TL; DR: ho tla ba le tlhaloso ea Keycloak, mokhoa o bulehileng oa ho laola mokhoa oa ho fumana mohloli, tlhahlobo ea sebopeho sa ka hare, lintlha tsa tlhophiso.
Selelekela le Mehopolo ea Bohlokoa
Sehloohong sena, re tla bona mehopolo ea mantlha eo re lokelang ho e hopola ha re tsamaisa sehlopha sa Keycloak holim'a Kubernetes.
Haeba u batla ho tseba haholoanyane ka Keycloak, sheba lihokelo tse qetellong ea sengoloa. E le hore u ikakhele ka setotsoana mosebetsing, u ka ithuta ka module e sebelisang mehopolo ea mantlha ea sengoloa sena (tataiso ea ho qala e teng, sengoloa sena se tla fana ka kakaretso ea sesebelisoa le litlhophiso, hoo e ka bang. mofetoleli).
Keycloak ke sistimi e felletseng e ngotsoeng ho Java mme e hahiloe ka holim'a seva sa kopo . Ka bokhuts'oane, ke moralo oa tumello o fanang ka bokhoni ba basebelisi ba kopo le SSO (ho saena a le mong).
Re u mema hore u bale ofisiri kapa bakeng sa kutloisiso e qaqileng.
Ho qala Keycloak
Keycloak e hloka mehloli e 'meli e tsitsitseng ea data ho sebetsa:
- Sebaka sa polokelo ea boitsebiso se sebelisetsoang ho boloka boitsebiso bo hlophisitsoeng, joalo ka boitsebiso ba mosebedisi
- Cache ea datagrid, e sebelisetsoang ho boloka data ho tsoa polokelong ea litaba, hammoho le ho boloka metadata ea nakoana le e fetohang khafetsa, joalo ka linako tsa basebelisi. E kentswe tshebetsong , eo hangata e potlakileng haholo ho feta database. Empa leha ho le joalo, data e bolokiloeng ho Infinispan ke ephemeral - 'me ha e hloke ho bolokoa kae kapa kae ha sehlopha se qala hape.
Keycloak e sebetsa ka mekhoa e mene e fapaneng:
- ba tloaelehileng - ts'ebetso e le 'ngoe feela, e hlophisitsoeng ka faele e ikemetseng.xml
- Sehlopha sa kamehla (khetho e phahameng ea ho fumaneha) - lits'ebetso tsohle li tlameha ho sebelisa tlhophiso e ts'oanang, e tlamehang ho hokahanngoa ka letsoho. Li-setting li bolokiloe faeleng standalone-ha.xml, ho phaella moo o hloka ho etsa phihlello e arolelanoang ho database le ho leka-lekanya mojaro.
- Sehlopha sa domain - ho qala sehlopha ka mokhoa o tloaelehileng kapele ho fetoha mosebetsi o tloaelehileng le o tenang ha sehlopha se ntse se hola, kaha nako le nako ha tlhophiso e fetoha, liphetoho tsohle li tlameha ho etsoa sebakeng se seng le se seng sa sehlopha. Mokhoa oa ts'ebetso oa Domain o rarolla bothata bona ka ho theha sebaka sa polokelo e arolelanoang le ho phatlalatsa tlhophiso. Litlhophiso tsena li bolokiloe faeleng domain.xml
- Phetoho lipakeng tsa litsi tsa data - haeba u batla ho tsamaisa Keycloak ka har'a sehlopha sa litsi tse 'maloa tsa data, hangata libakeng tse fapaneng tsa libaka. Khethong ena, setsi se seng le se seng sa data se tla ba le sehlopha sa sona sa li-server tsa Keycloak.
Sehloohong sena re tla tšohla ka ho qaqileng khetho ea bobeli, ke hore sehlopha sa kamehla, 'me re tla boela re ame hanyenyane tabeng ea ho pheta-pheta pakeng tsa litsi tsa data, kaha hoa utloahala ho tsamaisa likhetho tsena tse peli ho Kubernetes. Ka lehlohonolo, ho Kubernetes ha ho na bothata ba ho hokahanya litlhophiso tsa li-pods tse 'maloa (Keycloak nodes), kahoo. sehlopha sa domain Ho ke ke ha ba thata haholo ho e etsa.
Hape ka kopo hlokomela hore lentsoe lesihla bakeng sa sengoloa kaofela se tla sebetsa feela ho sehlopha sa li-node tsa Keycloak tse sebetsang hammoho, ha ho na tlhoko ea ho bua ka sehlopha sa Kubernetes.
