[keycloak-user] Replace use of Infinispan with User Sessions SPI ?
Marek Posolda
mposolda at redhat.com
Mon Dec 14 10:59:41 EST 2015
On 14/12/15 16:55, Marek Posolda wrote:
> On 14/12/15 15:58, Bill Burke wrote:
>> On 12/14/2015 5:01 AM, Niko Köbler wrote:
>>> Hi Marek,
>>>
>>>> Am 14.12.2015 um 08:50 schrieb Marek Posolda <mposolda at redhat.com
>>>> <mailto:mposolda at redhat.com>>:
>>>>
>>>> Btv. what's your motivation to not use infinispan? If you afraid of
>>>> cluster communication, you don't need to worry much about it, because
>>>> if you run single keycloak through standalone.xml, the infinispan
>>>> automatically works in LOCAL mode and there is no any cluster
>>>> communication at all.
>>> My current customer is running his apps in AWS. As known, multicast is
>>> not available in cloud infrastructures. Wildfly/Infinispan Cluster works
>>> pretty well with multicast w/o having to know too much about JGroups
>>> config. S3_PING seams to be a viable way to get a cluster running in AWS.
>>> But additionally, my customer doesn’t have any (deep) knowledge about
>>> JBoss infrastructures and so I’m looking for a way to be able to run
>>> Keycloak in a cluster in AWS without the need to build up deeper
>>> knowlegde of JGroups config, for example in getting rid of Infinispan.
>>> But I do understand all the concerns in doing this.
>>> I still have to test S3_PING, if it works as easy as multicast. If yes,
>>> we can use it, if no… I don’t know yet. But this gets offtopic for
>>> Keycloak mailinglist, it’s more related to pure Wildfly/Infinispan.
>>>
>> seems to me it would be much easier to get Infinispan working on AWS
>> than to write and maintain an entire new caching mechanism and hope we
>> don't refactor the cache SPI.
>>
>>
> +1
>
> I am sure infinispan/JGroups has possibility to run in non-multicast
> environment. You may just need to figure how exactly to configure it. So
> I agree that this issue is more related to Wildfly/Infinispan itself
> than to Keycloak.
>
> You may need to use jgroups protocols like TCP instead of default UDP
> and maybe TCPPING (this requires to manually list all your cluster
> nodes. But still, it's much better option IMO than rewriting UserSession
> SPI)
Btv. if TCPPING or S3_PING is an issue, there is also AWS_PING
http://www.jgroups.org/manual-3.x/html/protlist.html#d0e5100 , but it's
not official part of jgroups.
Marek
>
> Marek
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list