TL; DR: yuav muaj cov lus piav qhia ntawm Keycloak, qhib qhov chaw tswj kev nkag, kev tshuaj xyuas ntawm cov qauv sab hauv, cov ntsiab lus teeb tsa.
Kev Taw Qhia thiab Cov Tswv Yim Tseem Ceeb
Hauv tsab xov xwm no, peb yuav pom cov tswv yim tseem ceeb uas yuav tsum nco ntsoov thaum siv Keycloak pawg rau saum Kubernetes.
Yog tias koj xav paub ntau ntxiv txog Keycloak, xa mus rau qhov txuas ntawm qhov kawg ntawm tsab xov xwm. Txhawm rau kom nkag siab ntau dua hauv kev xyaum, koj tuaj yeem kawm nrog ib qho module uas siv cov tswv yim tseem ceeb ntawm tsab xov xwm no (cov lus qhia pib yog nyob ntawd, tsab xov xwm no yuav muab cov ntsiab lus ntawm cov cuab yeej thiab kev teeb tsa, kwv yees. tus txhais lus).
Keycloak yog ib qho kev qhia dav dav sau hauv Java thiab ua rau sab saum toj ntawm daim ntawv thov server . Hauv luv luv, nws yog lub hauv paus rau kev tso cai uas muab cov neeg siv daim ntawv thov koom haum thiab SSO (ib qho kev kos npe rau) muaj peev xwm.
Peb caw koj nyeem lub official los yog kom nkag siab ntxaws.
Launching Keycloak
Keycloak xav tau ob qhov chaw cov ntaub ntawv tsis tu ncua los khiav:
- Lub database siv los khaws cov ntaub ntawv tsim, xws li cov ntaub ntawv neeg siv
- Datagrid cache, uas yog siv los khaws cov ntaub ntawv los ntawm cov ntaub ntawv, nrog rau khaws qee qhov luv luv thiab nquag hloov metadata, xws li cov neeg siv sijhawm. Ua tiav , uas feem ntau yog nrawm dua li cov ntaub ntawv. Tab sis nyob rau hauv txhua rooj plaub, cov ntaub ntawv khaws tseg nyob rau hauv Infinispan yog ephemeral - thiab nws tsis tas yuav tau txais kev cawmdim nyob txhua qhov chaw thaum pawg rov pib dua.
Keycloak ua haujlwm hauv plaub hom sib txawv:
- zoo tib yam - ib qho thiab tsuas yog ib txheej txheem, teeb tsa los ntawm cov ntaub ntawv standalone.xml
- Tsis tu ncua pawg (kev xaiv muaj siab) - tag nrho cov txheej txheem yuav tsum siv tib lub teeb tsa, uas yuav tsum tau synchronized manually. Cov chaw khaws cia rau hauv ib cov ntaub ntawv standalone-ha.xml, ntxiv rau koj yuav tsum ua kom sib koom nkag mus rau hauv cov ntaub ntawv thiab cov khoom sib npaug.
- Domain pawg - pib ib pawg hauv ib txwm ua sai sai dhau los ua haujlwm niaj hnub thiab tho txawv raws li pawg loj hlob, txij li txhua lub sijhawm hloov pauv, txhua qhov kev hloov pauv yuav tsum tau ua ntawm txhua pawg pawg. Domain hom kev ua haujlwm daws qhov teeb meem no los ntawm kev teeb tsa qee qhov chaw khaws cia thiab tshaj tawm cov teeb tsa. Cov kev teeb tsa no tau muab khaws cia rau hauv cov ntaub ntawv ua domain.xml
- Replication ntawm cov chaw zov me nyuam - yog tias koj xav khiav Keycloak hauv ib pawg ntawm ntau lub chaw cov ntaub ntawv, feem ntau nyob hauv thaj chaw sib txawv. Hauv qhov kev xaiv no, txhua lub chaw cov ntaub ntawv yuav muaj nws tus kheej pawg ntawm Keycloak servers.
Hauv tsab xov xwm no peb yuav xav txog qhov nthuav dav qhov kev xaiv thib ob, uas yog tsis tu ncua pawg, thiab peb tseem yuav kov me ntsis ntawm lub ntsiab lus ntawm kev rov ua dua ntawm cov chaw zov me nyuam, vim nws ua rau kev nkag siab los khiav ob txoj kev xaiv hauv Kubernetes. Hmoov zoo, hauv Kubernetes tsis muaj teeb meem nrog synchronizing qhov chaw ntawm ob peb pods (Keycloak nodes), yog li domain pawg Nws yuav tsis yooj yim ua.