Sehlopha sa kamehla sa Keycloak
Ho tsamaisa Keycloak ka mokhoa ona o hloka:
- lokisa database e arolelanoang kantle
- kenya mojaro balancer
- ho ba le marang-rang a ka hare a tšehetso ea IP multicast
Re ke ke ra buisana ka ho theha database ea kantle, kaha ha se morero oa sengoloa sena. Ha re nke hore ho na le database e sebetsang kae-kae - 'me re na le ntlha ea khokahanyo ho eona. Re tla kenyelletsa data ena ho mefuta e fapaneng ea tikoloho.
Ho utloisisa hamolemo hore na Keycloak e sebetsa joang sehlopheng sa failover (HA), ho bohlokoa ho tseba hore na tsohle li ipapisitse le bokhoni ba ho kopanya ba Wildfly.
Wildfly e sebelisa li-subsystems tse 'maloa, tse ling tsa tsona li sebelisoa e le ho leka-lekanya mojaro, tse ling bakeng sa mamello ea liphoso. Tekanyetso ea mojaro e netefatsa ho fumaneha ha ts'ebeliso ha node ea cluster e imetsoe, 'me mamello ea liphoso e netefatsa ho fumaneha ha ts'ebeliso le haeba li-cluster node tse ling li hloleha. Tse ling tsa li-subsystem tsena:
-
mod_cluster: E sebetsa 'moho le Apache e le HTTP load balancer, ho itšetlehile ka TCP multicast ho fumana mabotho ka ho sa feleng. E ka nkeloa sebaka ke balancer ea kantle. -
infinispan: Cache e abuoang e sebelisang likanale tsa JGroups joalo ka lera la lipalangoang. Ho feta moo, e ka sebelisa protocol ea HotRod ho buisana le sehlopha sa kantle sa Infinispan ho hokahanya likahare tsa cache. -
jgroups: E fana ka tšehetso ea puisano ea sehlopha bakeng sa lits'ebeletso tse fumanehang haholo tse thehiloeng ho likanale tsa JGroups. Liphaephe tse rehelletsoeng li lumella maemo a ts'ebeliso ka har'a sehlopha hore a hoketsoe ka lihlopha e le hore puisano e be le litšobotsi tse kang ho tšepahala, ho hlophiseha, le kutloelo-bohloko ho liphoso.
Laola Balancer
Ha o kenya balancer joalo ka ingress controller ka har'a sehlopha sa Kubernetes, ho bohlokoa ho hopola lintho tse latelang:
Keycloak e nka hore aterese e hole ea moreki ea hokelang ka HTTP ho seva sa netefatso ke aterese ea 'nete ea IP ea komporo ea bareki. Litlhophiso tsa Balancer le ingress li lokela ho beha lihlooho tsa HTTP ka nepo X-Forwarded-For и X-Forwarded-Proto, hape u boloke sehlooho sa mantlha HOST. Phetolelo ea morao-rao ingress-nginx (>0.22.0)
Ho kenya tshebetsong folakha proxy-address-forwarding ka ho beha phetoho ya tikoloho PROXY_ADDRESS_FORWARDING в true e fa Keycloak kutloisiso ea hore e sebetsa ka morao ho moemeli.
U boetse u hloka ho nolofalletsa linako tse khomarelang ho kena. Keycloak e sebelisa cache ea Infinispan e ajoang ho boloka lintlha tse amanang le seshene ea hajoale ea netefatso le karolo ea basebelisi. Li-cache li sebetsa le mong'a a le mong ka mokhoa o ikhethileng, ka mantsoe a mang, seshene eo e bolokiloe sebakeng se seng sehlopheng, 'me li-node tse ling li tlameha ho e botsa li le hole haeba li hloka phihlello ea nako eo.
Haholo-holo, ho fapana le litokomane, ho kopanya seshene ka lebitso cookie ha hoa ka ha re sebeletsa
AUTH_SESSION_ID. Keycloak e na le loop e lebisang hape, kahoo re khothaletsa ho khetha lebitso le fapaneng la li-cookie bakeng sa seshene e khomarelang.
