libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Remove session related caches from external Infinispan in HA guide

Browse source 
Closes #32131

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Pedro Ruivo 2024-08-30 09:35:45 +01:00 committed by GitHub
parent 0b7ab47cf2
commit 3a8160b71d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 172 additions and 424 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
docs/guides/high-availability/deploy-infinispan-kubernetes-crossdc.adoc
View file

@ -189,7 +189,7 @@ include::examples/generated/ispn-site-b.yaml[tag=infinispan-crossdc]
. Creating the caches for {project_name}.
+
{project_name} requires the following caches to be present: `sessions`, `actionTokens`, `authenticationSessions`, `offlineSessions`, `clientSessions`, `offlineClientSessions`, `loginFailures`, and `work`.
{project_name} requires the following caches to be present: `actionTokens`, `authenticationSessions`, `loginFailures`, and `work`.
+
The {jdgserver_name} {infinispan-operator-docs}#creating-caches[Cache CR] allows deploying the caches in the {jdgserver_name} cluster.
Cross-site needs to be enabled per cache as documented by {infinispan-xsite-docs}[Cross Site Documentation].
@ -198,22 +198,46 @@ The following example shows the `Cache` CR for `{site-a}`.
+
--
. In `{site-a}` create a `Cache` CR for each of the caches mentioned above with the following content.
This is an example for the `authenticationSessions` cache:
[source,yaml]
----
include::examples/generated/ispn-site-a.yaml[tag=infinispan-cache-sessions]
include::examples/generated/ispn-site-a.yaml[tag=infinispan-cache-authenticationSessions]
----
<1> The cross-site merge policy, invoked when there is a write-write conflict.
Set this for the caches `sessions`, `offlineSessions`, `clientSessions` and `offlineClientSessions`, and do not set it for all other caches.
<2> The remote site name.
<3> The cross-site communication, in this case, `SYNC`.
<1> The transaction mode.
<2> The locking mode used by the transaction.
<3> The remote site name.
<4> The cross-site communication strategy, in this case, `SYNC`.
<5> The cross-site replication timeout.
<6> The cross-site replication failure policy.
--
+
For `{site-b}`, the `Cache` CR is similar, except for the `backups.<name>` outlined in point 2 of the above diagram.
The example above is the recommended configuration to achieve the best data consistency.
+
.sessions `Cache` CR in `{site-b}`
====
*Background information*
Deadlocks may occur in an active-active setup as entries are modified concurrently in both sites.
The `transaction.mode: NON_XA` ensures that the transaction is rolled back keeping the data consistent if this occurs.
The setting `backup.failurePolicy: FAIL` is required in this case.
It will throw an error that allows the transaction to be safely rolled back.
When this occurs, {project_name} will attempt a retry.
The `transaction.locking: PESSIMISTIC` is the only supported locking mode; `OPTIMISTIC` is not recommended due to its network costs.
The same settings also prevent that one site it updated while the other site is unreachable.
The `backup.strategy: SYNC` ensures the data is visible and stored in the other site when the {project_name} request is completed.
NOTE: The `locking.acquireTimeout` can be reduced to fail fast in a deadlock scenario.
The `backup.timeout` must always be higher than the `locking.acquireTimeout`.
====
+
For `{site-b}`, the `Cache` CR is similar, except for the `backups.<name>` outlined in point 3 of the above diagram.
+
.authenticationSessions `Cache` CR in `{site-b}`
[source,yaml]
----
include::examples/generated/ispn-site-b.yaml[tag=infinispan-cache-sessions]
include::examples/generated/ispn-site-b.yaml[tag=infinispan-cache-authenticationSessions]
----
== Verifying the deployment

32
docs/guides/high-availability/examples/generated/ispn-single.yaml
View file

@ -57,8 +57,8 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
@ -85,8 +85,8 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
@ -113,8 +113,8 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
@ -141,8 +141,8 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
@ -169,8 +169,8 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
@ -197,8 +197,8 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
@ -225,8 +225,8 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
@ -253,8 +253,8 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"

