10:02 a.m.
oops, sorry. The server-info page was added recently and it's not in
1.1.Beta2. It would be available in 1.1.0.Final (or alternative is to
build keycloak from master). Anyway, if you enable debug logging for
org.keycloak.services.DefaultKeycloakSessionFactory you should see in
server.log which providers are used and hence you should see
'infinispan' for realmCache, userCache and userSessions.
We also recently added "Troubleshooting" page to clustering docs, which
might help you to figure out what ports are needed
https://github.com/keycloak/keycloak/blob/master/docbook/reference/en/en-...
. You can try to temporarily disable firewall and see if it helps with
cluster communication. Then you can figure more accurately which ports
you need to open.
But generally we rely on infinispan/jgroups for cluster, so more info
about cluster config and switch between udp/tcp should be available in
their docs.
Marek
On 19.1.2015 13:32, prab rrrr wrote:
Hi Marek - Thanks for the below pointers. I believe my setup is good
but probably the udp communication is blocked in my organization as I
do not see the specific log you mentioned. Here are some of the log
messages I see:
Starting JGroups channel
Received new cluster view ... node 1 (no information about node2)
I will look at JGroups documentation to have the communication setup
using tcp on a different port. Hopefully that would address the problem.
I tried out the url you provided to verify the setup but it doesn't
work - checked on two different setups. fyi - I am using 1.1Beta2 version.
Regards,
Raghu
------------------------------------------------------------------------
*From:* Marek Posolda <mposolda(a)redhat.com>
*To:* prab rrrr <prabhalar(a)yahoo.com>; Keycloak-user
<keycloak-user(a)lists.jboss.org>
*Sent:* Monday, January 19, 2015 6:09 AM
*Subject:* Re: [keycloak-user] Keycloak Clustering Issues
That's quite strange. I've just tested same scenario and works fine
for me. If you do any change on user, the user is invalidated from
cache on node-1 and this change about invalidation should be
propagated to node-2 . As long as you have shared database, node-2
should then retrieve newest data about shared user from database.
I would suggest to try this:
* Make sure that your infinispan cluster is correctly set. You can
check it by seeing the message similar to this in server.log of both
nodes: node_1 | 10:49:50,344 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(Incoming-10,shared=udp) ISPN000094: Received new cluster view:
[node1/keycloak|1] (2) [node1/keycloak, node2/keycloak]
* Make sure that you enable "infinispan" as provider of realmCache and
userCache and configured connectionsInfinispan . When you open admin
console on any node like:
http://node-1:8080/auth/admin/master/console/index.html#/server-info
<http://localhost:8080/auth/admin/master/console/index.html#/server-info>
you should see:
connectionsInfinispan default
realmCache infinispan
userCache infinispan
userSessions infinispan
* If still seeing issues, you can try to enable trace logging for
"org.keycloak.models.cache.infinispan" category.
Hope this helps,
Marek
On 17.1.2015 04:32, prab rrrr wrote:
>
>
> Anyone noticed any issues with Infinispan? I saw a weird issue. After
> setting up a cluster with two nodes, made some changes on node-1
> (created a user and changed the first name). While the user appeared
> on node-2, the change to the first name didn't make it. Restarting
> the node-2 didn't help either. Wondering if Infinispan is preventing
> all the changes to be picked up from database. If so, what settings
> would ensure that the data is consistent between the nodes?
>
> Thanks,
> Raghu
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user