[keycloak-user] Unicast

Marc Tempelmeier marc.tempelmeier at flane.de
Wed Jun 21 12:34:40 EDT 2017 

Thanks!

I got it working 15 mins ago actually:

<subsystem xmlns="urn:jboss:domain:jgroups:4.0">
    <channels default="ee">
        <channel name="ee" stack="tcp"/>
    </channels>
    <stacks>
        <stack name="udp">
            <transport type="UDP" socket-binding="jgroups-udp"/>
            <protocol type="PING"/>
            <protocol type="MERGE3"/>
            <protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/>
            <protocol type="FD_ALL"/>
            <protocol type="VERIFY_SUSPECT"/>
            <protocol type="pbcast.NAKACK2"/>
            <protocol type="UNICAST3"/>
            <protocol type="pbcast.STABLE"/>
            <protocol type="pbcast.GMS"/>
            <protocol type="UFC"/>
            <protocol type="MFC"/>
            <protocol type="FRAG2"/>
        </stack>
        <stack name="tcp">
            <transport type="TCP" socket-binding="jgroups-tcp"/>
            <protocol type="TCPPING">
                <property name="initial_hosts">slave1[7600],slave2[7600],slave37600]</property>
                <property name="port_range">10</property>
                <property name="join_timeout">3000</property>
            </protocol>
            <protocol type="MERGE3"/>
            <protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
            <protocol type="FD"/>
            <protocol type="VERIFY_SUSPECT"/>
            <protocol type="pbcast.NAKACK2"/>
            <protocol type="UNICAST3"/>
            <protocol type="pbcast.STABLE"/>
            <protocol type="pbcast.GMS"/>
            <protocol type="MFC"/>
            <protocol type="FRAG2"/>
        </stack>
    </stacks>
</subsystem>

I hope it will last the night though ☺

Von: Thomas Darimont [mailto:thomas.darimont at googlemail.com]
Gesendet: Wednesday, June 21, 2017 6:29 PM
An: Marc Tempelmeier <marc.tempelmeier at flane.de>
Cc: Schuster Sebastian (INST/ESY1) <Sebastian.Schuster at bosch-si.com>; keycloak-user at lists.jboss.org
Betreff: Re: [keycloak-user] Unicast

Hello Marc,

the following infinispan unicast configuration is working well for us at the moment with Keycloak 2.5.5.Final in Docker:

echo SETUP: Configure JGroups clustering with TCP-Unicast
# Add the participating host entries for initial discovery in the form "host[port]" - quotes are required, e.g. "host1[7800],host2[4711]". Default port is 7800.

echo SETUP: Configure JGroups and Infinispan to use TCP-Unicast instead of UDP-Multicast
/subsystem=jgroups/stack=unicast-tcp:add(transport={type=>TCP,socket-binding=>jgroups-tcp}, protocols=[])
/subsystem=jgroups/stack=unicast-tcp/transport=TCP/property=bind_port/:add(value=${env.JGROUPS_PORT:7800})
/subsystem=jgroups/stack=unicast-tcp/transport=TCP/property=external_addr/:add(value=${env.JGROUPS_EXTERNAL_IP:127.0.0.1})
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=TCPPING)
/subsystem=jgroups/stack=unicast-tcp/protocol=TCPPING/property=initial_hosts/:add(value="${env.JGROUPS_REMOTE_HOSTS:localhost[7800]}")
/subsystem=jgroups/stack=unicast-tcp/protocol=TCPPING/property=port_range/:add(value=0)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=MERGE3)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=FD_SOCK)
/subsystem=jgroups/stack=unicast-tcp/protocol=FD_SOCK:write-attribute(name=socket-binding,value=jgroups-tcp-fd)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=FD_ALL)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=VERIFY_SUSPECT)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=pbcast.NAKACK2)
/subsystem=jgroups/stack=unicast-tcp/protocol=pbcast.NAKACK2/property=use_mcast_xmit/:add(value=false)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=UNICAST3)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=pbcast.STABLE)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=pbcast.GMS)
/subsystem=jgroups/stack=unicast-tcp/protocol=pbcast.GMS/property=print_physical_addrs/:add(value=true)
/subsystem=jgroups/stack=unicast-tcp/protocol=pbcast.GMS/property=print_local_addr/:add(value=true)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=UFC)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=MFC)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=FRAG2)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=RSVP)

echo SETUP: Activate JGroups stack unicast-tcp
/subsystem=jgroups/:write-attribute(name=default-stack,value=unicast-tcp)
/subsystem=jgroups/channel=ee/:write-attribute(name=stack,value=unicast-tcp)

echo SETUP: Configure jgroups-tcp socket binding to use public interface
/socket-binding-group=standard-sockets/socket-binding=jgroups-tcp/:write-attribute(name=interface,value=public)

echo SETUP: Configure replication for Keycloak caches
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization:write-attribute(name=owners, value=2)


Cheers,
Thomas

2017-06-21 17:28 GMT+02:00 Marc Tempelmeier <marc.tempelmeier at flane.de<mailto:marc.tempelmeier at flane.de>>:
Hi,

thanks, we went with docker swarm, where we have other services already. So I want to try to get the unicast working.
I´ll take a look at JDBC_PING though.



-----Ursprüngliche Nachricht-----
Von: Schuster Sebastian (INST/ESY1) [mailto:Sebastian.Schuster at bosch-si.com<mailto:Sebastian.Schuster at bosch-si.com>]
Gesendet: Wednesday, June 21, 2017 4:31 PM
An: Marc Tempelmeier <marc.tempelmeier at flane.de<mailto:marc.tempelmeier at flane.de>>; keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
Betreff: RE: Unicast

Hi Marc,

I don't have production experience with it yet, but you can setup JGroups discovery to use the DB (JDBC_PING) instead of multicast.
You can see how this works on Kubernetes and MySQL for example at https://github.com/Reposoft/keycloak-ha-kubernetes/tree/keycloak3-ha-mysql/server-ha-mysql. Using Minikube (https://github.com/kubernetes/minikube) you will have a Keycloak cluster running in no time (if you don’t try to mount persistent volumes for the DB from the host as I did :)

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

 Sebastian Schuster

Engineering and Support (INST/ESY1)
Bosch Software Innovations GmbH | Schöneberger Ufer 89-91 | 10785 Berlin | GERMANY | www.bosch-si.com<http://www.bosch-si.com> Tel. +49 30 726112-485<tel:%2B49%2030%20726112-485> | Fax +49 30 726112-100<tel:%2B49%2030%20726112-100> | Sebastian.Schuster at bosch-si.com<mailto:Sebastian.Schuster at bosch-si.com>

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Geschäftsführung: Dr.-Ing. Rainer Kallenbach, Michael Hahn



> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org> [mailto:keycloak-user-<mailto:keycloak-user->
> bounces at lists.jboss.org<mailto:bounces at lists.jboss.org>] On Behalf Of Marc Tempelmeier
> Sent: Mittwoch, 21. Juni 2017 15:36
> To: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> Subject: [keycloak-user] Unicast
>
> Hi,
>
> does someone here use unicast instead of multicast to form a cluster?
>
> If yes, I would be interested in the config :)
>
> Best regards
>
> Marc
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list