[keycloak-user] [External] Re: 1.1 Beta2 in Wildfly cluster
Marek Posolda
mposolda at redhat.com
Tue Dec 16 08:23:23 EST 2014
Thanks, I've added small "troubleshooting" section to our clustering
docs and mentioned this info here.
Cheers,
Marek
On 12.12.2014 20:09, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:
>
> I now have it working with my firewall enabled. The Wildfly config is
> socket-binding with name “jgroups-udp”. For an HA domain cluster,
> this is within socket-binding-group “ha-sockets”. Default values are
> UDP port 55200 and multicast port 45688 with multicast address
> 230.0.0.4. I think it would be helpful to mention this in the
> Keycloak docs. The Wildfly docs for clustering only note information
> applicable to mod_cluster, which is different than this.
>
> Thanks,
>
> John
>
> *From:*Schneider, John DODGE CONSULTING SERVICES, LLC
> *Sent:* Friday, December 12, 2014 1:08 PM
> *To:* 'Marek Posolda'; keycloak-user at lists.jboss.org
> *Subject:* RE: [External] Re: [keycloak-user] 1.1 Beta2 in Wildfly cluster
>
> Hi Marek,
>
> Thanks for getting back to me. I did see the ISPN000094 message you
> described in my log files, but it didn’t look like the messages you
> listed. My messages only noted one node. After disabling the firewall
> on both nodes, Keycloak is now working in domain mode with Infinispan
> providers in my config. Now I just have to figure out all the ports
> necessary for JGroups to function correctly. Once I figure this out,
> I will respond back. Hopefully you can add this info to the
> documentation to help others out in the future.
>
> Thanks again for your help,
>
> John
>
> *From:*Marek Posolda [mailto:mposolda at redhat.com]
> *Sent:* Friday, December 12, 2014 6:56 AM
> *To:* Schneider, John DODGE CONSULTING SERVICES, LLC;
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> *Subject:* [External] Re: [keycloak-user] 1.1 Beta2 in Wildfly cluster
>
> Are you using shared database among both cluster nodes? Also when you
> start node1 and then start node2, you should see some message similar
> to this in the log of node1, which indicates that cluster nodes are
> connected:
>
> wfnode_1 | 11:28:30,888 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (Incoming-1,shared=udp) ISPN000094: Received new cluster view:
> [wfnode1/web|1] (2) [wfnode1/web, wfnode2/web]
> wfnode_1 | 11:28:33,767 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (Incoming-10,shared=udp) ISPN000094: Received new cluster view:
> [wfnode1/keycloak|1] (2) [wfnode1/keycloak, wfnode2/keycloak]
>
>
>
> For more logging of which provider is used by keycloak-server.json,
> you can enable DEBUG logging for keycloak in standalone-full.xml (or
> domain.xml or whatever you are using):
>
> <logger category="org.keycloak">
> <level name="DEBUG"/>
> </logger>
>
> Also I think that editing file
> |standalone/configuration/keycloak-server.json is just for standalone,
> but probably doesn't work for wildfly domain.|
>
>
> Maybe you can first try if cluster works in standalone configuration.
> If it helps, we can figure the domain later.
>
> Marek
>
> On 10.12.2014 00:57, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:
>
> Hi,
>
> Correction, I **thought** everything was running in Wildfly domain
> mode. It turns out I just got lucky by hitting the same server
> node in my initial test. After a reboot and further testing
> today, I’m not able to login to the Keycloak admin console when
> both nodes in my cluster are running. After attempting login, I
> am either taken back to a blank login page, or I see error
> “Unknown code, please login again through your application.” Once
> in awhile, I can login without error. I should note that I’m using
> an Apache reverse proxy via mod_cluster.
>
> I see no errors in the server logs. I do see message “JBAS010281:
> Started <x> cache from keycloak container” for each of “realms”,
> “sessions”, “loginFailures”, “users”. So, it looks like my domain
> config is working. However, I can’t tell for sure that Keycloak
> is attempting to use the infinispan caches. Some additional log
> output showing the values from keycloak-server.json would be
> helpful. I used the CLI to upload
> “/profile=full-ha/subsystem=keycloak/auth-server=keycloak-1/:update-server-config(bytes-to-upload=/usr/local/wildfly/domain/configuration/keycloak-server.json~,overwrite=true)”
> The response was “success” and then I restarted Wildfly on both
> nodes in the cluster.
>
> Has anyone been able to get Keycloak 1.1 Beta 2 working in a
> wildfly domain, and using mod_cluster? If so, could you please
> provide guidance?
>
> Thanks,
>
> John
>
> *From:*Schneider, John DODGE CONSULTING SERVICES, LLC
> *Sent:* Monday, December 08, 2014 6:43 PM
> *To:* keycloak-user at lists.jboss.org
> <mailto:keycloak-user at lists.jboss.org>
> *Subject:* 1.1 documentation update for running in domain HA mode
>
> Hi guys,
>
> Thanks so much for getting clustering support working in 1.1. I
> have it up and running well in a Wildfly 8 domain setup under the
> “full-ha” profile. One thing that I was pulling my hair out about
> for a while today were some errors related to Infinispan config.
> I figured out that if running in HA cluster, you must include the
> “transport” element under the cache-container config (i.e.
> <transport lock-timeout=”60000” />). It would be great if you
> could update Chapter 23 of the documentation to reflect this
> requirement.
>
> Thanks,
>
> John
>
>
>
> _______________________________________________
>
> keycloak-user mailing list
>
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141216/e2de8825/attachment.html
More information about the keycloak-user
mailing list