This role installs Wildfly's application runtime.
It's important to change the bind addresses to localhost or internal network in production environments.
Defaults:
wildfly_version: 9.0.1.Final
wildfly_user: wildfly
wildfly_group: wildfly
wildfly_base_download_url: http://download.jboss.org/wildfly
wildfly_name: wildfly-{{ wildfly_version }}
wildfly_download_file: "{{ wildfly_name }}.tar.gz"
wildfly_download_validate_certs: "yes"
wildfly_download_url: "{{ wildfly_base_download_url }}/{{ wildfly_version }}/\
{{ wildfly_download_file }}"
wildfly_download_dir: /tmp
wildfly_install_dir: /opt
wildfly_dir: "{{ wildfly_install_dir }}/{{ wildfly_name }}"
wildfly_temp_dir: /tmp/wildfly
wildfly_console_log_dir: "/var/log/wildfly"
wildfly_console_log_file: "console.log"
wildfly_console_log: "{{ wildfly_console_log_dir }}/\
{{ wildfly_console_log_file }}"
wildfly_conf_dir: /etc/wildfly
wildfly_standalone_config_file: standalone.xml
wildfly_standalone_config_path: "{{ wildfly_dir }}/standalone/configuration/\
{{ wildfly_standalone_config_file }}"
wildfly_init_dir: /etc/init.d
wildfly_bind_address: 0.0.0.0
wildfly_management_bind_address: 0.0.0.0
wildfly_manage_http_port: 9990
wildfly_manage_https_port: 9993
wildfly_http_port: 8080
wildfly_https_port: 8443
wildfly_enable_ssl: no
wildfly_keystore_name: my.jks
wildfly_keystore_path: "{{ wildfly_dir }}/standalone/configuration/\
{{ wildfly_keystore_name }}"
wildfly_keystore_alias: my
wildfly_keystore_password: "secret"
wildfly_key_password: "secret"
wildfly_application_ssl_identity: '
<server-identities>
<ssl>
<keystore path="{{ wildfly_keystore_name }}"
relative-to="jboss.server.config.dir"
alias="{{ wildfly_keystore_alias }}"
keystore-password="{{ wildfly_keystore_password }}"
key-password="{{ wildfly_key_password }}"/>
</ssl>
</server-identities>'
wildfly_https_listener: '
<https-listener name="https-server" socket-binding="https"
security-realm="ManagementRealm"/>'
# Manually defined variables
# wildfly_app_users:
# - name: user
# password: secret_password
# wildfly_management_users:
# - name: admin
# password: secret_password
# wildfly_custom_properties:
# custom.property: custom java property, goes into {{ wildfly_conf_dir }}/wildfly.properties
# wildfly_custom_environment:
# CUSTOM_ENV_VAR: custom environment variable, goes into {{ wildfly_conf_dir }}/wildfly.conf
- hosts: servers
roles:
- { role: inkatze.wildfly }
It's recommended that you create Wildfly's admin user separately as follows:
$ ansible-playbook main.yml --extra-vars '{"wildfly_management_users":[{"name":"admin","password":"secret_password"}]}'
In order to enable SSL for applications and the management interface you have
to set the wildfly_enable_ssl variable to yes and put the keystore file
into this role files folder.
You can create a self signed keystore file with the following command:
$ keytool -genkey -alias mycert -keyalg RSA -sigalg MD5withRSA -keystore my.jks -storepass secret -keypass secret -validity 9999
It's recommended that the first and last name is your hostname. After this file is created, you have to set the keystore related variable in order to work correctly.
To create a keystore with your own certificate you need to run the following commands:
$ cat /etc/ssl/certs/ca-bundle.crt intermediate.crt > allcacerts.crt
$ openssl verify -CAfile allcacerts.crt certificate.crt
$ openssl pkcs12 -export -chain -CAfile allcacerts.crt -in certificate.crt -inkey private.key -out my.p12 -name my
$ keytool -importkeystore -destkeystore my.jks -srckeystore my.p12 -srcstoretype pkcs12 -alias my
The first command will add your intermediate to the openssl's CAs; the order is
important and you may need to put the itermediate file before ca-bundle.crt.
The second command is to verify that your certificate is signed by a known CA,
usually if this step fails, the rest of the process will fail too.
The third command is to import the all our certificate files in pkcs12 format.
Finally we use keytool to create the keystore to be used in wildfly.
- If you're getting a
Connection refusederror in your browser check that you have the correct IP address in yourwildfly_bind_addressvariable.
BSD