Remove session related caches from external Infinispan in HA guide
Closes #32131 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
parent
0b7ab47cf2
commit
3a8160b71d
8 changed files with 172 additions and 424 deletions
|
@ -189,7 +189,7 @@ include::examples/generated/ispn-site-b.yaml[tag=infinispan-crossdc]
|
|||
|
||||
. Creating the caches for {project_name}.
|
||||
+
|
||||
{project_name} requires the following caches to be present: `sessions`, `actionTokens`, `authenticationSessions`, `offlineSessions`, `clientSessions`, `offlineClientSessions`, `loginFailures`, and `work`.
|
||||
{project_name} requires the following caches to be present: `actionTokens`, `authenticationSessions`, `loginFailures`, and `work`.
|
||||
+
|
||||
The {jdgserver_name} {infinispan-operator-docs}#creating-caches[Cache CR] allows deploying the caches in the {jdgserver_name} cluster.
|
||||
Cross-site needs to be enabled per cache as documented by {infinispan-xsite-docs}[Cross Site Documentation].
|
||||
|
@ -198,22 +198,46 @@ The following example shows the `Cache` CR for `{site-a}`.
|
|||
+
|
||||
--
|
||||
. In `{site-a}` create a `Cache` CR for each of the caches mentioned above with the following content.
|
||||
This is an example for the `authenticationSessions` cache:
|
||||
[source,yaml]
|
||||
----
|
||||
include::examples/generated/ispn-site-a.yaml[tag=infinispan-cache-sessions]
|
||||
include::examples/generated/ispn-site-a.yaml[tag=infinispan-cache-authenticationSessions]
|
||||
----
|
||||
<1> The cross-site merge policy, invoked when there is a write-write conflict.
|
||||
Set this for the caches `sessions`, `offlineSessions`, `clientSessions` and `offlineClientSessions`, and do not set it for all other caches.
|
||||
<2> The remote site name.
|
||||
<3> The cross-site communication, in this case, `SYNC`.
|
||||
<1> The transaction mode.
|
||||
<2> The locking mode used by the transaction.
|
||||
<3> The remote site name.
|
||||
<4> The cross-site communication strategy, in this case, `SYNC`.
|
||||
<5> The cross-site replication timeout.
|
||||
<6> The cross-site replication failure policy.
|
||||
--
|
||||
+
|
||||
For `{site-b}`, the `Cache` CR is similar, except for the `backups.<name>` outlined in point 2 of the above diagram.
|
||||
The example above is the recommended configuration to achieve the best data consistency.
|
||||
+
|
||||
.sessions `Cache` CR in `{site-b}`
|
||||
====
|
||||
*Background information*
|
||||
|
||||
Deadlocks may occur in an active-active setup as entries are modified concurrently in both sites.
|
||||
|
||||
The `transaction.mode: NON_XA` ensures that the transaction is rolled back keeping the data consistent if this occurs.
|
||||
The setting `backup.failurePolicy: FAIL` is required in this case.
|
||||
It will throw an error that allows the transaction to be safely rolled back.
|
||||
When this occurs, {project_name} will attempt a retry.
|
||||
|
||||
The `transaction.locking: PESSIMISTIC` is the only supported locking mode; `OPTIMISTIC` is not recommended due to its network costs.
|
||||
The same settings also prevent that one site it updated while the other site is unreachable.
|
||||
|
||||
The `backup.strategy: SYNC` ensures the data is visible and stored in the other site when the {project_name} request is completed.
|
||||
|
||||
NOTE: The `locking.acquireTimeout` can be reduced to fail fast in a deadlock scenario.
|
||||
The `backup.timeout` must always be higher than the `locking.acquireTimeout`.
|
||||
====
|
||||
+
|
||||
For `{site-b}`, the `Cache` CR is similar, except for the `backups.<name>` outlined in point 3 of the above diagram.
|
||||
+
|
||||
.authenticationSessions `Cache` CR in `{site-b}`
|
||||
[source,yaml]
|
||||
----
|
||||
include::examples/generated/ispn-site-b.yaml[tag=infinispan-cache-sessions]
|
||||
include::examples/generated/ispn-site-b.yaml[tag=infinispan-cache-authenticationSessions]
|
||||
----
|
||||
|
||||
== Verifying the deployment
|
||||
|
|
|
@ -57,8 +57,8 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
|
||||
|
@ -85,8 +85,8 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
|
||||
|
@ -113,8 +113,8 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
|
||||
|
@ -141,8 +141,8 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
|
||||
|
@ -169,8 +169,8 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
|
||||
|
@ -197,8 +197,8 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
|
||||
|
@ -225,8 +225,8 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
|
||||
|
@ -253,8 +253,8 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
|
||||
|
|
|
@ -125,11 +125,7 @@ data:
|
|||
batch: |+
|
||||
clearcache actionTokens
|
||||
clearcache authenticationSessions
|
||||
clearcache clientSessions
|
||||
clearcache loginFailures
|
||||
clearcache offlineClientSessions
|
||||
clearcache offlineSessions
|
||||
clearcache sessions
|
||||
clearcache work
|
||||
|
||||
# end::infinispan-crossdc-clear-caches[]
|
||||
|
@ -188,16 +184,16 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
site-b: # <2>
|
||||
site-b: # <3>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
strategy: "SYNC" # <4>
|
||||
timeout: "4500" # <5>
|
||||
failurePolicy: "FAIL" # <6>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-actionTokens[]
|
||||
|
@ -223,58 +219,21 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-b: # <2>
|
||||
site-b: # <3>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
strategy: "SYNC" # <4>
|
||||
timeout: "4500" # <5>
|
||||
failurePolicy: "FAIL" # <6>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-authenticationSessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-clientSessions[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
metadata:
|
||||
name: clientsessions
|
||||
namespace: keycloak
|
||||
spec:
|
||||
clusterName: infinispan
|
||||
name: clientSessions
|
||||
template: |-
|
||||
distributedCache:
|
||||
mode: "SYNC"
|
||||
owners: "2"
|
||||
statistics: "true"
|
||||
remoteTimeout: "5000"
|
||||
encoding:
|
||||
media-type: "application/x-protostream"
|
||||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-b: # <2>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-clientSessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-loginFailures[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
|
@ -295,129 +254,21 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
site-b: # <2>
|
||||
site-b: # <3>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
strategy: "SYNC" # <4>
|
||||
timeout: "4500" # <5>
|
||||
failurePolicy: "FAIL" # <6>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-loginFailures[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-offlineClientSessions[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
metadata:
|
||||
name: offlineclientsessions
|
||||
namespace: keycloak
|
||||
spec:
|
||||
clusterName: infinispan
|
||||
name: offlineClientSessions
|
||||
template: |-
|
||||
distributedCache:
|
||||
mode: "SYNC"
|
||||
owners: "2"
|
||||
statistics: "true"
|
||||
remoteTimeout: "5000"
|
||||
encoding:
|
||||
media-type: "application/x-protostream"
|
||||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-b: # <2>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-offlineClientSessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-offlineSessions[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
metadata:
|
||||
name: offlinesessions
|
||||
namespace: keycloak
|
||||
spec:
|
||||
clusterName: infinispan
|
||||
name: offlineSessions
|
||||
template: |-
|
||||
distributedCache:
|
||||
mode: "SYNC"
|
||||
owners: "2"
|
||||
statistics: "true"
|
||||
remoteTimeout: "5000"
|
||||
encoding:
|
||||
media-type: "application/x-protostream"
|
||||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-b: # <2>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-offlineSessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-sessions[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
metadata:
