-name>{{keycloak_db_username}}</user-name>
+ <password>{{keycloak_db_password}}</password>
+ </security>
+ <validation>
+ <check-valid-connection-sql>select 1</check-valid-connection-sql>
+ <validate-on-match>false</validate-on-match>
+ <background-validation>true</background-validation>
+ <background-validation-millis>10000</background-validation-millis>
+ </validation>
+ </datasource>
+ <drivers>
+ <driver name="mysql" module="org.mysql">
+ <xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>
+ </driver>
+ <driver name="h2" module="com.h2database.h2">
+ <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
+ </driver>
+ </drivers>
+ </datasources>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
+ <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:ee:4.0">
+ <spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
+ <concurrent>
+ <context-services>
+ <context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true"/>
+ </context-services>
+ <managed-thread-factories>
+ <managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default"/>
+ </managed-thread-factories>
+ <managed-executor-services>
+ <managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000"/>
+ </managed-executor-services>
+ <managed-scheduled-executor-services>
+ <managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000"/>
+ </managed-scheduled-executor-services>
+ </concurrent>
+ <default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:ejb3:4.0">
+ <session-bean>
+ <stateless>
+ <bean-instance-pool-ref pool-name="slsb-strict-max-pool"/>
+ </stateless>
+ <stateful default-access-timeout="5000" cache-ref="simple" passivation-disabled-cache-ref="simple"/>
+ <singleton default-access-timeout="5000"/>
+ </session-bean>
+ <pools>
+ <bean-instance-pools>
+ <!-- Automatically configure pools. Alternatively, max-pool-size can be set to a specific value -->
+ <strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+ <strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES"/>
+ </bean-instance-pools>
+ </pools>
+ <caches>
+ <cache name="simple"/>
+ <cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered"/>
+ </caches>
+ <passivation-stores>
+ <passivation-store name="infinispan" cache-container="ejb" max-size="10000"/>
+ </passivation-stores>
+ <async thread-pool-name="default"/>
+ <timer-service thread-pool-name="default" default-data-store="default-file-store">
+ <data-stores>
+ <file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir"/>
+ </data-stores>
+ </timer-service>
+ <remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
+ <thread-pools>
+ <thread-pool name="default">
+ <max-threads count="10"/>
+ <keepalive-time time="100" unit="milliseconds"/>
+ </thread-pool>
+ </thread-pools>
+ <default-security-domain value="other"/>
+ <default-missing-method-permissions-deny-access value="true"/>
+ <log-system-exceptions value="true"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:io:1.1">
+ <worker name="default"/>
+ <buffer-pool name="default"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:infinispan:4.0">
+ <cache-container name="keycloak" jndi-name="infinispan/Keycloak">
+ <local-cache name="realms">
+ <eviction max-entries="10000" strategy="LRU"/>
+ </local-cache>
+ <local-cache name="users">
+ <eviction max-entries="10000" strategy="LRU"/>
+ </local-cache>
+ <local-cache name="sessions"/>
+ <local-cache name="offlineSessions"/>
+ <local-cache name="loginFailures"/>
+ <local-cache name="work"/>
+ <local-cache name="authorization">
+ <eviction max-entries="100" strategy="LRU"/>
+ </local-cache>
+ <local-cache name="keys">
+ <eviction max-entries="1000" strategy="LRU"/>
+ <expiration max-idle="3600000"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
+ <local-cache name="default">
+ <transaction mode="BATCH"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="web" default-cache="passivation" module="org.wildfly.clustering.web.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ <local-cache name="persistent">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="false" purge="false"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="ejb" aliases="sfsb" default-cache="passivation" module="org.wildfly.clustering.ejb.infinispan">
+ <local-cache name="passivation">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="true" purge="false"/>
+ </local-cache>
+ <local-cache name="persistent">
+ <locking isolation="REPEATABLE_READ"/>
+ <transaction mode="BATCH"/>
+ <file-store passivation="false" purge="false"/>
+ </local-cache>
+ </cache-container>
+ <cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
+ <local-cache name="entity">
+ <transaction mode="NON_XA"/>
+ <eviction strategy="LRU" max-entries="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="local-query">
+ <eviction strategy="LRU" max-entries="10000"/>
+ <expiration max-idle="100000"/>
+ </local-cache>
+ <local-cache name="timestamps"/>
+ </cache-container>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jaxrs:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:jca:4.0">
+ <archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
+ <bean-validation enabled="true"/>
+ <default-workmanager>
+ <short-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </short-running-threads>
+ <long-running-threads>
+ <core-threads count="50"/>
+ <queue-length count="50"/>
+ <max-threads count="50"/>
+ <keepalive-time time="10" unit="seconds"/>
+ </long-running-threads>
+ </default-workmanager>
+ <cached-connection-manager/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:jmx:1.3">
+ <expose-resolved-model/>
+ <expose-expression-model/>
+ <remoting-connector/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jpa:1.1">
