The PR for Wildfly 13 upgrade is finally ready to review -
https://github.com/keycloak/keycloak/pull/5293 . Few things to highlight
for this PR:
- Dependencies of undertow, infinispan, resteasy and aesh and some
others were updated to use the versions used by Wildfly.
- Some configuration changes are needed in infinispan Wildfly subsystem
(Removed jndi-name from cache-container element, Replaced "eviction"
element by "objects" element in the configuration of caches, ...). This
is all documented and described in migration guide. Also migration
scripts were updated to reflect all of this and automatically update
configurations of standalone and domain configuration files.
Server-config-migration-tests is passing
- For Cross-DC, infinispan-server used is now infinispan-server
9.2.4.Final (same infinispan version like Wildfly 13 is using) and JDG
7.2. It was a bit of pain, but finally cross-dc tests are passing fine
with both infinispan-server-9.2.4 and JDG 7.2. The PR contains some
changes especially in the keycloak-model-infinispan part as updating
infinispan wasn't so straightforward. Few things to note:
-- Some API changes and deprecated methods in infinispan, which we need
to adapt too
-- For cross-dc, we don't use JDG '___script_cache' anymore for
preloading sessions. It caused some issues in the past related to
security. Also there seem to be a bug in JDG 7.2, which prevent it to
work correctly. We know use "remoteCache.retrieveEntries", which was
improved in infinispan 9 and allows great performance and preloading
sessions in parallel. Was trying to test preloading with million
sessions in JDG and it took just around a minute on my laptop
- There is still the issue that keycloak-admin-cli and
keycloak-client-registration-cli use the old aesh. I've created
https://issues.jboss.org/browse/KEYCLOAK-7737 . Fortunately old aesh is
not needed as Wildfly module, because the "fat" jars
"keycloak-admin-cli" and "keycloak-client-registration-cli" just
contains it's classes (as well as the other dependencies) contained in
itself. IMO this is not a blocker to upgrade master to Wildfly 13 now
and it can be addressed later. But will be good to address this (EG. if
there are security and other issues in old aesh, we won't be able to
rely on Wildfly support etc). WDYT?
- I've sent the PR for documentation last week
https://github.com/keycloak/keycloak-documentation/pull/410 . But this
one is not yet ready for review. I need to update it based on feedback
from Matthew. Also need to update a bit the content as well. Hopefully
will be ready for review later today.
Marek