[keycloak-dev] Concurrent sync in cluster

Marek Posolda mposolda at redhat.com
Wed Feb 17 07:50:08 EST 2016


We had a bug https://issues.jboss.org/browse/KEYCLOAK-2412 that there 
are errors when sync of users from federationProvider is triggered 
concurrently in more cluster nodes. This affects periodic sync as well.

To avoid concurrent executions of same task, I've added ClusterProvider. 
This is based on infinispan and it provides some locking functionality 
to ensures that sync from federation can be executed just by one cluster 
node at a time. Even on single node (non-cluster setup), now you can't 
trigger sync multiple times concurrently. So for example if there is 
periodic sync in progress and you click in admin console on "Sync 
users", the sync won't happen.

The same mechanism is now also used for scheduled tasks (Removing 
expired user sessions and expired events). Nobody reported any bug yet, 
however when removing of expired events/sessions is triggered 
concurrently by more cluster nodes, it can be issue too. So this is now 
avoided. Maybe we can improve even more and ensure that just cluster 
coordinator will run scheduled tasks and other nodes will just ignore them?

ClusterProvider also adds possibility to register ClusterListener with 
any task, that should be executed once notification from any cluster 
node comes. This allows that when some federation provider is 
created/updated/removed, then all nodes are aware of the change and will 
immediately change (or remove) scheduled timer.

PR is here https://github.com/keycloak/keycloak/pull/2234

Marek


More information about the keycloak-dev mailing list