<div dir="ltr"><div>You're on the right track. Taking a look at my notes, the following may be required:</div><div><ul><li>docker container with host mode networking and NET_ADMIN capabilities if clustering across container hosts</li><li>entrypoint parameters:<br>-Djgroups.bind_addr=HOST_IP -b HOST_IP --server-config standalone-ha.xml<br>note the host default interface IP must be used and not a wildcard of 0.0.0.0</li><li>the socket-binding changed</li></ul></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 30, 2016 at 7:49 PM, Sarp Kaya <span dir="ltr"><<a href="mailto:akaya@expedia.com" target="_blank">akaya@expedia.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif">
<div>Sorry to send an e-mail again what I did is changed this:</div>
<div>
<pre style="background-color:#2b2b2b;color:#a9b7c6;font-family:'Menlo';font-size:9.0pt"><span style="color:#e8bf6a"><socket-binding </span><span style="color:#bababa">name</span><span style="color:#6a8759">="jgroups-udp" </span><span style="color:#bababa">interface</span><span style="color:#6a8759">="public" </span><span style="color:#bababa">port</span><span style="color:#6a8759">="55200" </span><span style="color:#bababa;background-color:#344134">multicast-address</span><span style="color:#6a8759">="${jboss.default.multicast.address:230.0.0.4}" </span><span style="color:#bababa">multicast-port</span><span style="color:#6a8759">="45688"</span><span style="color:#e8bf6a">/></span></pre>
</div>
<div>Also set the public interface as:</div>
<div>
<pre style="background-color:#2b2b2b;color:#a9b7c6;font-family:'Menlo';font-size:9.0pt"><span style="color:#e8bf6a"><interface </span><span style="color:#bababa">name</span><span style="color:#6a8759">="public"</span><span style="color:#e8bf6a">><br></span><span style="color:#e8bf6a"> <inet-address </span><span style="color:#bababa">value</span><span style="color:#6a8759">="${jboss.bind.address:0.0.0.0}"</span><span style="color:#e8bf6a">/><br></span><span style="color:#e8bf6a"></interface></span></pre>
</div>
<div>But now I’m getting this error:</div>
<div><br>
</div>
<div>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
00:45:40,146 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service <a href="http://jboss.jgroups.channel.ee" target="_blank">jboss.jgroups.channel.ee</a>: org.jboss.msc.service.StartException in service <a href="http://jboss.jgroups.channel.ee" target="_blank">jboss.jgroups.channel.ee</a>: java.security.PrivilegedActionException: java.net.BindException:
[UDP] /<a href="http://0.0.0.0" target="_blank">0.0.0.0</a> is not a valid address on any local network interface</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:80)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at java.lang.Thread.run(Thread.java:745)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
Caused by: java.security.PrivilegedActionException: java.net.BindException: [UDP] /<a href="http://0.0.0.0" target="_blank">0.0.0.0</a> is not a valid address on any local network interface</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:640)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:98)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:78)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
... 5 more</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
Caused by: java.net.BindException: [UDP] /<a href="http://0.0.0.0" target="_blank">0.0.0.0</a> is not a valid address on any local network interface</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jgroups.util.Util.checkIfValidAddress(Util.java:3522)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jgroups.stack.Configurator.ensureValidBindAddresses(Configurator.java:903)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jgroups.stack.Configurator.setupProtocolStack(Configurator.java:118)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jgroups.stack.Configurator.setupProtocolStack(Configurator.java:57)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:477)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jgroups.JChannel.init(JChannel.java:853)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jgroups.JChannel.<init>(JChannel.java:159)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:95)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:92)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
... 7 more</p>
<p style="margin:0px;font-size:11px;font-family:Menlo;color:rgb(195,55,32)">
<br>
</p>
</div>
<div>If I put a different IP address (say the docker machine IP address) I get the same error as well.</div>
<div><br>
</div>
<span><span class="">
<div style="font-family:Calibri;font-size:11pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt">
<span style="font-weight:bold">From: </span>John Bartko <<a href="mailto:john.bartko@drillinginfo.com" target="_blank">john.bartko@drillinginfo.com</a>><br>
<span style="font-weight:bold">Date: </span>Thursday, March 31, 2016 at 1:23 AM<br>
<span style="font-weight:bold">To: </span>Marek Posolda <<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>><br>
<span style="font-weight:bold">Cc: </span>Abdullah Sarp Kaya <<a href="mailto:akaya@expedia.com" target="_blank">akaya@expedia.com</a>>, "<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>" <<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [keycloak-user] Keycloak Clustering, other instance logs me out<br>
</div>
<div><br>
</div>
</span><div>
<div><div><div class="h5">
<div dir="ltr">When clustering across separate hosts, I had to change the jgroups-udp socket binding to listen on the public interface (binds to loopback by default).</div>
</div></div><div class="gmail_extra"><br>
<div class="gmail_quote"><div><div class="h5">On Wed, Mar 30, 2016 at 5:52 AM, Marek Posolda <span dir="ltr">
<<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div><div class="h5">
<div><br>
When you start the second instance, are you seeing something like this in log of both servers?<br>
<br>
INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (Incoming-10,shared=udp)<br>
ISPN000094: Received new cluster view: [node1/keycloak|1] (2) [node1/keycloak, node2/keycloak]<br>
<br>
If not, then clustering doesn't work properly and the servers doesn't form a cluster with each other. From the log you sent, there is just startup of one server, which indicates that clustering may not work.<br>
<br>
Maybe multicast doesn't work in your network. Either disable firewall/selinux/whatever to have multicast working or switch to TCP JGroups channel instead of UDP. See the Wildfly and JGroups documentation for more details.<br>
<br>
Also I personally use the virtual hosts to test clustering of 2 servers on same machine (Ie. have virtual servers like kc1:8080 and kc2:8080) . Using same host but differ just in port number ( host:8080 and host:8081 ) may causing mess with cookies, so
<br>
I am personally not using the setup like this.<br>
<br>
Marek
<div>
<div><br>
<br>
On 30/03/16 08:38, Sarp Kaya wrote:<br>
</div>
</div>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div>
<div>
<div>I have tried using standalone-ha.xml with shared database. I thought that would be enough but it seems like it’s not. The problem is</div>
<div><br>
</div>
<div>I log into kc1 instance, and subsequent requests are authenticated.</div>
<div>Then I try viewing</div>
<div>host:8080/auth/realms/master/account</div>
<div>Which is also authenticated.</div>
<div><br>
</div>
<div>Then I try to view this on kc1 by changing port like:</div>
<div>host:8081/auth/realms/master/account</div>
<div><br>
</div>
<div>At this point I expect to see same page. However I get prompted for login for both kc1 and kc2. I see no logs at this point.</div>
<div><br>
</div>
<div>So now I have switched to using keycloak-ha-postgres because it seemed to me that it comes clustering enabled out of box. So I nearly did exactly what this page:</div>
<div><a href="https://hub.docker.com/r/jboss/keycloak-ha-postgres/builds/benk6w5cgdmrqonrxvu3bfu/" target="_blank">https://hub.docker.com/r/jboss/keycloak-ha-postgres/builds/benk6w5cgdmrqonrxvu3bfu/</a></div>
<div> told me to so. The only difference that I have done is adding ports (with –p 8080:8080 to one instance and –p 8081:8080 to the another one) and adding a new user.</div>
<div><br>
</div>
<div>Once I start the I get this log:</div>
<div><br>
</div>
<div>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,888 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000078: Starting JGroups channel keycloak</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,893 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000078: Starting JGroups channel server</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,902 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000094: Received new cluster view for channel keycloak: [a05014a5dc24|0] (1) [a05014a5dc24]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,907 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000079: Channel keycloak local address is a05014a5dc24, physical addresses are [<a href="http://127.0.0.1:55200" target="_blank">127.0.0.1:55200</a>]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,902 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000094: Received new cluster view for channel server: [a05014a5dc24|0] (1) [a05014a5dc24]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,914 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000079: Channel server local address is a05014a5dc24, physical addresses are [<a href="http://127.0.0.1:55200" target="_blank">127.0.0.1:55200</a>]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,925 INFO [org.infinispan.factories.GlobalComponentRegistry] (MSC service thread 1-2) ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,926 INFO [org.infinispan.factories.GlobalComponentRegistry] (MSC service thread 1-1) ISPN000128: Infinispan version: Infinispan 'Mahou' 8.1.0.Final</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,978 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000078: Starting JGroups channel web</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,982 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000094: Received new cluster view for channel web: [a05014a5dc24|0] (1) [a05014a5dc24]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,984 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000079: Channel web local address is a05014a5dc24, physical addresses are [<a href="http://127.0.0.1:55200" target="_blank">127.0.0.1:55200</a>]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,985 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000078: Starting JGroups channel hibernate</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,986 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000094: Received new cluster view for channel hibernate: [a05014a5dc24|0] (1) [a05014a5dc24]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:49,987 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000079: Channel hibernate local address is a05014a5dc24, physical addresses are [<a href="http://127.0.0.1:55200" target="_blank">127.0.0.1:55200</a>]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,028 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000078: Starting JGroups channel ejb</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,030 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000094: Received new cluster view for channel ejb: [a05014a5dc24|0] (1) [a05014a5dc24]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,031 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-1) ISPN000079: Channel ejb local address is a05014a5dc24, physical addresses are [<a href="http://127.0.0.1:55200" target="_blank">127.0.0.1:55200</a>]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,357 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 56) WFLYCLINF0002: Started realmVersions cache from keycloak container</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,391 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 54) WFLYCLINF0002: Started offlineSessions cache from keycloak container</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,397 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 55) WFLYCLINF0002: Started loginFailures cache from keycloak container</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,396 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 52) WFLYCLINF0002: Started sessions cache from keycloak container</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,392 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 53) WFLYCLINF0002: Started realms cache from keycloak container</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,399 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 51) WFLYCLINF0002: Started users cache from keycloak container</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">05:28:50,402 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 50) WFLYCLINF0002: Started work cache from keycloak container</p>
</div>
<div><br>
</div>
<div><br>
</div>
<div>However I still have the same issue as above (I get logged out). Also I don’t get any new logs for the entire log-in, log-out processes.</div>
<div><br>
</div>
<div>Am I doing something wrong?</div>
<div>Thanks,</div>
<div>Sarp</div>
<br>
<fieldset></fieldset> <br>
</div>
</div>
</div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div><span class="">
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</span></blockquote>
</div>
<br>
</div>
</div>
</div>
</span>
</div>
</blockquote></div><br></div>