Kuj thov nco ntsoov lo lus pawg rau qhov seem ntawm tsab xov xwm tsuas yog siv rau ib pawg ntawm Keycloak nodes ua haujlwm ua ke, tsis tas yuav xa mus rau Kubernetes pawg.
Tsis tu ncua Keycloak pawg
Txhawm rau khiav Keycloak hauv hom no koj xav tau:
- configure sab nraud sib koom database
- nruab load balancer
- muaj ib lub network sab hauv nrog IP multicast txhawb
Peb yuav tsis tham txog kev teeb tsa cov ntaub ntawv sab nraud, vim nws tsis yog lub hom phiaj ntawm tsab xov xwm no. Cia peb xav tias muaj cov ntaub ntawv ua haujlwm nyob qhov twg - thiab peb muaj qhov sib txuas rau nws. Peb yuav tsuas ntxiv cov ntaub ntawv no rau ib puag ncig hloov pauv.
Txhawm rau kom nkag siab zoo dua li cas Keycloak ua haujlwm hauv pawg tsis ua haujlwm (HA), nws yog ib qho tseem ceeb kom paub ntau npaum li cas nws tag nrho nyob ntawm Wildfly lub peev xwm ua ke.
Wildfly siv ntau lub subsystems, qee qhov ntawm lawv yog siv los ua cov khoom sib npaug, qee qhov rau kev ua txhaum cai. Lub load balancer xyuas kom muaj daim ntawv thov thaum lub pawg node overloaded, thiab kev ua txhaum cai ua kom muaj daim ntawv thov txawm tias qee cov pawg tsis ua haujlwm. Qee qhov subsystems:
-
mod_cluster: Ua haujlwm nrog Apache ua HTTP load balancer, nyob ntawm TCP multicast los nrhiav cov tswv los ntawm lub neej ntawd. Nws tuaj yeem hloov nrog lub ntsuas hluav taws xob sab nraud. -
infinispan: Ib qho kev faib cache siv JGroups raws li txheej thauj. Tsis tas li ntawd, nws tuaj yeem siv HotRod raws tu qauv los sib txuas lus nrog lwm pawg Infinispan los synchronize cache cov ntsiab lus. -
jgroups: Muab kev sib txuas lus pab pawg rau cov kev pabcuam uas muaj nyob rau hauv JGroups channels. Cov kav dej muaj npe tso cai rau cov ntawv thov hauv ib pawg sib txuas rau hauv cov pab pawg kom cov kev sib txuas lus muaj cov khoom xws li kev ntseeg siab, kev txiav txim siab, thiab rhiab heev rau kev ua tsis tiav.
Load Balancer
Thaum txhim kho qhov sib npaug li tus tswj ingress hauv Kubernetes pawg, nws yog ib qho tseem ceeb kom nco ntsoov cov hauv qab no:
Keycloak xav tias qhov chaw nyob tej thaj chaw deb ntawm tus neeg siv txuas ntawm HTTP mus rau tus neeg rau zaub mov authentication yog qhov chaw nyob IP tiag tiag ntawm tus neeg siv lub computer. Ntsuas thiab ingress nqis yuav tsum teeb HTTP headers kom raug X-Forwarded-For ΠΈ X-Forwarded-Proto, thiab tseem txuag lub npe thawj HOST. Tseeb version ingress-nginx (> 0.22.0)
Ua kom tus chij proxy-address-forwarding los ntawm kev teeb tsa ib puag ncig hloov pauv PROXY_ADDRESS_FORWARDING Π² true muab Keycloak nkag siab tias nws ua haujlwm tom qab tus neeg sawv cev.
Koj kuj yuav tsum tau pab nplaum ntu hauv ingress. Keycloak siv qhov faib Infinispan cache los khaws cov ntaub ntawv cuam tshuam nrog qhov kev lees paub tam sim no thiab cov neeg siv kev sib ntsib. Caches ua haujlwm nrog ib tus tswv los ntawm lub neej ntawd, hauv lwm lo lus, qhov kev sib tham tshwj xeeb yog khaws cia ntawm qee qhov ntawm hauv pawg, thiab lwm cov nodes yuav tsum nug nws nyob deb yog tias lawv xav tau nkag mus rau qhov kev sib tham.
Tshwj xeeb, tsis zoo rau cov ntaub ntawv, txuas nrog kev sib tham nrog lub npe ncuav qab zib tsis ua haujlwm rau peb
AUTH_SESSION_ID. Keycloak muaj lub voj redirect, yog li peb xav kom xaiv ib lub npe khoom qab zib sib txawv rau qhov sib tham nplaum.
Keycloak tseem txuas lub npe ntawm cov node uas teb thawj zaug AUTH_SESSION_ID, thiab txij li txhua tus ntawm hauv cov ntawv muaj ntau heev siv tib lub database, txhua tus ntawm lawv ib tug nyias muaj nyias node identifier rau tswj muas. Nws raug nquahu kom muab tso rau hauv JAVA_OPTS tsis jboss.node.name ΠΈ jboss.tx.node.id tshwj xeeb rau txhua qhov ntawm - koj tuaj yeem, piv txwv li, muab lub npe ntawm lub pod. Yog tias koj muab lub npe pod, tsis txhob hnov ββββqab txog 23 lub cim txwv rau jboss variables, yog li nws yog qhov zoo dua los siv StatefulSet es tsis yog Deployment.
Lwm rake - yog tias lub plhaub taum pauv lossis rov pib dua, nws cov cache ploj. Ua raws li qhov no, nws tsim nyog teev tus naj npawb ntawm cov tswv cache rau tag nrho cov caches kom tsawg kawg yog ob, yog li daim ntawv theej ntawm cache yuav nyob twj ywm. Txoj kev daws yog khiav thaum pib lub pod, muab tso rau hauv lub directory /opt/jboss/startup-scripts hauv lub thawv:
Script Cov ntsiab lus
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
echo * Setting CACHE_OWNERS to "${env.CACHE_OWNERS}" in all cache-containers
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
run-batch
stop-embedded-serverces teeb tus nqi ntawm ib puag ncig hloov pauv CACHE_OWNERS mus rau qhov xav tau.
Private network nrog IP multicast kev them nyiaj yug
Yog tias koj siv Weavenet ua CNI, multicast yuav ua haujlwm tam sim ntawd - thiab koj cov Keycloak nodes yuav pom ib leeg sai li sai tau thaum lawv pib.
Yog tias koj tsis muaj ip multicast kev txhawb nqa hauv koj pawg Kubernetes, koj tuaj yeem teeb tsa JGroups ua haujlwm nrog lwm cov txheej txheem los nrhiav cov nodes.
Thawj qhov kev xaiv yog siv KUBE_DNSuas siv headless service txhawm rau nrhiav Keycloak nodes, koj tsuas hla JGroups lub npe ntawm cov kev pabcuam uas yuav siv los nrhiav cov nodes.
Lwm qhov kev xaiv yog siv txoj kev KUBE_PING, uas ua haujlwm nrog API los tshawb nrhiav cov nodes (koj yuav tsum teeb tsa serviceAccount nrog txoj cai list ΠΈ get, thiab tom qab ntawd teeb tsa cov pods ua haujlwm nrog qhov no serviceAccount).
Txoj kev JGroups nrhiav cov nodes yog teeb tsa los ntawm kev teeb tsa ib puag ncig hloov pauv JGROUPS_DISCOVERY_PROTOCOL ΠΈ JGROUPS_DISCOVERY_PROPERTIES. rau KUBE_PING koj yuav tsum xaiv pods los ntawm nug namespace ΠΈ labels.
οΈ Yog tias koj siv multicast thiab khiav ob lossis ntau dua Keycloak pawg hauv ib pawg Kubernetes (cia peb hais ib qho hauv lub npe
production, thib ob -staging) - nodes ntawm ib pawg Keycloak tuaj yeem koom nrog lwm pawg. Nco ntsoov siv qhov chaw nyob multicast tshwj xeeb rau txhua pawg los ntawm kev teeb tsa kev sib txawvjboss.default.multicast.addressΠΈjboss.modcluster.multicast.addressΠ²JAVA_OPTS.
Replication ntawm cov chaw zov me nyuam
Ntsej muag
Keycloak siv ntau qhov sib cais Infinispan cache pawg rau txhua qhov chaw cov ntaub ntawv uas Keycloack pawg ua los ntawm Keycloak nodes nyob. Tab sis tsis muaj qhov sib txawv ntawm Keycloak nodes hauv cov chaw sib txawv.
Keycloak nodes siv lwm Java Data Grid (Infinispan servers) rau kev sib txuas lus ntawm cov chaw zov me nyuam. Kev sib txuas lus ua haujlwm raws li txoj cai .
Infinispan caches yuav tsum tau teeb tsa nrog tus cwj pwm remoteStore, kom cov ntaub ntawv tuaj yeem khaws cia nyob deb (hauv lwm qhov chaw khaws ntaub ntawv, kwv yees. tus txhais lus) caches. Muaj cais pawg infinispan ntawm JDG servers, kom cov ntaub ntawv khaws cia ntawm JDG1 ntawm qhov chaw site1 yuav rov ua dua rau JDG2 ntawm qhov chaw site2.
