[keycloak-dev] Latest changes with JGroups discovery in 4.5.0.Final Docker Image

Sebastian Laskawiec slaskawi at redhat.com
Mon Oct 1 08:22:37 EDT 2018 

Hey Sebastian,

Thanks a lot for the comment. Let me give you some more insight on this
change...

One of our goals was to make Keycloak more Cloud-friendly (especially with
the regards to OpenShift). One of the first steps is to make it clustered
by default. This requires making both `jboss.bind.address` and
`jboss.bind.address.private` pointing to the eth0 of the container and
bootstrapping the `standalone-ha.xml` configuration by default. As you
already noticed, you can easily override this behavior by specifying `-c
standalone.xml` configuration and (if you wish) specifying `BIND`
environmental variable pointing to `127.0.0.1`.

Now, why JGroups bind to the `jboss.bind.address.private` instead of
`jboss.bind.address` by default is not obvious to me. I will ask the
Wildfly Team why they decided to take this direction. I personally would do
the opposite.

As for the patch you suggested, I totally agree with you - we should also
scan for `--server-config`. May I ask you for a pull request?

Thanks,
Sebastian

On Fri, Sep 28, 2018 at 6:11 PM Schuster Sebastian (INST-CSS/BSV-OS) <
Sebastian.Schuster at bosch-si.com> wrote:

> Maybe this snippet is helpful:
>
> if echo "$@" | egrep -v -- '-c |-c=|--server-config |--server-config=';
> then
>     SYS_PROPS+=" -c=standalone-ha.xml"
> fi
>
> Best regards,
> Sebastian
>
> Mit freundlichen Grüßen / Best regards
>
> Dr.-Ing.  Sebastian Schuster
>
> Open Source Services (INST-CSS/BSV-OS)
> Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
> GERMANY
> <https://maps.google.com/?q=Ullsteinstr.+128+%7C+12109+Berlin+%7C+GERMANY&entry=gmail&source=g>
> | www.bosch-si.com
> Tel. +49 30 726112-485 <+49%2030%20726112485> | Fax +49 30 726112-100
> <+49%2030%20726112100> | Sebastian.Schuster at bosch-si.com
>
> Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
> Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.
> Stefan Ferber, Michael Hahn
>
>
>
>
> -----Original Message-----
> From: keycloak-dev-bounces at lists.jboss.org <
> keycloak-dev-bounces at lists.jboss.org> On Behalf Of Schuster Sebastian
> (INST-CSS/BSV-OS)
> Sent: Freitag, 28. September 2018 16:00
> To: keycloak-dev <keycloak-dev at lists.jboss.org>
> Subject: [keycloak-dev] Latest changes with JGroups discovery in
> 4.5.0.Final Docker Image
>
> Hi everybody,
>
> I think there are some minor issues with the changes in the 4.5.0 Docker
> image. In docker-entrypoint.sh per default if nothing is specified the
> jboss.bind.address and jboss.bind.address.private are both set to hostname
> –i and if nothing is specified standalone-ha mode is used. I find that at
> least questionable, I think running standalone is a safer default compared
> to opening JGroups communication on a public interface. However, the
> default works for us in Kubernetes.
>
> However, the detection whether a profile was specified (if echo "$@" |
> egrep -v -- "-c "; then)  should be improved,  only looking for “-c” does
> not work as “—server-config” is equally possible. Wildfly will die with an
> error if both are present…
>
> Best regards,
> Sebastian
>
>
> Mit freundlichen Grüßen / Best regards
>
> Dr.-Ing. Sebastian Schuster
>
> Open Source Services (INST-CSS/BSV-OS)
> Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
> GERMANY
> <https://maps.google.com/?q=Ullsteinstr.+128+%7C+12109+Berlin+%7C+GERMANY&entry=gmail&source=g>
> | www.bosch-si.com<http://www.bosch-si.com>
> Tel. +49 30 726112-485 <+49%2030%20726112485> | Fax +49 30 726112-100
> <+49%2030%20726112100> | Sebastian.Schuster at bosch-si.com<mailto:
> Sebastian.Schuster at bosch-si.com>
>
> Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
> Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.
> Stefan Ferber, Michael Hahn
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list