[keycloak-user] Expose JGroups ports in Docker keycloak-ha-postgres

[Staffan]

Hi,

I've tried in different docker environments (compose, kubernetes,
standalone) to get a HA setup running using https://hub.docker.com/r/
jboss/keycloak-ha-postgres/.

Keycloak nodes start, but are unaware of each other. I fail to reach the
JGroups ports from any other container or host system. That is expected, as
https://keycloak.gitbooks.io/server-installation-and-configuration/content/v/2.3/topics/clustering/multicast.html
advises you to configure jboss.bind.address.private.

But when I try -Djboss.bind.address.private=0.0.0.0 there's an error during
startup:

MSC000001: Failed to start service jboss.jgroups.channel.ee:
org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee:
java.security.PrivilegedActionException: java.net.BindException: [UDP] /
0.0.0.0 is not a valid address on any local network interface
    at org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(
ChannelBuilder.java:80)
Caused by: java.security.PrivilegedActionException: java.net.BindException:
[UDP] /0.0.0.0 is not a valid address on any local network interface
    at org.wildfly.security.manager.WildFlySecurityManager.doChecked(
WildFlySecurityManager.java:640)
Caused by: java.net.BindException: [UDP] /0.0.0.0 is not a valid address on
any local network interface
    at org.jgroups.util.Util.checkIfValidAddress(Util.java:3522)

... or if I switch to stack="tcp" in the jgroups subsystem:

MSC000001: Failed to start service jboss.jgroups.channel.ee:
org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee:
java.security.PrivilegedActionException: java.net.BindException: [TCP] /
0.0.0.0 is not a valid address on any local network interface

I guess this is a generic Wildfly topic, but I'm curious how the official
Keycloak docker containers are tested. In a docker environment, what can we
bind to other than 0.0.0.0 or 127.0.0.1? Is there a way to allow a
"privileged action"?

regards
Staffan Olsson