Yes, that's needed. JGroups is by default bound to 127.0.0.1 and should in
best practice be bound to a private secure network to limit access. See
https://keycloak.gitbooks.io/server-installation-and-configuration/conten...
for more details.
On 21 September 2016 at 16:35, Muein Muzamil <shmuein+keycloak-dev(a)gmail.com
wrote:
Hi all,
I am trying to run KeyCloak in cluster mode with docker containers using
standalone-ha.xml but for me containers are not joining the same infinispan
cluster.
I tried to follow following blog entry but not sure it is still valid.
http://blog.keycloak.org/2015/04/running-keycloak-cluster-with-docker.html
I was trying to follow this to run multiple docker containers in cluster
with the latest images. But when I ran second keycloak container, I didn't
see this container joining the 1st cluster. I was seeing this in the log
for the second container.
[0m[0m12:31:56,385 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(MSC service thread 1-2) ISPN000094: Received new cluster view for channel
keycloak: [saskeycloak-fbtit|0] (1) [saskeycloak-fbtit]
To get it working I had to update private interface in standalone-ha.xml
to use docker container's IP.
<interface name="private">
<!--<inet-address
value="${jboss.bind.address.private:127.0.0.1}"/>-->
<inet-address value="172.17.0.3" />
</interface>
Is that really needed or do we have a better way to get it working?
Regards,
Muein
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev