[keycloak-user] Fwd: Keycloak 3.2.1 Final not working in cluster

Simon Payne simonpayne58 at gmail.com
Thu Nov 9 06:17:38 EST 2017 

did you provide the machine ip address for the public interface when you
start keycloak?  i start my keycloak using
/opt/jboss/keycloak/bin/standalone.sh -c standalone-ha.xml -b x.x.x.x

On Thu, Nov 9, 2017 at 10:36 AM, mahendra sonawale <mahson1 at gmail.com>
wrote:

> Hello Simon,
>
> Thank you for the response.
> yes, we are using proxy - APACHE HTTPD configuration PFB the same.
> I tried to make the jpgroups public (kept the public interface IP as our
> node server actual IP but no luck still the servers are logs are not
> showing new cluster node.
>
> apache proxy configuration:
>
> -------------------------------------
> LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
> LoadModule remoteip_module modules/mod_remoteip.so
>
> ProxyPreserveHost On
> LimitRequestFieldSize 163840
> LimitRequestLine 163840
>
> #<VirtualHost _default_:80>
>  ServerName rapid.gi-de.com:443
>  ErrorLog /opt<dir>/fiam_error_log
>  CustomLog /<dir>/fiam_access_log combined
>  LogLevel warn
>
> RequestHeader set X-Forwarded-Proto "https"
>
> <Proxy https://abc.ac-bc.com/* >
>  RewriteEngine on
>  RewriteCond %{REQUEST_FILENAME} !-f
>  RewriteCond %{REQUEST_FILENAME} !-d
>  # not rewrite css, js and images
>  RewriteCond %{REQUEST_URI} !\.(?:css|js|map|jpe?g|gif|png)$ [NC]
>  RewriteRule ^(.*)$ /auth [NC,L,QSA]
> #Options -Indexes FollowSymLinks
>  AllowOverride None
>  Order allow,deny
>  Allow from all
> </Proxy>
>
>
> ProxyPass /auth http://<server IP>:8080/auth
> ProxyPassReverse /auth http://<server IP>:8080/auth
>
> -------------------------------------------------
>
> PFB the logs: (tried to run the changes only on 2nd node)
>
> 2017-11-09 11:26:20,169 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (MSC service thread 1-6) ISPN000094: Received new cluster view for channel
> server: [muc1rapidv2s|0] (1) [muc1rapidv2s]
> 2017-11-09 11:26:20,174 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (MSC service thread 1-7) ISPN000094: Received new cluster view for channel
> keycloak: [muc1rapidv2s|0] (1) [muc1rapidv2s]
> 2017-11-09 11:26:20,174 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (MSC service thread 1-5) ISPN000094: Received new cluster view for channel
> hibernate: [muc1rapidv2s|0] (1) [muc1rapidv2s]
> 2017-11-09 11:26:20,174 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (MSC service thread 1-4) ISPN000094: Received new cluster view for channel
> ejb: [muc1rapidv2s|0] (1) [muc1rapidv2s]
> 2017-11-09 11:26:20,175 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (MSC service thread 1-3) ISPN000094: Received new cluster view for channel
> web: [muc1rapidv2s|0] (1) [muc1rapidv2s]
> 2017-11-09 11:26:20,177 INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (MSC service thread 1-6) ISPN000079: Channel server local address is
> muc1rapidv2s, physical addresses are  *******
>
>
> Please guide.
>
>
> Thanks,
> Mahendra Sonawale
> Ph +91 9130775865 <+91%2091307%2075865>
>
> On Thu, Nov 9, 2017 at 3:16 PM, Simon Payne <simonpayne58 at gmail.com>
> wrote:
>
>> hi, we have a similar setup which is working with 3.2.1.Final.  we have
>> since upgraded to 3.3.0.Final.
>>
>> I'm assuming that you are private interface because you are using a web
>> proxy?  however, to achieve what you need i think you may have to make the
>> jgroups public interface.  we have used tcp ping successfully in this way.
>>
>>
>>
>>
>> On Thu, Nov 9, 2017 at 9:27 AM, mahendra sonawale <mahson1 at gmail.com>
>> wrote:
>>
>>> Hi Team,
>>>
>>> We are facing similar problem where kelcloak is not running in cluster
>>> and
>>> giving the same error log as mentioned by Subash in jira.
>>>
>>> https://issues.jboss.org/browse/KEYCLOAK-5013
>>>
>>> I tried to use the private interface as suggested into the document but
