[keycloak-dev] Cross-DC Support

Pedro Igor Silva psilva at redhat.com
Tue May 9 07:33:38 EDT 2017

Thanks, Marek. Will follow instructions there to check how things are
working when enabling a remote store with JDG.

I've also changed the authz cache mode to local, what I think makes more
sense than use a distributed cache as it stands today. We basically want to
cache things locally and invalidate entries accordingly to avoid stale
entries across nodes.

On Tue, May 9, 2017 at 3:44 AM, Marek Posolda <mposolda at redhat.com> wrote:

> I think that should be sufficient for Cross-DC support.
> Pedro, if you want to try some basic testing of cross-dc, here are some
> simple instructions: https://github.com/keycloak/ke
> ycloak/blob/master/misc/CrossDataCenter.md
> For the development, there is even easier way to test with 2 embedded
> KeycloakServer instances (class KeycloakServer from the old testsuite) if
> you run the KeycloakServer with the properties like this (replace with your
> shared DB): -Dkeycloak.connectionsJpa.url=jdbc:mysql://localhost/keycloak
> -Dkeycloak.connectionsJpa.driver=com.mysql.jdbc.Driver
> -Dkeycloak.connectionsJpa.user=keycloak -Dkeycloak.connectionsJpa.password=keycloak
> -Dkeycloak.connectionsInfinispan.remoteStoreEnabled=true
> -Dkeycloak.connectionsInfinispan.remoteStoreHost=localhost
> -Dkeycloak.connectionsInfinispan.remoteStorePort=11322
> You just need to run 2 servers on different ports, which is argument like
> "-p 8081" .
> Marek
> On 08/05/17 13:08, Pedro Igor Silva wrote:
>> That is why I'm asking. I have been working with some changes to authz
>> cache layer to get it aligned with the rest of the project. I've a PR
>> already with some initial changes at this regard, where I'm basically
>> pushing usage of invalidation events via cluster provider. Besides, I have
>> also changed cache mode for authz cache to local. We don't really need to
>> replicate/distribute entries across nodes, but cache things locally and
>> invalidate these same accordingly.
>> On Mon, May 8, 2017 at 3:26 AM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>> Marek can probably answer that in more detail. However, IMO the caches for
>>> authorization services should be done exactly as the other invalidation
>>> caches. We've done a lot of tweaks here to get it to work properly and
>>> it's
>>> complex stuff so we don't want to have two different approaches in the
>>> code.
>>> On 6 May 2017 at 03:51, Pedro Igor Silva <psilva at redhat.com> wrote:
>>> Hey All,
>>>> Is it fair to say that using invalidation events via ClusterProvider is
>>>> enough to get Cross-DC support ?
>>>> Regards.
>>>> Pedro Igor
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list