Are you using shared database among both cluster nodes? Also when you
start node1 and then start node2, you should see some message similar to
this in the log of node1, which indicates that cluster nodes are connected:
wfnode_1 | 11:28:30,888 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(Incoming-1,shared=udp) ISPN000094: Received new cluster view:
[wfnode1/web|1] (2) [wfnode1/web, wfnode2/web]
wfnode_1 | 11:28:33,767 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(Incoming-10,shared=udp) ISPN000094: Received new cluster view:
[wfnode1/keycloak|1] (2) [wfnode1/keycloak, wfnode2/keycloak]
For more logging of which provider is used by keycloak-server.json, you
can enable DEBUG logging for keycloak in standalone-full.xml (or
domain.xml or whatever you are using):
<logger category="org.keycloak">
<level name="DEBUG"/>
</logger>
Also I think that editing file
|standalone/configuration/keycloak-server.json is just for standalone,
but probably doesn't work for wildfly domain.
|
Maybe you can first try if cluster works in standalone configuration. If
it helps, we can figure the domain later.
Marek
On 10.12.2014 00:57, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:
Hi,
Correction, I **thought** everything was running in Wildfly domain
mode. It turns out I just got lucky by hitting the same server node
in my initial test. After a reboot and further testing today, I’m not
able to login to the Keycloak admin console when both nodes in my
cluster are running. After attempting login, I am either taken back
to a blank login page, or I see error “Unknown code, please login
again through your application.” Once in awhile, I can login without
error. I should note that I’m using an Apache reverse proxy via
mod_cluster.
I see no errors in the server logs. I do see message “JBAS010281:
Started <x> cache from keycloak container” for each of “realms”,
“sessions”, “loginFailures”, “users”. So, it looks like my domain
config is working. However, I can’t tell for sure that Keycloak is
attempting to use the infinispan caches. Some additional log output
showing the values from keycloak-server.json would be helpful. I used
the CLI to upload
“/profile=full-ha/subsystem=keycloak/auth-server=keycloak-1/:update-server-config(bytes-to-upload=/usr/local/wildfly/domain/configuration/keycloak-server.json~,overwrite=true)”
The response was “success” and then I restarted Wildfly on both nodes
in the cluster.
Has anyone been able to get Keycloak 1.1 Beta 2 working in a wildfly
domain, and using mod_cluster? If so, could you please provide guidance?
Thanks,
John
*From:*Schneider, John DODGE CONSULTING SERVICES, LLC
*Sent:* Monday, December 08, 2014 6:43 PM
*To:* keycloak-user(a)lists.jboss.org
*Subject:* 1.1 documentation update for running in domain HA mode
Hi guys,
Thanks so much for getting clustering support working in 1.1. I have
it up and running well in a Wildfly 8 domain setup under the “full-ha”
profile. One thing that I was pulling my hair out about for a while
today were some errors related to Infinispan config. I figured out
that if running in HA cluster, you must include the “transport”
element under the cache-container config (i.e. <transport
lock-timeout=”60000” />). It would be great if you could update
Chapter 23 of the documentation to reflect this requirement.
Thanks,
John
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user