[keycloak-dev] Infinispan Cache and Keycloak instance restart
Adrien DESBIAUX
adesbiaux at vente-privee.com
Thu Aug 30 10:56:23 EDT 2018
Hi,
Many thanks Marek.
We will def have a look.
Cheers,
________________________________
From: Marek Posolda <mposolda at redhat.com>
Sent: Thursday, August 30, 2018 11:42:26 AM
To: Adrien DESBIAUX; keycloak-dev at lists.jboss.org
Subject: Re: [keycloak-dev] Infinispan Cache and Keycloak instance restart
Hi,
how many owners are on your infinispan distributed caches? If it's 1
owner (default setting), the failover is not available and the behaviour
you're seeing is hence expected. You may need to change owners to 2 or
3. See documentation for more details (Also latest docs coming with
Keycloak 4.4.X release contains some more details around this).
Marek
On 28/08/18 11:39, Adrien DESBIAUX wrote:
> Hello!
>
>
> Thanks again for maintaining Keycloak.
>
>
> I would have a question:
>
>
> - We are running Keycloak 3.4
>
> - We did setup a Keycloak standalone HA cluster (3 nodes).
>
> - As well we did connect those nodes to an Infinispan cluster.
>
>
> All is running fine. However the trouble comes when we want to update the Keycloak Nodes.
>
> Updates can be either on themes or modules.
>
>
> We update for example a module, e.g a new user federation SPI, with Ansible.
>
> Then we restart the Keycloak nodes one after another. The restart is required so that a Keycloak node can register the new module.
>
>
> All is correct except that users need to login again after the reload has been performed.
>
> Is it something we can prevent happening? it is a strange behaviour, since we rely on Infinispan for sessions cache...
>
>
> Is there another local cache to be configured in Infinispan to avoid users to re-login after restarting Keycloak?
>
>
> It would be very helpful if you could give us a direction to investigate as rolling out several updates per day would lead to several re-logins from a user perspective.
>
>
> Cheers,
>
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Ddev&d=DwICaQ&c=8G9fL-FODW3I-fESjFvsaw&r=BhQIS0sALperhBRJRNzxM3Ax9g4k8rNIuzNmM35TMgE&m=3avD19J-uUP_iVkM4EraHy9h5WmDyrGADDKcAsOq4Ns&s=Q_j6p3AqAYL7O0AhoDXIPelcAFrTksTbVZggtrcJ8wE&e=
More information about the keycloak-dev
mailing list