KEYCLOAK-4713 Update domain mode config for EAP 7.1

This commit is contained in:
Stian Thorgersen 2017-04-26 15:17:11 +02:00
parent 2913ee8e23
commit 4b417c5ae8
6 changed files with 113 additions and 128 deletions

View file

@ -15,24 +15,11 @@
~ See the License for the specific language governing permissions and ~ See the License for the specific language governing permissions and
~ limitations under the License. ~ limitations under the License.
--> -->
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config> <config>
<subsystems name="load-balancer">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem supplement="domain">jmx.xml</subsystem>
<subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem>
<subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem>
</subsystems>
<subsystems name="auth-server-standalone"> <subsystems name="auth-server-standalone">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem> <subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem> <subsystem>bean-validation.xml</subsystem>
<subsystem>core-management.xml</subsystem>
<subsystem supplement="default">keycloak-datasources.xml</subsystem> <subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem> <subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem> <subsystem>ejb3.xml</subsystem>
@ -48,17 +35,18 @@
<subsystem>naming.xml</subsystem> <subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem> <subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem> <subsystem>request-controller.xml</subsystem>
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem> <subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem> <subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem> <subsystem>transactions.xml</subsystem>
<subsystem>undertow.xml</subsystem> <subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem> <subsystem>keycloak-server.xml</subsystem>
</subsystems> </subsystems>
<subsystems name="auth-server-clustered"> <subsystems name="auth-server-clustered">
<!-- Each subsystem to be included relative to the src/main/resources directory --> <!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem> <subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem> <subsystem>bean-validation.xml</subsystem>
<subsystem>core-management.xml</subsystem>
<subsystem supplement="domain">keycloak-datasources.xml</subsystem> <subsystem supplement="domain">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem> <subsystem>ee.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem> <subsystem supplement="ha">ejb3.xml</subsystem>
@ -76,10 +64,16 @@
<subsystem>naming.xml</subsystem> <subsystem>naming.xml</subsystem>
<subsystem>remoting.xml</subsystem> <subsystem>remoting.xml</subsystem>
<subsystem>request-controller.xml</subsystem> <subsystem>request-controller.xml</subsystem>
<subsystem supplement="domain-wildfly">elytron.xml</subsystem>
<subsystem>security.xml</subsystem> <subsystem>security.xml</subsystem>
<subsystem>security-manager.xml</subsystem> <subsystem>security-manager.xml</subsystem>
<subsystem>transactions.xml</subsystem> <subsystem>transactions.xml</subsystem>
<subsystem supplement="ha">undertow.xml</subsystem> <subsystem supplement="ha">undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem> <subsystem>keycloak-server.xml</subsystem>
</subsystems> </subsystems>
<subsystems name="load-balancer">
<subsystem>logging.xml</subsystem>
<subsystem>io.xml</subsystem>
<subsystem>undertow-load-balancer.xml</subsystem>
</subsystems>
</config> </config>

View file

@ -17,7 +17,7 @@
~ limitations under the License. ~ limitations under the License.
--> -->
<domain xmlns="urn:jboss:domain:4.0"> <domain xmlns="urn:jboss:domain:5.0">
<extensions> <extensions>
<?EXTENSIONS?> <?EXTENSIONS?>
@ -60,31 +60,6 @@
--> -->
<profile name="load-balancer"> <profile name="load-balancer">
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?> <?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="lb-handler"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<reverse-proxy name="lb-handler">
<host name="host1" outbound-socket-binding="remote-host1" scheme="ajp" path="/" instance-id="myroute1"/>
<host name="host2" outbound-socket-binding="remote-host2" scheme="ajp" path="/" instance-id="myroute2"/>
</reverse-proxy>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
</profile> </profile>
</profiles> </profiles>
@ -96,12 +71,8 @@
These default configurations require the binding specification to be done in host.xml. These default configurations require the binding specification to be done in host.xml.
--> -->
<interfaces> <interfaces>
<interface name="management"> <interface name="management"/>
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/> <interface name="public"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<?INTERFACES?> <?INTERFACES?>
</interfaces> </interfaces>
@ -114,20 +85,19 @@
</socket-binding-group> </socket-binding-group>
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one --> <!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
<socket-binding-group name="load-balancer-sockets" default-interface="public"> <socket-binding-group name="load-balancer-sockets" default-interface="public">
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <!-- Needed for server groups using the 'load-balancer' profile -->
<socket-binding name="http" port="${jboss.http.port:8080}"/>
<socket-binding name="https" port="${jboss.https.port:8443}"/>
<outbound-socket-binding name="remote-host1">
<remote-destination host="localhost" port="8159"/>
</outbound-socket-binding>
<outbound-socket-binding name="remote-host2">
<remote-destination host="localhost" port="8259"/>
</outbound-socket-binding>
<?SOCKET-BINDINGS?> <?SOCKET-BINDINGS?>
</socket-binding-group> </socket-binding-group>
</socket-binding-groups> </socket-binding-groups>
<server-groups> <server-groups>
<server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="ha-sockets"/>
</server-group>
<!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one --> <!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
<server-group name="load-balancer-group" profile="load-balancer"> <server-group name="load-balancer-group" profile="load-balancer">
<jvm name="default"> <jvm name="default">
@ -135,12 +105,6 @@
</jvm> </jvm>
<socket-binding-group ref="load-balancer-sockets"/> <socket-binding-group ref="load-balancer-sockets"/>
</server-group> </server-group>
<server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
<socket-binding-group ref="ha-sockets"/>
</server-group>
</server-groups> </server-groups>
</domain> </domain>

