Install Infinispan or Red Hat DataGrid server configurations.
- Service configuration defaults
| Variable | Description | Default |
|---|---|---|
infinispan_port |
Alternate port for the service | 11222 |
infinispan_jgroups_port |
Alternate port for the jgroups cluster | 7800 |
infinispan_jgroups_relay_port |
Alternate port for the jgroups relaying cluster | 7801 |
infinispan_port_offset |
Optional port offset for colocated installations | 0 |
infinispan_nodename |
Instance name for service (ie. cluster node identifier) | {{ inventory_hostname }} |
infinispan_keycloak_persistence |
Enable persitence datasource for keycloak caches | false |
infinispan_service_user |
Posix account for the service installation | ispn |
infinispan_service_group |
Posix group for the service installation | ispn |
infinispan_logfile_format |
Main logfile format: FILE or JSON-FILE | FILE |
infinispan_logfile_root_level |
Root logging level: TRACE, DEBUG, INFO, WARN, ERROR | INFO |
infinispan_logfile_enable_audit |
Enable additional audit.log logfile | true |
infinispan_logfile_enable_hotrod_accesslog |
Enable additional hotrod-access.log | false |
infinispan_logfile_enable_rest_accesslog |
Enable additional rest-access.log | false |
infinispan_logfile_maxsize |
Max file size, triggers rotation | 100 MB |
infinispan_default_realm_tls |
Enable TLS server certificate | false |
infinispan_keystore_path |
Path to keystore containing server identity certificate | /etc/pki/java/cacerts |
infinispan_keystore_password |
Keystore password | changeit |
infinispan_keystore_alias |
Alias for the certificate to load from keystore | {{ inventory_hostname }} |
infinispan_keystore_key_password |
Key passphrase for TLS server identity | '' |
infinispan_keycloak_caches |
Creates remote caches for keycloak | false |
infinispan_jvm_package |
RHEL java package runtime | java-21-openjdk-headless |
infinispan_service_name |
Name of the systemd service unit, appended with -{{infinispan_port_offset}} when not 0 |
infinispan |
infinispan_service_desc |
Description of the systemd service unit | Infinispan |
infinispan_service_restart_on_failure |
systemd restart-on-failure behavior activation | `true`` |
infinispan_service_startlimitintervalsec |
systemd StartLimitIntervalSec | 300 if infinispan_service_restart_on_failure else `` |
infinispan_service_startlimitburst |
systemd StartLimitBurst | 5 if infinispan_service_restart_on_failure else `` |
infinispan_service_restartsec |
systemd RestartSec | 10s if infinispan_service_restart_on_failure else `` |
infinispan_resp_cache |
Name of the cache on which to enable the RESP protocol; if empty, disable RESP | '' |
- Cluster configuration
| Variable | Description | Default |
|---|---|---|
infinispan_jgroups_relay |
Enable cross-DC relaying | false |
infinispan_jgroups_relay_sites |
List of site names for cross-DC relaying | [] |
infinispan_jgroups_relay_site |
Site the inventory host is in when cross-DC is enabled | '' |
infinispan_jgroups_discovery |
Clustering discovery protocol, value from [PING,TCPPING,JDBC_PING] |
`` |
infinispan_jgroups_iface |
The NIC name to be used for cluster IPv4 addresses (ie. 'eth0') | default_ipv4 |
infinispan_jgroups_cluster_nodes |
List of node definitions for jgroups cluster, read below for the format | [] |
The infinispan_jgroups_cluster_nodes parameter, when empty, tell the collection to geenrate the list from the hosts variables in ansible_play_hosts;
otherwise, it can be passed-in using the following dictionary format:
infinispan_jgroups_cluster_nodes:
- address: 10.0.0.175
inventory_host: '10.0.0.175[7800]'
name: us-east-2-datagrid-1
port: 7800
site: us-east-2
value: 'tcp://10.0.0.175:7800'
- address: 10.0.0.179
inventory_host: "10.0.0.179[7800]"
name: us-east-2-datagrid-2
port: 7800
site: us-east-2
value: 'tcp://10.0.0.179:7800'where address, port, and inventory_host are connection details; name is the name of the host in the cluster, site is the name of the cluster in the xsite configuration,
and value is explicit connection string.
