[keycloak-user] Keycloak cluster configuration
Cindy Margarita Pacheco Alvarez
cindy.pacheco at payulatam.com
Fri May 19 11:53:33 EDT 2017
Thank you for your quick reply.
The thing is that I’ve been trying to do this for a long time (of course I don’t have the expertise). But when I use the configuration that ships with keycloak I get an error when I start the keycloak server (something about java.lang.IllegalStateException: Transaction DummyTransaction and concurrent.TimeoutException: ISPN000299) .
The way that I solved this problem was changing the domain.xml in the infinispan subsystem. I changed the transaction tag from mode=BATCH to mode=NONE. But when I use this solution my replication fails. I mean I can get the token and everything in this process is okay but I get an error during replication (it is not an error that makes the token generation fails, I could notice it in log files). I do not know what else to do to solve this problem. Maybe you know a solution or some specific documentation that could help me.
My infinispan configuration is:
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
<transport lock-timeout="60000"/>
<invalidation-cache name="realms" mode="SYNC"/>
<invalidation-cache name="users" mode="SYNC">
<eviction strategy="LRU" max-entries="10000"/>
</invalidation-cache>
<replicated-cache name="work" mode="SYNC"/>
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
<distributed-cache name="authorization" mode="SYNC" owners="1"/>
</cache-container>
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
<transport lock-timeout="60000"/>
<replicated-cache name="default" mode="SYNC">
<transaction locking="OPTIMISTIC" mode="NONE"/>
<locking isolation="READ_COMMITTED"/>
</replicated-cache>
</cache-container>
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
<transport lock-timeout="60000"/>
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
<transaction locking="OPTIMISTIC" mode="NONE"/>
<locking isolation="READ_COMMITTED"/>
<file-store/>
</distributed-cache>
</cache-container>
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
<transport lock-timeout="60000"/>
<distributed-cache name="dist" mode="ASYNC" l1-lifespan="0" owners="2">
<transaction locking="OPTIMISTIC" mode="NONE"/>
<locking isolation="READ_COMMITTED"/>
<file-store/>
</distributed-cache>
</cache-container>
<cache-container name="hibernate" default-cache="local-query" module="org.hibernate.infinispan">
<transport lock-timeout="60000"/>
<local-cache name="local-query">
<eviction strategy="LRU" max-entries="10000"/>
<expiration max-idle="100000"/>
</local-cache>
<invalidation-cache name="entity" mode="SYNC">
<transaction mode="NON_XA"/>
<eviction strategy="LRU" max-entries="10000"/>
<expiration max-idle="100000"/>
</invalidation-cache>
<replicated-cache name="timestamps" mode="ASYNC"/>
</cache-container>
</subsystem>
Thank you.
El 18/05/17, 5:20 p.m., "Stan Silvert" <ssilvert at redhat.com> escribió:
On 5/18/2017 4:49 PM, Cindy Margarita Pacheco Alvarez wrote:
> I would like to know what should be the right way to configure keycloak in cluster mode. How domain.xml should be?
The domain.xml that ships with Keycloak is a good start. But you will
need to familiarize yourself with both Keycloak clustering documentation
and EAP/WildFly clustering documentation.
>
> Thanks!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list