<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi!<div class=""><br class=""></div><div class="">We completed the final steps to getting this working on Amazon AWS with Docker using Keycloak 1.9.x. Since we already have a database, we used JDBC_PING not to add S3 as yet another dependency.</div><div class=""><br class=""></div><div class="">The changes are here[0] for now. Would Keycloak devs be interested in adding a running Keycloak on AWS section or another sample docker image?</div><div class=""><br class=""></div><div class="">There are 3 steps / files:</div><div class=""><br class=""></div><div class="">1. configureCache.xsl sets up Infinispan correctly</div><div class="">2. start.sh - Uses Amazon APIs via HTTP to get the correct instance IP information</div><div class="">3. 30_docker_ports.config - if using Docker, this shell script runs on deploy to expose the cluster port to the EC2 interface. Needed with Beanstalk, maybe not with ECS</div><div class=""><br class=""></div><div class="">[0]: <a href="https://gist.github.com/foo4u/ad2fa7251ac5b4d4fd318f668f50f7ac" class="">https://gist.github.com/foo4u/ad2fa7251ac5b4d4fd318f668f50f7ac</a></div><div class=""><br class=""></div><div class=""><div class="">Best,</div><div class="">Scott</div></div><div class=""><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Scott Rossillo</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Smartling | Senior Software Engineer</div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><a href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
</div>
</div></div><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 7, 2016, at 6:44 AM, Thomas Darimont <<a href="mailto:thomas.darimont@googlemail.com" class="">thomas.darimont@googlemail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hello,<div class=""><br class=""></div><div class="">have a look at this thread: <a href="http://lists.jboss.org/pipermail/keycloak-user/2016-February/004935.html" class="">http://lists.jboss.org/pipermail/keycloak-user/2016-February/004935.html</a></div><div class=""><br class=""></div><div class="">Cheers,</div><div class="">Thomas</div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2016-04-07 12:40 GMT+02:00 Stian Thorgersen <span dir="ltr" class=""><<a href="mailto:sthorger@redhat.com" target="_blank" class="">sthorger@redhat.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">It is not currently possible to run multiple nodes without clustering. However, it's possible to configure JGroups to work on AWS. I can't remember the configuration required though, but if you search the user mailing list you'll find instructions or google for JGroups and AWS.</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br class=""><div class="gmail_quote">On 7 April 2016 at 10:22, Christian Schwarz <span dir="ltr" class=""><<a href="mailto:christian@datek.no" target="_blank" class="">christian@datek.no</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi!<br class="">
<br class="">
I'm trying to setup a keycloak cluster on AWS, which does not support UDP multicast. IP addresses of the nodes are also not known in advance (I'm using docker-cloud), so Infinispan/JGroups ("keycloak-ha-posgres" docker image) for user session replication will not work (seems that it requires either UDP multicast or IP addresses known in advance).<br class="">
<br class="">
The main problem I have is that logout is not working propertly. I only get logged out from one of the two keycloak nodes.<br class="">
<br class="">
I have tried to disable the user cache (by setting userCache.default.enabled = false) and to disable infinispan (by using “keycloak-postgres” docker image), but to no avail. The “other” keycloak node still thinks that the user is logged in, it’s not refreshing the user session from the database even if user cache and infinispan cluster cache is disbled.<br class="">
<br class="">
=> Is there a possibility of using the database as a synchronization point between keycloak nodes? (i.e. each node always checks logout status in the database)<br class="">
Or is there another way of getting a keycloak cluster up and running on AWS when IP addresses are not known in advance?<br class="">
<br class="">
I hope there is a way… :)<br class="">
<br class="">
Kind regards,<br class="">
Christian<br class="">
<br class="">
_______________________________________________<br class="">
keycloak-user mailing list<br class="">
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank" class="">keycloak-user@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div><br class=""></div>
</div></div><br class="">_______________________________________________<br class="">
keycloak-user mailing list<br class="">
<a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br class=""></blockquote></div><br class=""></div>
_______________________________________________<br class="">keycloak-user mailing list<br class=""><a href="mailto:keycloak-user@lists.jboss.org" class="">keycloak-user@lists.jboss.org</a><br class="">https://lists.jboss.org/mailman/listinfo/keycloak-user</div></blockquote></div><br class=""></div></body></html>