You're on the right track. Taking a look at my notes, the following may be
required:
- docker container with host mode networking and NET_ADMIN capabilities
if clustering across container hosts
- entrypoint parameters:
-Djgroups.bind_addr=HOST_IP -b HOST_IP --server-config standalone-ha.xml
note the host default interface IP must be used and not a wildcard of
0.0.0.0
- the socket-binding changed
On Wed, Mar 30, 2016 at 7:49 PM, Sarp Kaya <akaya(a)expedia.com> wrote:
Sorry to send an e-mail again what I did is changed this:
<socket-binding name="jgroups-udp" interface="public"
port="55200"
multicast-address="${jboss.default.multicast.address:230.0.0.4}"
multicast-port="45688"/>
Also set the public interface as:
<interface name="public">
<inet-address value="${jboss.bind.address:0.0.0.0}"/>
</interface>
But now I’m getting this error:
00:45:40,146 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2)
MSC000001: Failed to start service jboss.jgroups.channel.ee:
org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee:
java.security.PrivilegedActionException: java.net.BindException: [UDP] /
0.0.0.0 is not a valid address on any local network interface
at
org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:80)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.PrivilegedActionException:
java.net.BindException: [UDP] /0.0.0.0 is not a valid address on any
local network interface
at
org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:640)
at
org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:98)
at
org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:78)
... 5 more
Caused by: java.net.BindException: [UDP] /0.0.0.0 is not a valid address
on any local network interface
at org.jgroups.util.Util.checkIfValidAddress(Util.java:3522)
at
org.jgroups.stack.Configurator.ensureValidBindAddresses(Configurator.java:903)
at
org.jgroups.stack.Configurator.setupProtocolStack(Configurator.java:118)
at
org.jgroups.stack.Configurator.setupProtocolStack(Configurator.java:57)
at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:477)
at org.jgroups.JChannel.init(JChannel.java:853)
at org.jgroups.JChannel.<init>(JChannel.java:159)
at
org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:95)
at
org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:92)
at
org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
... 7 more
If I put a different IP address (say the docker machine IP address) I get
the same error as well.
From: John Bartko <john.bartko(a)drillinginfo.com>
Date: Thursday, March 31, 2016 at 1:23 AM
To: Marek Posolda <mposolda(a)redhat.com>
Cc: Abdullah Sarp Kaya <akaya(a)expedia.com>,
"keycloak-user(a)lists.jboss.org"
<keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] Keycloak Clustering, other instance logs me
out
When clustering across separate hosts, I had to change the jgroups-udp
socket binding to listen on the public interface (binds to loopback by
default).
On Wed, Mar 30, 2016 at 5:52 AM, Marek Posolda <mposolda(a)redhat.com>
wrote:
>
> When you start the second instance, are you seeing something like this in
> log of both servers?
>
> INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (Incoming-10,shared=udp)
> ISPN000094: Received new cluster view: [node1/keycloak|1] (2)
> [node1/keycloak, node2/keycloak]
>
> If not, then clustering doesn't work properly and the servers doesn't
> form a cluster with each other. From the log you sent, there is just
> startup of one server, which indicates that clustering may not work.
>
> Maybe multicast doesn't work in your network. Either disable
> firewall/selinux/whatever to have multicast working or switch to TCP
> JGroups channel instead of UDP. See the Wildfly and JGroups documentation
> for more details.
>
> Also I personally use the virtual hosts to test clustering of 2 servers
> on same machine (Ie. have virtual servers like kc1:8080 and kc2:8080) .
> Using same host but differ just in port number ( host:8080 and host:8081 )
> may causing mess with cookies, so
> I am personally not using the setup like this.
>
> Marek
>
>
> On 30/03/16 08:38, Sarp Kaya wrote:
>
> I have tried using standalone-ha.xml with shared database. I thought that
> would be enough but it seems like it’s not. The problem is
>
> I log into kc1 instance, and subsequent requests are authenticated.
> Then I try viewing
> host:8080/auth/realms/master/account
> Which is also authenticated.
>
> Then I try to view this on kc1 by changing port like:
> host:8081/auth/realms/master/account
>
> At this point I expect to see same page. However I get prompted for login
> for both kc1 and kc2. I see no logs at this point.
>
> So now I have switched to using keycloak-ha-postgres because it seemed to
> me that it comes clustering enabled out of box. So I nearly did exactly
> what this page:
>
>
https://hub.docker.com/r/jboss/keycloak-ha-postgres/builds/benk6w5cgdmrqo...
> told me to so. The only difference that I have done is adding ports
> (with –p 8080:8080 to one instance and –p 8081:8080 to the another one) and
> adding a new user.
>
> Once I start the I get this log:
>
> 05:28:49,888 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-1) ISPN000078: Starting JGroups channel keycloak
>
> 05:28:49,893 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-2) ISPN000078: Starting JGroups channel server
>
> 05:28:49,902 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-1) ISPN000094: Received new cluster view for channel keycloak:
> [a05014a5dc24|0] (1) [a05014a5dc24]
>
> 05:28:49,907 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-1) ISPN000079: Channel keycloak local address is a05014a5dc24,
> physical addresses are [127.0.0.1:55200]
>
> 05:28:49,902 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-2) ISPN000094: Received new cluster view for channel server:
> [a05014a5dc24|0] (1) [a05014a5dc24]
>
> 05:28:49,914 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-2) ISPN000079: Channel server local address is a05014a5dc24,
> physical addresses are [127.0.0.1:55200]
>
> 05:28:49,925 INFO [org.infinispan.factories.GlobalComponentRegistry]
> (MSC service thread 1-2) ISPN000128: Infinispan version: Infinispan 'Mahou'
> 8.1.0.Final
>
> 05:28:49,926 INFO [org.infinispan.factories.GlobalComponentRegistry]
> (MSC service thread 1-1) ISPN000128: Infinispan version: Infinispan 'Mahou'
> 8.1.0.Final
>
> 05:28:49,978 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-2) ISPN000078: Starting JGroups channel web
>
> 05:28:49,982 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-2) ISPN000094: Received new cluster view for channel web:
> [a05014a5dc24|0] (1) [a05014a5dc24]
>
> 05:28:49,984 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-2) ISPN000079: Channel web local address is a05014a5dc24, physical
> addresses are [127.0.0.1:55200]
>
> 05:28:49,985 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-1) ISPN000078: Starting JGroups channel hibernate
>
> 05:28:49,986 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-1) ISPN000094: Received new cluster view for channel hibernate:
> [a05014a5dc24|0] (1) [a05014a5dc24]
>
> 05:28:49,987 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-1) ISPN000079: Channel hibernate local address is a05014a5dc24,
> physical addresses are [127.0.0.1:55200]
>
> 05:28:50,028 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-1) ISPN000078: Starting JGroups channel ejb
>
> 05:28:50,030 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-1) ISPN000094: Received new cluster view for channel ejb:
> [a05014a5dc24|0] (1) [a05014a5dc24]
>
> 05:28:50,031 INFO
> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
> thread 1-1) ISPN000079: Channel ejb local address is a05014a5dc24, physical
> addresses are [127.0.0.1:55200]
>
> 05:28:50,357 INFO [org.jboss.as.clustering.infinispan] (ServerService
> Thread Pool -- 56) WFLYCLINF0002: Started realmVersions cache from keycloak
> container
>
> 05:28:50,391 INFO [org.jboss.as.clustering.infinispan] (ServerService
> Thread Pool -- 54) WFLYCLINF0002: Started offlineSessions cache from
> keycloak container
>
> 05:28:50,397 INFO [org.jboss.as.clustering.infinispan] (ServerService
> Thread Pool -- 55) WFLYCLINF0002: Started loginFailures cache from keycloak
> container
>
> 05:28:50,396 INFO [org.jboss.as.clustering.infinispan] (ServerService
> Thread Pool -- 52) WFLYCLINF0002: Started sessions cache from keycloak
> container
>
> 05:28:50,392 INFO [org.jboss.as.clustering.infinispan] (ServerService
> Thread Pool -- 53) WFLYCLINF0002: Started realms cache from keycloak
> container
>
> 05:28:50,399 INFO [org.jboss.as.clustering.infinispan] (ServerService
> Thread Pool -- 51) WFLYCLINF0002: Started users cache from keycloak
> container
>
> 05:28:50,402 INFO [org.jboss.as.clustering.infinispan] (ServerService
> Thread Pool -- 50) WFLYCLINF0002: Started work cache from keycloak container
>
>
> However I still have the same issue as above (I get logged out). Also I
> don’t get any new logs for the entire log-in, log-out processes.
>
> Am I doing something wrong?
> Thanks,
> Sarp
>
>
> _______________________________________________
> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>