<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Thanks, I've added small
"troubleshooting" section to our clustering docs and mentioned
this info here.<br>
<br>
Cheers,<br>
Marek<br>
<br>
On 12.12.2014 20:09, Schneider, John DODGE CONSULTING SERVICES,
LLC wrote:<br>
</div>
<blockquote
cite="mid:D5998B55A61D334EA803FEB70395CFD70B0F3ACA@UUSNWE3K.na.utcmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
code
{mso-style-priority:99;
font-family:"Courier New";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">I now have it
working with my firewall enabled. The Wildfly config is
socket-binding with name “jgroups-udp”. For an HA domain
cluster, this is within socket-binding-group “ha-sockets”.
Default values are UDP port 55200 and multicast port 45688
with multicast address 230.0.0.4. I think it would be
helpful to mention this in the Keycloak docs. The Wildfly
docs for clustering only note information applicable to
mod_cluster, which is different than this.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">John <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
Schneider, John DODGE CONSULTING SERVICES, LLC
<br>
<b>Sent:</b> Friday, December 12, 2014 1:08 PM<br>
<b>To:</b> 'Marek Posolda';
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> RE: [External] Re: [keycloak-user] 1.1
Beta2 in Wildfly cluster<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Hi Marek,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks for
getting back to me. I did see the ISPN000094 message you
described in my log files, but it didn’t look like the
messages you listed. My messages only noted one node.
After disabling the firewall on both nodes, Keycloak is now
working in domain mode with Infinispan providers in my
config. Now I just have to figure out all the ports
necessary for JGroups to function correctly. Once I figure
this out, I will respond back. Hopefully you can add this
info to the documentation to help others out in the future.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks again
for your help,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">John<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
Marek Posolda [<a moz-do-not-send="true"
href="mailto:mposolda@redhat.com">mailto:mposolda@redhat.com</a>]
<br>
<b>Sent:</b> Friday, December 12, 2014 6:56 AM<br>
<b>To:</b> Schneider, John DODGE CONSULTING SERVICES,
LLC; <a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">
keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> [External] Re: [keycloak-user] 1.1 Beta2
in Wildfly cluster<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Are you using shared database among both
cluster nodes? Also when you start node1 and then start
node2, you should see some message similar to this in the
log of node1, which indicates that cluster nodes are
connected:<br>
<br>
wfnode_1 | 11:28:30,888 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(Incoming-1,shared=udp) ISPN000094: Received new cluster
view: [wfnode1/web|1] (2) [wfnode1/web, wfnode2/web]<br>
wfnode_1 | 11:28:33,767 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(Incoming-10,shared=udp) ISPN000094: Received new cluster
view: [wfnode1/keycloak|1] (2) [wfnode1/keycloak,
wfnode2/keycloak]<br>
<br>
<br>
<br>
For more logging of which provider is used by
keycloak-server.json, you can enable DEBUG logging for
keycloak in standalone-full.xml (or domain.xml or whatever
you are using):<br>
<br>
<logger category="org.keycloak"><br>
<level name="DEBUG"/><br>
</logger><br>
<br>
Also I think that editing file <code><span
style="font-size:10.0pt">standalone/configuration/keycloak-server.json
is just for standalone, but probably doesn't work for
wildfly domain.</span></code><span
style="font-size:10.0pt;font-family:"Courier
New""><br>
<br>
</span><br>
Maybe you can first try if cluster works in standalone
configuration. If it helps, we can figure the domain later.<br>
<br>
Marek<br>
<br>
On 10.12.2014 00:57, Schneider, John DODGE CONSULTING
SERVICES, LLC wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">Hi,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Correction, I
*<b>thought</b>* everything was running in Wildfly domain
mode. It turns out I just got lucky by hitting the same
server node in my initial test. After a reboot and
further testing today, I’m not able to login to the
Keycloak admin console when both nodes in my cluster are
running. After attempting login, I am either taken back
to a blank login page, or I see error “</span>Unknown
code, please login again through your application.<span
style="color:#1F497D">” Once in awhile, I can login
without error. I should note that I’m using an Apache
reverse proxy via mod_cluster.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I see no
errors in the server logs. I do see message “JBAS010281:
Started <x> cache from keycloak container” for each
of “realms”, “sessions”, “loginFailures”, “users”. So, it
looks like my domain config is working. However, I can’t
tell for sure that Keycloak is attempting to use the
infinispan caches. Some additional log output showing the
values from keycloak-server.json would be helpful. I used
the CLI to upload
“/profile=full-ha/subsystem=keycloak/auth-server=keycloak-1/:update-server-config(bytes-to-upload=/usr/local/wildfly/domain/configuration/keycloak-server.json~,overwrite=true)”
The response was “success” and then I restarted Wildfly on
both nodes in the cluster.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Has anyone
been able to get Keycloak 1.1 Beta 2 working in a wildfly
domain, and using mod_cluster? If so, could you please
provide guidance?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">John</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Schneider, John DODGE CONSULTING SERVICES, LLC
<br>
<b>Sent:</b> Monday, December 08, 2014 6:43 PM<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> 1.1 documentation update for running
in domain HA mode</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Hi guys,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Thanks so much for getting clustering
support working in 1.1. I have it up and running well in a
Wildfly 8 domain setup under the “full-ha” profile. One
thing that I was pulling my hair out about for a while today
were some errors related to Infinispan config. I figured
out that if running in HA cluster, you must include the
“transport” element under the cache-container config (i.e.
<transport lock-timeout=”60000” />). It would be
great if you could update Chapter 23 of the documentation to
reflect this requirement.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Thanks, <o:p></o:p></p>
<p class="MsoNormal">John<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>keycloak-user mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p> </o:p></span></p>
</div>
</blockquote>
<br>
</body>
</html>