|
||||
name: sessions
|
||||
namespace: keycloak
|
||||
spec:
|
||||
clusterName: infinispan
|
||||
name: sessions
|
||||
template: |-
|
||||
distributedCache:
|
||||
mode: "SYNC"
|
||||
owners: "2"
|
||||
statistics: "true"
|
||||
remoteTimeout: "5000"
|
||||
encoding:
|
||||
media-type: "application/x-protostream"
|
||||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-b: # <2>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-sessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-work[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
|
@ -438,16 +289,16 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
site-b: # <2>
|
||||
site-b: # <3>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
strategy: "SYNC" # <4>
|
||||
timeout: "4500" # <5>
|
||||
failurePolicy: "FAIL" # <6>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-work[]
|
||||
|
@ -478,7 +329,7 @@ spec:
|
|||
configListener:
|
||||
enabled: false
|
||||
container:
|
||||
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000'
|
||||
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000'
|
||||
logging:
|
||||
categories:
|
||||
org.infinispan: info
|
||||
|
|
|
@ -1,4 +1,16 @@
|
|||
---
|
||||
# Source: ispn-helm/templates/infinispan-alerts.yaml
|
||||
# tag::fencing-secret[]
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: kubernetes.io/basic-auth
|
||||
metadata:
|
||||
name: webhook-credentials
|
||||
stringData:
|
||||
username: 'keycloak' # <1>
|
||||
password: 'changme' # <2>
|
||||
# end::fencing-secret[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# There are several callouts in this YAML marked with `# <1>' etc. See 'running/infinispan-deployment.adoc` for the details.# tag::infinispan-credentials[]
|
||||
apiVersion: v1
|
||||
|
@ -113,15 +125,44 @@ data:
|
|||
batch: |+
|
||||
clearcache actionTokens
|
||||
clearcache authenticationSessions
|
||||
clearcache clientSessions
|
||||
clearcache loginFailures
|
||||
clearcache offlineClientSessions
|
||||
clearcache offlineSessions
|
||||
clearcache sessions
|
||||
clearcache work
|
||||
|
||||
# end::infinispan-crossdc-clear-caches[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan-alerts.yaml
|
||||
# tag::fencing-alert-manager-config[]
|
||||
apiVersion: monitoring.coreos.com/v1beta1
|
||||
kind: AlertmanagerConfig
|
||||
metadata:
|
||||
name: example-routing
|
||||
spec:
|
||||
route:
|
||||
receiver: default
|
||||
groupBy:
|
||||
- accelerator
|
||||
groupInterval: 90s
|
||||
groupWait: 60s
|
||||
matchers:
|
||||
- matchType: =
|
||||
name: alertname
|
||||
value: SiteOffline
|
||||
receivers:
|
||||
- name: default
|
||||
webhookConfigs:
|
||||
- url: 'https://tjqr2vgc664b6noj6vugprakoq0oausj.lambda-url.eu-west-1.on.aws/' # <3>
|
||||
httpConfig:
|
||||
basicAuth:
|
||||
username:
|
||||
key: username
|
||||
name: webhook-credentials
|
||||
password:
|
||||
key: password
|
||||
name: webhook-credentials
|
||||
tlsConfig:
|
||||
insecureSkipVerify: true
|
||||
# end::fencing-alert-manager-config[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-actionTokens[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
|
@ -143,16 +184,16 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
site-a: # <2>
|
||||
site-a: # <3>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
strategy: "SYNC" # <4>
|
||||
timeout: "4500" # <5>
|
||||
failurePolicy: "FAIL" # <6>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-actionTokens[]
|
||||
|
@ -178,58 +219,21 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-a: # <2>
|
||||
site-a: # <3>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
strategy: "SYNC" # <4>
|
||||
timeout: "4500" # <5>
|
||||
failurePolicy: "FAIL" # <6>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-authenticationSessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-clientSessions[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
metadata:
|
||||
name: clientsessions
|
||||
namespace: keycloak
|
||||
spec:
|
||||
clusterName: infinispan
|
||||
name: clientSessions
|
||||
template: |-
|
||||
distributedCache:
|
||||
mode: "SYNC"
|
||||
owners: "2"
|
||||
statistics: "true"
|
||||
remoteTimeout: "5000"
|
||||
encoding:
|
||||
media-type: "application/x-protostream"
|
||||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-a: # <2>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-clientSessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-loginFailures[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
|
@ -250,129 +254,21 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
site-a: # <2>
|
||||
site-a: # <3>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
strategy: "SYNC" # <4>
|
||||
timeout: "4500" # <5>
|
||||
failurePolicy: "FAIL" # <6>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-loginFailures[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-offlineClientSessions[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
metadata:
|
||||
name: offlineclientsessions
|
||||
namespace: keycloak
|
||||
spec:
|
||||
clusterName: infinispan
|
||||
name: offlineClientSessions
|
||||
template: |-
|
||||
distributedCache:
|
||||
mode: "SYNC"
|
||||
owners: "2"
|
||||
statistics: "true"
|
||||
remoteTimeout: "5000"
|
||||
encoding:
|
||||
media-type: "application/x-protostream"
|
||||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-a: # <2>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-offlineClientSessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-offlineSessions[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
metadata:
|
||||
name: offlinesessions
|
||||
namespace: keycloak
|
||||
spec:
|
||||
clusterName: infinispan
|
||||
name: offlineSessions
|
||||
template: |-
|
||||
distributedCache:
|
||||
mode: "SYNC"
|
||||
owners: "2"
|
||||
statistics: "true"
|
||||
remoteTimeout: "5000"
|
||||
encoding:
|
||||
media-type: "application/x-protostream"
|
||||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-a: # <2>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-offlineSessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-sessions[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
metadata:
|
||||
name: sessions
|
||||
namespace: keycloak
|
||||
spec:
|
||||
clusterName: infinispan
|
||||
name: sessions
|
||||
template: |-
|
||||
distributedCache:
|
||||
mode: "SYNC"
|
||||
owners: "2"
|
||||
statistics: "true"
|
||||
remoteTimeout: "5000"
|
||||
encoding:
|
||||
media-type: "application/x-protostream"
|
||||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
mergePolicy: "ALWAYS_REMOVE" # <1>
|
||||
site-a: # <2>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-sessions[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan.yaml
|
||||
# tag::infinispan-cache-work[]
|
||||
apiVersion: infinispan.org/v2alpha1
|
||||
kind: Cache
|
||||
|
@ -393,16 +289,16 @@ spec:
|
|||
locking:
|
||||
acquireTimeout: "4000"
|
||||
transaction:
|
||||
mode: "NONE"
|
||||
locking: "PESSIMISTIC"
|
||||
mode: "NON_XA" # <1>
|
||||
locking: "PESSIMISTIC" # <2>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
backups:
|
||||
site-a: # <2>
|
||||
site-a: # <3>
|
||||
backup:
|
||||
strategy: "SYNC" # <3>
|
||||
timeout: "4500"
|
||||
failurePolicy: "WARN"
|
||||
strategy: "SYNC" # <4>
|
||||
timeout: "4500" # <5>
|
||||
failurePolicy: "FAIL" # <6>
|
||||
stateTransfer:
|
||||
chunkSize: "16"
|
||||
# end::infinispan-cache-work[]
|
||||
|
@ -433,7 +329,7 @@ spec:
|
|||
configListener:
|
||||
enabled: false
|
||||
container:
|
||||
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=15000'
|
||||
extraJvmOpts: '-Dorg.infinispan.openssl=false -Dinfinispan.cluster.name=ISPN -Djgroups.xsite.fd.interval=2000 -Djgroups.xsite.fd.timeout=10000'
|
||||
logging:
|
||||
categories:
|
||||
org.infinispan: info
|
||||
|
@ -478,3 +374,21 @@ spec:
|
|||
secretName: xsite-token-secret # <14>
|
||||
|
||||
# end::infinispan-crossdc[]
|
||||
---
|
||||
# Source: ispn-helm/templates/infinispan-alerts.yaml
|
||||
# tag::fencing-prometheus-rule[]
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: xsite-status
|
||||
spec:
|
||||
groups:
|
||||
- name: xsite-status
|
||||
rules:
|
||||
- alert: SiteOffline
|
||||
expr: 'min by (namespace, site) (vendor_jgroups_site_view_status{namespace="default",site="site-a"}) == 0' # <4>
|
||||
labels:
|
||||
severity: critical
|
||||
reporter: site-b # <5>
|
||||
accelerator: a3da6a6cbd4e27b02.awsglobalaccelerator.com # <6>
|
||||
# end::fencing-prometheus-rule[]
|
||||
|
|
|
@ -54,7 +54,7 @@ metadata:
|
|||
name: keycloak-providers
|
||||
namespace: keycloak
|
||||
binaryData:
|
||||
keycloak-benchmark-dataset-0.13-SNAPSHOT.jar: ...
|
||||
keycloak-benchmark-dataset-0.14-SNAPSHOT.jar: ...