Keycloak e boetse e kopanya lebitso la node e ileng ea arabela pele ho AUTH_SESSION_ID, 'me kaha node e' ngoe le e 'ngoe ea mofuta o fumanehang haholo e sebelisa database e tšoanang, e' ngoe le e 'ngoe ea tsona sekhetho se ikhethileng sa node bakeng sa ho laola litšebelisano. Ho kgothaletswa ho kenya JAVA_OPTS entsprechen jboss.node.name и jboss.tx.node.id e ikhethang bakeng sa node ka 'ngoe - o ka etsa mohlala, ho beha lebitso la pod. Haeba u beha lebitso la pod, u se ke ua lebala ka moeli oa litlhaku tse 23 bakeng sa mefuta-futa ea jboss, kahoo ho molemo ho sebelisa StatefulSet ho e-na le ho Deployment.
Rake e 'ngoe - haeba pod e hlakotsoe kapa e tsosolosoa, cache ea eona e lahlehile. Ho ela hloko sena, ho bohlokoa ho beha palo ea beng ba li-cache bakeng sa bonyane tse peli, e le hore kopi ea cache e lule e le teng. Tharollo ke ho matha ha o qala pod, o e beha bukeng /opt/jboss/startup-scripts ka har'a setshelo:
Script Contents
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
echo * Setting CACHE_OWNERS to "${env.CACHE_OWNERS}" in all cache-containers
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS:1})
run-batch
stop-embedded-serverebe u beha boleng ba phetoho ea tikoloho CACHE_OWNERS ho tse batloang.
Marang-rang a poraefete a nang le tšehetso ea multicast ea IP
Haeba u sebelisa Weavenet joalo ka CNI, multicast e tla sebetsa hang-hang - 'me node tsa Keycloak li tla bonana hang ha li qala.
Haeba ha u na tšehetso ea ip multicast sehlopheng sa hau sa Kubernetes, u ka hlophisa JGroups ho sebetsa le liprothokholo tse ling ho fumana li-node.
Khetho ea pele ke ho e sebelisa KUBE_DNSe sebelisang headless service ho fumana lintlha tsa Keycloak, o fetisa feela JGroups lebitso la ts'ebeletso e tla sebelisoa ho fumana li-node.
Khetho e 'ngoe ke ho sebelisa mokhoa KUBE_PING, e sebetsang le API ho batla li-node (o hloka ho hlophisa serviceAccount ka litokelo list и get, ebe o lokisa li-pods ho sebetsa le sena serviceAccount).
Tsela eo JGroups e fumanang li-node ka eona e hlophisoa ka ho beha mefuta e fapaneng ea tikoloho JGROUPS_DISCOVERY_PROTOCOL и JGROUPS_DISCOVERY_PROPERTIES. bakeng sa KUBE_PING o hloka ho khetha li-pods ka ho botsa namespace и labels.
️ Haeba u sebelisa multicast 'me u tsamaisa lihlopha tse peli kapa ho feta tsa Keycloak sehlopheng se le seng sa Kubernetes (ha re re e le' ngoe sebakeng sa mabitso
production, ea bobeli -staging) - li-node tsa sehlopha se le seng sa Keycloak li ka ikopanya le sehlopha se seng. Etsa bonnete ba hore u sebelisa aterese e ikhethang ea multicast bakeng sa sehlopha ka seng ka ho beha lintho tse fapanengjboss.default.multicast.addressиjboss.modcluster.multicast.addressвJAVA_OPTS.
Phetoho lipakeng tsa litsi tsa data
Ho buisana
Keycloak e sebelisa lihlopha tse ngata tse arohaneng tsa cache tsa Infinispan bakeng sa setsi se seng le se seng sa data moo lihlopha tsa Keyclock tse entsoeng ka li-keycloak node li leng teng. Empa ha ho na phapang pakeng tsa li-node tsa Keycloak libakeng tse fapaneng tsa data.
Li-keycloak node li sebelisa Java Data Grid e ka ntle (li-server tsa Infinispan) bakeng sa puisano pakeng tsa litsi tsa data. Puisano e sebetsa ho latela protocol .
Li-cache tsa Infinispan li tlameha ho hlophisoa ka tšobotsi remoteStore, e le hore data e ka bolokoa hole (setsing se seng sa data, hoo e ka bang. mofetoleli) mekotla. Ho na le lihlopha tse arohaneng tsa infinispan har'a li-server tsa JDG, e le hore data e bolokiloeng ho JDG1 setšeng. site1 e tla fetoleloa ho JDG2 sebakeng sa marang-rang site2.
