[keycloak-dev] Cross-DC Support
mposolda at redhat.com
Tue May 9 08:00:37 EDT 2017
On 09/05/17 13:33, Pedro Igor Silva wrote:
> Thanks, Marek. Will follow instructions there to check how things are
> working when enabling a remote store with JDG.
> I've also changed the authz cache mode to local, what I think makes
> more sense than use a distributed cache as it stands today. We
> basically want to cache things locally and invalidate entries
> accordingly to avoid stale entries across nodes.
I left some minor comment in your PR regarding this. We have more places
in the distribution where the infinispan caches needs to be configured
for various distributions (server-dist, demo-dist, overlay, domain mode
etc) and looks you forgot one of the locations. Maybe we can improve
this to have single place where infinispan caches are configured for
non-clustered or clustered mode and all the distribution builds will use
this. This will help to avoid potential consistency issues like this.
But that's not the case for now...
> On Tue, May 9, 2017 at 3:44 AM, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
> I think that should be sufficient for Cross-DC support.
> Pedro, if you want to try some basic testing of cross-dc, here are
> some simple instructions:
> For the development, there is even easier way to test with 2
> embedded KeycloakServer instances (class KeycloakServer from the
> old testsuite) if you run the KeycloakServer with the properties
> like this (replace with your shared DB):
> You just need to run 2 servers on different ports, which is
> argument like "-p 8081" .
> On 08/05/17 13:08, Pedro Igor Silva wrote:
> That is why I'm asking. I have been working with some changes
> to authz
> cache layer to get it aligned with the rest of the project.
> I've a PR
> already with some initial changes at this regard, where I'm
> pushing usage of invalidation events via cluster provider.
> Besides, I have
> also changed cache mode for authz cache to local. We don't
> really need to
> replicate/distribute entries across nodes, but cache things
> locally and
> invalidate these same accordingly.
> On Mon, May 8, 2017 at 3:26 AM, Stian Thorgersen
> <sthorger at redhat.com <mailto:sthorger at redhat.com>>
> Marek can probably answer that in more detail. However,
> IMO the caches for
> authorization services should be done exactly as the other
> caches. We've done a lot of tweaks here to get it to work
> properly and it's
> complex stuff so we don't want to have two different
> approaches in the code.
> On 6 May 2017 at 03:51, Pedro Igor Silva
> <psilva at redhat.com <mailto:psilva at redhat.com>> wrote:
> Hey All,
> Is it fair to say that using invalidation events via
> ClusterProvider is
> enough to get Cross-DC support ?
> Pedro Igor
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> <mailto:keycloak-dev at lists.jboss.org>
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
More information about the keycloak-dev