|
||||
---
|
||||
# Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml
|
||||
apiVersion: v1
|
||||
|
@ -457,6 +457,7 @@ spec:
|
|||
# tag::keycloak-ispn[]
|
||||
additionalOptions:
|
||||
# end::keycloak-ispn[]
|
||||
|
||||
# end::keycloak[]
|
||||
- name: http-metrics-histograms-enabled
|
||||
value: 'true'
|
||||
|
@ -499,7 +500,7 @@ spec:
|
|||
podTemplate:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: d0810a69cecfbd99a7527cb6d30decb179d7a7ee548119fc19d34f3ce2a777a7-9bfd430c6539df907f0421bb34c92fb32194d461565bd342f7f96ff5a5408273-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-v1.27.0
|
||||
checksum/config: 90d2c8ddd9b32fd443c5823cee0ef790ce58657d13e9d668e48e1ad696b2403a-9bfd430c6539df907f0421bb34c92fb32194d461565bd342f7f96ff5a5408273-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
|
@ -516,7 +517,6 @@ spec:
|
|||
name: keycloak-preconfigured-admin
|
||||
key: password
|
||||
optional: false
|
||||
# JMX is disabled as it breaks Quarkus configuration. Issue is tracked in https://github.com/keycloak/keycloak-benchmark/issues/840
|
||||
- name: JAVA_OPTS_APPEND # <5>
|
||||
value: ""
|
||||
ports:
|
||||
|
@ -531,8 +531,8 @@ spec:
|
|||
# - 'true'
|
||||
volumeMounts:
|
||||
- name: keycloak-providers
|
||||
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.13-SNAPSHOT.jar
|
||||
subPath: keycloak-benchmark-dataset-0.13-SNAPSHOT.jar
|
||||
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.14-SNAPSHOT.jar
|
||||
subPath: keycloak-benchmark-dataset-0.14-SNAPSHOT.jar
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: keycloak-providers
|
||||
|
|
|
@ -41,7 +41,7 @@ metadata:
|
|||
name: keycloak-providers
|
||||
namespace: keycloak
|
||||
binaryData:
|
||||
keycloak-benchmark-dataset-0.13-SNAPSHOT.jar: ...
|
||||
keycloak-benchmark-dataset-0.14-SNAPSHOT.jar: ...
|
||||
---
|
||||
# Source: keycloak/templates/postgres/postgres-exporter-configmap.yaml
|
||||
apiVersion: v1
|
||||
|
@ -446,6 +446,7 @@ spec:
|
|||
# tag::keycloak-ispn[]
|
||||
additionalOptions:
|
||||
# end::keycloak-ispn[]
|
||||
|
||||
# end::keycloak[]
|
||||
- name: http-metrics-histograms-enabled
|
||||
value: 'true'
|
||||
|
@ -489,7 +490,7 @@ spec:
|
|||
podTemplate:
|
||||
metadata:
|
||||
annotations:
|
||||
checksum/config: d0810a69cecfbd99a7527cb6d30decb179d7a7ee548119fc19d34f3ce2a777a7-9af6f9e8393229798cfb789798e36f84e39803616fe3e51b2a38e3ce05830565-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-v1.27.0
|
||||
checksum/config: 90d2c8ddd9b32fd443c5823cee0ef790ce58657d13e9d668e48e1ad696b2403a-9af6f9e8393229798cfb789798e36f84e39803616fe3e51b2a38e3ce05830565-<KEYCLOAK_IMAGE_HERE>-01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
|
@ -506,11 +507,9 @@ spec:
|
|||
name: keycloak-preconfigured-admin
|
||||
key: password
|
||||
optional: false
|
||||
# JMX is disabled as it breaks Quarkus configuration. Issue is tracked in https://github.com/keycloak/keycloak-benchmark/issues/840
|
||||
- name: JAVA_OPTS_APPEND # <5>
|
||||
value: ""
|
||||
ports:
|
||||
# end::keycloak[]
|
||||
# readinessProbe:
|
||||
# exec:
|
||||
# command:
|
||||
|
@ -521,8 +520,8 @@ spec:
|
|||
# - 'true'
|
||||
volumeMounts:
|
||||
- name: keycloak-providers
|
||||
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.13-SNAPSHOT.jar
|
||||
subPath: keycloak-benchmark-dataset-0.13-SNAPSHOT.jar
|
||||
mountPath: /opt/keycloak/providers/keycloak-benchmark-dataset-0.14-SNAPSHOT.jar
|
||||
subPath: keycloak-benchmark-dataset-0.14-SNAPSHOT.jar
