[keycloak-dev] TCP for JGroups and bind options

Schuster Sebastian (INST-CSS/BSV-OS2) Sebastian.Schuster at bosch-si.com
Thu Apr 11 06:53:24 EDT 2019 

Hi Sebastian,

I think going with TCP is fine. Looking at the PR, I am not sure using hostname -i to find the local IP address is a good idea. Looking at the man page:
       -i, --ip-address
              Display the network address(es) of the host name. Note that this works only if the host name can be resolved. Avoid using this option; use hostname --all-ip-addresses instead.
while:
       -I, --all-ip-addresses
              Display all network addresses of the host. This option enumerates all configured addresses on all network interfaces. The loopback interface and IPv6 link-local addresses are omitted. Contrary to option -i, this
              option does not depend on name resolution. Do not make any assumptions about the order of the output.

I can imagine the second option might be more suitable, since it does not depend on DNS and you want to exclude loopback interfaces anyways?

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

Dr.-Ing. Sebastian Schuster

Open Source Services (INST-CSS/BSV-OS2) 
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Fax +49 30 726112-100 | Sebastian.Schuster at bosch-si.com

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B 
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic 




-----Ursprüngliche Nachricht-----
Von: keycloak-dev-bounces at lists.jboss.org <keycloak-dev-bounces at lists.jboss.org> Im Auftrag von Sebastian Laskawiec
Gesendet: Donnerstag, 11. April 2019 10:02
An: keycloak-dev <keycloak-dev at lists.jboss.org>
Betreff: [keycloak-dev] TCP for JGroups and bind options

Hey,

I've been working on JGroups bind settings for Keycloak Container Image recently and we had a discussion with Stian about changing both binding options and transport for JGroups.

As you probably know, we use standalone-ha.xml as a default configuration for our image. This means, that Infinispan boots up in clustered mode. At the moment, we use the default transport from the configuration, which is UDP (with PING as discovery).

Even though UDP transport is a bit faster for larger clusters, it often doesn't work out of the box in cloud environments (like AWS for the instance). Of course, the JGroups stack can easily be changed by using the `-Djboss.default.jgroups.stack=tcp` switch.

I'm planning to revise this piece and change the default transport to TCP (probably by adding `-Djboss.default.jgroups.stack=tcp` switch to the default options).

I also proposed, and would like to ask you to try it out, changing the bind parameters to match IPv4 [1]. Previously, JGroups tried to bind to wrong interfaces, including `fe80::5003:8eff:fefa:3e53%tap0` exposed by Podman.

Please have a look at the Pull Request [1], check if it works for you and let me know what you think about using TCP as default transport for JGroups.

Thanks,
Sebastian

[1] https://github.com/jboss-dockerfiles/keycloak/pull/186
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list