[keycloak-user] Keycloak standalone-ha cluster jgroups without multicast
Marek Posolda
mposolda at redhat.com
Mon Jul 24 03:26:26 EDT 2017
From the log, it seem that the servers don't see each other and hence
don't form cluster. In your configuration, you have
"10.62.168.51[7600],10.62.168.52[7600]", however in log later you have:
physical addresses are [
127.0.0.1:7600
It seems there is the issue with the binding address? It should be
10.62.168.51 instead of 127.0.0.1. Did you use the "-b" option when
starting the server?
I think that JGroups/Infinispan/EAP documentation should have more
details as it's more related to that rather then to Keycloak.
Marek
Dne 23.7.2017 v 12:51 Christian Schneider napsal(a):
> Hi,
> I'm trying to setup a keycloak cluster.
>
> We copy binaries and configuration through our build pipeline to the
> servers, so we decided to for the "standalone clustered mode".
>
> Since our operations don't enable ip multicast, we wan't to work with ip
> static ip addresses.
>
> The only source for this I found is:
> https://kb.novaordis.com/index.php/WildFly_Clustering_without_Multicast
> <https://deref-gmx.net/mail/client/Wiot_0qYjM4/dereferrer/?redirectUrl=https%3A%2F%2Fkb.novaordis.com%2Findex.php%2FWildFly_Clustering_without_Multicast>
>
> I configured both servers like this:
>
> <subsystem xmlns="urn:jboss:domain:jgroups:4.0">
> <channels default="ee">
> <channel name="ee" stack="tcp"/>
> </channels>
> <stacks default="tcp">
> <stack name="tcp">
> <transfer type="TCP" socket-binding="jgroups-tcp"/>
> <protocol type="TCPPING">
> <property
> name="initial_hosts">10.62.168.51[7600],10.62.168.52[7600]</property>
> <property name="num_initial_members">2</property>
> <property name="port_range">0</property>
> <property name="timeout">2000</property>
> </protocol>
> <protocol type="MERGE3"/>
> <protocol type="FD_SOCK"
> socket-binding="jgroups-tcp-fd"/>
> <protocol type="FD"/>
> <protocol type="VERIFY_SUSPECT"/>
> <protocol type="pbcast.NAKACK2"/>
> <protocol type="UNICAST3"/>
> <protocol type="pbcast.STABLE"/>
> <protocol type="pbcast.GMS"/>
> <protocol type="MFC"/>
> <protocol type="FRAG2"/>
> </stack>
> </stacks>
> </subsystem>
>
> I can't figure out whether the two nodes paired each other. In the logfile
> I only find this:
>
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
> Starting JGroups channel hibernate
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
> Starting JGroups channel web
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
> Starting JGroups channel keycloak
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
> Starting JGroups channel ejb
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000078:
> Starting JGroups channel server
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
> Received new cluster view for channel keycloak: [app02.2.xxx.net|0] (1) [
> app02.2.xxx.net]
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
> Received new cluster view for channel hibernate: [app02.2.xxx.net|0] (1) [
> app02.2.xxx.net]
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
> Received new cluster view for channel ejb: [app02.2.xxx.net|0] (1) [
> app02.2.xxx.net]
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
> Received new cluster view for channel server: [app02.2.xxx.net|0] (1) [
> app02.2.xxx.net]
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000094:
> Received new cluster view for channel web: [app02.2.xxx.net|0] (1) [
> app02.2.xxx.net]
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
> Channel server local address is app02.2.xxx.net, physical addresses are [
> 127.0.0.1:7600]
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
> Channel ejb local address is app02.2.xxx.net, physical addresses are [
> 127.0.0.1:7600]
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
> Channel web local address is app02.2.xxx.net, physical addresses are [
> 127.0.0.1:7600]
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
> Channel keycloak local address is app02.2.xxx.net, physical addresses are [
> 127.0.0.1:7600]
> INFO 2017-07-21 20:35:43 []
> org.infinispan.remoting.transport.jgroups.JGroupsTransport ISPN000079:
> Channel hibernate local address is app02.2.xxx.net, physical addresses are [
> 127.0.0.1:7600
>
> I checked that the ports 7060 are open.
> When I access just a single node, the setup works fine. With two nodes I
> get {"error":"invalid_grant","error_description":"Session not active"} on
> one of them.
> The goal is that all userSessions are synced between the cluster nodes, so
> that the loadbalancer can roundrobbin between all nodes.
> Since we have around 20k users only, it would be fine to store the users in
> our database. But keycloak doesn't provide this, right?
> Do you have any idea how to figure out whats wrong?
>
> Best Regards,
> Christian.
>
> P.S.: You can find the whole configuration here:
> https://pastebin.com/WC46pXGp
> <https://deref-gmx.net/mail/client/UIuwfhWwMZ0/dereferrer/?redirectUrl=https%3A%2F%2Fpastebin.com%2FWC46pXGp>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list