Thiab thaum kawg, qhov tau txais JDG server ceeb toom rau Keycloak servers ntawm nws pawg los ntawm kev sib txuas ntawm cov neeg siv khoom, uas yog qhov tshwj xeeb ntawm HotRod raws tu qauv. Keycloak nodes rau site2 hloov kho lawv Infinispan caches thiab cov neeg siv tshwj xeeb kev sib kho kuj tseem muaj nyob rau ntawm Keycloak nodes ntawm site2.
Rau qee qhov caches, nws tseem tuaj yeem ua tsis tau thaub qab thiab tsis txhob sau cov ntaub ntawv los ntawm Infinispan server nkaus. Ua li no koj yuav tsum tshem tawm qhov chaw remote-store tshwj xeeb Infinispan cache (hauv cov ntaub ntawv standalone-ha.xml), tom qab uas qee qhov tshwj xeeb replicated-cache tseem yuav tsis xav tau ntawm Infinispan server sab.
Kev teeb tsa caches
Muaj ob hom caches hauv Keycloak:
-
Hauv zos. Nws nyob ntawm ib sab ntawm cov ntaub ntawv thiab ua haujlwm kom txo cov load ntawm cov ntaub ntawv, nrog rau txo cov lus teb latency. Hom cache no khaws cia thaj chaw, cov neeg siv khoom, lub luag haujlwm, thiab cov neeg siv cov metadata. Hom cache no tsis yog replicated, txawm tias lub cache yog ib feem ntawm Keycloak pawg. Yog tias kev nkag mus hauv cache hloov pauv, cov lus hais txog kev hloov pauv raug xa mus rau cov servers uas tseem nyob hauv pawg, tom qab uas qhov nkag tau raug cais tawm ntawm lub cache. Saib cov lus piav qhia
workSaib hauv qab no kom paub meej ntxiv txog cov txheej txheem. -
Rov ua dua. Cov txheej txheem cov neeg siv zaug, offline tokens, thiab tseem saib xyuas kev nkag mus yuam kev txhawm rau txheeb xyuas tus password phishing thiab lwm yam kev tawm tsam. Cov ntaub ntawv khaws cia hauv cov caches no yog ib ntus, khaws cia hauv RAM nkaus xwb, tab sis tuaj yeem rov ua dua thoob plaws pawg.
Infinispan caches
Ntu - lub tswv yim hauv Keycloak, cais caches hu ua authenticationSessions, yog siv los khaws cov ntaub ntawv ntawm cov neeg siv tshwj xeeb. Kev thov los ntawm cov cache no feem ntau xav tau los ntawm browser thiab Keycloak servers, tsis yog los ntawm daim ntawv thov. Qhov no yog qhov kev vam khom rau cov ntu nplaum los ua si, thiab cov caches lawv tus kheej tsis tas yuav rov ua dua, txawm tias nyob rau hauv cov ntaub ntawv ntawm Active-Active hom.
Action Tokens. Lwm lub tswv yim, feem ntau yog siv rau ntau yam xwm txheej thaum, piv txwv li, tus neeg siv yuav tsum ua ib yam dab tsi asynchronously xa ntawv. Piv txwv li, thaum tus txheej txheem forget password cache actionTokens siv los taug qab metadata ntawm cov tokens cuam tshuam - piv txwv li, lub token twb tau siv thiab tsis tuaj yeem rov qhib dua. Hom cache no feem ntau yuav tsum tau rov ua dua ntawm cov chaw khaws ntaub ntawv.
Caching thiab kev laus ntawm cov ntaub ntawv khaws cia ua haujlwm los txo cov load ntawm lub database. Hom caching no txhim kho kev ua tau zoo, tab sis ntxiv qhov teeb meem pom tseeb. Yog tias ib qho Keycloak server hloov kho cov ntaub ntawv, lwm cov servers yuav tsum tau ceeb toom kom lawv tuaj yeem hloov kho cov ntaub ntawv hauv lawv cov caches. Keycloak siv cov caches hauv zos realms, users ΠΈ authorization rau caching cov ntaub ntawv los ntawm lub database.
