Hey Sebastian,
Thanks a lot for the comment. Let me give you some more insight on this
change...
One of our goals was to make Keycloak more Cloud-friendly (especially with
the regards to OpenShift). One of the first steps is to make it clustered
by default. This requires making both `jboss.bind.address` and
`jboss.bind.address.private` pointing to the eth0 of the container and
bootstrapping the `standalone-ha.xml` configuration by default. As you
already noticed, you can easily override this behavior by specifying `-c
standalone.xml` configuration and (if you wish) specifying `BIND`
environmental variable pointing to `127.0.0.1`.
Now, why JGroups bind to the `jboss.bind.address.private` instead of
`jboss.bind.address` by default is not obvious to me. I will ask the
Wildfly Team why they decided to take this direction. I personally would do
the opposite.
As for the patch you suggested, I totally agree with you - we should also
scan for `--server-config`. May I ask you for a pull request?
Thanks,
Sebastian
On Fri, Sep 28, 2018 at 6:11 PM Schuster Sebastian (INST-CSS/BSV-OS) <
Sebastian.Schuster(a)bosch-si.com> wrote:
Maybe this snippet is helpful:
if echo "$@" | egrep -v -- '-c |-c=|--server-config
|--server-config=';
then
SYS_PROPS+=" -c=standalone-ha.xml"
fi
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Open Source Services (INST-CSS/BSV-OS)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
GERMANY
<
https://maps.google.com/?q=Ullsteinstr.+128+%7C+12109+Berlin+%7C+GERMANY&...
|
www.bosch-si.com
Tel. +49 30 726112-485 <+49%2030%20726112485> | Fax +49 30 726112-100
<+49%2030%20726112100> | Sebastian.Schuster(a)bosch-si.com
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.
Stefan Ferber, Michael Hahn
-----Original Message-----
From: keycloak-dev-bounces(a)lists.jboss.org <
keycloak-dev-bounces(a)lists.jboss.org> On Behalf Of Schuster Sebastian
(INST-CSS/BSV-OS)
Sent: Freitag, 28. September 2018 16:00
To: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Subject: [keycloak-dev] Latest changes with JGroups discovery in
4.5.0.Final Docker Image
Hi everybody,
I think there are some minor issues with the changes in the 4.5.0 Docker
image. In docker-entrypoint.sh per default if nothing is specified the
jboss.bind.address and jboss.bind.address.private are both set to hostname
–i and if nothing is specified standalone-ha mode is used. I find that at
least questionable, I think running standalone is a safer default compared
to opening JGroups communication on a public interface. However, the
default works for us in Kubernetes.
However, the detection whether a profile was specified (if echo "$@" |
egrep -v -- "-c "; then) should be improved, only looking for “-c” does
not work as “—server-config” is equally possible. Wildfly will die with an
error if both are present…
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Open Source Services (INST-CSS/BSV-OS)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
GERMANY
<
https://maps.google.com/?q=Ullsteinstr.+128+%7C+12109+Berlin+%7C+GERMANY&...
|
www.bosch-si.com<http://www.bosch-si.com>
Tel. +49 30 726112-485 <+49%2030%20726112485> | Fax +49 30 726112-100
<+49%2030%20726112100> | Sebastian.Schuster(a)bosch-si.com<mailto:
Sebastian.Schuster(a)bosch-si.com>
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.
Stefan Ferber, Michael Hahn
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev