[keycloak-dev] UserSessions support for cross-dc

Bill Burke bburke at redhat.com
Thu Jul 27 13:10:58 EDT 2017


Don't want to create more work for us, but, wouldn't this UserSession 
cross-DC approach be applicable to any http session data?  Maybe its an 
approach that should be ported to generically work in Wildfly for all 
servlet-based apps.


On 7/27/17 8:25 AM, Marek Posolda wrote:
> I've sent PR https://github.com/keycloak/keycloak/pull/4357 for subject.
> It adds cross-dc support for userSessions, so that if you write
> userSession "abc" in DC1, you will be able to read it in DC2 and viceversa.
>
> Among cross-dc, it also provides the solution for lost updates (write
> skew) issues where 2 threads on different cluster nodes (or in different
> data-centers) updates same userSession. They both read the userSession
> in same state and then both update it, but 2nd update will overwrite the
> 1st one, which was committed first. I've used the pattern based on
> tracking changes (events) and infinispan atomic-replace operation
> described in the earlier mail:
> http://lists.jboss.org/pipermail/keycloak-dev/2017-May/009347.html
>
> So there was some refactoring of InfinispanUserSessionProvider to
> support the event-based approach. One difference from the previous
> proposal was, that events are not sent between data-centers but instead
> userSession entities are directly written to remoteCache itself -
> however the writes are still protected to avoid write skew issues. The
> reason is, that with multiple datacenters, it can happen that
> datacenters lost the network connection between each other (split
> brain). Infinispan has some ways to restore from this state and sync the
> entities after network connection is fixed. With the entities directly
> in the cache, this should be easier to achieve then the case when the
> remoteCache is used just as an event bus to send "changes" among
> datacenters.
>
> There is still lots of work for the cross-dc support, but hopefully it's
> another step forward :)
>
> Marek
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev



More information about the keycloak-dev mailing list