Thanks, I've added small "troubleshooting" section to our clustering
docs and mentioned this info here.
Cheers,
Marek
On 12.12.2014 20:09, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:
I now have it working with my firewall enabled. The Wildfly config is
socket-binding with name “jgroups-udp”. For an HA domain cluster,
this is within socket-binding-group “ha-sockets”. Default values are
UDP port 55200 and multicast port 45688 with multicast address
230.0.0.4. I think it would be helpful to mention this in the
Keycloak docs. The Wildfly docs for clustering only note information
applicable to mod_cluster, which is different than this.
Thanks,
John
*From:*Schneider, John DODGE CONSULTING SERVICES, LLC
*Sent:* Friday, December 12, 2014 1:08 PM
*To:* 'Marek Posolda'; keycloak-user(a)lists.jboss.org
*Subject:* RE: [External] Re: [keycloak-user] 1.1 Beta2 in Wildfly cluster
Hi Marek,
Thanks for getting back to me. I did see the ISPN000094 message you
described in my log files, but it didn’t look like the messages you
listed. My messages only noted one node. After disabling the firewall
on both nodes, Keycloak is now working in domain mode with Infinispan
providers in my config. Now I just have to figure out all the ports
necessary for JGroups to function correctly. Once I figure this out,
I will respond back. Hopefully you can add this info to the
documentation to help others out in the future.
Thanks again for your help,
John
*From:*Marek Posolda [mailto:mposolda@redhat.com]
*Sent:* Friday, December 12, 2014 6:56 AM
*To:* Schneider, John DODGE CONSULTING SERVICES, LLC;
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
*Subject:* [External] Re: [keycloak-user] 1.1 Beta2 in Wildfly cluster
Are you using shared database among both cluster nodes? Also when you
start node1 and then start node2, you should see some message similar
to this in the log of node1, which indicates that cluster nodes are
connected:
wfnode_1 | 11:28:30,888 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(Incoming-1,shared=udp) ISPN000094: Received new cluster view:
[wfnode1/web|1] (2) [wfnode1/web, wfnode2/web]
wfnode_1 | 11:28:33,767 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(Incoming-10,shared=udp) ISPN000094: Received new cluster view:
[wfnode1/keycloak|1] (2) [wfnode1/keycloak, wfnode2/keycloak]
For more logging of which provider is used by keycloak-server.json,
you can enable DEBUG logging for keycloak in standalone-full.xml (or
domain.xml or whatever you are using):
<logger category="org.keycloak">
<level name="DEBUG"/>
</logger>
Also I think that editing file
|standalone/configuration/keycloak-server.json is just for standalone,
but probably doesn't work for wildfly domain.|
Maybe you can first try if cluster works in standalone configuration.
If it helps, we can figure the domain later.
Marek
On 10.12.2014 00:57, Schneider, John DODGE CONSULTING SERVICES, LLC wrote:
Hi,
Correction, I **thought** everything was running in Wildfly domain
mode. It turns out I just got lucky by hitting the same server
node in my initial test. After a reboot and further testing
today, I’m not able to login to the Keycloak admin console when
both nodes in my cluster are running. After attempting login, I
am either taken back to a blank login page, or I see error
“Unknown code, please login again through your application.” Once
in awhile, I can login without error. I should note that I’m using
an Apache reverse proxy via mod_cluster.
I see no errors in the server logs. I do see message “JBAS010281:
Started <x> cache from keycloak container” for each of “realms”,
“sessions”, “loginFailures”, “users”. So, it looks like my domain
config is working. However, I can’t tell for sure that Keycloak
is attempting to use the infinispan caches. Some additional log
output showing the values from keycloak-server.json would be
helpful. I used the CLI to upload
“/profile=full-ha/subsystem=keycloak/auth-server=keycloak-1/:update-server-config(bytes-to-upload=/usr/local/wildfly/domain/configuration/keycloak-server.json~,overwrite=true)”
The response was “success” and then I restarted Wildfly on both
nodes in the cluster.
Has anyone been able to get Keycloak 1.1 Beta 2 working in a
wildfly domain, and using mod_cluster? If so, could you please
provide guidance?
Thanks,
John
*From:*Schneider, John DODGE CONSULTING SERVICES, LLC
*Sent:* Monday, December 08, 2014 6:43 PM
*To:* keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
*Subject:* 1.1 documentation update for running in domain HA mode
Hi guys,
Thanks so much for getting clustering support working in 1.1. I
have it up and running well in a Wildfly 8 domain setup under the
“full-ha” profile. One thing that I was pulling my hair out about
for a while today were some errors related to Infinispan config.
I figured out that if running in HA cluster, you must include the
“transport” element under the cache-container config (i.e.
<transport lock-timeout=”60000” />). It would be great if you
could update Chapter 23 of the documentation to reflect this
requirement.
Thanks,
John
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user