-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need help in configuring s3 ping for keycloak cache stack #210
Comments
Can you link the keycloak documentation you used? I am assuming they haven't upgraded to JGroups 5.x, thus they using this version - https://github.com/jgroups-extras/jgroups-aws/tree/native-s3-ping-1.0.0.Final for which the configuration looks like this: <org.jgroups.aws.s3.NATIVE_S3_PING
region_name="eu-west-1"
bucket_name="jgroups-s3-test"
bucket_prefix="jgroups"/> |
Hi Radoslav,
Main article from keycloak is "https://www.keycloak.org/server/caching".
Under here, you can check the heading "*Additional transport stacks*"
Additional transport stacks
The following table shows transport stacks that are supported by Keycloak,
but need some extra steps to work. Note that *none* of these stacks are
Kubernetes / OpenShift stacks, so no need exists to enable the "google"
stack if you want to run Keycloak on top of the Google Kubernetes engine.
In that case, use the kubernetes stack. Instead, when you have a
distributed cache setup running on AWS EC2 instances, you would need to set
the stack to ec2, because ec2 does not support a default discovery
mechanism such as UDP.
Stack name
Transport protocol
Discovery
ec2
TCP
NATIVE_S3_PING
google
TCP
GOOGLE_PING2
azure
TCP
AZURE_PING
Cloud vendor specific stacks have additional dependencies for Keycloak. For
more information and links to repositories with these dependencies,
see the Infinispan
documentation
<https://infinispan.org/docs/dev/titles/embedding/embedding.html#jgroups-cloud-discovery-protocols_cluster-transport>
.
Followed the link "
https://infinispan.org/docs/dev/titles/embedding/embedding.html#jgroups-cloud-discovery-protocols_cluster-transport"
and ended up in the github page of yours.
…On Tue, 26 Jul 2022 at 16:36, Radoslav Husar ***@***.***> wrote:
Can you link the keycloak documentation you used?
I am assuming they haven't upgraded to JGroups 5.x, thus they using this
version -
https://github.com/jgroups-extras/jgroups-aws/tree/native-s3-ping-1.0.0.Final
—
Reply to this email directly, view it on GitHub
<#210 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AP4YZ5MKF7MDS4HWP4LA733VV7BFFANCNFSM54VMCIJQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
Regards,
Arulaln A R
+91-8754438576
|
I see, that documentation is lacking and is a bit sloppy. The https://www.keycloak.org/server/caching links to the 'dev' version of infinispan - https://infinispan.org/docs/dev/titles/embedding/embedding.html#jgroups-cloud-discovery-protocols_cluster-transport - as opposed to the one actually used, so the documentation doesn't match. I assume what the documentation tells you is to do something like: cd providers
wget https://repository.jboss.org/nexus/content/repositories/releases/org/jgroups/aws/s3/native-s3-ping/1.0.0.Final/native-s3-ping-1.0.0.Final.jar
bin/kc.sh build --cache-stack=ec2 |
Hi Radoslav,
Thanks for the details. I am trying to use the same.
Downloaded the jar file and then included the cache stack as ec2.
Configured the cache-ispn.xml file. But there is something i am missing
which is pom.xml, where do i change that?
If you are free, we can connect via zoom call and discuss this.
Please let me know.
…On Tue, 26 Jul 2022 at 17:53, Radoslav Husar ***@***.***> wrote:
I see, that documentation is lacking and is a bit sloppy. The
https://www.keycloak.org/server/caching links to the 'dev' version of
infinispan -
https://infinispan.org/docs/dev/titles/embedding/embedding.html#jgroups-cloud-discovery-protocols_cluster-transport
- as opposed to the one actually used, so the documentation doesn't match.
I assume what the documentation tells you is to do something like:
cd providers
wget https://repository.jboss.org/nexus/content/repositories/releases/org/jgroups/aws/s3/native-s3-ping/1.0.0.Final/native-s3-ping-1.0.0.Final.jar
bin/kc.sh <https://repository.jboss.org/nexus/content/repositories/releases/org/jgroups/aws/s3/native-s3-ping/1.0.0.Final/native-s3-ping-1.0.0.Final.jarbin/kc.sh> build --cache-stack=ec2
—
Reply to this email directly, view it on GitHub
<#210 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AP4YZ5PY3OOXCVHHUSDMMZDVV7KERANCNFSM54VMCIJQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
Regards,
Arulaln A R
+91-8754438576
|
Hi, I had similar issue. To resolve I did the following:
Regards, |
Hi. I've been struggle with this as well. I did everything above but now I get: java.lang.NullPointerException: Cannot invoke "org.infinispan.commons.configuration.io.ConfigurationResourceResolver.resolveResource(String)" because "resourceResolver" is null What am I missing? In keycloak, where does that pom.xml file go? Thanks Mike |
Keycloak:
By me it's working) GL & HF! Logs:
|
@serhiiKalchenko I scoured the web and saw countless answers. Yours was the one which let me have Keycloak working with S3 discovery. Thank you so much. I'll probably edit this post soon with a full doc how to solve the full Keycloak distributed cache on Elastic Beanstalk EC2 Docker containers mystery. |
What is the health check you've configured in Target Group? |
Did you create a document on how to achieve it? |
Indeed, thanks for the reminder! I've written a blog article about putting Keycloak in production in our Beanstalk environment. Please let me know if it needs some more details! 🙂 |
Thank you so much for this answer. This is the only configuration that works. Although, I was trying to implement this with KC23 and using the latest versions of the jars that are available on maven. And it kept failing with NoSuchBucketException. |
Yes I've got KC23 working with S3_PING |
Hi @shkmaaz11 Thanks for the quick response. Would you mind sharing the dockerfile/providers used and the configuration/environment variables used. I am trying to run it on EC2, so how did you make the private IP's discoverable and also I am assuming that the IAM Instance Profile Role linked to the EC2 instance should be enough for the keycloak (running in a container) to be able to access S3. Thanks. |
Please go through this. I've documented it here https://medium.com/@maaz11/configuring-keycloak-with-s3-ping-protocol-on-aws-ecs-fargate-with-postgresql-rds-81aea8824dc6 |
@serhiiKalchenko Why can't you specify a custom cache configuration file? What should I do if i want to set number of owners of the distributedCaches to something different? |
Hi Team,
It is not an issue which i am raising here.
While checking the keycloak distributed cache articles for aws ec2 instances, i landed up in the git page. I have gone through the read me document of this git page.
Still i am not sure, whether i have to use the "jgroups-aws/src/main/java/org/jgroups/protocols/aws/S3_PING.java" under my keycloak directory.
I follow the document like two things are clear to me.
But certain other details are not clear to me, sorry if i am asking like a layman terms.
The text was updated successfully, but these errors were encountered: