5:53 a.m.
Hi Sebastian,
I think going with TCP is fine. Looking at the PR, I am not sure using hostname -i to find
the local IP address is a good idea. Looking at the man page:
-i, --ip-address
Display the network address(es) of the host name. Note that this works only
if the host name can be resolved. Avoid using this option; use hostname --all-ip-addresses
instead.
while:
-I, --all-ip-addresses
Display all network addresses of the host. This option enumerates all
configured addresses on all network interfaces. The loopback interface and IPv6 link-local
addresses are omitted. Contrary to option -i, this
option does not depend on name resolution. Do not make any assumptions about
the order of the output.
I can imagine the second option might be more suitable, since it does not depend on DNS
and you want to exclude loopback interfaces anyways?
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Open Source Services (INST-CSS/BSV-OS2)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY |
www.bosch-si.com
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Fax +49 30 726112-100 |
Sebastian.Schuster(a)bosch-si.com
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber,
Michael Hahn, Dr. Aleksandar Mitrovic
-----Ursprüngliche Nachricht-----
Von: keycloak-dev-bounces(a)lists.jboss.org <keycloak-dev-bounces(a)lists.jboss.org> Im
Auftrag von Sebastian Laskawiec
Gesendet: Donnerstag, 11. April 2019 10:02
An: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Betreff: [keycloak-dev] TCP for JGroups and bind options
Hey,
I've been working on JGroups bind settings for Keycloak Container Image recently and
we had a discussion with Stian about changing both binding options and transport for
JGroups.
As you probably know, we use standalone-ha.xml as a default configuration for our image.
This means, that Infinispan boots up in clustered mode. At the moment, we use the default
transport from the configuration, which is UDP (with PING as discovery).
Even though UDP transport is a bit faster for larger clusters, it often doesn't work
out of the box in cloud environments (like AWS for the instance). Of course, the JGroups
stack can easily be changed by using the `-Djboss.default.jgroups.stack=tcp` switch.
I'm planning to revise this piece and change the default transport to TCP (probably by
adding `-Djboss.default.jgroups.stack=tcp` switch to the default options).
I also proposed, and would like to ask you to try it out, changing the bind parameters to
match IPv4 [1]. Previously, JGroups tried to bind to wrong interfaces, including
`fe80::5003:8eff:fefa:3e53%tap0` exposed by Podman.
Please have a look at the Pull Request [1], check if it works for you and let me know what
you think about using TCP as default transport for JGroups.
Thanks,
Sebastian
[1] https://github.com/jboss-dockerfiles/keycloak/pull/186
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev