6:33 a.m.
Thanks, Marek. Will follow instructions there to check how things are
working when enabling a remote store with JDG.
I've also changed the authz cache mode to local, what I think makes more
sense than use a distributed cache as it stands today. We basically want to
cache things locally and invalidate entries accordingly to avoid stale
entries across nodes.
On Tue, May 9, 2017 at 3:44 AM, Marek Posolda <mposolda(a)redhat.com> wrote:
I think that should be sufficient for Cross-DC support.
Pedro, if you want to try some basic testing of cross-dc, here are some
simple instructions: https://github.com/keycloak/ke
ycloak/blob/master/misc/CrossDataCenter.md
For the development, there is even easier way to test with 2 embedded
KeycloakServer instances (class KeycloakServer from the old testsuite) if
you run the KeycloakServer with the properties like this (replace with your
shared DB): -Dkeycloak.connectionsJpa.url=jdbc:mysql://localhost/keycloak
-Dkeycloak.connectionsJpa.driver=com.mysql.jdbc.Driver
-Dkeycloak.connectionsJpa.user=keycloak -Dkeycloak.connectionsJpa.password=keycloak
-Dkeycloak.connectionsInfinispan.remoteStoreEnabled=true
-Dkeycloak.connectionsInfinispan.remoteStoreHost=localhost
-Dkeycloak.connectionsInfinispan.remoteStorePort=11322
You just need to run 2 servers on different ports, which is argument like
"-p 8081" .
Marek
On 08/05/17 13:08, Pedro Igor Silva wrote:
> That is why I'm asking. I have been working with some changes to authz
> cache layer to get it aligned with the rest of the project. I've a PR
> already with some initial changes at this regard, where I'm basically
> pushing usage of invalidation events via cluster provider. Besides, I have
> also changed cache mode for authz cache to local. We don't really need to
> replicate/distribute entries across nodes, but cache things locally and
> invalidate these same accordingly.
>
> On Mon, May 8, 2017 at 3:26 AM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
> Marek can probably answer that in more detail. However, IMO the caches for
>> authorization services should be done exactly as the other invalidation
>> caches. We've done a lot of tweaks here to get it to work properly and
>> it's
>> complex stuff so we don't want to have two different approaches in the
>> code.
>>
>> On 6 May 2017 at 03:51, Pedro Igor Silva <psilva(a)redhat.com> wrote:
>>
>> Hey All,
>>>
>>> Is it fair to say that using invalidation events via ClusterProvider is
>>> enough to get Cross-DC support ?
>>>
>>> Regards.
>>> Pedro Igor
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>>
>> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>