[keycloak-user] Replace use of Infinispan with User Sessions SPI ?

Marek Posolda mposolda at redhat.com
Mon Dec 14 17:32:08 EST 2015 

CCing Alan Field from RH Infinispan team and forwarding his question:

I'd like to know which configuration files you are using and why is is
harder to use with Amazon’s Docker service (ECS) or Beanstalk. I'd also be
interested in how big a cluster you are using in AWS.



On 14/12/15 22:24, Scott Rossillo wrote:
> AWS was why we didn’t use Infinispan to begin with.  That and it’s 
> even more complicated when you deploy using Amazon’s Docker service 
> (ECS) or Beanstalk.
>
> It’s too bad Infinispan  / JGroups are beasts when the out of the box 
> configuration can’t be used. I’m planning to document this as we fix 
> but I’d avoid S3_PING and use JDBC_PING. You already need JDBC for the 
> Keycloak DB, unless you’re using Mongo and it’s easier to test locally.
>
> TCPPING will bite you on AWS if Amazon decides to replace one of your 
> instances (which it does occasionally w/ECS or Beanstalk).
>
> Best,
> Scott
>
> Scott Rossillo
> Smartling | Senior Software Engineer
> srossillo at smartling.com <mailto:srossillo at smartling.com>
>
> Powered by Sigstr <http://www.sigstr.com/>
>
>> On Dec 14, 2015, at 10:59 AM, Marek Posolda <mposolda at redhat.com 
>> <mailto:mposolda at redhat.com>> wrote:
>>
>> On 14/12/15 16:55, Marek Posolda wrote:
>>> On 14/12/15 15:58, Bill Burke wrote:
>>>> On 12/14/2015 5:01 AM, Niko Köbler wrote:
>>>>> Hi Marek,
>>>>>
>>>>>> Am 14.12.2015 um 08:50 schrieb Marek Posolda <mposolda at redhat.com 
>>>>>> <mailto:mposolda at redhat.com>
>>>>>> <mailto:mposolda at redhat.com>>:
>>>>>>
>>>>>> Btv. what's your motivation to not use infinispan? If you afraid of
>>>>>> cluster communication, you don't need to worry much about it, because
>>>>>> if you run single keycloak through standalone.xml, the infinispan
>>>>>> automatically works in LOCAL mode and there is no any cluster
>>>>>> communication at all.
>>>>> My current customer is running his apps in AWS. As known, multicast is
>>>>> not available in cloud infrastructures. Wildfly/Infinispan Cluster 
>>>>> works
>>>>> pretty well with multicast w/o having to know too much about JGroups
>>>>> config. S3_PING seams to be a viable way to get a cluster running 
>>>>> in AWS.
>>>>> But additionally, my customer doesn’t have any (deep) knowledge about
>>>>> JBoss infrastructures and so I’m looking for a way to be able to run
>>>>> Keycloak in a cluster in AWS without the need to build up deeper
>>>>> knowlegde of JGroups config, for example in getting rid of Infinispan.
>>>>> But I do understand all the concerns in doing this.
>>>>> I still have to test S3_PING, if it works as easy as multicast. If 
>>>>> yes,
>>>>> we can use it, if no… I don’t know yet. But this gets offtopic for
>>>>> Keycloak mailinglist, it’s more related to pure Wildfly/Infinispan.
>>>>>
>>>> seems to me it would be much easier to get Infinispan working on AWS
>>>> than to write and maintain an entire new caching mechanism and hope we
>>>> don't refactor the cache SPI.
>>>>
>>>>
>>> +1
>>>
>>> I am sure infinispan/JGroups has possibility to run in non-multicast
>>> environment. You may just need to figure how exactly to configure it. So
>>> I agree that this issue is more related to Wildfly/Infinispan itself
>>> than to Keycloak.
>>>
>>> You may need to use jgroups protocols like TCP instead of default UDP
>>> and maybe TCPPING (this requires to manually list all your cluster
>>> nodes. But still, it's much better option IMO than rewriting UserSession
>>> SPI)
>> Btv. if TCPPING or S3_PING is an issue, there is also AWS_PING
>> http://www.jgroups.org/manual-3.x/html/protlist.html#d0e5100 , but it's
>> not official part of jgroups.
>>
>> Marek
>>>
>>> Marek
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151214/7134ffd0/attachment.html

More information about the keycloak-user mailing list