[keycloak-user] Unicast

Thomas Darimont thomas.darimont at googlemail.com
Wed Jun 21 12:28:42 EDT 2017 

Hello Marc,

the following infinispan unicast configuration is working well for us at
the moment with Keycloak 2.5.5.Final in Docker:

echo SETUP: Configure JGroups clustering with TCP-Unicast
# Add the participating host entries for initial discovery in the form
"host[port]" - quotes are required, e.g. "host1[7800],host2[4711]". Default
port is 7800.

echo SETUP: Configure JGroups and Infinispan to use TCP-Unicast instead of
UDP-Multicast
/subsystem=jgroups/stack=unicast-tcp:add(transport={type=>TCP,socket-binding=>jgroups-tcp},
protocols=[])
/subsystem=jgroups/stack=unicast-tcp/transport=TCP/property=bind_port/:add(value=${env.JGROUPS_PORT:7800})
/subsystem=jgroups/stack=unicast-tcp/transport=TCP/property=external_addr/:add(value=${env.JGROUPS_EXTERNAL_IP:127.0.0.1})
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=TCPPING)
/subsystem=jgroups/stack=unicast-tcp/protocol=TCPPING/property=initial_hosts/:add(value="${env.JGROUPS_REMOTE_HOSTS:localhost[7800]}")
/subsystem=jgroups/stack=unicast-tcp/protocol=TCPPING/property=port_range/:add(value=0)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=MERGE3)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=FD_SOCK)
/subsystem=jgroups/stack=unicast-tcp/protocol=FD_SOCK:write-attribute(name=socket-binding,value=jgroups-tcp-fd)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=FD_ALL)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=VERIFY_SUSPECT)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=pbcast.NAKACK2)
/subsystem=jgroups/stack=unicast-tcp/protocol=pbcast.NAKACK2/property=use_mcast_xmit/:add(value=false)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=UNICAST3)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=pbcast.STABLE)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=pbcast.GMS)
/subsystem=jgroups/stack=unicast-tcp/protocol=pbcast.GMS/property=print_physical_addrs/:add(value=true)
/subsystem=jgroups/stack=unicast-tcp/protocol=pbcast.GMS/property=print_local_addr/:add(value=true)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=UFC)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=MFC)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=FRAG2)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=RSVP)

echo SETUP: Activate JGroups stack unicast-tcp
/subsystem=jgroups/:write-attribute(name=default-stack,value=unicast-tcp)
/subsystem=jgroups/channel=ee/:write-attribute(name=stack,value=unicast-tcp)

echo SETUP: Configure jgroups-tcp socket binding to use public interface
/socket-binding-group=standard-sockets/socket-binding=jgroups-tcp/:write-attribute(name=interface,value=public)

echo SETUP: Configure replication for Keycloak caches
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners,
value=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners,
value=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners,
value=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization:write-attribute(name=owners,
value=2)


Cheers,
Thomas

2017-06-21 17:28 GMT+02:00 Marc Tempelmeier <marc.tempelmeier at flane.de>:

> Hi,
>
> thanks, we went with docker swarm, where we have other services already.
> So I want to try to get the unicast working.
> I´ll take a look at JDBC_PING though.
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Schuster Sebastian (INST/ESY1) [mailto:Sebastian.Schuster@
> bosch-si.com]
> Gesendet: Wednesday, June 21, 2017 4:31 PM
> An: Marc Tempelmeier <marc.tempelmeier at flane.de>;
> keycloak-user at lists.jboss.org
> Betreff: RE: Unicast
>
> Hi Marc,
>
> I don't have production experience with it yet, but you can setup JGroups
> discovery to use the DB (JDBC_PING) instead of multicast.
> You can see how this works on Kubernetes and MySQL for example at
> https://github.com/Reposoft/keycloak-ha-kubernetes/tree/
> keycloak3-ha-mysql/server-ha-mysql. Using Minikube (https://github.com/
> kubernetes/minikube) you will have a Keycloak cluster running in no time
> (if you don’t try to mount persistent volumes for the DB from the host as I
> did :)
>
> Best regards,
> Sebastian
>
> Mit freundlichen Grüßen / Best regards
>
>  Sebastian Schuster
>
> Engineering and Support (INST/ESY1)
> Bosch Software Innovations GmbH | Schöneberger Ufer 89-91 | 10785 Berlin |
> GERMANY | www.bosch-si.com Tel. +49 30 726112-485 | Fax +49 30 726112-100
> | Sebastian.Schuster at bosch-si.com
>
> Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
> Geschäftsführung: Dr.-Ing. Rainer Kallenbach, Michael Hahn
>
>
>
> > -----Original Message-----
> > From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-
> > bounces at lists.jboss.org] On Behalf Of Marc Tempelmeier
> > Sent: Mittwoch, 21. Juni 2017 15:36
> > To: keycloak-user at lists.jboss.org
> > Subject: [keycloak-user] Unicast
> >
> > Hi,
> >
> > does someone here use unicast instead of multicast to form a cluster?
> >
> > If yes, I would be interested in the config :)
> >
> > Best regards
> >
> > Marc
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list