[keycloak-user] Keycloak standalone-ha cluster jgroups without multicast

Christian Schneider cschneiderpublic at gmail.com
Sun Jul 23 06:51:41 EDT 2017


Hi,
I'm trying to setup a keycloak cluster.

We copy binaries and configuration through our build pipeline to the
servers, so we decided to for the "standalone clustered mode".

Since our operations don't enable ip multicast, we wan't to work with ip
static ip addresses.

The only source for this I found is:
https://kb.novaordis.com/index.php/WildFly_Clustering_without_Multicast
<https://deref-gmx.net/mail/client/Wiot_0qYjM4/dereferrer/?redirectUrl=https%3A%2F%2Fkb.novaordis.com%2Findex.php%2FWildFly_Clustering_without_Multicast>

I configured both servers like this:

        <subsystem xmlns="urn:jboss:domain:jgroups:4.0">
            <channels default="ee">
                <channel name="ee" stack="tcp"/>
            </channels>
            <stacks default="tcp">
                <stack name="tcp">
                    <transfer type="TCP" socket-binding="jgroups-tcp"/>
                    <protocol type="TCPPING">
                        <property
name="initial_hosts">10.62.168.51[7600],10.62.168.52[7600]</property>
                        <property name="num_initial_members">2</property>
                        <property name="port_range">0</property>
                        <property name="timeout">2000</property>
                    </protocol>
                    <protocol type="MERGE3"/>
                    <protocol type="FD_SOCK"
socket-binding="jgroups-tcp-fd"/>
                    <protocol type="FD"/>
                    <protocol type="VERIFY_SUSPECT"/>
                    <protocol type="pbcast.NAKACK2"/>
                    <protocol type="UNICAST3"/>
                    <protocol type="pbcast.STABLE"/>
                    <protocol type="pbcast.GMS"/>
                    <protocol type="MFC"/>
                    <protocol type="FRAG2"/>
                </stack>
            </stacks>
        </subsystem>

I can't figure out whether the two nodes paired each other. In the logfile
I only find this:

INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
Starting JGroups channel hibernate
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
Starting JGroups channel web
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
Starting JGroups channel keycloak
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
Starting JGroups channel ejb
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
Starting JGroups channel server
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
Received new cluster view for channel keycloak: [app02.2.xxx.net|0] (1) [
app02.2.xxx.net]
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
Received new cluster view for channel hibernate: [app02.2.xxx.net|0] (1) [
app02.2.xxx.net]
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
Received new cluster view for channel ejb: [app02.2.xxx.net|0] (1) [
app02.2.xxx.net]
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
Received new cluster view for channel server: [app02.2.xxx.net|0] (1) [
app02.2.xxx.net]
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
Received new cluster view for channel web: [app02.2.xxx.net|0] (1) [
app02.2.xxx.net]
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
Channel server local address is app02.2.xxx.net, physical addresses are [
127.0.0.1:7600]
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
Channel ejb local address is app02.2.xxx.net, physical addresses are [
127.0.0.1:7600]
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
Channel web local address is app02.2.xxx.net, physical addresses are [
127.0.0.1:7600]
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
Channel keycloak local address is app02.2.xxx.net, physical addresses are [
127.0.0.1:7600]
INFO  2017-07-21 20:35:43 []
org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
Channel hibernate local address is app02.2.xxx.net, physical addresses are [
127.0.0.1:7600

I checked that the ports 7060 are open.
When I access just a single node, the setup works fine. With two nodes I
get {"error":"invalid_grant","error_description":"Session not active"} on
one of them.
The goal is that all userSessions are synced between the cluster nodes, so
that the loadbalancer can roundrobbin between all nodes.
Since we have around 20k users only, it would be fine to store the users in
our database. But keycloak doesn't provide this, right?
Do you have any idea how to figure out whats wrong?

Best Regards,
Christian.

P.S.: You can find the whole configuration here:
https://pastebin.com/WC46pXGp
<https://deref-gmx.net/mail/client/UIuwfhWwMZ0/dereferrer/?redirectUrl=https%3A%2F%2Fpastebin.com%2FWC46pXGp>


More information about the keycloak-user mailing list