How to configure a domain clustered keycloak to an external infinispan server

71 views
Skip to first unread message

Shobhan Nath

unread,
May 2, 2021, 12:25:56 PM5/2/21
to Keycloak User

FYI -
i did the creation of domain clustered keycloak using JDBC_PING and configured the domain.xml to point to the external infinispan but replication is stil not having.

my infinispan.xml looks like this

<infinispan
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:infinispan:config:11.0 https://infinispan.org/schemas/infinispan-config-11.0.xsd
                            urn:infinispan:server:11.0 https://infinispan.org/schemas/infinispan-server-11.0.xsd"
        xmlns="urn:infinispan:config:11.0"
    xmlns:server="urn:infinispan:server:11.0">


<!--Tcpping For Infinispan cluster discovery -->
    <!--   <jgroups>
    <stack name="prod">
      <TCP bind_port="7800"/>
      <TCPPING
           initial_hosts="${jgroups.tcpping.initial_hosts:172.xx.xx.xx[7800]"
           port_range="0"
           />
      <MERGE3 />
      <FD_SOCK />
      <FD_ALL timeout="3000" interval="1000" timeout_check_interval="1000" />
      <VERIFY_SUSPECT timeout="1000" />
      <pbcast.NAKACK2 use_mcast_xmit="false" xmit_interval="100" xmit_table_num_rows="50"
                      xmit_table_msgs_per_row="1024" xmit_table_max_compaction_time="30000" />
      <UNICAST3 xmit_interval="100" xmit_table_num_rows="50" xmit_table_msgs_per_row="1024"
                xmit_table_max_compaction_time="30000" />
      <pbcast.STABLE stability_delay="200" desired_avg_gossip="2000" max_bytes="1M" />
      <pbcast.GMS print_local_addr="false" join_timeout="${jgroups.join_timeout:2000}" />
      <UFC max_credits="4m" min_threshold="0.40" />
      <MFC max_credits="4m" min_threshold="0.40" />
      <FRAG3 />
    </stack>
  </jgroups>  -->

   <cache-container name="default" statistics="true">
      <transport cluster="${infinispan.cluster.name:test}" stack="${infinispan.cluster.stack:tcp}"  node-name="${infinispan.node.name:node-1}"/>
      <replicated-cache-configuration name="sessions-cfg" mode="SYNC" start="EAGER" statistics="true">
       
<!--Persist caches on disk -->         
<!--<persistence>
   <file-store max-entries="5000"/>
</persistence> -->

      </replicated-cache-configuration>

      <replicated-cache name="work" configuration="sessions-cfg"/>
      <replicated-cache name="sessions" configuration="sessions-cfg"/>
      <replicated-cache name="clientSessions" configuration="sessions-cfg"/>
      <replicated-cache name="offlineSessions" configuration="sessions-cfg"/>
      <replicated-cache name="offlineClientSessions" configuration="sessions-cfg"/>
      <replicated-cache name="actionTokens" configuration="sessions-cfg"/>
      <replicated-cache name="loginFailures" configuration="sessions-cfg"/>

   </cache-container>

   <server xmlns="urn:infinispan:server:11.0">
      <interfaces>
         <interface name="public">
            <inet-address value="${infinispan.bind.address:172.xx.xx.xx}"/>
         </interface>
      </interfaces>

      <socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}">
         <socket-binding name="default" port="${infinispan.bind.port:11222}"/>
         <socket-binding name="memcached" port="11221"/>
 </socket-bindings>




      <security>
         <security-realms>
            <security-realm name="default">
               <!-- Uncomment to enable TLS on the realm -->
               <!-- server-identities>
                  <ssl>
                     <keystore path="application.keystore" relative-to="infinispan.server.config.path"
                               keystore-password="password" alias="server" key-password="password"
                               generate-self-signed-certificate-host="localhost"/>
                  </ssl>
               </server-identities-->
               <properties-realm groups-attribute="Roles">
                  <user-properties path="users.properties" relative-to="infinispan.server.config.path" plain-text="true"/>
                  <group-properties path="groups.properties" relative-to="infinispan.server.config.path" />
               </properties-realm>
            </security-realm>
         </security-realms>
      </security>

      <endpoints socket-binding="default">
         <hotrod-connector name="hotrod"/>
         <rest-connector name="rest"/>
      </endpoints>
   </server>

</infinispan>


domain.xml

within. subsystem ( <subsystem xmlns="urn:jboss:domain:infinispan:11.0"> )

<distributed-cache name="sessions" owners="1">
                  <remote-store cache="sessions" remote-servers="remote-cache" fetch-state="false" passivation="false" preload="false" purge="false" shared="true">
                      <property name="rawValues">true</property>
                      <property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
                      <property name="protocolVersion">2.9</property>
                  </remote-store>
              </distributed-cache>
              <distributed-cache name="authenticationSessions" owners="1"/>
              <distributed-cache name="offlineSessions" owners="1">
                  <remote-store cache="offlineSessions" remote-servers="remote-cache" fetch-state="false" passivation="false" preload="false" purge="false" shared="true">
                      <property name="rawValues">true</property>
                      <property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
                      <property name="protocolVersion">2.9</property>
                  </remote-store>
              </distributed-cache>
              <distributed-cache name="clientSessions" owners="1">
                  <remote-store cache="clientSessions" remote-servers="remote-cache" fetch-state="false" passivation="false" preload="false" purge="false" shared="true">
                      <property name="rawValues">true</property>
                      <property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
                      <property name="protocolVersion">2.9</property>
                  </remote-store>
              </distributed-cache>
              <distributed-cache name="offlineClientSessions" owners="1">
                  <remote-store cache="offlineClientSessions" remote-servers="remote-cache" fetch-state="false" passivation="false" preload="false" purge="false" shared="true">
                      <property name="rawValues">true</property>
                      <property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
                      <property name="protocolVersion">2.9</property>
                  </remote-store>
              </distributed-cache>
              <distributed-cache name="loginFailures" owners="1">
                  <remote-store cache="loginFailures" remote-servers="remote-cache" fetch-state="false" passivation="false" preload="false" purge="false" shared="true">
                      <property name="rawValues">true</property>
                      <property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
                      <property name="protocolVersion">2.9</property>
                  </remote-store>
              </distributed-cache>
             
              <distributed-cache name="actionTokens" owners="2">
                  <heap-memory size="-1"/>
                  <expiration interval="300000" max-idle="-1"/>
                  <remote-store cache="actionTokens" remote-servers="remote-cache" fetch-state="false" passivation="false" preload="true" purge="false" shared="true">
                      <property name="rawValues">true</property>
                      <property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
                      <property name="protocolVersion">2.9</property>
                  </remote-store>
              </distributed-cache>



and within <socket-binding-group name="ha-sockets" default-interface="public">

<outbound-socket-binding name="remote-cache">
            <remote-destination host="${remote.cache.host:172.xx.xx.xx}" port="${remote.cache.port:11222}"/>
        </outbound-socket-binding>
    </socket-binding-group>


thanks for the help in advance

Shobhan Nath

unread,
May 2, 2021, 12:27:29 PM5/2/21
to Keycloak User
infinispan cache replication is not working?
even the nodes are connected to the external infinispan
Reply all
Reply to author
Forward
0 new messages