[keycloak-user] Fwd: Keycloak 3.2.1 Final not working in cluster

mahendra sonawale mahson1 at gmail.com
Thu Nov 9 05:36:15 EST 2017 

Hello Simon,

Thank you for the response.
yes, we are using proxy - APACHE HTTPD configuration PFB the same.
I tried to make the jpgroups public (kept the public interface IP as our
node server actual IP but no luck still the servers are logs are not
showing new cluster node.

apache proxy configuration:

-------------------------------------
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule remoteip_module modules/mod_remoteip.so

ProxyPreserveHost On
LimitRequestFieldSize 163840
LimitRequestLine 163840

#<VirtualHost _default_:80>
 ServerName rapid.gi-de.com:443
 ErrorLog /opt<dir>/fiam_error_log
 CustomLog /<dir>/fiam_access_log combined
 LogLevel warn

RequestHeader set X-Forwarded-Proto "https"

<Proxy https://abc.ac-bc.com/* >
 RewriteEngine on
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 # not rewrite css, js and images
 RewriteCond %{REQUEST_URI} !\.(?:css|js|map|jpe?g|gif|png)$ [NC]
 RewriteRule ^(.*)$ /auth [NC,L,QSA]
#Options -Indexes FollowSymLinks
 AllowOverride None
 Order allow,deny
 Allow from all
</Proxy>


ProxyPass /auth http://<server IP>:8080/auth
ProxyPassReverse /auth http://<server IP>:8080/auth

-------------------------------------------------

PFB the logs: (tried to run the changes only on 2nd node)

2017-11-09 11:26:20,169 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
thread 1-6) ISPN000094: Received new cluster view for channel server:
[muc1rapidv2s|0] (1) [muc1rapidv2s]
2017-11-09 11:26:20,174 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
thread 1-7) ISPN000094: Received new cluster view for channel keycloak:
[muc1rapidv2s|0] (1) [muc1rapidv2s]
2017-11-09 11:26:20,174 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
thread 1-5) ISPN000094: Received new cluster view for channel hibernate:
[muc1rapidv2s|0] (1) [muc1rapidv2s]
2017-11-09 11:26:20,174 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
thread 1-4) ISPN000094: Received new cluster view for channel ejb:
[muc1rapidv2s|0] (1) [muc1rapidv2s]
2017-11-09 11:26:20,175 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
thread 1-3) ISPN000094: Received new cluster view for channel web:
[muc1rapidv2s|0] (1) [muc1rapidv2s]
2017-11-09 11:26:20,177 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
thread 1-6) ISPN000079: Channel server local address is muc1rapidv2s,
physical addresses are  *******


Please guide.


Thanks,
Mahendra Sonawale
Ph +91 9130775865

On Thu, Nov 9, 2017 at 3:16 PM, Simon Payne <simonpayne58 at gmail.com> wrote:

> hi, we have a similar setup which is working with 3.2.1.Final.  we have
> since upgraded to 3.3.0.Final.
>
> I'm assuming that you are private interface because you are using a web
> proxy?  however, to achieve what you need i think you may have to make the
> jgroups public interface.  we have used tcp ping successfully in this way.
>
>
>
>
> On Thu, Nov 9, 2017 at 9:27 AM, mahendra sonawale <mahson1 at gmail.com>
> wrote:
>
>> Hi Team,
>>
>> We are facing similar problem where kelcloak is not running in cluster and
>> giving the same error log as mentioned by Subash in jira.
>>
>> https://issues.jboss.org/browse/KEYCLOAK-5013
>>
>> I tried to use the private interface as suggested into the document but
>> still no luck.
>> am I missing anything else? CAN YOU please help??  I am using Keycloak -
>> Version 3.2.1.Final.
>> I have load balancer configured above 2 keycloak nodes (nodes are running
>> in
>> on different VMs)
>>
>> Start command :
>> nohup ./bin/standalone.sh --server-config=standalone-ha.xml -b $HOSTNAME
>> -u
>> 230.0.0.4 &
>>
>> HA configuration :
>> <interface name="private">
>> <inet-address value="$
>> {jboss.bind.address.private:(node1 IP address and on second node that IP
>> address)}
>> " />
>> </interface>
>> </interfaces>
>> <socket-binding-group name="standard-sockets"
>> default-interface="public" port-offset="$
>> {jboss.socket.binding.port-offset:0}
>> ">
>> <socket-binding name="management-http" interface="private"
>> port="$
>> {jboss.management.http.port:9990}
>> " />
>> <socket-binding name="management-https" interface="private"
>> port="$
>> {jboss.management.https.port:9993}
>> " />
>> <socket-binding name="ajp" port="$
>> {jboss.ajp.port:8009}
>> " />
>> <socket-binding name="http" port="$
>> {jboss.http.port:8080}
>> " />
>> <socket-binding name="https" port="$
>> {jboss.https.port:8443}
>> " />
>> <socket-binding name="proxy-https" port="443"/>
>> <socket-binding name="jgroups-mping" interface="private"
>> port="0" multicast-address="$
>> {jboss.default.multicast.address:230.0.0.4}
>> "
>> multicast-port="45700" />
>> <socket-binding name="jgroups-tcp" interface="private"
>> port="7600" />
>> <socket-binding name="jgroups-tcp-fd" interface="private"
>> port="57600" />
>> <socket-binding name="jgroups-udp" interface="private"
>> port="55200" multicast-address="$
>> {jboss.default.multicast.address:230.0.0.4}
>> "
>> multicast-port="45688" />
>> <socket-binding name="jgroups-udp-fd" interface="private"
>> port="54200" />
>> <socket-binding name="modcluster" port="0"
>> multicast-address="224.0.1.105" multicast-port="23364" />
>> <socket-binding name="txn-recovery-environment" port="4712" />
>> <socket-binding name="txn-status-manager" port="4713" />
>> <outbound-socket-binding name="mail-smtp">
>> <remote-destination host="localhost" port="25" />
>> </outbound-socket-binding>
>> </socket-binding-group>
>> Log :
>> 2017-11-09 04:38:22,749 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-3) ISPN000094: Received new cluster view for channel hibernate:
>> [keycloak2|0] (1) [keycloak2]
>> 2017-11-09 04:38:22,750 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-2) ISPN000094: Received new cluster view for channel keycloak:
>> [keycloak2|0] (1) [keycloak2]
>> 2017-11-09 04:38:22,749 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-4) ISPN000094: Received new cluster view for channel ejb:
>> [keycloak2|0] (1) [keycloak2]
>> 2017-11-09 04:38:22,750 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-7) ISPN000094: Received new cluster view for channel server:
>> [keycloak2|0] (1) [keycloak2]
>> 2017-11-09 04:38:22,749 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000094: Received new cluster view for channel web:
>> [keycloak2|0] (1) [keycloak2]
>> 2017-11-09 04:38:22,761 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-2) ISPN000079: Channel keycloak local address is keycloak2,
>> physical addresses are [**.**.**.**]
>> 2017-11-09 04:38:22,763 INFO
>> [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service
>> thread 1-1) ISPN000079: Channel web local address is keycloak2, physical
>> addresses are [**.**.**.**]
>>
>>
>>
>> --
>> Sent from: http://keycloak-user.88327.x6.nabble.com/
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>

More information about the keycloak-user mailing list