>>> still no luck.
>>> am I missing anything else? CAN YOU please help??  I am using Keycloak -
>>> Version 3.2.1.Final.
>>> I have load balancer configured above 2 keycloak nodes (nodes are
>>> running in
>>> on different VMs)
>>>
>>> Start command :
>>> nohup ./bin/standalone.sh --server-config=standalone-ha.xml -b
>>> $HOSTNAME -u
>>> 230.0.0.4 &
>>>
>>> HA configuration :
>>> <interface name="private">
>>> <inet-address value="$
>>> {jboss.bind.address.private:(node1 IP address and on second node that IP
>>> address)}
>>> " />
>>> </interface>
>>> </interfaces>
>>> <socket-binding-group name="standard-sockets"
>>> default-interface="public" port-offset="$
>>> {jboss.socket.binding.port-offset:0}
>>> ">
>>> <socket-binding name="management-http" interface="private"
>>> port="$
>>> {jboss.management.http.port:9990}
>>> " />
>>> <socket-binding name="management-https" interface="private"
>>> port="$
>>> {jboss.management.https.port:9993}
>>> " />
>>> <socket-binding name="ajp" port="$
>>> {jboss.ajp.port:8009}
>>> " />
>>> <socket-binding name="http" port="$
>>> {jboss.http.port:8080}
>>> " />
>>> <socket-binding name="https" port="$
>>> {jboss.https.port:8443}
>>> " />
>>> <socket-binding name="proxy-https" port="443"/>
>>> <socket-binding name="jgroups-mping" interface="private"
>>> port="0" multicast-address="$
>>> {jboss.default.multicast.address:230.0.0.4}
>>> "
>>> multicast-port="45700" />
>>> <socket-binding name="jgroups-tcp" interface="private"
>>> port="7600" />
>>> <socket-binding name="jgroups-tcp-fd" interface="private"
>>> port="57600" />
>>> <socket-binding name="jgroups-udp" interface="private"
>>> port="55200" multicast-address="$
>>> {jboss.default.multicast.address:230.0.0.4}
>>> "
>>> multicast-port="45688" />
>>> <socket-binding name="jgroups-udp-fd" interface="private"
>>> port="54200" />
>>> <socket-binding name="modcluster" port="0"
>>> multicast-address="224.0.1.105" multicast-port="23364" />
>>> <socket-binding name="txn-recovery-environment" port="4712" />
>>> <socket-binding name="txn-status-manager" port="4713" />
>>> <outbound-socket-binding name="mail-smtp">
>>> <remote-destination host="localhost" port="25" />
>>> </outbound-socket-binding>
>>> </socket-binding-group>
>>> Log :
>>> 2017-11-09 04:38:22,749 INFO
>>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC
>>> service
>>> thread 1-3) ISPN000094: Received new cluster view for channel hibernate:
>>> [keycloak2|0] (1) [keycloak2]
>>> 2017-11-09 04:38:22,750 INFO
>>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC
>>> service
>>> thread 1-2) ISPN000094: Received new cluster view for channel keycloak:
>>> [keycloak2|0] (1) [keycloak2]
>>> 2017-11-09 04:38:22,749 INFO
>>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC
>>> service
>>> thread 1-4) ISPN000094: Received new cluster view for channel ejb:
>>> [keycloak2|0] (1) [keycloak2]
>>> 2017-11-09 04:38:22,750 INFO
>>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC
>>> service
>>> thread 1-7) ISPN000094: Received new cluster view for channel server:
>>> [keycloak2|0] (1) [keycloak2]
>>> 2017-11-09 04:38:22,749 INFO
>>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC
>>> service
>>> thread 1-1) ISPN000094: Received new cluster view for channel web:
>>> [keycloak2|0] (1) [keycloak2]
>>> 2017-11-09 04:38:22,761 INFO
>>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC
>>> service
>>> thread 1-2) ISPN000079: Channel keycloak local address is keycloak2,
>>> physical addresses are [**.**.**.**]
>>> 2017-11-09 04:38:22,763 INFO
>>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC
>>> service
>>> thread 1-1) ISPN000079: Channel web local address is keycloak2, physical
>>> addresses are [**.**.**.**]
>>>
>>>
>>>
>>> --
>>> Sent from: http://keycloak-user.88327.x6.nabble.com/
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>

More information about the keycloak-user mailing list