199
docs/guides/high-availability/examples/generated/ispn-site-a.yaml
View file

@ -125,11 +125,7 @@ data:
batch: |+
clearcache actionTokens
clearcache authenticationSessions
clearcache clientSessions
clearcache loginFailures
clearcache offlineClientSessions
clearcache offlineSessions
clearcache sessions
clearcache work
# end::infinispan-crossdc-clear-caches[]
@ -188,16 +184,16 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
backups:
site-b: # <2>
site-b: # <3>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
strategy: "SYNC" # <4>
timeout: "4500" # <5>
failurePolicy: "FAIL" # <6>
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-actionTokens[]
@ -223,58 +219,21 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-b: # <2>
site-b: # <3>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
strategy: "SYNC" # <4>
timeout: "4500" # <5>
failurePolicy: "FAIL" # <6>
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-authenticationSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-clientSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: clientsessions
namespace: keycloak
spec:
clusterName: infinispan
name: clientSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-b: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-clientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-loginFailures[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
@ -295,129 +254,21 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
backups:
site-b: # <2>
site-b: # <3>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
strategy: "SYNC" # <4>
timeout: "4500" # <5>
failurePolicy: "FAIL" # <6>
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-loginFailures[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineClientSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: offlineclientsessions
namespace: keycloak
spec:
clusterName: infinispan
name: offlineClientSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-b: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-offlineClientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: offlinesessions
namespace: keycloak
spec:
clusterName: infinispan
name: offlineSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-b: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-offlineSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-sessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: sessions
namespace: keycloak
spec:
clusterName: infinispan
name: sessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-b: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-sessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-work[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
@ -438,16 +289,16 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
backups:
site-b: # <2>
site-b: # <3>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
strategy: "SYNC" # <4>
timeout: "4500" # <5>
failurePolicy: "FAIL" # <6>
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-work[]
@ -478,7 +329,7 @@ spec:
configListener:
enabled: false
container:
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000'
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000'
logging:
categories:
org.infinispan: info

262
docs/guides/high-availability/examples/generated/ispn-site-b.yaml
View file

@ -1,4 +1,16 @@
---
# Source: ispn-helm/templates/infinispan-alerts.yaml
# tag::fencing-secret[]
apiVersion: v1
kind: Secret
type: kubernetes.io/basic-auth
metadata:
name: webhook-credentials
stringData:
username: 'keycloak' # <1>
password: 'changme' # <2>
# end::fencing-secret[]
---
# Source: ispn-helm/templates/infinispan.yaml
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/infinispan-deployment.adoc` for the details.# tag::infinispan-credentials[]
apiVersion: v1
@ -113,15 +125,44 @@ data:
batch: |+
clearcache actionTokens
clearcache authenticationSessions
clearcache clientSessions
clearcache loginFailures
clearcache offlineClientSessions
clearcache offlineSessions
clearcache sessions
clearcache work
# end::infinispan-crossdc-clear-caches[]
---
# Source: ispn-helm/templates/infinispan-alerts.yaml
# tag::fencing-alert-manager-config[]
apiVersion: monitoring.coreos.com/v1beta1
kind: AlertmanagerConfig
metadata:
name: example-routing
spec:
route:
receiver: default
groupBy:
- accelerator
groupInterval: 90s
groupWait: 60s
matchers:
- matchType: =
name: alertname
value: SiteOffline
receivers:
- name: default
webhookConfigs:
- url: 'https://tjqr2vgc664b6noj6vugprakoq0oausj.lambda-url.eu-west-1.on.aws/' # <3>
httpConfig:
basicAuth:
username:
key: username
name: webhook-credentials
password:
key: password
name: webhook-credentials
tlsConfig:
insecureSkipVerify: true
# end::fencing-alert-manager-config[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-actionTokens[]
apiVersion: infinispan.org/v2alpha1
@ -143,16 +184,16 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
backups:
site-a: # <2>
site-a: # <3>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
strategy: "SYNC" # <4>
timeout: "4500" # <5>
failurePolicy: "FAIL" # <6>
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-actionTokens[]
@ -178,58 +219,21 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-a: # <2>
site-a: # <3>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
strategy: "SYNC" # <4>
timeout: "4500" # <5>
failurePolicy: "FAIL" # <6>
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-authenticationSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-clientSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: clientsessions
namespace: keycloak
spec:
clusterName: infinispan
name: clientSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-a: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-clientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-loginFailures[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
@ -250,129 +254,21 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
backups:
site-a: # <2>
site-a: # <3>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
strategy: "SYNC" # <4>
timeout: "4500" # <5>
failurePolicy: "FAIL" # <6>
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-loginFailures[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineClientSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: offlineclientsessions
namespace: keycloak
spec:
clusterName: infinispan
name: offlineClientSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-a: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-offlineClientSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-offlineSessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: offlinesessions
namespace: keycloak
spec:
clusterName: infinispan
name: offlineSessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-a: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-offlineSessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-sessions[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
metadata:
name: sessions
namespace: keycloak
spec:
clusterName: infinispan
name: sessions
template: |-
distributedCache:
mode: "SYNC"
owners: "2"
statistics: "true"
remoteTimeout: "5000"
encoding:
media-type: "application/x-protostream"
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
stateTransfer:
chunkSize: "16"
backups:
mergePolicy: "ALWAYS_REMOVE" # <1>
site-a: # <2>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-sessions[]
---
# Source: ispn-helm/templates/infinispan.yaml
# tag::infinispan-cache-work[]
apiVersion: infinispan.org/v2alpha1
kind: Cache
@ -393,16 +289,16 @@ spec:
locking:
acquireTimeout: "4000"
transaction:
mode: "NONE"
locking: "PESSIMISTIC"
mode: "NON_XA" # <1>
locking: "PESSIMISTIC" # <2>
stateTransfer:
chunkSize: "16"
backups:
site-a: # <2>
site-a: # <3>
backup:
strategy: "SYNC" # <3>
timeout: "4500"
failurePolicy: "WARN"
strategy: "SYNC" # <4>
timeout: "4500" # <5>
failurePolicy: "FAIL" # <6>
stateTransfer:
chunkSize: "16"
# end::infinispan-cache-work[]
@ -433,7 +329,7 @@ spec:
configListener:
enabled: false
container:
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000'
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000'
logging:
categories:
org.infinispan: info
@ -478,3 +374,21 @@ spec:
secretName: xsite-token-secret # <14>
# end::infinispan-crossdc[]
---
# Source: ispn-helm/templates/infinispan-alerts.yaml
# tag::fencing-prometheus-rule[]
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: xsite-status
spec:
groups:
- name: xsite-status
rules:
- alert: SiteOffline
expr: 'min by (namespace, site) (vendor_jgroups_site_view_status{namespace="default",site="site-a"}) == 0' # <4>
labels:
severity: critical
reporter: site-b # <5>
accelerator: a3da6a6cbd4e27b02.awsglobalaccelerator.com # <6>
# end::fencing-prometheus-rule[]

