I'm trying to install a cluster of Keycloak instances in domain clustered mode. I have already configured domain.xml, host-master.xml and host-slave.xml files and I have a fonctionnal Keycloak.
I wanted to know if it's possible, with Wildfly and Keycloak, to synchronize the providers and themes directories directly from the master domain controller to the host controllers.
In other words, is it possible to change files on themes and provider directories on the domain controller and having those changes automatically deployed on all host controllers (all actives Keycloak instances) with wildfly configuration ?
I have tried to use an unmanaged deployment with no success : it seems to tell to instances to deploy the content of a repository but it doesn't copy the content of the domain directory to host directories.
We have thought to use a script to do this but if Wildfly allows this, it should be better.
Thanks a lot for your advices.
Related
I have a bit of a problem understanding how to design a system that communicates using the kerberos protocol. Let's imagine - I have an application instance that has a large number of plugins that need to communicate with different services. For example, one plugin is responsible for working with postgres, another plugin is responsible for working with "windows AD". But I need these plugins not to have access to each other's services. I.e. postgres plugin should not be able to go to windows ad service and vice versa. Or if I have multiple instances of the postgres plugin running, there should be different service accesses for each of them.
What is the actual question - how do I store keytabs and/or ccaches so that each service has its own, restricted accesses from the others. Let's say the pgx library requires that there already be a TGT (ccache) on connection to the system, it can only be changed in the environment variable of the whole application. But what should I do if I need to create another connection in the same application, but with a different TGT? It would be nice if the pgx library could take the keytab and generate the TGT automatically with every connection, but unfortunately it doesn't know how to do this.
I just don't understand, how I could organize multiple connections from my application, taking into account that every plugin must have different accesses, and considering that several plugins can connect either to the same service, or to different ones
I'm trying to configure a dockerized Keycloak server from a startup script I put on:
/opt/jboss/startup-scripts
I found the CLI commands description to add properties as well as some other examples but don't know which properties must I add/modify in order to, for example, add a realm to Keycloak.
Is there a complete listing of Keycloak configurable properties anywhere?
The Keycloak Docker image supports execution of two types of scripts mouted to /opt/jboss/startup-scripts:
WildFly .cli scripts.
Any executable (chmod +x) script
Due to your links I assume you are interrested in the WildFly scripts.
I do not think that there is a complete listing of configurable properties for the WildFly application server used by the Keycloak Docker image. But you can Get all configuration and runtime details from CLI.
If you want to add a realm to Keycloak you can use the KEYCLOAK_IMPORT environment variable as described on the Keycloak Docker image page at "Importing a realm".
I'm trying to deploy an infinisppan cluster (2 machines) using the domain mode. But I can't find any working example of domain.xml and host.xml config file.
This cluster would be used by keycloak as a cache server
Any luck one of you already work on this ?
You need to download infinispan 9.4.14 (or any 9.4) and start the bin/domain.sh [bat] script.
That's it you have a running domain with two servers.
If you want to add a second machine you need to copy the server and start the domain script by passing "--host-config=host-slave.xml" also you need to set "jboss.domain.master.address=" with "-D" to let the process know where the domain master is.
Anothe option is to move host-slave.xml-->host.xml and edit the domain-controller discovery-options.
More information can be found here -> http://infinispan.org/docs/stable/server_guide/server_guide.html#domain_mode
I need create 4 Applications running in different ports within JBOSS EAP 7.
APP A: Port 8080
APP B: Port 8081
APP C: Port 8082
APP B: Port 8083
I know that i need use port-offset in standalone.xml to configure it. But i need separate server.log and stop/start for each instance. So i have 2 solutions:
1) Copy entire jboss folder for each project. i.e: jbossA, jbossB ...
2) Create a instances folder in jboss folder a use server.base.dir argument, like this: -Djboss.server.base.dir=appA
Which is the usual choice to multiple jboss instances ?
We use different server base directories, eg:
standalone_appA
standalone_appB
standalone_appC
standalone_appD
We pass the -Djboss.server.base.dir argument to standalone.sh.
We have different standalone.xml for every app as they require different subsystems. If they are all the same for your case you can link them instead of copying.
1) You can create 4 different base directories, by copying the standalone folder and -Djboss.server.base.dir argument while starting the server.
2) But it would be better if you use domain mode and create 4 different servers in 4 different server groups. This will better from resource management and performance perspective.
You can keep autostart for each server to false and start and stop servers separately from management console or CLI.
Logs would be generated in respective server folders, which can be customized by setting path.
I want to manage the servers in our staging pipeline with Powershell DSC (push model). The servers map to the environments as following
Development: 1 server
Test: 2 servers
UAT: 2 servers
Production: 2 servers
The server(s) within one environment do have the same configuration. But the configuration is different between the environments. I wanted to go with the push model because I do not have to setup a pull server.
Powershell DSC offers the option to manage the configuration via configuration data in a separate file But this comes with the caveat that you need to specify a node name that matches the respective server name. And that means, I need to copy the configuration data for each server in one environment. And when changing the configuration I need to remember that there is a second place where I need to update the configuration value.
Additionally, I do not really care about the server names. If the servers are exchanged tomorrow for new servers, the configuration should be just applied which is relevant to the environment.
What is the best practice approach to manage multiple servers within one environment with the same configuration?
Check the links, I think they cover scenerio
Using A Single DSC Configuration for Multiple Servers
enter link description here
DSC ConfigurationNames with multiple nodes
enter link description here
The mof file that gets produced does not contain the nodename inside it. So as long as you build a generic configuration, you can rename it after the fact at deploy time.
You can create one config for each environment with some generic name. Then enumerate the list of servers and make a copy of the config for each one with that servers name.
You can take it a step further. Have a share where you create a folder for each server that matches the server's name. Then copy the mof for that server into that folder with a name of localhost.mof. You can then run Start-DSCConfiguration -Path \\server\share\$env:computername from that machine as part of my deployment script.