[keycloak-user] Keycloak Clustering, other instance logs me out

John Bartko john.bartko at drillinginfo.com
Wed Mar 30 22:53:03 EDT 2016 

You're on the right track. Taking a look at my notes, the following may be
required:

   - docker container with host mode networking and NET_ADMIN capabilities
   if clustering across container hosts
   - entrypoint parameters:
   -Djgroups.bind_addr=HOST_IP -b HOST_IP --server-config standalone-ha.xml
   note the host default interface IP must be used and not a wildcard of
   0.0.0.0
   - the socket-binding changed


On Wed, Mar 30, 2016 at 7:49 PM, Sarp Kaya <akaya at expedia.com> wrote:

> Sorry to send an e-mail again what I did is changed this:
>
> <socket-binding name="jgroups-udp" interface="public" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>
>
> Also set the public interface as:
>
> <interface name="public">
>     <inet-address value="${jboss.bind.address:0.0.0.0}"/>
> </interface>
>
> But now I’m getting this error:
>
> 00:45:40,146 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2)
> MSC000001: Failed to start service jboss.jgroups.channel.ee:
> org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee:
> java.security.PrivilegedActionException: java.net.BindException: [UDP] /
> 0.0.0.0 is not a valid address on any local network interface
>
>         at
> org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:80)
>
>         at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
>
>         at
> org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
>
>         at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>
>         at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>
>         at java.lang.Thread.run(Thread.java:745)
>
> Caused by: java.security.PrivilegedActionException:
> java.net.BindException: [UDP] /0.0.0.0 is not a valid address on any
> local network interface
>
>         at
> org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:640)
>
>         at
> org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:98)
>
>         at
> org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(ChannelBuilder.java:78)
>
>         ... 5 more
>
> Caused by: java.net.BindException: [UDP] /0.0.0.0 is not a valid address
> on any local network interface
>
>         at org.jgroups.util.Util.checkIfValidAddress(Util.java:3522)
>
>         at
> org.jgroups.stack.Configurator.ensureValidBindAddresses(Configurator.java:903)
>
>         at
> org.jgroups.stack.Configurator.setupProtocolStack(Configurator.java:118)
>
>         at
> org.jgroups.stack.Configurator.setupProtocolStack(Configurator.java:57)
>
>         at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:477)
>
>         at org.jgroups.JChannel.init(JChannel.java:853)
>
>         at org.jgroups.JChannel.<init>(JChannel.java:159)
>
>         at
> org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:95)
>
>         at
> org.jboss.as.clustering.jgroups.JChannelFactory$1.run(JChannelFactory.java:92)
>
>         at
> org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636)
>
>         ... 7 more
>
>
> If I put a different IP address (say the docker machine IP address) I get
> the same error as well.
>
> From: John Bartko <john.bartko at drillinginfo.com>
> Date: Thursday, March 31, 2016 at 1:23 AM
> To: Marek Posolda <mposolda at redhat.com>
> Cc: Abdullah Sarp Kaya <akaya at expedia.com>, "keycloak-user at lists.jboss.org"
> <keycloak-user at lists.jboss.org>
> Subject: Re: [keycloak-user] Keycloak Clustering, other instance logs me
> out
>
> When clustering across separate hosts, I had to change the jgroups-udp
> socket binding to listen on the public interface (binds to loopback by
> default).
>
> On Wed, Mar 30, 2016 at 5:52 AM, Marek Posolda <mposolda at redhat.com>
> wrote:
>
>>
>> When you start the second instance, are you seeing something like this in
>> log of both servers?
>>
>> INFO  [org.infinispan.remoting.transport.jgroups.JGroupsTransport]
>> (Incoming-10,shared=udp)
>> ISPN000094: Received new cluster view: [node1/keycloak|1] (2)
>> [node1/keycloak, node2/keycloak]
>>
>> If not, then clustering doesn't work properly and the servers doesn't
>> form a cluster with each other. From the log you sent, there is just
>> startup of one server, which indicates that clustering may not work.
>>
>> Maybe multicast doesn't work in your network. Either disable
>> firewall/selinux/whatever to have multicast working or switch to TCP
>> JGroups channel instead of UDP. See the Wildfly and JGroups documentation
>> for more details.
>>
>> Also I personally use the virtual hosts to test clustering of 2 servers
>> on same machine (Ie. have virtual servers like kc1:8080 and kc2:8080) .
>> Using same host but differ just in port number ( host:8080 and host:8081 )
>> may causing mess with cookies, so
>> I am personally not using the setup like this.
>>
>> Marek
>>
>>
>> On 30/03/16 08:38, Sarp Kaya wrote:
>>
>> I have tried using standalone-ha.xml with shared database. I thought that
>> would be enough but it seems like it’s not. The problem is
