[keycloak-user] Enabling High Availability for Keycloak 3.1.0 on AWS ECS Instance
Tonnis Wildeboer
tonnis at autonomic.ai
Tue Sep 19 14:28:48 EDT 2017
Have you disabled the UDP-related configurations?
____________________
Tonnis Wildeboer
Autonomic.ai Engineering
650-204-0246
On 09/19/2017 07:19 AM, Jyoti Kumar Singh wrote:
> Hi,
>
> I have tried the JDBC_PING option which Tonnis has mentioned :-
> https://github.com/devsu/docker-keycloak/tree/master/server-ha-mysql
> <https://github.com/devsu/docker-keycloak/tree/master/server-ha-mysql>
>
> After that I could see node discovery is happening but JOIN operation
> is getting timed out which eventually not forming clustering between
> two ECS instances. Is there any configuration am I missing here ?
>
>
> #Logs:-
>
> 2017-09-19 10:59:52,907 WARN [org.jgroups.protocols.UDP] (MSC service
> thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL JGRP000015: the
> receive buffer of socket ManagedMulticastSocketBinding was set to
> 25MB, but the OS only allocated 212.99KB. This might lead to
> performance problems. Please set your max receive buffer in the OS
> correctly (e.g. net.core.rmem_max on Linux)
> 2017-09-19 10:59:59,475 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 1
> 2017-09-19 11:00:02,490 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 2
> 2017-09-19 11:00:05,508 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 3
> 2017-09-19 11:00:08,527 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 4
> 2017-09-19 11:00:11,542 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 5
> 2017-09-19 11:00:14,558 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 6
> 2017-09-19 11:00:17,579 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 7
> 2017-09-19 11:00:20,596 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 8
> 2017-09-19 11:00:23,611 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 9
> 2017-09-19 11:00:26,627 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: JOIN(f0be09280f90) sent to 16c566cfa08e timed out (after
> 3000 ms), on try 10
> 2017-09-19 11:00:26,627 WARN [org.jgroups.protocols.pbcast.GMS] (MSC
> service thread 1-1) [f0be09280f90] KEYCLOAK 3.1.0.Final-MySQL
> f0be09280f90: too many JOIN attempts (10): becoming singleton
>
> On Thu, Sep 14, 2017 at 10:48 PM, Jyoti Kumar Singh
> <jyoti.tech90 at gmail.com <mailto:jyoti.tech90 at gmail.com>> wrote:
>
> Hi Tonnis,
>
> Thank you very much for sharing the valuable information. I am
> checking on this, hopefully I will also be able to achieve the HA.
>
> Thanks Again !
>
> On Sep 14, 2017 10:00 PM, "Tonnis Wildeboer" <tonnis at autonomic.ai
> <mailto:tonnis at autonomic.ai>> wrote:
>
> Jyoti,
>
> I have been working on similar goal and was finally successful
> yesterday. We are using postgres and kubernetes.
>
> Here are the key sources of information that enabled me to
> succeed:
>
> The big key is here:
> https://github.com/devsu/docker-keycloak/tree/master/server-ha-mysql
> <https://github.com/devsu/docker-keycloak/tree/master/server-ha-mysql>
> Use the .xsl templates here to transform on the
> standalone-ha.xml and you can see what is being done.
>
> I suggest that you simply use JDBC_PING, since you already
> have a shared database.
> I think it is instructive to understand what JDBC_PING (and
> JGroups in general) are doing:
> http://jgroups.org/manual4/index.html
> <http://jgroups.org/manual4/index.html>
> https://developer.jboss.org/wiki/JDBCPING
> <https://developer.jboss.org/wiki/JDBCPING>
>
> You may benefit from this also, specifically, the need to bind
> jgroups-tcp and jgroups-tcp-fd to the proper interface. Not
> sure about your situation.
>
> --Tonnis
>
> ____________________
> Tonnis Wildeboer
> Autonomic.ai Engineering
>
> On 09/14/2017 03:32 AM, Jyoti Kumar Singh wrote:
>
> Hi Team,
>
> I am trying to enable high availability for Keycloak 3.1.0
> on AWS ECS
> instances.
>
> I am running two ECS instances in a cluster setup and also
> I have
> setup Keycloak
> in a clustered mode. To achieve this, I am using "
> */standalone/configuration/standalone-ha.xml *" file while
> building the
> docker image. Shared MySQL DB and Load Balancer setup are
> also in place.
>
> But when I checked Keycloak logs I am not seeing clustered
> nodes related
> information in logs. I am seeing nodes are not able to see
> each other. But
> same settings are working fine in DCOS Marathon platform.
>
> Interestingly if I run two Keycloak instances in one AWS
> ECS instance on
> different ports, I could see clustering related logs in
> Keycloak.
>
> Is there any standard guidelines which I can follow to
> achieve HA in AWS
> ECS instance ?? I followed the below discussion thread but
> it didn't help
> me to fix the issue.
>
> #Link:
> http://lists.jboss.org/pipermail/keycloak-user/2016-February/004940.html
> <http://lists.jboss.org/pipermail/keycloak-user/2016-February/004940.html>
>
>
>
>
>
> --
> *With Regards,
> Jyoti Kumar Singh*
More information about the keycloak-user
mailing list