[keycloak-dev] Wildfly 13 upgrade

Marek Posolda mposolda at redhat.com
Fri Jun 29 03:44:34 EDT 2018 

The PR for Wildfly 13 upgrade is finally ready to review - 
https://github.com/keycloak/keycloak/pull/5293 . Few things to highlight 
for this PR:

- Dependencies of undertow, infinispan, resteasy and aesh and some 
others were updated to use the versions used by Wildfly.

- Some configuration changes are needed in infinispan Wildfly subsystem 
(Removed jndi-name from cache-container element, Replaced "eviction" 
element by "objects" element in the configuration of caches, ...). This 
is all documented and described in migration guide. Also migration 
scripts were updated to reflect all of this and automatically update 
configurations of standalone and domain configuration files. 
Server-config-migration-tests is passing

- For Cross-DC, infinispan-server used is now infinispan-server 
9.2.4.Final (same infinispan version like Wildfly 13 is using) and JDG 
7.2. It was a bit of pain, but finally cross-dc tests are passing fine 
with both infinispan-server-9.2.4 and JDG 7.2. The PR contains some 
changes especially in the keycloak-model-infinispan part as updating 
infinispan wasn't so straightforward. Few things to note:
-- Some API changes and deprecated methods in infinispan, which we need 
to adapt too
-- For cross-dc, we don't use JDG '___script_cache' anymore for 
preloading sessions. It caused some issues in the past related to 
security. Also there seem to be a bug in JDG 7.2, which prevent it to 
work correctly. We know use "remoteCache.retrieveEntries", which was 
improved in infinispan 9 and allows great performance and preloading 
sessions in parallel. Was trying to test preloading with million 
sessions in JDG and it took just around a minute on my laptop

- There is still the issue that keycloak-admin-cli and 
keycloak-client-registration-cli use the old aesh. I've created 
https://issues.jboss.org/browse/KEYCLOAK-7737 . Fortunately old aesh is 
not needed as Wildfly module, because the "fat" jars 
"keycloak-admin-cli" and "keycloak-client-registration-cli" just 
contains it's classes (as well as the other dependencies) contained in 
itself. IMO this is not a blocker to upgrade master to Wildfly 13 now 
and it can be addressed later. But will be good to address this (EG. if 
there are security and other issues in old aesh, we won't be able to 
rely on Wildfly support etc). WDYT?

- I've sent the PR for documentation last week 
https://github.com/keycloak/keycloak-documentation/pull/410 . But this 
one is not yet ready for review. I need to update it based on feedback 
from Matthew. Also need to update a bit the content as well. Hopefully 
will be ready for review later today.

Marek

More information about the keycloak-dev mailing list