View file

@ -22,7 +22,7 @@
is also started by this host controller file. The other instance must be started is also started by this host controller file. The other instance must be started
via host-slave.xml via host-slave.xml
--> -->
<host name="master" xmlns="urn:jboss:domain:4.0"> <host name="master" xmlns="urn:jboss:domain:5.0">
<extensions> <extensions>
<?EXTENSIONS?> <?EXTENSIONS?>
</extensions> </extensions>
@ -39,6 +39,11 @@
</authorization> </authorization>
</security-realm> </security-realm>
<security-realm name="ApplicationRealm"> <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication> <authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/> <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/> <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@ -53,8 +58,8 @@
<json-formatter name="json-formatter"/> <json-formatter name="json-formatter"/>
</formatters> </formatters>
<handlers> <handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/> <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers> </handlers>
<logger log-boot="true" log-read-only="false" enabled="false"> <logger log-boot="true" log-read-only="false" enabled="false">
<handlers> <handlers>
@ -71,7 +76,8 @@
<native-interface security-realm="ManagementRealm"> <native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/> <socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface> </native-interface>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true"> <http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/> <socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface> </http-interface>
</management-interfaces> </management-interfaces>
@ -98,6 +104,8 @@
<heap size="64m" max-size="256m"/> <heap size="64m" max-size="256m"/>
<jvm-options> <jvm-options>
<option value="-server"/> <option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options> </jvm-options>
</jvm> </jvm>
</jvms> </jvms>

View file

@ -17,7 +17,7 @@
~ limitations under the License. ~ limitations under the License.
--> -->
<host xmlns="urn:jboss:domain:4.0"> <host xmlns="urn:jboss:domain:5.0">
<extensions> <extensions>
<?EXTENSIONS?> <?EXTENSIONS?>
</extensions> </extensions>
@ -27,7 +27,7 @@
<security-realm name="ManagementRealm"> <security-realm name="ManagementRealm">
<server-identities> <server-identities>
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression --> <!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
<secret value="c2xhdmVfdXNlcl9wYXNzd29yZA=="/> <secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
</server-identities> </server-identities>
<authentication> <authentication>
@ -39,6 +39,11 @@
</authorization> </authorization>
</security-realm> </security-realm>
<security-realm name="ApplicationRealm"> <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication> <authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/> <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/> <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@ -53,8 +58,8 @@
<json-formatter name="json-formatter"/> <json-formatter name="json-formatter"/>
</formatters> </formatters>
<handlers> <handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/> <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers> </handlers>
<logger log-boot="true" log-read-only="false" enabled="false"> <logger log-boot="true" log-read-only="false" enabled="false">
<handlers> <handlers>
@ -69,15 +74,15 @@
</audit-log> </audit-log>
<management-interfaces> <management-interfaces>
<native-interface security-realm="ManagementRealm"> <native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:3456}"/> <socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface> </native-interface>
</management-interfaces> </management-interfaces>
</management> </management>
<domain-controller> <domain-controller>
<remote security-realm="ManagementRealm"> <remote username="$local" security-realm="ManagementRealm">
<discovery-options> <discovery-options>
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/> <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}"/>
</discovery-options> </discovery-options>
</remote> </remote>
</domain-controller> </domain-controller>
@ -99,6 +104,8 @@
<heap size="64m" max-size="256m"/> <heap size="64m" max-size="256m"/>
<jvm-options> <jvm-options>
<option value="-server"/> <option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options> </jvm-options>
</jvm> </jvm>
</jvms> </jvms>

View file

@ -23,7 +23,7 @@
via host-slave.xml via host-slave.xml
--> -->
<host name="master" xmlns="urn:jboss:domain:4.0"> <host name="master" xmlns="urn:jboss:domain:5.0">
<extensions> <extensions>
<?EXTENSIONS?> <?EXTENSIONS?>
</extensions> </extensions>
@ -40,6 +40,11 @@
</authorization> </authorization>
</security-realm> </security-realm>
<security-realm name="ApplicationRealm"> <security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication> <authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/> <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/> <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@ -54,8 +59,8 @@
<json-formatter name="json-formatter"/> <json-formatter name="json-formatter"/>
</formatters> </formatters>
<handlers> <handlers>
<file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/> <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
<file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers> </handlers>
<logger log-boot="true" log-read-only="false" enabled="false"> <logger log-boot="true" log-read-only="false" enabled="false">
<handlers> <handlers>
@ -72,7 +77,8 @@
<native-interface security-realm="ManagementRealm"> <native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/> <socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface> </native-interface>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true"> <http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/> <socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface> </http-interface>
</management-interfaces> </management-interfaces>
@ -80,6 +86,8 @@
<domain-controller> <domain-controller>
<local/> <local/>
<!-- Alternative remote domain controller configuration with a host and port -->
<!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller> </domain-controller>
<interfaces> <interfaces>
@ -99,6 +107,8 @@
<heap size="64m" max-size="256m"/> <heap size="64m" max-size="256m"/>
<jvm-options> <jvm-options>
<option value="-server"/> <option value="-server"/>
<option value="-XX:MetaspaceSize=96m"/>
<option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options> </jvm-options>
</jvm> </jvm>
</jvms> </jvms>

View file

@ -19,6 +19,8 @@
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works --> <!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config> <config>
<subsystems> <subsystems>
<subsystem>core-management.xml</subsystem>
<subsystem>jmx.xml</subsystem> <subsystem>jmx.xml</subsystem>
<subsystem supplement="host">elytron.xml</subsystem>
</subsystems> </subsystems>
</config> </config>