[keycloak-dev] Running KeyCloak in cluster mode

Stian Thorgersen sthorger at redhat.com
Thu Sep 22 03:30:56 EDT 2016

Yes, that's needed. JGroups is by default bound to and should in
best practice be bound to a private secure network to limit access. See
for more details.

On 21 September 2016 at 16:35, Muein Muzamil <shmuein+keycloak-dev at gmail.com
> wrote:

> Hi all,
> I am trying to run KeyCloak in cluster mode with docker containers using
> standalone-ha.xml but for me containers are not joining the same infinispan
> cluster.
> I tried to follow following blog entry but not sure it is still valid.
> http://blog.keycloak.org/2015/04/running-keycloak-cluster-with-docker.html
> I was trying to follow this to run multiple docker containers in cluster
> with the latest images. But when I ran second keycloak container, I didn't
> see this container joining the 1st cluster. I was seeing this in the log
> for the second container.
> [0m[0m12:31:56,385 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
> (MSC service thread 1-2) ISPN000094: Received new cluster view for channel
> keycloak: [saskeycloak-fbtit|0] (1) [saskeycloak-fbtit]
> To get it working I had to update private interface in standalone-ha.xml
> to use docker container's IP.
> <interface name="private">
>     <!--<inet-address value="${jboss.bind.address.private:}"/>-->
>     <inet-address value="" />
> </interface>
> Is that really needed or do we have a better way to get it working?
> Regards,
> Muein
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160922/1a538c87/attachment.html 

More information about the keycloak-dev mailing list