'Me qetellong, seva sa JDG se amohelang se tsebisa li-server tsa Keycloak tsa sehlopha sa eona ka likhokahano tsa bareki, e leng karolo ea protocol ea HotRod. Li-keycloak li butsoe site2 ntlafatsa li-cache tsa bona tsa Infinispan 'me nako e khethehileng ea mosebedisi e fumaneha le ho li-node tsa Keycloak ho site2.
Bakeng sa li-cache tse ling, hoa khoneha hore u se ke ua etsa li-backups le ho qoba ho ngola data ka seva sa Infinispan ka ho feletseng. Ho etsa sena o hloka ho tlosa tlhophiso remote-store cache e khethehileng ea Infinispan (faeleng standalone-ha.xml), ka mor'a moo tse ling tse tobileng replicated-cache le eona ha e sa tla hlola e hlokahala ka lehlakoreng la seva sa Infinispan.
Ho theha li-cache
Ho na le mefuta e 'meli ea li-cache ho Keycloak:
-
Sebakeng. E fumaneha haufi le database mme e sebeletsa ho fokotsa mojaro ho database, hammoho le ho fokotsa latency ea karabo. Mofuta ona oa cache o boloka sebaka, bareki, mesebetsi le metadata ea basebelisi. Mofuta ona oa cache ha oa phetoa, leha cache e le karolo ea sehlopha sa Keycloak. Haeba ho kena ka har'a cache ho fetoha, molaetsa o mabapi le phetoho o romelloa ho li-server tse setseng ka har'a sehlopha, ka mor'a moo ho kenngoa ha ho kenyelelitsoe ho cache. Sheba tlhaloso
workSheba ka tlase bakeng sa tlhaloso e qaqileng ea mokhoa ona. -
Replicated. E sebetsana le linako tsa basebelisi, li-tokens tse kantle ho marang-rang, hape e beha leihlo liphoso tsa ho kena ho bona liteko tsa phishing le litlhaselo tse ling. Lintlha tse bolokiloeng ka har'a li-cache tsena ke tsa nakoana, li bolokiloe feela ho RAM, empa li ka kopitsoa ho pholletsa le sehlopha.
Li-cache tsa Infinispan
Mananeo - mohopolo ho Keycloak, li-cache tse arohaneng tse bitsoang authenticationSessions, li sebelisetsoa ho boloka lintlha tsa basebelisi ba itseng. Likopo tse tsoang ho li-cache tsena hangata li hlokoa ke sebatli le li-server tsa Keycloak, eseng ka lits'ebetso. Mona ke moo ho its'etleha ka linako tse khomaretseng ho tlang ho sebetsa, 'me li-cache tse joalo ka botsona ha li hloke ho phetoa, leha e le ka Active-Active mode.
Ketso Tokens. Khopolo e 'ngoe, eo hangata e sebelisoang bakeng sa maemo a fapaneng ha, mohlala, mosebelisi a tlameha ho etsa ho hong ka poso. Ka mohlala, nakong ea ts'ebetso forget password polokelo actionTokens e sebelisoang ho latela metadata ea li-tokens tse amanang - mohlala, tokeneng e se e sebelisitsoe 'me e ke ke ea sebelisoa hape. Mofuta ona oa cache hangata o hloka ho phetoa lipakeng tsa litsi tsa data.
Ho boloka le ho tsofala ha data e bolokiloeng e sebetsa ho imolla mojaro ho database. Mofuta ona oa caching o ntlafatsa ts'ebetso, empa o eketsa bothata bo hlakileng. Haeba seva e le 'ngoe ea Keycloak e nchafatsa data, li-server tse ling li tlameha ho tsebisoa e le hore li ka ntlafatsa data ho li-cache tsa tsona. Keycloak e sebelisa li-cache tsa lehae realms, users и authorization bakeng sa ho boloka data ho tsoa ho database.
Ho boetse ho na le cache e arohaneng work, e phetoang libakeng tsohle tsa data. Eona ka boeona ha e boloke data leha e le efe ho tswa ho database, empa e sebeletsa ho romela melaetsa e mabapi le botsofali ba data ho lihlopha tsa lihlopha pakeng tsa litsi tsa data. Ka mantsoe a mang, hang ha data e nchafatsoa, node ea Keycloak e romela molaetsa ho li-node tse ling setsing sa eona sa data, hammoho le li-node tse ling tsa lits'ebeletso tsa data. Kamora ho amohela molaetsa o joalo, node e 'ngoe le e' ngoe e hlakola data e lumellanang le li-cache tsa eona tsa lehae.