- Download and install defaults
| Variable | Description | Default |
|---|---|---|
infinispan_offline_install |
Perform an offline install | false |
infinispan_version |
Infinispan version to install | 14.0.13.Final |
infinispan_bundle |
Archive name for Infinispan download | infinispan-server-{{ infinispan_version }}.zip |
infinispan_download_url |
Download URL for infinispan | https://downloads.jboss.org/infinispan/{{ infinispan_version }}/{{ infinispan_bundle }} |
infinispan_dest |
Directory where to extract installation archives | /opt/infinispan |
infinispan_installation_path |
Specific unxtracted installation path for infinispan | /opt/infinispan/infinispan-server-{{ infinispan_version }}/ |
infinispan_app_download_dir |
Directory where to download archives | /opt/infinispan |
infinispan_healthcheck |
Check health of service at end of installation | true |
infinispan_bind_address |
Alternate bind address for the daemon | localhost |
infinispan_caches |
List of cache definitions to configure statically | [] |
infinispan_users |
List of users to create | [] |
infinispan_rest_cache_api_path |
Path of infinispan rest api | /rest/v2/caches/ |
infinispan_configure_firewalld |
Ensure firewalld is running and configure infinispan ports | false |
The following are a set of required variables for the role:
| Variable | Description | Required |
|---|---|---|
infinispan_supervisor_password |
Password for the administration console user account | true |
infinispan_users |
List of user definitions to create | false |
infinispan_java_home |
JAVA_HOME of installed JRE, leave empty for using specified infinispan_jvm_package RPM path |
false |
Sample user definition format:
infinispan_users:
- { name: 'testuser1', password: 'test', roles: 'observer' }
- { name: 'testuser2', password: 'test', roles: 'application' }The following are required when infinispan_jgroups_discovery is JDBC_PING:
| Variable | Description | Default |
|---|---|---|
infinispan_jdbc_engine |
backend database engine (values: ['mariadb','postgres','sqlserver']) |
mariadb |
infinispan_jdbc_driver_version |
driver version to download | 2.7.4 |
infinispan_jdbc_url |
URL for jdbc connection | jdbc:mariadb://localhost:3306/keycloak |
infinispan_jdbc_user |
username for jdbc connection | keycloak-user |
infinispan_jdbc_pass |
password for jdbc connection | keycloak-pass |
When setting up cross-DC relaying, also setup mariadb in active-active mode (ie. with galera cluster), and switch the JDBC to url to the sequential scheme; similar configuration for other database engines.
The role depends on the following collections:
To install, from the collection root directory, run:
ansible-galaxy collections install -r requirements.yml
Python lxml and jmespath libraries are needed on the host that executes this module. To install, from the collection root directory, run:
pip install -r requirements.txt
The following is an example playbook that makes use of the role to install Infinispan
---
- hosts: ...
collections:
- middleware_automation.infinispan
tasks:
- name: Include Infinispan role
include_role:
name: infinispan
vars:
infinispan_supervisor_password: "changeme"
infinispan_users: []Performing an offline installation is possible by:
- setting
infinispan_offline_installtotrue - making the file available to ansible controller, using as filename
infinispan_bundle.
Enabling infinispan_keycloak_caches will prepare the following caches in a dedicated cache container for remote keycloak access:
- sessions
- offlineSessions
- clientSessions
- offlineClientSessions
- loginFailures
- actionTokens
- work
for more details, refer to the: INSTALLATION AND CONFIGURATION GUIDE - 3.4.6. Infinispan caches
It is possible to deploy caches statically in the infinispan.xml server configuration, by populating the infinispan_caches list of dicts.
In case of clustered deployments, this configuration must be executed against all nodes in the cluster, as they are not propagated by the service.
To deploy cache configurations at runtime, refer to the infinispan_cache role instead.
For more details, refer to:
- Configuring Infinispan Caches - 3.1 Declarative cache configuration
- Configuring Infinispan Caches - 3.3 Creating remote caches
A cache configuration can be passed-in as an XML file or string, as it is generated by the infinispan server console; otherwise, it is possible to define configuration dicts, used to populate the available templates.
To pass XML directly, as string or with a file:
infinispan_caches:
- cache_xml: >
<local-cache name="testcachexml" statistics="true">
<encoding media-type="application/x-protostream"/>
</local-cache>
- cache_xml: "{{ lookup('file', user_data_file) }}"
To configure caches:
infinispan_caches:
- cache_config:
name: 'my-distributed-cache'
template: 'distribute-cache'
encoding: 'application/x-jboss-marshalling'
persistence: false
It is possible to mix and match the two configurations in the infinispan_caches list.
Apache License 2.0