diff --git a/server_installation/topics/operating-mode/crossdc.adoc b/server_installation/topics/operating-mode/crossdc.adoc index d7bc5c30f4..0325b5d989 100644 --- a/server_installation/topics/operating-mode/crossdc.adoc +++ b/server_installation/topics/operating-mode/crossdc.adoc @@ -323,6 +323,12 @@ Issues related to authorization may exist just for some other versions of {jdgse + It is currently required to have different configuration files for the JDG servers on both sites as the Infinispan subsystem does not support replacing site names with expressions. See link:https://issues.redhat.com/browse/WFLY-9458[this issue] for more details. +NOTE: The _PUBLIC_IP_ADDRESS_ below refers to the IP address or hostname, which can be used for your server to bind to. Note that +every {jdgserver_name} server and {project_name} server needs to use different address. During example setup with all the servers running on the same host, +you may need to add the option `-Djboss.bind.address.management=_PUBLIC_IP_ADDRESS_` as every server needs to use also different management interface. +But this option usually should be omitted in production environments to avoid the ability for remote access to your server. For more information, +see the link:{appserver_socket_link}[_{appserver_socket_name}_]. + . Start server `jdg1`: + [source,subs="+quotes"] @@ -386,13 +392,6 @@ In production you will likely need to have a separate database server in every d ``` + -.. Add this `module` attribute under `cache-container` element of name `keycloak` : -+ -```xml - -``` -+ - .. Add the `remote-store` under `work` cache: + ```xml @@ -402,6 +401,9 @@ In production you will likely need to have a separate database server in every d org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory ifeval::[{project_product}==true] 2.6 +endif::[] +ifeval::[{project_community}==true] + 2.9 endif::[] @@ -417,6 +419,9 @@ endif::[] org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory ifeval::[{project_product}==true] 2.6 +endif::[] +ifeval::[{project_community}==true] + 2.9 endif::[] @@ -432,6 +437,9 @@ endif::[] org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory ifeval::[{project_product}==true] 2.6 +endif::[] +ifeval::[{project_community}==true] + 2.9 endif::[] @@ -442,6 +450,9 @@ endif::[] org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory ifeval::[{project_product}==true] 2.6 +endif::[] +ifeval::[{project_community}==true] + 2.9 endif::[] @@ -452,6 +463,9 @@ endif::[] org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory ifeval::[{project_product}==true] 2.6 +endif::[] +ifeval::[{project_community}==true] + 2.9 endif::[] @@ -462,6 +476,9 @@ endif::[] org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory ifeval::[{project_product}==true] 2.6 +endif::[] +ifeval::[{project_community}==true] + 2.9 endif::[] @@ -474,6 +491,9 @@ endif::[] org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory ifeval::[{project_product}==true] 2.6 +endif::[] +ifeval::[{project_community}==true] + 2.9 endif::[] @@ -491,6 +511,20 @@ endif::[] .. The configuration of distributed cache `authenticationSessions` and other caches is left unchanged. +.. It is recommended to add the `remoteStoreSecurityEnabled` property with the value of `false` (or eventually `true` if you enabled security +for the {jdgserver_name} servers as described above) to the `connectionsInfinispan` SPI in the `keycloak-server` subsystem: ++ +```xml + + ... + + + ... + + + ... +``` + .. Optionally enable DEBUG logging under the `logging` subsystem: + ```xml diff --git a/topics/templates/document-attributes-community.adoc b/topics/templates/document-attributes-community.adoc index f100e2660f..4c5906b05c 100644 --- a/topics/templates/document-attributes-community.adoc +++ b/topics/templates/document-attributes-community.adoc @@ -102,7 +102,7 @@ endif::[] :appserver_name: WildFly :appserver_dirref: WILDFLY_HOME -:appserver_version: 18 +:appserver_version: 20 :appserver_doc_base_url: http://docs.wildfly.org/{appserver_version} :appserver_socket_link: {appserver_doc_base_url}/Admin_Guide.html#Interfaces_and_ports @@ -123,7 +123,7 @@ endif::[] :appserver_loadbalancer_name: {appserver_name} {appserver_version} Documentation :jdgserver_name: Infinispan -:jdgserver_version: 9.4.16 +:jdgserver_version: 9.4.18 :jdgserver_crossdcdocs_link: https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_user_guide/x_site_replication :fuseVersion: JBoss Fuse 6.3.0 Rollup 12 @@ -133,7 +133,7 @@ endif::[] :fuse7Version: JBoss Fuse 7.4.0 :subsystem_undertow_xml_urn: urn:jboss:domain:undertow:10.0 -:subsystem_infinispan_xml_urn: urn:jboss:domain:infinispan:9.0 +:subsystem_infinispan_xml_urn: urn:jboss:domain:infinispan:10.0 :subsystem_datasources_xml_urn: urn:jboss:domain:datasources:5.0 :saml_adapter_xsd_urn: https://www.keycloak.org/schema/keycloak_saml_adapter_1_10.xsd :generic_adapter_name: keycloak-gatekeeper diff --git a/upgrading/topics/keycloak/changes.adoc b/upgrading/topics/keycloak/changes.adoc index 8b94afda5f..4fc1f2b059 100644 --- a/upgrading/topics/keycloak/changes.adoc +++ b/upgrading/topics/keycloak/changes.adoc @@ -2,6 +2,28 @@ === Migrating to 11.0.0 +==== Upgrade to Wildfly 20 + +The {project_name} server was upgraded to use Wildfly 20 as the underlying container. This does not directly involve any +specific {project_name} server functionality, but there are few changes related to the migration, which are worth mentioning. + +Dependency updates:: + The dependencies were updated to the versions used by Wildfly 20 server. For example, Infinispan is now 10.1.8.Final. + +Configuration changes:: + There are few configuration changes in the `standalone(-ha).xml` and `domain.xml` files. You should follow the <<_install_new_version>> + section to handle the migration of configuration files automatically. + +Cross-Datacenter Replication changes:: + * You will need to upgrade {jdgserver_name} server to version {jdgserver_version}. The older version may still work, but it is + not guaranteed as they are not tested anymore. + * It is recommended to use the `protocolVersion` property added to the `remote-store` element when configuring Infinispan caches. + When connecting to the {jdgserver_name} server 9.4.18, the recommended version of the hotrod protocol version is 2.9 as the Infinispan + library version differs among {project_name} server and {jdgserver_name} server. For more details, see the + Cross-Datacenter documentation. + * It is recommended to use `remoteStoreSecurityEnabled` property under `connectionsInfinispan` subsystem. For more details, + see the Cross-Datacenter documentation. + ==== LDAP no-import bugfix In the previous {project_name} version, when the LDAP provider was configured with `Import Users` OFF, it was possible to update the @@ -183,7 +205,7 @@ Cross-Datacenter Replication changes:: ==== Upgrade to Wildfly 16 The {project_name} server was upgraded to use Wildfly 16 as the underlying container. This does not directly involve any -specific {project_name} server functionality, but there are few changes related to the migration, which worth mentioning. +specific {project_name} server functionality, but there are few changes related to the migration, which are worth mentioning. Dependency updates:: The dependencies were updated to the versions used by Wildfly 16 server. For example, Infinispan is now 9.4.8.Final.