[keycloak-user] Enabling High Availability for Keycloak 3.1.0 on AWS ECS Instance

Tonnis Wildeboer tonnis at autonomic.ai
Thu Sep 14 12:30:14 EDT 2017


Jyoti,

I have been working on similar goal and was finally successful 
yesterday. We are using postgres and kubernetes.

Here are the key sources of information that enabled me to succeed:

The big key is here:
https://github.com/devsu/docker-keycloak/tree/master/server-ha-mysql
Use the .xsl templates here to transform on the standalone-ha.xml and 
you can see what is being done.

I suggest that you simply use JDBC_PING, since you already have a shared 
database.
I think it is instructive to understand what JDBC_PING (and JGroups in 
general) are doing:
http://jgroups.org/manual4/index.html
https://developer.jboss.org/wiki/JDBCPING

You may benefit from this also, specifically, the need to bind 
jgroups-tcp and jgroups-tcp-fd to the proper interface. Not sure about 
your situation.

--Tonnis

____________________
Tonnis Wildeboer
Autonomic.ai Engineering

On 09/14/2017 03:32 AM, Jyoti Kumar Singh wrote:
> Hi Team,
>
> I am trying to enable high availability for Keycloak 3.1.0 on AWS ECS
> instances.
>
> I am running two ECS instances in a cluster setup and also I have
> setup Keycloak
> in a clustered mode. To achieve this, I am using "
> */standalone/configuration/standalone-ha.xml *" file while building the
> docker image. Shared MySQL DB and Load Balancer setup are also in place.
>
> But when I checked Keycloak logs I am not seeing clustered nodes related
> information in logs. I am seeing nodes are not able to see each other. But
> same settings are working fine in DCOS Marathon platform.
>
> Interestingly if I run two Keycloak instances in one AWS ECS instance on
> different ports, I could see clustering related logs in Keycloak.
>
> Is there any standard guidelines which I can follow to achieve HA in AWS
> ECS instance ?? I followed the below discussion thread but it didn't  help
> me to fix the issue.
>
> #Link:
> http://lists.jboss.org/pipermail/keycloak-user/2016-February/004940.html
>



More information about the keycloak-user mailing list