Merge "openssh client fix"
diff --git a/docker/swarm/network/keycloak_backend.yml b/docker/swarm/network/keycloak_backend.yml
new file mode 100644
index 0000000..5b1c625
--- /dev/null
+++ b/docker/swarm/network/keycloak_backend.yml
@@ -0,0 +1,11 @@
+parameters:
+  _param:
+    docker_keycloak_network_subnet: 10.70.0.0/24
+  docker:
+    client:
+      network:
+        keycloak_backend:
+          subnet: ${_param:docker_keycloak_network_subnet}
+          driver: overlay
+          attachable: true
+
diff --git a/docker/swarm/stack/keycloak.yml b/docker/swarm/stack/keycloak.yml
new file mode 100644
index 0000000..0187a08
--- /dev/null
+++ b/docker/swarm/stack/keycloak.yml
@@ -0,0 +1,38 @@
+parameters:
+  _param:
+    docker_keycloak_server_replicas: 3
+    docker_keycloak_proxy_replicas: 1
+    docker_image_keycloak_server: jboss/keycloak:3.4.2.Final
+    docker_image_keycloak_proxy: jboss/keycloak-proxy:3.4.2.h
+    keycloak_bind_port: ${_param:haproxy_keycloak_bind_port}
+    keycloak_proxy_bind_port: ${_param:haproxy_keycloak_proxy_bind_port}
+  docker:
+    client:
+      stack:
+        keycloak:
+          service:
+            keycloak-server:
+              image: ${_param:docker_image_keycloak_server}
+              deploy:
+                replicas: ${_param:docker_keycloak_server_replicas}
+                restart_policy:
+                  condition: any
+              ports:
+                - ${_param:haproxy_keycloak_exposed_port}:${_param:keycloak_bind_port}
+              volumes:
+                - /srv/volumes/keycloak/server/:/app
+            keycloak-proxy:
+              image: ${_param:docker_image_keycloak_proxy}
+              deploy:
+                replicas: ${_param:docker_keycloak_proxy_replicas}
+                restart_policy:
+                  condition: any
+              ports:
+                - ${_param:haproxy_keycloak_proxy_exposed_port}:${_param:keycloak_proxy_bind_port}
+              volumes:
+                - /srv/volumes/keycloak/proxy/proxy.json:/opt/jboss/conf/proxy.json
+          network:
+            default:
+              external:
+                name: keycloak_backend
+
diff --git a/glusterfs/client/volume/keycloak.yml b/glusterfs/client/volume/keycloak.yml
new file mode 100644
index 0000000..06d6134
--- /dev/null
+++ b/glusterfs/client/volume/keycloak.yml
@@ -0,0 +1,16 @@
+parameters:
+  _param:
+    keycloak_glusterfs_service_host: ${_param:glusterfs_service_host}
+    glusterfs_node01_address: ${_param:cluster_node01_address}
+    glusterfs_node02_address: ${_param:cluster_node02_address}
+    glusterfs_node03_address: ${_param:cluster_node03_address}
+  glusterfs:
+    client:
+      volumes:
+        keycloak:
+          path: /srv/volumes/keycloak
+          server: ${_param:keycloak_glusterfs_service_host}
+          opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
+          user: 1000
+          group: 1000
+
diff --git a/glusterfs/server/volume/keycloak.yml b/glusterfs/server/volume/keycloak.yml
new file mode 100644
index 0000000..c8c71f0
--- /dev/null
+++ b/glusterfs/server/volume/keycloak.yml
@@ -0,0 +1,20 @@
+parameters:
+  glusterfs:
+    server:
+      volumes:
+        keycloak:
+          storage: /srv/glusterfs/keycloak
+          replica: 3
+          bricks:
+            - ${_param:cluster_node01_address}:/srv/glusterfs/keycloak
+            - ${_param:cluster_node02_address}:/srv/glusterfs/keycloak
+            - ${_param:cluster_node03_address}:/srv/glusterfs/keycloak
+          options:
+            cluster.readdir-optimize: On
+            nfs.disable: On
+            network.remote-dio: On
+            diagnostics.client-log-level: WARNING