10
docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
View file

@ -54,7 +54,7 @@ metadata:
name: keycloak-providers
namespace: keycloak
binaryData:
keycloak-benchmark-dataset-0.13-SNAPSHOT.jar: ...
keycloak-benchmark-dataset-0.14-SNAPSHOT.jar: ...
---
# Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml
apiVersion: v1
@ -457,6 +457,7 @@ spec:
# tag::keycloak-ispn[]
additionalOptions:
# end::keycloak-ispn[]
# end::keycloak[]
- name: http-metrics-histograms-enabled
value: 'true'
@ -499,7 +500,7 @@ spec:
podTemplate:
metadata:
annotations:
checksum/config: d0810a69cecfbd99a7527cb6d30decb179d7a7ee548119fc19d34f3ce2a777a7-9bfd430c6539df907f0421bb34c92fb32194d461565bd342f7f96ff5a5408273-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-v1.27.0
checksum/config: 90d2c8ddd9b32fd443c5823cee0ef790ce58657d13e9d668e48e1ad696b2403a-9bfd430c6539df907f0421bb34c92fb32194d461565bd342f7f96ff5a5408273-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
spec:
containers:
- env:
@ -516,7 +517,6 @@ spec:
name: keycloak-preconfigured-admin
key: password
optional: false
# JMX is disabled as it breaks Quarkus configuration. Issue is tracked in https://github.com/keycloak/keycloak-benchmark/issues/840
- name: JAVA_OPTS_APPEND # <5>
value: ""
ports:
@ -531,8 +531,8 @@ spec:
# - 'true'
volumeMounts:
- name: keycloak-providers
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.13-SNAPSHOT.jar
subPath: keycloak-benchmark-dataset-0.13-SNAPSHOT.jar
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.14-SNAPSHOT.jar
subPath: keycloak-benchmark-dataset-0.14-SNAPSHOT.jar
readOnly: true
volumes:
- name: keycloak-providers