Likopano tsa basebelisi. Li-cache tse nang le mabitso sessions, clientSessions, offlineSessions и offlineClientSessions, hangata li kopitsoa lipakeng tsa litsi tsa data mme li sebeletsa ho boloka data mabapi le linako tsa basebelisi tse ntseng li sebetsa ha mosebelisi a ntse a le sebatli. Li-cache tsena li sebetsa le likopo tsa ts'ebetso ea HTTP ho tsoa ho basebelisi ba ho qetela, kahoo li amahanngoa le linako tse khomarelang 'me li tlameha ho phetoleloa lipakeng tsa litsi tsa data.
Tšireletso ea matla a Brute. Cache loginFailures E sebelisoa ho latela lintlha tsa phoso ea ho kena, joalo ka makhetlo a makae mosebelisi a kentseng phasewete e fosahetseng. Ho pheta-pheta ha cache ena ke boikarabello ba motsamaisi. Empa bakeng sa lipalo tse nepahetseng, ho bohlokoa ho kenya tšebetsong phetiso lipakeng tsa litsi tsa data. Empa ka lehlakoreng le leng, haeba u sa phete lintlha tsena, u tla ntlafatsa ts'ebetso, 'me haeba bothata bona bo hlaha, ho pheta-pheta ho ka' na ha se ke ha etsoa.
Ha o ntša sehlopha sa Infinispan, o hloka ho kenyelletsa litlhaloso tsa cache faeleng ea litlhophiso:
<replicated-cache-configuration name="keycloak-sessions" mode="ASYNC" start="EAGER" batching="false">
</replicated-cache-configuration>
<replicated-cache name="work" configuration="keycloak-sessions" />
<replicated-cache name="sessions" configuration="keycloak-sessions" />
<replicated-cache name="offlineSessions" configuration="keycloak-sessions" />
<replicated-cache name="actionTokens" configuration="keycloak-sessions" />
<replicated-cache name="loginFailures" configuration="keycloak-sessions" />
<replicated-cache name="clientSessions" configuration="keycloak-sessions" />
<replicated-cache name="offlineClientSessions" configuration="keycloak-sessions" />O tlameha ho lokisa le ho qala sehlopha sa Infinispan pele o qala sehlopha sa Keycloak
Joale u lokela ho configure remoteStore bakeng sa li-cache tsa Keycloak. Ho etsa sena, mongolo o lekane, o etsoang ka mokhoa o ts'oanang le o fetileng, o sebelisetsoang ho beha phapang CACHE_OWNERS, o hloka ho e boloka faeleng ebe o e beha bukeng /opt/jboss/startup-scripts:
Script Contents
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
echo *** Update infinispan subsystem ***
/subsystem=infinispan/cache-container=keycloak:write-attribute(name=module, value=org.keycloak.keycloak-model-infinispan)
echo ** Add remote socket binding to infinispan server **
/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=remote-cache:add(host=${remote.cache.host:localhost}, port=${remote.cache.port:11222})
echo ** Update replicated-cache work element **
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=work,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache sessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=sessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache offlineSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=offlineSessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache clientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=clientSessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache offlineClientSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=offlineClientSessions,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache loginFailures element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
remote-servers=["remote-cache"],
cache=loginFailures,
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache actionTokens element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens/store=remote:add(
passivation=false,
fetch-state=false,
purge=false,
preload=false,
shared=true,
cache=actionTokens,
remote-servers=["remote-cache"],
properties={
rawValues=true,
marshaller=org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory,
protocolVersion=${keycloak.connectionsInfinispan.hotrodProtocolVersion}
}
)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=statistics-enabled,value=true)
echo ** Update distributed-cache authenticationSessions element **
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=statistics-enabled,value=true)
echo *** Update undertow subsystem ***
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
run-batch
stop-embedded-serverU se ke ua lebala ho kenya JAVA_OPTS bakeng sa li-node tsa Keycloak ho tsamaisa HotRod: remote.cache.host, remote.cache.port le lebitso la tshebeletso jboss.site.name.
Lihokelo le litokomane tse ling
Sengoliloeng se ile sa fetoleloa le ho lokisetsoa Habr ke basebetsi - lithupelo tse matla, lithupelo tsa video le koetliso ea khoebo ho tsoa ho litsebi tsa boikoetliso (Kubernetes, DevOps, Docker, Ansible, Ceph, SRE)
Source: www.habr.com