CCing Alan Field from RH Infinispan team and forwarding his question: 
I'd like to know which configuration files you are using and why is is
harder to use with Amazon’s Docker service (ECS) or Beanstalk. I'd also be
interested in how big a cluster you are using in AWS.

On 14/12/15 22:24, Scott Rossillo wrote:
AWS was why we didn’t use Infinispan to begin with.  That and it’s even more complicated when you deploy using Amazon’s Docker service (ECS) or Beanstalk.

It’s too bad Infinispan  / JGroups are beasts when the out of the box configuration can’t be used. I’m planning to document this as we fix but I’d avoid S3_PING and use JDBC_PING. You already need JDBC for the Keycloak DB, unless you’re using Mongo and it’s easier to test locally.

TCPPING will bite you on AWS if Amazon decides to replace one of your instances (which it does occasionally w/ECS or Beanstalk).

Best,  
Scott

Scott Rossillo
Smartling | Senior Software Engineer
srossillo@smartling.com

Powered by Sigstr

On Dec 14, 2015, at 10:59 AM, Marek Posolda <mposolda@redhat.com> wrote:

On 14/12/15 16:55, Marek Posolda wrote:
On 14/12/15 15:58, Bill Burke wrote:
On 12/14/2015 5:01 AM, Niko Köbler wrote:
Hi Marek,

Am 14.12.2015 um 08:50 schrieb Marek Posolda <mposolda@redhat.com
<mailto:mposolda@redhat.com>>:

Btv. what's your motivation to not use infinispan? If you afraid of
cluster communication, you don't need to worry much about it, because
if you run single keycloak through standalone.xml, the infinispan
automatically works in LOCAL mode and there is no any cluster
communication at all.
My current customer is running his apps in AWS. As known, multicast is
not available in cloud infrastructures. Wildfly/Infinispan Cluster works
pretty well with multicast w/o having to know too much about JGroups
config. S3_PING seams to be a viable way to get a cluster running in AWS.
But additionally, my customer doesn’t have any (deep) knowledge about
JBoss infrastructures and so I’m looking for a way to be able to run
Keycloak in a cluster in AWS without the need to build up deeper
knowlegde of JGroups config, for example in getting rid of Infinispan.
But I do understand all the concerns in doing this.
I still have to test S3_PING, if it works as easy as multicast. If yes,
we can use it, if no… I don’t know yet. But this gets offtopic for
Keycloak mailinglist, it’s more related to pure Wildfly/Infinispan.

seems to me it would be much easier to get Infinispan working on AWS
than to write and maintain an entire new caching mechanism and hope we
don't refactor the cache SPI.


+1

I am sure infinispan/JGroups has possibility to run in non-multicast
environment. You may just need to figure how exactly to configure it. So
I agree that this issue is more related to Wildfly/Infinispan itself
than to Keycloak.

You may need to use jgroups protocols like TCP instead of default UDP
and maybe TCPPING (this requires to manually list all your cluster
nodes. But still, it's much better option IMO than rewriting UserSession
SPI)
Btv. if TCPPING or S3_PING is an issue, there is also AWS_PING
http://www.jgroups.org/manual-3.x/html/protlist.html#d0e5100 , but it's
not official part of jgroups.

Marek

Marek
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user