<div dir="ltr">There's just been a lengthy discussion about this. Take a look at the thread with subject "Replace use of Infinispan with User Sessions SPI" (<a href="http://lists.jboss.org/pipermail/keycloak-user/2015-December/004044.html">http://lists.jboss.org/pipermail/keycloak-user/2015-December/004044.html</a>).</div><div class="gmail_extra"><br><div class="gmail_quote">On 18 December 2015 at 15:01, charles-edouard gagnaire <span dir="ltr"><<a href="mailto:c.gagnaire@kreactive.com" target="_blank">c.gagnaire@kreactive.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>hi, </div><div><br></div><div>I'm having trouble configuring a Keycloak cluster running on AWS' EC2. </div><div>The database configuration is OK no problem, but i can't manage to get the invalidation cache working correctly. </div><div>I configured Infinispan to work with S3_ping plugin (the relevant part of my configuration is below). </div><div><br></div><div>When i run both server, the connection with the database is Ok, but the infinispan logs look like this : </div><div>On Server 1 : </div><div>...</div><div>11:00:17,592 INFO [stdout] (MSC service thread 1-1) GMS: address=ip-10-1-7-103, cluster=ee, physical address=<a href="http://10.1.7.103:7600" target="_blank">10.1.7.103:7600</a></div><div>...</div><div>11:00:18,057 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (ServerService Thread Pool -- 62) ISPN000094: Received new cluster view for channel keycloak: [ip-10-1-7-103|0] (1) [ip-10-1-7-103]</div><div>...</div><div><br></div><div>On Server 2 : </div><div>...</div><div>11:03:41,159 INFO [stdout] (MSC service thread 1-1) GMS: address=ip-10-1-1-245, cluster=ee, physical address=<a href="http://10.1.1.245:7600" target="_blank">10.1.1.245:7600</a></div><div>...</div><div>11:03:41,783 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (ServerService Thread Pool -- 62) ISPN000094: Received new cluster view for channel keycloak: [ip-10-1-1-245|0] (1) [ip-10-1-1-245]</div><div>...</div><div><br></div><div>In my S3 bucket, i have 2 files created :</div><div>402ea329-c135-f1e9-2782-02768779e02f.ip-10-1-1-245.list</div><div>a584321f-408b-b2ae-e2dd-d19333db96c4.ip-10-1-7-103.list</div><div><br></div><div>And the content of the files is like this :</div><div>File 1 : </div><div>ip-10-1-1-245 <span style="white-space:pre-wrap"> </span>402ea329-c135-f1e9-2782-02768779e02f <span style="white-space:pre-wrap"> </span><a href="http://10.1.1.245:7600" target="_blank">10.1.1.245:7600</a> <span style="white-space:pre-wrap"> </span>T</div><div><br></div><div>File 2 : </div><div>ip-10-1-7-103 <span style="white-space:pre-wrap"> </span>a584321f-408b-b2ae-e2dd-d19333db96c4 <span style="white-space:pre-wrap"> </span><a href="http://10.1.7.103:7600" target="_blank">10.1.7.103:7600</a> <span style="white-space:pre-wrap"> </span>T</div><div><br></div><div>When i read the logs, it looks like the infinispan's cache can't contact each other.</div><div>I double check my network config, and i tried connecting from one server to the other using nc (like this: nc -vvv 10.1.7.103 7600) and this works fine. </div><div><br></div><div>Is there a way to check the infinispan status of the servers?</div><div>Do you guys got any clue on how to make this works? </div><div><br></div><div>Thank you, </div><div>Charles-Edouard</div><div><br></div><div>My config looks like this : </div><div><br></div><div>- Standalone-ha.xml</div><div>...</div><div><datasources></div><div> <driver name="postgresql" module="org.postgresql"></div><div> <datasource-class>org.postgresql.Driver</datasource-class></div><div> <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class></div><div> </driver></div><div> <datasource jndi-name="java:jboss/datasources/PgDskeycloak" pool-name="PgDskeycloak" enabled="true" use-java-context="true"></div><div> <connection-url>jdbc:postgresql://****:5432/keycloak?ApplicationName=keycloak</connection-url></div><div> <driver>postgresql</driver></div><div> <pool></div><div> <min-pool-size>5</min-pool-size></div><div> <initial-pool-size>5</initial-pool-size></div><div> <max-pool-size>100</max-pool-size></div><div> <prefill>true</prefill></div><div> </pool></div><div> <validation></div><div> <valid-connection-checker</div><div> class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"></valid-connection-checker></div><div> <exception-sorter</div><div> class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"></exception-sorter></div><div> </validation></div><div> <security></div><div> <user-name>****</user-name></div><div> <password>****</password></div><div> </security></div><div> </datasource></div><div>...</div><div> <stacks default="tcp"></div><div> <stack name="udp"></div><div> <transport type="UDP" socket-binding="jgroups-udp"/></div><div> <protocol type="PING"/></div><div> <protocol type="MERGE3"/></div><div> <protocol type="FD_SOCK" socket-binding="jgroups-udp-fd"/></div><div> <protocol type="FD_ALL"/></div><div> <protocol type="VERIFY_SUSPECT"/></div><div> <protocol type="pbcast.NAKACK2"/></div><div> <protocol type="UNICAST3"/></div><div> <protocol type="pbcast.STABLE"/></div><div> <protocol type="pbcast.GMS"/></div><div> <protocol type="UFC"/></div><div> <protocol type="MFC"/></div><div> <protocol type="FRAG2"/></div><div> <protocol type="RSVP"/></div><div> </stack></div><div> <stack name="tcp"></div><div> <transport type="TCP" socket-binding="jgroups-tcp"/></div><div> <protocol type="S3_PING" ></div><div> <property name="location">****</property></div><div> <property name="access_key">****</property></div><div> <property name="secret_access_key">****</property></div><div> </protocol></div><div> <!