Using Vagrant and Ansible To Build A Keycloak/Wildfly Development Server Print

Setting up a development environment can be a tedious and time consuming chore.  Setup documents can become stale and outdated as versions and dependencies change.  In this article, we will walk through the steps for automating the creation of a virtual development environment.

If you have ever written software (or worked with a team that does) on a desktop computer, you have probably encountered the following meme:

works-on-my-machine-starburst_2Attempting to deploy software in different environments can present a myriad of problems.  We frequently struggle when development environments are different than staging, test and production machines.  Setup, deployment scripts and techniques used to work on a desktop OS (such as windows) are usually quite different than those used when deploying to a production environment running some form of linux.

Another issue frequently faced is the need for different tools and setups for different projects (quite often at the same time).  In the past, we would setup our development stack on our host machine. While this approach may work for a single project, differing requirements and versions make it difficult to maintain for multiple projects.

This is where Vagrant comes in.  Vagrant configurations are portable.  All members of our team can create their development environments from the same configuration ensuring that everyone is testing in the same environment regardless of the type of workstation they are using.

In the first post of this multi-part series, we will cover the steps to creating an automated development environment for use with Wildfly and Keycloak.


  • Creation of the sandbox development environment should be automated
  • Developers should be able to attach a debugger to deployed code
  • Scripts used to provision the development environment should be usable for provisioning other life cycle environments

Technology Stack

  • Vagrant is a tool to create and configure lightweight, reproducible, and portable development environments
  • Virtualbox is a free general purpose virtualizer. Vagrant works with many providers but virtualbox is free and available on many platforms
  • Ansible is a provisioning tool used to deploy software and configure systems. Ansible is simple, straightforward and easy to use
  • Ansible Galaxy is a community hub for sharing roles.  We will be using roles for configuring openldap, nginx, ssl and mysql

Development Environment

The development environment we will be creating will consist of

  • Ubuntu Trusty is a Debian based linux operating system.
  • Keycloak is an Integrated SSO and IDM for browser apps and RESTful web services
  • Wildfly  is an open source JEE7 application server
  • OpenJDK 8 is an open source implementation of the Java SE 8 platform specification
  • Openldap is an open source implementation of the Lightweight Directory Access Protocol
  • MySql is an open source database server
  • Nginx is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server


Code for this project can be found at


Installing Vagrant, Ansible and Virtualbox is straightforward.  You can follow the instructions from the



The Vagrantfile is simple

  • A private network is created using the ip address  This address is accessible from our sandbox but not outside it
  • A shared folder  shared is created for ease of use in copying files back and forth. This is not strictly necessary as the project folder is already mounted as the  vagrant folder in the vm but changes to the  shared folder are set to be ignored by git (see the .gitignore file)
  • SSH agent forwarding is set to true.  This will allow us to use our existing ssh keys to pull from our github repository
  • Since we are installing all of our application software here we beef up the box by adding 2 cpu’s and using 4096 bytes of memory

Ansible Provisioning

 Note: In our example, we are using Ansible to provision the linux virtual machine.  I like Ansible because of it’s simplicity of use but it does require a linux or mac control machine.  If your development staff is using windows, you will need to use a different provisioner such as Puppet or Chef

We break up provisioning by creating roles.  The roles we use are

  • common-setup: Used to install common utilities like wget, git and the openjdk 8
  • geerlingguy.mysql: Ansible galaxy role used to install and configure Mysql.  Check the role vars for configuration
  • openldap_server: Ansible galaxy role used to install and configure Openldap.  Check the role vars for configuration
  • wildfly: Downloads and configures the Wildfly server.  After downloading and upacking the server this role also makes configuration changes and installs a Mysql datasource

  • keycloak: Downloads and configures the Keycloak server in the same manner as the Wildfly role.  This role also makes the necessary changes to use SSL

  • keycloak_wf9_adapter: Downloads and copies the additional configuration and modules needed for Wildfly to use Keycloak for authentication
  • serenity-db: Configures Mysql db for our sample application.  It creates users and imports tables
  • ldap-data: Imports a list of data to populate our Openldap server

  • keycloak-realm: Imports a sample realm used by our demo application

  • jdauphant.ssl-certs: Ansible galaxy role that generates self-signed SSL certificates.  This is used by Nginx.  Check the role vars for configuration
  • jdauphant.nginx: Ansible galaxy role to configure Nginx for our Keycloak and Wildfly servers.  Check the role vars for configuration


At this point, you’re ready to bring up the environment and get down to business

In my next post, we will use this container to deploy and secure a set of web services.