[keycloak-dev] Cross-DC Support
Marek Posolda
mposolda at redhat.com
Tue May 9 08:00:37 EDT 2017
On 09/05/17 13:33, Pedro Igor Silva wrote:
> Thanks, Marek. Will follow instructions there to check how things are
> working when enabling a remote store with JDG.
>
> I've also changed the authz cache mode to local, what I think makes
> more sense than use a distributed cache as it stands today. We
> basically want to cache things locally and invalidate entries
> accordingly to avoid stale entries across nodes.
+1
I left some minor comment in your PR regarding this. We have more places
in the distribution where the infinispan caches needs to be configured
for various distributions (server-dist, demo-dist, overlay, domain mode
etc) and looks you forgot one of the locations. Maybe we can improve
this to have single place where infinispan caches are configured for
non-clustered or clustered mode and all the distribution builds will use
this. This will help to avoid potential consistency issues like this.
But that's not the case for now...
Marek
>
> On Tue, May 9, 2017 at 3:44 AM, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> I think that should be sufficient for Cross-DC support.
>
> Pedro, if you want to try some basic testing of cross-dc, here are
> some simple instructions:
> https://github.com/keycloak/keycloak/blob/master/misc/CrossDataCenter.md
> <https://github.com/keycloak/keycloak/blob/master/misc/CrossDataCenter.md>
>
> For the development, there is even easier way to test with 2
> embedded KeycloakServer instances (class KeycloakServer from the
> old testsuite) if you run the KeycloakServer with the properties
> like this (replace with your shared DB):
> -Dkeycloak.connectionsJpa.url=jdbc:mysql://localhost/keycloak
> -Dkeycloak.connectionsJpa.driver=com.mysql.jdbc.Driver
> -Dkeycloak.connectionsJpa.user=keycloak
> -Dkeycloak.connectionsJpa.password=keycloak
> -Dkeycloak.connectionsInfinispan.remoteStoreEnabled=true
> -Dkeycloak.connectionsInfinispan.remoteStoreHost=localhost
> -Dkeycloak.connectionsInfinispan.remoteStorePort=11322
>
> You just need to run 2 servers on different ports, which is
> argument like "-p 8081" .
>
> Marek
>
>
> On 08/05/17 13:08, Pedro Igor Silva wrote:
>
> That is why I'm asking. I have been working with some changes
> to authz
> cache layer to get it aligned with the rest of the project.
> I've a PR
> already with some initial changes at this regard, where I'm
> basically
> pushing usage of invalidation events via cluster provider.
> Besides, I have
> also changed cache mode for authz cache to local. We don't
> really need to
> replicate/distribute entries across nodes, but cache things
> locally and
> invalidate these same accordingly.
>
> On Mon, May 8, 2017 at 3:26 AM, Stian Thorgersen
> <sthorger at redhat.com <mailto:sthorger at redhat.com>>
> wrote:
>
> Marek can probably answer that in more detail. However,
> IMO the caches for
> authorization services should be done exactly as the other
> invalidation
> caches. We've done a lot of tweaks here to get it to work
> properly and it's
> complex stuff so we don't want to have two different
> approaches in the code.
>
> On 6 May 2017 at 03:51, Pedro Igor Silva
> <psilva at redhat.com <mailto:psilva at redhat.com>> wrote:
>
> Hey All,
>
> Is it fair to say that using invalidation events via
> ClusterProvider is
> enough to get Cross-DC support ?
>
> Regards.
> Pedro Igor
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
>
>
>
More information about the keycloak-dev
mailing list