11
docs/guides/high-availability/examples/generated/keycloak.yaml
View file

@ -41,7 +41,7 @@ metadata:
name: keycloak-providers
namespace: keycloak
binaryData:
keycloak-benchmark-dataset-0.13-SNAPSHOT.jar: ...
keycloak-benchmark-dataset-0.14-SNAPSHOT.jar: ...
---
# Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml
apiVersion: v1
@ -446,6 +446,7 @@ spec:
# tag::keycloak-ispn[]
additionalOptions:
# end::keycloak-ispn[]
# end::keycloak[]
- name: http-metrics-histograms-enabled
value: 'true'
@ -489,7 +490,7 @@ spec:
podTemplate:
metadata:
annotations:
checksum/config: d0810a69cecfbd99a7527cb6d30decb179d7a7ee548119fc19d34f3ce2a777a7-9af6f9e8393229798cfb789798e36f84e39803616fe3e51b2a38e3ce05830565-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-v1.27.0
checksum/config: 90d2c8ddd9b32fd443c5823cee0ef790ce58657d13e9d668e48e1ad696b2403a-9af6f9e8393229798cfb789798e36f84e39803616fe3e51b2a38e3ce05830565-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
spec:
containers:
- env:
@ -506,11 +507,9 @@ spec:
name: keycloak-preconfigured-admin
key: password
optional: false
# JMX is disabled as it breaks Quarkus configuration. Issue is tracked in https://github.com/keycloak/keycloak-benchmark/issues/840
- name: JAVA_OPTS_APPEND # <5>
value: ""
ports:
# end::keycloak[]
# readinessProbe:
# exec:
# command:
@ -521,8 +520,8 @@ spec:
# - 'true'
volumeMounts:
- name: keycloak-providers
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.13-SNAPSHOT.jar
subPath: keycloak-benchmark-dataset-0.13-SNAPSHOT.jar
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.14-SNAPSHOT.jar
subPath: keycloak-benchmark-dataset-0.14-SNAPSHOT.jar
readOnly: true
volumes:
- name: keycloak-providers

12
docs/guides/high-availability/partials/infinispan/infinispan-cli-clear-caches.adoc
View file

@ -11,12 +11,8 @@ site take-offline --all-caches --site={keep-site-name}
[source,bash,subs="+attributes"]
----
{
"offlineClientSessions" : "ok",
"authenticationSessions" : "ok",
"sessions" : "ok",
"clientSessions" : "ok",
"work" : "ok",
"offlineSessions" : "ok",
"loginFailures" : "ok",
"actionTokens" : "ok"
}
@ -49,11 +45,7 @@ WARNING: Make sure the replication is `offline` otherwise the clear data will cl
----
clearcache actionTokens
clearcache authenticationSessions
clearcache clientSessions
clearcache loginFailures
clearcache offlineClientSessions
clearcache offlineSessions
clearcache sessions
clearcache work
----
+
@ -71,12 +63,8 @@ site bring-online --all-caches --site={keep-site-name}
[source,bash,subs="+attributes"]
----
{
"offlineClientSessions" : "ok",
"authenticationSessions" : "ok",
"sessions" : "ok",
"clientSessions" : "ok",
"work" : "ok",
"offlineSessions" : "ok",
"loginFailures" : "ok",
"actionTokens" : "ok"
}

28
docs/guides/high-availability/partials/infinispan/infinispan-cli-state-transfer.adoc
View file

@ -10,12 +10,8 @@ site push-site-state --all-caches --site={stale-site-name}
[source,bash,subs="+attributes"]
----
{
"offlineClientSessions" : "ok",
"authenticationSessions" : "ok",
"sessions" : "ok",
"clientSessions" : "ok",
"work" : "ok",
"offlineSessions" : "ok",
"loginFailures" : "ok",
"actionTokens" : "ok"
}
@ -44,11 +40,7 @@ site status --all-caches --site={stale-site-name}
----
site push-site-status --cache=actionTokens
site push-site-status --cache=authenticationSessions
site push-site-status --cache=clientSessions
site push-site-status --cache=loginFailures
site push-site-status --cache=offlineClientSessions
site push-site-status --cache=offlineSessions
site push-site-status --cache=sessions
site push-site-status --cache=work
----
+
@ -67,18 +59,6 @@ site push-site-status --cache=work
{
"{stale-site-name}" : "OK"
}
{
"{stale-site-name}" : "OK"
}
{
"{stale-site-name}" : "OK"
}
{
"{stale-site-name}" : "OK"
}
{
"{stale-site-name}" : "OK"
}
----
+
Check the table in {infinispan-xsite-docs}#rest_v2_xsite_state_push_cross-site-operations-rest[this section for the Cross-Site Documentation] for the possible status values.
@ -98,11 +78,7 @@ site push-site-state --cache=<cache-name> --site={stale-site-name}
----
site clear-push-site-status --cache=actionTokens
site clear-push-site-status --cache=authenticationSessions
site clear-push-site-status --cache=clientSessions
site clear-push-site-status --cache=loginFailures
site clear-push-site-status --cache=offlineClientSessions
site clear-push-site-status --cache=offlineSessions
site clear-push-site-status --cache=sessions
site clear-push-site-status --cache=work
----
+
@ -113,8 +89,4 @@ site clear-push-site-status --cache=work
"ok"
"ok"
"ok"
"ok"
"ok"
"ok"
"ok"
----