[keycloak-dev] Mongo Replica Sets

Marek Posolda mposolda at redhat.com
Fri Oct 9 00:08:55 EDT 2015


Just one minor thing, it looks to me that when you introduce "uri" in 
the configuration, the operationalInfo won't be filled. This 
operationInfo is used for admins for debugging server status and can be 
shown for example from admin console. Could you improve PR to ensure it 
is filled?

Thanks,
Marek

On 08/10/15 19:15, Stian Thorgersen wrote:
> Sorry, I scanned it to a bit to quick.
>
> Your patch looks good, create a PR and we'll merge it.
>
> On 8 October 2015 at 12:24, Carsten Saathoff 
> <Carsten.Saathoff at kisters.de <mailto:Carsten.Saathoff at kisters.de>> wrote:
>
>     I am not asking for support, I am proposing a change to the
>     mongodb connection provider to support mongo replica sets.
>
>     best
>
>     Carsten
>     ------------------------------------------------------------------------
>     Carsten Saathoff - KISTERS AG - Stau 75 - 26122 Oldenburg - Germany
>     Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters,
>     Hanns Kisters | Aufsichtsratsvorsitzender: Dr. Thomas Klevers
>     Phone: +49 441 93602 -257 <tel:%2B49%20441%2093602%20-257> | Fax:
>     +49 441 93602 -222 <tel:%2B49%20441%2093602%20-222> | E-Mail:
>     Carsten.Saathoff at kisters.de <mailto:Carsten.Saathoff at kisters.de> |
>     WWW: http://www.kisters.de
>     ------------------------------------------------------------------------
>     Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
>     Informationen. Wenn Sie nicht der richtige Adressat sind oder
>     diese E-Mail irrtümlich erhalten haben, informieren Sie bitte
>     sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
>     Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
>     gestattet.
>     This e-mail may contain confidential and/or privileged
>     information. If you are not the intended recipient (or have
>     received this e-mail in error) please notify the sender
>     immediately and destroy this e-mail. Any unauthorised copying,
>     disclosure or distribution of the material in this e-mail is
>     strictly forbidden.
>
>
>
>     From: Stian Thorgersen <sthorger at redhat.com
>     <mailto:sthorger at redhat.com>>
>     To: Carsten Saathoff <Carsten.Saathoff at kisters.de
>     <mailto:Carsten.Saathoff at kisters.de>>,
>     Cc: keycloak-dev <keycloak-dev at lists.jboss.org
>     <mailto:keycloak-dev at lists.jboss.org>>
>     Date: 08/10/2015 12:00
>     Subject: Re: [keycloak-dev] Mongo Replica Sets
>     Sent by: keycloak-dev-bounces at lists.jboss.org
>     <mailto:keycloak-dev-bounces at lists.jboss.org>
>     ------------------------------------------------------------------------
>
>
>
>     Please use user mailing list for support
>
>     On 8 October 2015 at 10:42, Carsten Saathoff
>     <_Carsten.Saathoff at kisters.de_
>     <mailto:Carsten.Saathoff at kisters.de>> wrote:
>     Hi all,
>
>     we are currently setting up a production system that uses keycloak
>     as the Identity Provider. We use mongodb as the database for
>     keycloak (since this is our main database), but require keycloak
>     to also handle mongodb replica sets appropriately. Currently, when
>     the primary changes in a mongo replica set, keycloak stops
>     working, since it only connects to a single instance.
>
>     I have a version of keycloak that uses a mongodb:// uri[1] to
>     specify the mongo connection parameters in the keycloak
>     configuration file. Since mongodb:// uris are a standard way of
>     obtaining a mongo client, this naturally supports replica sets.
>     The patch is only a couple of lines and seems to work. The only
>     issue I have is that the MongoDB update seems to be broken in
>     master currently. But this is also the case when I build keycloak
>     without my patch, so I assume this to be an unrelated issue.
>
>     The commit is available in my keycloak fork:
>     _
>     __https://github.com/kodemaniak/keycloak/commit/6741dffe38c9c8d9fd8ca1e92cb15762666a607a_
>
>     Only the setup of the operational attributes is still missing for
>     the configuration via uri, but it can easily be added.
>
>     I would like to get this somehow into an official release, since I
>     think that supporting replica sets is crucial in order to use
>     keycloak with mongo in a production setup. Personally I think that
>     specifying mongo connection parameters via mongodb:// uris is the
>     most convenient way and it's standardized. So it could even be the
>     only way of specifying the connection details IMHO.
>
>     Since in the contribution section it's encouraged to first discuss
>     such ideas on this mailing list prior to sending a pull request, I
>     am sending this mail to receive any feedback.
>
>     best
>
>     Carsten
>
>     [1] _http://docs.mongodb.org/manual/reference/connection-string/_
>
>     ------------------------------------------------------------------------
>     Carsten Saathoff - KISTERS AG - Stau 75 - 26122 Oldenburg - Germany
>     Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters,
>     Hanns Kisters | Aufsichtsratsvorsitzender: Dr. Thomas Klevers
>     Phone: _+49 441 93602 -257_ <tel:%2B49%20441%2093602%20-257>| Fax:
>     _+49 441 93602 -222_ <tel:%2B49%20441%2093602%20-222>| E-Mail:
>     _Carsten.Saathoff at kisters.de_
>     <mailto:Carsten.Saathoff at kisters.de>| WWW: _http://www.kisters.de_
>     <http://www.kisters.de/>
>     ------------------------------------------------------------------------
>     Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
>     Informationen. Wenn Sie nicht der richtige Adressat sind oder
>     diese E-Mail irrtümlich erhalten haben, informieren Sie bitte
>     sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
>     Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
>     gestattet.
>     This e-mail may contain confidential and/or privileged
>     information. If you are not the intended recipient (or have
>     received this e-mail in error) please notify the sender
>     immediately and destroy this e-mail. Any unauthorised copying,
>     disclosure or distribution of the material in this e-mail is
>     strictly forbidden.
>     _______________________________________________
>     keycloak-dev mailing list_
>     __keycloak-dev at lists.jboss.org_ <mailto:keycloak-dev at lists.jboss.org>_
>     __https://lists.jboss.org/mailman/listinfo/keycloak-dev_
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151009/9bd50c6e/attachment.html 


More information about the keycloak-dev mailing list