>>
>> I log into kc1 instance, and subsequent requests are authenticated.
>> Then I try viewing
>> host:8080/auth/realms/master/account
>> Which is also authenticated.
>>
>> Then I try to view this on kc1 by changing port like:
>> host:8081/auth/realms/master/account
>>
>> At this point I expect to see same page. However I get prompted for login
>> for both kc1 and kc2. I see no logs at this point.
>>
>> So now I have switched to using keycloak-ha-postgres because it seemed to
>> me that it comes clustering enabled out of box. So I nearly did exactly
>> what this page:
>>
>> https://hub.docker.com/r/jboss/keycloak-ha-postgres/builds/benk6w5cgdmrqonrxvu3bfu/
>>  told me to so. The only difference that I have done is adding ports
>> (with –p 8080:8080 to one instance and –p 8081:8080 to the another one) and
>> adding a new user.
>>
>> Once I start the I get this log:
>>
>> 05:28:49,888 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000078: Starting JGroups channel keycloak
>>
>> 05:28:49,893 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-2) ISPN000078: Starting JGroups channel server
>>
>> 05:28:49,902 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000094: Received new cluster view for channel keycloak:
>> [a05014a5dc24|0] (1) [a05014a5dc24]
>>
>> 05:28:49,907 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000079: Channel keycloak local address is a05014a5dc24,
>> physical addresses are [127.0.0.1:55200]
>>
>> 05:28:49,902 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-2) ISPN000094: Received new cluster view for channel server:
>> [a05014a5dc24|0] (1) [a05014a5dc24]
>>
>> 05:28:49,914 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-2) ISPN000079: Channel server local address is a05014a5dc24,
>> physical addresses are [127.0.0.1:55200]
>>
>> 05:28:49,925 INFO  [org.infinispan.factories.GlobalComponentRegistry]
>> (MSC service thread 1-2) ISPN000128: Infinispan version: Infinispan 'Mahou'
>> 8.1.0.Final
>>
>> 05:28:49,926 INFO  [org.infinispan.factories.GlobalComponentRegistry]
>> (MSC service thread 1-1) ISPN000128: Infinispan version: Infinispan 'Mahou'
>> 8.1.0.Final
>>
>> 05:28:49,978 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-2) ISPN000078: Starting JGroups channel web
>>
>> 05:28:49,982 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-2) ISPN000094: Received new cluster view for channel web:
>> [a05014a5dc24|0] (1) [a05014a5dc24]
>>
>> 05:28:49,984 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-2) ISPN000079: Channel web local address is a05014a5dc24, physical
>> addresses are [127.0.0.1:55200]
>>
>> 05:28:49,985 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000078: Starting JGroups channel hibernate
>>
>> 05:28:49,986 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000094: Received new cluster view for channel hibernate:
>> [a05014a5dc24|0] (1) [a05014a5dc24]
>>
>> 05:28:49,987 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000079: Channel hibernate local address is a05014a5dc24,
>> physical addresses are [127.0.0.1:55200]
>>
>> 05:28:50,028 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000078: Starting JGroups channel ejb
>>
>> 05:28:50,030 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000094: Received new cluster view for channel ejb:
>> [a05014a5dc24|0] (1) [a05014a5dc24]
>>
>> 05:28:50,031 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000079: Channel ejb local address is a05014a5dc24, physical
>> addresses are [127.0.0.1:55200]
>>
>> 05:28:50,357 INFO  [org.jboss.as.clustering.infinispan] (ServerService
>> Thread Pool -- 56) WFLYCLINF0002: Started realmVersions cache from keycloak
>> container
>>
>> 05:28:50,391 INFO  [org.jboss.as.clustering.infinispan] (ServerService
>> Thread Pool -- 54) WFLYCLINF0002: Started offlineSessions cache from
>> keycloak container
>>
>> 05:28:50,397 INFO  [org.jboss.as.clustering.infinispan] (ServerService
>> Thread Pool -- 55) WFLYCLINF0002: Started loginFailures cache from keycloak
>> container
>>
>> 05:28:50,396 INFO  [org.jboss.as.clustering.infinispan] (ServerService
>> Thread Pool -- 52) WFLYCLINF0002: Started sessions cache from keycloak
>> container
>>
>> 05:28:50,392 INFO  [org.jboss.as.clustering.infinispan] (ServerService
>> Thread Pool -- 53) WFLYCLINF0002: Started realms cache from keycloak
>> container
>>
>> 05:28:50,399 INFO  [org.jboss.as.clustering.infinispan] (ServerService
>> Thread Pool -- 51) WFLYCLINF0002: Started users cache from keycloak
>> container
>>
>> 05:28:50,402 INFO  [org.jboss.as.clustering.infinispan] (ServerService
>> Thread Pool -- 50) WFLYCLINF0002: Started work cache from keycloak container
>>
>>
>> However I still have the same issue as above (I get logged out). Also I
>> don’t get any new logs for the entire log-in, log-out processes.
>>
>> Am I doing something wrong?
>> Thanks,
>> Sarp
>>
>>
>> _______________________________________________
>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160330/2902c5c4/attachment-0001.html

More information about the keycloak-user mailing list