+1 To running Keycloak on AWS section to docs. Do you want to contribute
that? Not sure about Docker images, we already have more than I'd like to
maintain.
On 7 April 2016 at 22:56, Scott Rossillo <srossillo(a)smartling.com> wrote:
Hi!
We completed the final steps to getting this working on Amazon AWS with
Docker using Keycloak 1.9.x. Since we already have a database, we used
JDBC_PING not to add S3 as yet another dependency.
The changes are here[0] for now. Would Keycloak devs be interested in
adding a running Keycloak on AWS section or another sample docker image?
There are 3 steps / files:
1. configureCache.xsl sets up Infinispan correctly
2. start.sh - Uses Amazon APIs via HTTP to get the correct instance IP
information
3. 30_docker_ports.config - if using Docker, this shell script runs on
deploy to expose the cluster port to the EC2 interface. Needed with
Beanstalk, maybe not with ECS
[0]:
https://gist.github.com/foo4u/ad2fa7251ac5b4d4fd318f668f50f7ac
Best,
Scott
Scott Rossillo
Smartling | Senior Software Engineer
srossillo(a)smartling.com
On Apr 7, 2016, at 6:44 AM, Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
Hello,
have a look at this thread:
http://lists.jboss.org/pipermail/keycloak-user/2016-February/004935.html
Cheers,
Thomas
2016-04-07 12:40 GMT+02:00 Stian Thorgersen <sthorger(a)redhat.com>:
> It is not currently possible to run multiple nodes without clustering.
> However, it's possible to configure JGroups to work on AWS. I can't
> remember the configuration required though, but if you search the user
> mailing list you'll find instructions or google for JGroups and AWS.
>
> On 7 April 2016 at 10:22, Christian Schwarz <christian(a)datek.no> wrote:
>
>> Hi!
>>
>> I'm trying to setup a keycloak cluster on AWS, which does not support
>> UDP multicast. IP addresses of the nodes are also not known in advance (I'm
>> using docker-cloud), so Infinispan/JGroups ("keycloak-ha-posgres"
docker
>> image) for user session replication will not work (seems that it requires
>> either UDP multicast or IP addresses known in advance).
>>
>> The main problem I have is that logout is not working propertly. I only
>> get logged out from one of the two keycloak nodes.
>>
>> I have tried to disable the user cache (by setting
>> userCache.default.enabled = false) and to disable infinispan (by using
>> “keycloak-postgres” docker image), but to no avail. The “other” keycloak
>> node still thinks that the user is logged in, it’s not refreshing the user
>> session from the database even if user cache and infinispan cluster cache
>> is disbled.
>>
>> => Is there a possibility of using the database as a synchronization
>> point between keycloak nodes? (i.e. each node always checks logout status
>> in the database)
>> Or is there another way of getting a keycloak cluster up and running on
>> AWS when IP addresses are not known in advance?
>>
>> I hope there is a way… :)
>>
>> Kind regards,
>> Christian
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user