-- <protocol type="MPING" socket-binding="jgroups-mping"/> --></div><div> <protocol type="MERGE3"/></div><div> <protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/></div><div> <protocol type="FD"/></div><div> <protocol type="VERIFY_SUSPECT"/></div><div> <protocol type="pbcast.NAKACK2"/></div><div> <protocol type="UNICAST3"/></div><div> <protocol type="pbcast.STABLE"/></div><div> <protocol type="pbcast.GMS"/></div><div> <protocol type="MFC"/></div><div> <protocol type="FRAG2"/></div><div> <protocol type="RSVP"/></div><div> </stack></div><div>...</div><div> <interfaces></div><div> <interface name="management"></div><div> <nic name="eth0"/></div><div> </interface></div><div> <interface name="public"></div><div> <nic name="eth0"/></div><div> </interface></div><div> <!-- TODO - only show this if the jacorb subsystem is added --></div><div> <interface name="unsecure"></div><div> <!--</div><div> ~ Used for IIOP sockets in the standard configuration.</div><div> ~ To secure JacORB you need to setup SSL</div><div> --></div><div> <nic name="eth0"/></div><div> </interface></div><div> </interfaces></div><div><br></div><div><span style="white-space:pre-wrap"> </span></div><div>- keycloak-server.json</div><div>{</div><div> "providers": [</div><div> "classpath:${jboss.server.config.dir}/providers/*"</div><div> ],</div><div><br></div><div> "admin": {</div><div> "realm": "master"</div><div> },</div><div><br></div><div> "eventsStore": {</div><div> "provider": "jpa",</div><div> "jpa": {</div><div> "exclude-events": [ "REFRESH_TOKEN" ]</div><div> }</div><div> },</div><div><br></div><div> "realm": {</div><div> "provider": "jpa"</div><div> },</div><div><br></div><div> "user": {</div><div> "provider": "jpa"</div><div> },</div><div><br></div><div> "userSessionPersister": {</div><div> "provider": "jpa"</div><div> },</div><div><br></div><div> "timer": {</div><div> "provider": "basic"</div><div> },</div><div><br></div><div> "theme": {</div><div> "default": "keycloak",</div><div> "staticMaxAge": 2592000,</div><div> "cacheTemplates": true,</div><div> "cacheThemes": true,</div><div> "folder": {</div><div> "dir": "${jboss.server.config.dir}/themes"</div><div> }</div><div> },</div><div><br></div><div> "scheduled": {</div><div> "interval": 900</div><div> },</div><div><br></div><div> "connectionsHttpClient": {</div><div> "default": {</div><div> "disable-trust-manager": true</div><div> }</div><div> },</div><div><br></div><div> "connectionsJpa": {</div><div> "default": {</div><div> "dataSource": "java:jboss/datasources/PgDskeycloak",</div><div> "databaseSchema": "update"</div><div> }</div><div> },</div><div><br></div><div> "connectionsInfinispan": {</div><div> "default" : {</div><div> "cacheContainer" : "java:jboss/infinispan/Keycloak"</div><div> }</div><div> }</div><div>}</div><div><br></div><div><div><div dir="ltr"><div><div dir="ltr"><table width="100%" cellpadding="0" cellspacing="0" style="font-family:'Times New Roman'"><tbody><tr><td colspan="4" height="20"></td></tr><tr><td valign="top" align="left"><table cellpadding="0" cellspacing="0"><tbody><tr><td width="20"></td><td style="font-family:'Exo 2',helvetica,arial,sans-serif"><font color="#333333"><span style="line-height:1em;font-size:20px">CHARLES-EDOUARD GAGNAIRE</span></font><br><font color="#6c6c6c"><span style="line-height:1.4em;font-style:italic;font-size:14px">SysAdmin</span></font> <br><font size="2"><a href="mailto:c.gagnaire@kreactive.com" style="text-decoration:none;line-height:2em" target="_blank"><font color="#B60018" style="font-size:13px">c.gagnaire@kreactive.com</font></a><br><font color="#333333" style="line-height:1em;font-size:14px">p. 06.27.80.28.53</font></font><table cellpadding="0" cellspacing="0"><tbody><tr><td height="20"></td></tr><tr><td valign="top"><font face="'Exo 2', helvetica,arial,sans-serif" size="1"><font color="#333333" style="font-style:italic;font-size:11px">LYON "Le Capitole"</font><br><font color="#333333" style="font-style:italic;font-size:10px">97, cours Gambetta<br>69481 Lyon Cedex 03</font> </font><br><br><font face="'Exo 2', helvetica,arial,sans-serif" size="1"><font color="#333333" style="font-style:italic;font-size:11px">PARIS</font><br><font color="#333333" style="font-style:italic;font-size:10px">16, rue de Turbigo<br>75002 Paris</font></font></td></tr></tbody></table></td></tr></tbody></table></td><td align="center" valign="middle"><img></td><td valign="middle" align="right" style="line-height:0.8em;font-family:helvetica,arial,sans-serif"><div style="width:132px;text-align:center"><a href="http://www.kreactive.com/" target="_blank"><img alt="Kreactive" width="132" height="90" border="0"></a><br><br><br><a href="https://www.facebook.com/kreactive" target="_blank"><img border="0" alt="Facebook" width="17" height="17"></a> <a href="https://twitter.com/kreactive" target="_blank"><img border="0" alt="Twitter" width="17" height="17"></a></div></td><td width="15"></td></tr><tr><td colspan="4" height="10"></td></tr><tr><td colspan="4" height="4" bgcolor="#B60018"></td></tr></tbody></table></div></div></div></div></div>
</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>