Kuj tseem muaj cais cache work, uas yog replicated thoob plaws tag nrho cov ntaub ntawv chaw. Nws tus kheej tsis khaws cov ntaub ntawv los ntawm cov ntaub ntawv, tab sis ua haujlwm xa cov lus hais txog cov ntaub ntawv laus mus rau pawg ntawm cov chaw khaws ntaub ntawv. Hauv lwm lo lus, sai li sai tau raws li cov ntaub ntawv hloov tshiab, Keycloak node xa lus mus rau lwm qhov ntawm nws cov ntaub ntawv chaw, nrog rau cov nodes hauv lwm cov chaw zov me nyuam. Tom qab tau txais cov lus zoo li no, txhua lub node tshem tawm cov ntaub ntawv sib xws hauv nws cov caches hauv zos.
Cov neeg siv sijhawm. Caches nrog cov npe sessions, clientSessions, offlineSessions ΠΈ offlineClientSessions, feem ntau yog replicated ntawm cov chaw zov me nyuam cov ntaub ntawv thiab pab khaws cov ntaub ntawv hais txog cov neeg siv zaug uas nquag siv thaum tus neeg siv ua haujlwm hauv browser. Cov caches no ua haujlwm nrog daim ntawv thov ua HTTP thov los ntawm cov neeg siv kawg, yog li lawv cuam tshuam nrog cov ntu nplaum thiab yuav tsum tau rov ua dua ntawm cov chaw zov me nyuam.
Brute force tiv thaiv. Cache loginFailures Siv los taug qab cov ntaub ntawv nkag mus yuam kev, xws li pes tsawg zaus tus neeg siv nkag mus rau tus password tsis raug. Replication ntawm lub cache no yog lub luag haujlwm ntawm tus thawj coj. Tab sis rau kev xam kom raug, nws tsim nyog ua kom replication ntawm cov chaw zov me nyuam. Tab sis ntawm qhov tod tes, yog tias koj tsis luam cov ntaub ntawv no, koj yuav txhim kho kev ua tau zoo, thiab yog tias qhov teeb meem no tshwm sim, replication yuav tsis qhib.
Thaum dov tawm ib pawg Infinispan, koj yuav tsum ntxiv cov ntsiab lus cache rau cov ntaub ntawv teeb tsa:
<replicated-cache-configuration name="keycloak-sessions" mode="ASYNC" start="EAGER" batching="false">
</replicated-cache-configuration>
<replicated-cache name="work" configuration="keycloak-sessions" />
<replicated-cache name="sessions" configuration="keycloak-sessions" />
<replicated-cache name="offlineSessions" configuration="keycloak-sessions" />
<replicated-cache name="actionTokens" configuration="keycloak-sessions" />
<replicated-cache name="loginFailures" configuration="keycloak-sessions" />
<replicated-cache name="clientSessions" configuration="keycloak-sessions" />
<replicated-cache name="offlineClientSessions" configuration="keycloak-sessions" />Koj yuav tsum teeb tsa thiab pib Infinispan pawg ua ntej pib Keycloak pawg
Ces koj yuav tau configure remoteStore rau Keycloak caches. Ua li no, ib tsab ntawv txaus, uas yog ua tiav zoo ib yam li yav dhau los, uas yog siv los teeb tsa qhov sib txawv. CACHE_OWNERS, koj yuav tsum khaws cia rau hauv cov ntaub ntawv thiab muab tso rau hauv ib phau ntawv /opt/jboss/startup-scripts:
Script Cov ntsiab lus
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
echo *** Update infinispan subsystem ***
/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module, value=org.keycloak.keycloak-model-infinispan)
echo ** Add remote socket binding to infinispan server **
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-cache:add(host=${remote.cache.host:localhost}, port=${remote.cache.port:11222})
echo ** Update replicated-cache work element **
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=work,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache sessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=sessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache offlineSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=offlineSessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache clientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=clientSessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache offlineClientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=offlineClientSessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache loginFailures element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=loginFailures,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache actionTokens element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
cache=actionTokens,
remote-servers=["remote-cache"],
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache authenticationSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=statistics-enabled,value=true)
echo *** Update undertow subsystem ***
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
run-batch
stop-embedded-serverTsis txhob hnov ββqab rau nruab JAVA_OPTS rau Keycloak nodes khiav HotRod: remote.cache.host, remote.cache.port thiab lub npe siv jboss.site.name.
Txuas thiab cov ntaub ntawv ntxiv
Zaj lus tau txhais thiab npaj rau Habr los ntawm cov neeg ua haujlwm - Cov chav kawm hnyav, cov chav kawm video thiab kev cob qhia koom nrog los ntawm cov kws tshaj lij (Kubernetes, DevOps, Docker, Ansible, Ceph, SRE)
Tau qhov twg los: www.hab.com