+ <jpa default-datasource="" default-extended-persistence-inheritance="DEEP"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:jsf:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:mail:2.0">
+ <mail-session name="default" jndi-name="java:jboss/mail/Default">
+ <smtp-server outbound-socket-binding-ref="mail-smtp"/>
+ </mail-session>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:naming:2.0">
+ <remote-naming/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:remoting:3.0">
+ <endpoint/>
+ <http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:request-controller:1.0"/>
+ <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
+ <deployment-permissions>
+ <maximum-set>
+ <permission class="java.security.AllPermission"/>
+ </maximum-set>
+ </deployment-permissions>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:security:1.2">
+ <security-domains>
+ <security-domain name="other" cache-type="default">
+ <authentication>
+ <login-module code="Remoting" flag="optional">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ <login-module code="RealmDirect" flag="required">
+ <module-option name="password-stacking" value="useFirstPass"/>
+ </login-module>
+ </authentication>
+ </security-domain>
+ <security-domain name="jboss-web-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ <security-domain name="jboss-ejb-policy" cache-type="default">
+ <authorization>
+ <policy-module code="Delegating" flag="required"/>
+ </authorization>
+ </security-domain>
+ <security-domain name="jaspitest" cache-type="default">
+ <authentication-jaspi>
+ <login-module-stack name="dummy">
+ <login-module code="Dummy" flag="optional"/>
+ </login-module-stack>
+ <auth-module code="Dummy"/>
+ </authentication-jaspi>
+ </security-domain>
+ </security-domains>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:transactions:3.0">
+ <core-environment>
+ <process-id>
+ <uuid/>
+ </process-id>
+ </core-environment>
+ <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:undertow:3.0">
+ <buffer-cache name="default"/>
+ <server name="default-server">
+ <http-listener name="default" socket-binding="http" redirect-socket="https"/>
+ <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
+ <host name="default-host" alias="localhost">
+ <location name="/" handler="welcome-content"/>
+ <filter-ref name="server-header"/>
+ <filter-ref name="x-powered-by-header"/>
+ </host>
+ </server>
+ <servlet-container name="default">
+ <jsp-config/>
+ <websockets/>
+ </servlet-container>
+ <handlers>
+ <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
+ </handlers>
+ <filters>
+ <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
+ <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
+ </filters>
+ </subsystem>
+ <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
+ <web-context>auth</web-context>
+ <providers>
+ <provider>classpath:${jboss.home.dir}/providers/*</provider>
+ </providers>
+ <master-realm-name>master</master-realm-name>
+ <scheduled-task-interval>900</scheduled-task-interval>
+ <theme>
+ <staticMaxAge>2592000</staticMaxAge>
+ <cacheThemes>true</cacheThemes>
+ <cacheTemplates>true</cacheTemplates>
+ <dir>${jboss.home.dir}/themes</dir>
+ </theme>
+ <spi name="eventsStore">
+ <default-provider>jpa</default-provider>
+ <provider name="jpa" enabled="true">
+ <properties>
+ <property name="exclude-events" value="["REFRESH_TOKEN"]"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="realm">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="user">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="userFederatedStorage">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="userCache">
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="userSessionPersister">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="authorizationPersister">
+ <default-provider>jpa</default-provider>
+ </spi>
+ <spi name="timer">
+ <default-provider>basic</default-provider>
+ </spi>
+ <spi name="connectionsHttpClient">
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="connectionsJpa">
+ <provider name="default" enabled="true">
+ <properties>
+ <property name="dataSource" value="java:jboss/datasources/KeycloakDS"/>
+ <property name="initializeEmpty" value="true"/>
+ <property name="migrationStrategy" value="update"/>
+ <property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="realmCache">
+ <provider name="default" enabled="true"/>
+ </spi>
+ <spi name="connectionsInfinispan">
+ <default-provider>default</default-provider>
+ <provider name="default" enabled="true">
+ <properties>
+ <property name="cacheContainer" value="java:comp/env/infinispan/Keycloak"/>
+ </properties>
+ </provider>
+ </spi>
+ <spi name="jta-lookup">
+ <default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
+ <provider name="jboss" enabled="true"/>
+ </spi>
+ <spi name="publicKeyStorage">
+ <provider name="infinispan" enabled="true">
+ <properties>
+ <property name="minTimeBetweenRequests" value="10"/>
+ </properties>
+ </provider>
+ </spi>
+ </subsystem>
+ </profile>
+ <interfaces>
+ <interface name="management">
+ <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
+ </interface>
+ <interface name="public">
+ <inet-address value="${jboss.bind.address:127.0.0.1}"/>
+ </interface>
+ </interfaces>
+ <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+ <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
+ <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
+ <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
+ <socket-binding name="http" port="${jboss.http.port:8080}"/>
+ <socket-binding name="https" port="${jboss.https.port:443}"/>
+ <socket-binding name="txn-recovery-environment" port="4712"/>
+ <socket-binding name="txn-status-manager" port="4713"/>
+ <outbound-socket-binding name="mail-smtp">
+ <remote-destination host="localhost" port="25"/>
+ </outbound-socket-binding>
+ </socket-binding-group>
+</server>