[keycloak-user] cluster configuration

Stian Thorgersen stian at redhat.com
Mon Mar 2 22:34:01 EST 2015 


----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: "Kevin Chen" <Peng.Chen at halliburton.com>, "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Monday, 2 March, 2015 8:46:23 PM
> Subject: Re: [keycloak-user] cluster configuration
> 
> Hi,
> 
> I am not sure if pointing H2 to same file is enough. For shared database
> in cluster, I would rather try to use "Server mode" with URL like
> jdbc:h2:tcp://<server>[:<port>]/[<path>]<databaseName> as described here
> http://www.h2database.com/html/features.html . Another alternative is to
> use some "real" database like MySQL or PostgreSQL.

+1 I would not recommend H2 in production and especially not if you're wanting to cluster

> 
> Marek
> 
> On 27.2.2015 20:37, Kevin Chen wrote:
> > Stian:
> > Thanks, I did follow the documentation. One thing I am not sure is the
> > "Shared DB", does it refer to keycloak.h2.db? if so, I did point both
> > cluster to the same  file.
> >
> > BTW, I am running both nodes on the same machine with port offset.
> >
> > Thanks
> > Kevin
> >
> > -----Original Message-----
> > From: Stian Thorgersen [mailto:stian at redhat.com]
> > Sent: Thursday, February 26, 2015 11:54 PM
> > To: Kevin Chen
> > Cc: keycloak-user at lists.jboss.org
> > Subject: [EXTERNAL] Re: [keycloak-user] cluster configuration
> >
> > Have you followed the docs
> > (http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/clustering.html)?
> > You need:
> >
> > * Keycloak 1.1.0.Final
> > * Shared DB
> > * Properly configured Infinispan caches
> > * Infinispan user session provider and Infinispan realm+user cache
> > providers
> >
> > ----- Original Message -----
> >> From: "Kevin Chen" <Peng.Chen at halliburton.com>
> >> To: keycloak-user at lists.jboss.org
> >> Sent: Thursday, February 26, 2015 9:25:42 PM
> >> Subject: [keycloak-user] cluster configuration
> >>
> >> I am using keycloak 1.1, and tried to configure the cluster with 2
> >> nodes. I am using apache httpd-2.2 as front end for both nodes. The
> >> log shows both node.
> >>
> >> I deployed KeyCloakWebTest.war on both node and without problem to access
> >> it.
> >>
> >> But when I try to access /auth/admin, it did not work:
> >> 1. if both nodes are running, after input correct username/password,
> >> the same login page will show up again.
> >> 2. I stopped one node, login with the same user, it is successful and
> >> able to manage my Realms.
> >> 3. Then I started the other node, and click on any actions in my
> >> already logged in session,  the browser will show the login page again
> >> and in the newly started node, the following exception show up:
> >> 	14:22:42,033 WARN  [org.jboss.resteasy.core.SynchronousDispatcher]
> >> 	(ajp-/127.0.0.1:8009-2) Failed executing GET /admin/serverinfo:
> >> 	org.jboss.resteasy.
> >> spi.UnauthorizedException: Bearer
> >>          at
> >>          org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:152)
> >>          [keycloak-services-1.2.0.Beta1-SNAPSHOT.j
> >> ar:1.2.0.Beta1-SNAPSHOT]
> >>
> >> How can I fix this?
> >>
> >> Thanks
> >> Kevin
> >>
> >> ----------------------------------------------------------------------
> >> This e-mail, including any attached files, may contain confidential
> >> and privileged information for the sole use of the intended recipient.
> >> Any review, use, distribution, or disclosure by others is strictly
> >> prohibited.
> >> If you are not the intended recipient (or authorized to receive
> >> information for the intended recipient), please contact the sender by
> >> reply e-mail and delete all copies of this message.
> >>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
>

More information about the keycloak-user mailing list