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: keycloak-providers
|
||||
|
|
|
@ -11,12 +11,8 @@ site take-offline --all-caches --site={keep-site-name}
|
|||
[source,bash,subs="+attributes"]
|
||||
----
|
||||
{
|
||||
"offlineClientSessions" : "ok",
|
||||
"authenticationSessions" : "ok",
|
||||
"sessions" : "ok",
|
||||
"clientSessions" : "ok",
|
||||
"work" : "ok",
|
||||
"offlineSessions" : "ok",
|
||||
"loginFailures" : "ok",
|
||||
"actionTokens" : "ok"
|
||||
}
|
||||
|
@ -49,11 +45,7 @@ WARNING: Make sure the replication is `offline` otherwise the clear data will cl
|
|||
----
|
||||
clearcache actionTokens
|
||||
clearcache authenticationSessions
|
||||
clearcache clientSessions
|
||||
clearcache loginFailures
|
||||
clearcache offlineClientSessions
|
||||
clearcache offlineSessions
|
||||
clearcache sessions
|
||||
clearcache work
|
||||
----
|
||||
+
|
||||
|
@ -71,12 +63,8 @@ site bring-online --all-caches --site={keep-site-name}
|
|||
[source,bash,subs="+attributes"]
|
||||
----
|
||||
{
|
||||
"offlineClientSessions" : "ok",
|
||||
"authenticationSessions" : "ok",
|
||||
"sessions" : "ok",
|
||||
"clientSessions" : "ok",
|
||||
"work" : "ok",
|
||||
"offlineSessions" : "ok",
|
||||
"loginFailures" : "ok",
|
||||
"actionTokens" : "ok"
|
||||
}
|
||||
|
|
|
@ -10,12 +10,8 @@ site push-site-state --all-caches --site={stale-site-name}
|
|||
[source,bash,subs="+attributes"]
|
||||
----
|
||||
{
|
||||
"offlineClientSessions" : "ok",
|
||||
"authenticationSessions" : "ok",
|
||||
"sessions" : "ok",
|
||||
"clientSessions" : "ok",
|
||||
"work" : "ok",
|
||||
"offlineSessions" : "ok",
|
||||
"loginFailures" : "ok",
|
||||
"actionTokens" : "ok"
|
||||
}
|
||||
|
@ -44,11 +40,7 @@ site status --all-caches --site={stale-site-name}
|
|||
----
|
||||
site push-site-status --cache=actionTokens
|
||||
site push-site-status --cache=authenticationSessions
|
||||
site push-site-status --cache=clientSessions
|
||||
site push-site-status --cache=loginFailures
|
||||
site push-site-status --cache=offlineClientSessions
|
||||
site push-site-status --cache=offlineSessions
|
||||
site push-site-status --cache=sessions
|
||||
site push-site-status --cache=work
|
||||
----
|
||||
+
|
||||
|
@ -67,18 +59,6 @@ site push-site-status --cache=work
|
|||
{
|
||||
"{stale-site-name}" : "OK"
|
||||
}
|
||||
{
|
||||
"{stale-site-name}" : "OK"
|
||||
}
|
||||
{
|
||||
"{stale-site-name}" : "OK"
|
||||
}
|
||||
{
|
||||
"{stale-site-name}" : "OK"
|
||||
}
|
||||
{
|
||||
"{stale-site-name}" : "OK"
|
||||
}
|
||||
----
|
||||
+
|
||||
Check the table in {infinispan-xsite-docs}#rest_v2_xsite_state_push_cross-site-operations-rest[this section for the Cross-Site Documentation] for the possible status values.
|
||||
|
@ -98,11 +78,7 @@ site push-site-state --cache=<cache-name> --site={stale-site-name}
|
|||
----
|
||||
site clear-push-site-status --cache=actionTokens
|
||||
site clear-push-site-status --cache=authenticationSessions
|
||||
site clear-push-site-status --cache=clientSessions
|
||||
site clear-push-site-status --cache=loginFailures
|
||||
site clear-push-site-status --cache=offlineClientSessions
|
||||
site clear-push-site-status --cache=offlineSessions
|
||||
site clear-push-site-status --cache=sessions
|
||||
site clear-push-site-status --cache=work
|
||||
----
|
||||
+
|
||||
|
@ -113,8 +89,4 @@ site clear-push-site-status --cache=work
|
|||
"ok"
|
||||
"ok"
|
||||
"ok"
|
||||
"ok"
|
||||
"ok"
|
||||
"ok"
|
||||
"ok"
|
||||
----
|
||||
|
|
Loading…
Reference in a new issue