[keycloak-dev] UserSessions support for cross-dc
Marek Posolda
mposolda at redhat.com
Thu Jul 27 08:25:21 EDT 2017
I've sent PR https://github.com/keycloak/keycloak/pull/4357 for subject.
It adds cross-dc support for userSessions, so that if you write
userSession "abc" in DC1, you will be able to read it in DC2 and viceversa.
Among cross-dc, it also provides the solution for lost updates (write
skew) issues where 2 threads on different cluster nodes (or in different
data-centers) updates same userSession. They both read the userSession
in same state and then both update it, but 2nd update will overwrite the
1st one, which was committed first. I've used the pattern based on
tracking changes (events) and infinispan atomic-replace operation
described in the earlier mail:
http://lists.jboss.org/pipermail/keycloak-dev/2017-May/009347.html
So there was some refactoring of InfinispanUserSessionProvider to
support the event-based approach. One difference from the previous
proposal was, that events are not sent between data-centers but instead
userSession entities are directly written to remoteCache itself -
however the writes are still protected to avoid write skew issues. The
reason is, that with multiple datacenters, it can happen that
datacenters lost the network connection between each other (split
brain). Infinispan has some ways to restore from this state and sync the
entities after network connection is fixed. With the entities directly
in the cache, this should be easier to achieve then the case when the
remoteCache is used just as an event bus to send "changes" among
datacenters.
There is still lots of work for the cross-dc support, but hopefully it's
another step forward :)
Marek
More information about the keycloak-dev
mailing list