+            diagnostics.brick-log-level: WARNING
+            cluster.favorite-child-policy: mtime
+
+
diff --git a/haproxy/proxy/listen/keycloak.yml b/haproxy/proxy/listen/keycloak.yml
new file mode 100644
index 0000000..73697a3
--- /dev/null
+++ b/haproxy/proxy/listen/keycloak.yml
@@ -0,0 +1,71 @@
+parameters:
+  _param:
+    haproxy_keycloak_bind_host: ${_param:haproxy_bind_address}
+    haproxy_keycloak_bind_port: 8086
+    haproxy_keycloak_exposed_port: 18086
+    haproxy_keycloak_ssl:
+      enabled: false
+    haproxy_keycloak_proxy_bind_host: ${_param:haproxy_bind_address}
+    haproxy_keycloak_proxy_bind_port: 8180
+    haproxy_keycloak_proxy_exposed_port: 18180
+    haproxy_keycloak_proxy_ssl:
+      enabled: false
+  haproxy:
+    proxy:
+      listen:
+        keycloak:
+          mode: http
+          options:
+            - forwardfor
+            - httpchk
+            - httpclose
+            - httplog
+          balance: source
+          http_request:
+            - action: "add-header X-Forwarded-Proto https"
+              condition: "if { ssl_fc }"
+          binds:
+            - address: ${_param:haproxy_keycloak_bind_host}
+              port: ${_param:haproxy_keycloak_bind_port}
+              ssl: ${_param:haproxy_keycloak_ssl}
+          servers:
+            - name: ${_param:cluster_node01_name}
+              host: ${_param:cluster_node01_address}
+              port: ${_param:haproxy_keycloak_exposed_port}
+              params: check
+            - name: ${_param:cluster_node02_name}
+              host: ${_param:cluster_node02_address}
+              port: ${_param:haproxy_keycloak_exposed_port}
+              params: backup check
+            - name: ${_param:cluster_node03_name}
+              host: ${_param:cluster_node03_address}
+              port: ${_param:haproxy_keycloak_exposed_port}
+              params: backup check
+        keycloak_proxy:
+          mode: http
+          options:
+            - forwardfor
+            - httpchk
+            - httpclose
+            - httplog
+          balance: source
+          http_request:
+            - action: "add-header X-Forwarded-Proto https"
+              condition: "if { ssl_fc }"
+          binds:
+            - address: ${_param:haproxy_keycloak_proxy_bind_host}
+              port: ${_param:haproxy_keycloak_proxy_bind_port}
+              ssl: ${_param:haproxy_keycloak_proxy_ssl}
+          servers:
+            - name: ${_param:cluster_node01_name}
+              host: ${_param:cluster_node01_address}
+              port: ${_param:haproxy_keycloak_proxy_exposed_port}
+              params: check
+            - name: ${_param:cluster_node02_name}
+              host: ${_param:cluster_node02_address}
+              port: ${_param:haproxy_keycloak_proxy_exposed_port}
+              params: backup check
+            - name: ${_param:cluster_node03_name}
+              host: ${_param:cluster_node03_address}
+              port: ${_param:haproxy_keycloak_proxy_exposed_port}
+              params: backup check
diff --git a/keycloak/proxy/application/devops_portal.yml b/keycloak/proxy/application/devops_portal.yml
new file mode 100644
index 0000000..bf09f69
--- /dev/null
+++ b/keycloak/proxy/application/devops_portal.yml
@@ -0,0 +1,13 @@
+parameters:
+  _param:
+    keycloak_proxy_devops_portal_base_path: "/"
+  keycloak:
+    proxy:
+      applications:
+        devops_portal:
+          base_path: "${_param:keycloak_proxy_devops_portal_base_path}"
+          adapter_config:
+            realm: "jaeger"
+            auth_server_url: "http://keycloak/auth"
+            resource: "proxy-jaeger"
+