Introduce new CLI config options for Infinispan remote store
Closes #25676 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Vlasta Ramik
GitHub
parent
a3b3ee4b87
commit
ade3b31a91
18 changed files with 429 additions and 8 deletions
|
|
@ -146,6 +146,12 @@ To specify your own cache configuration file, enter this command:
|
|||
|
||||
The configuration file is relative to the `conf/` directory.
|
||||
|
||||
=== CLI options for remote server
|
||||
|
||||
For configuration of {project_name} server for high availability and multi-node clustered setup there was introduced following CLI options `cache-remote-host`, `cache-remote-port`, `cache-remote-username` and `cache-remote-password` simplifying configuration within the XML file.
|
||||
Once any of declared CLI parameters are present, it is expected there is no configuration related to remote store present in the XML file.
|
||||
|
||||
|
||||
== Transport stacks
|
||||
Transport stacks ensure that distributed cache nodes in a cluster communicate in a reliable fashion.
|
||||
{project_name} supports a wide range of transport stacks:
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
|
||||
package org.keycloak.connections.infinispan;
|
||||
|
||||
import java.util.List;
|
||||
import org.infinispan.Cache;
|
||||
import org.infinispan.client.hotrod.RemoteCache;
|
||||
import org.keycloak.provider.Provider;
|
||||
|
|
@ -84,6 +85,17 @@ public interface InfinispanConnectionProvider extends Provider {
|
|||
KEYS_CACHE_NAME
|
||||
};
|
||||
|
||||
// list of cache name which could be defined as distributed or replicated
|
||||
public static List<String> DISTRIBUTED_REPLICATED_CACHE_NAMES = List.of(
|
||||
USER_SESSION_CACHE_NAME,
|
||||
CLIENT_SESSION_CACHE_NAME,
|
||||
OFFLINE_USER_SESSION_CACHE_NAME,
|
||||
OFFLINE_CLIENT_SESSION_CACHE_NAME,
|
||||
LOGIN_FAILURE_CACHE_NAME,
|
||||
AUTHENTICATION_SESSIONS_CACHE_NAME,
|
||||
ACTION_TOKEN_CACHE,
|
||||
WORK_CACHE_NAME);
|
||||
|
||||
/**
|
||||
*
|
||||
* Effectively the same as {@link InfinispanConnectionProvider#getCache(String, boolean)} with createIfAbsent set to {@code true}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ import java.io.File;
|
|||
|
||||
public class CachingOptions {
|
||||
|
||||
public static final String CACHE_CONFIG_FILE_PROPERTY = "cache-config-file";
|
||||
|
||||
private static final String CACHE_EMBEDDED_MTLS_PREFIX = "cache-embedded-mtls";
|
||||
public static final String CACHE_EMBEDDED_MTLS_ENABLED_PROPERTY = CACHE_EMBEDDED_MTLS_PREFIX + "-enabled";
|
||||
public static final String CACHE_EMBEDDED_MTLS_KEYSTORE_FILE_PROPERTY = CACHE_EMBEDDED_MTLS_PREFIX + "-key-store-file";
|
||||
|
|
@ -11,6 +13,12 @@ public class CachingOptions {
|
|||
public static final String CACHE_EMBEDDED_MTLS_TRUSTSTORE_FILE_PROPERTY = CACHE_EMBEDDED_MTLS_PREFIX + "-trust-store-file";
|
||||
public static final String CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD_PROPERTY = CACHE_EMBEDDED_MTLS_PREFIX + "-trust-store-password";
|
||||
|
||||
private static final String CACHE_REMOTE_PREFIX = "cache-remote";
|
||||
public static final String CACHE_REMOTE_HOST_PROPERTY = CACHE_REMOTE_PREFIX + "-host";
|
||||
public static final String CACHE_REMOTE_PORT_PROPERTY = CACHE_REMOTE_PREFIX + "-port";
|
||||
public static final String CACHE_REMOTE_USERNAME_PROPERTY = CACHE_REMOTE_PREFIX + "-username";
|
||||
public static final String CACHE_REMOTE_PASSWORD_PROPERTY = CACHE_REMOTE_PREFIX + "-password";
|
||||
|
||||
public enum Mechanism {
|
||||
ispn,
|
||||
local
|
||||
|
|
@ -41,7 +49,7 @@ public class CachingOptions {
|
|||
.buildTime(true)
|
||||
.build();
|
||||
|
||||
public static final Option<File> CACHE_CONFIG_FILE = new OptionBuilder<>("cache-config-file", File.class)
|
||||
public static final Option<File> CACHE_CONFIG_FILE = new OptionBuilder<>(CACHE_CONFIG_FILE_PROPERTY, File.class)
|
||||
.category(OptionCategory.CACHE)
|
||||
.description("Defines the file from which cache configuration should be loaded from. "
|
||||
+ "The configuration file is relative to the 'conf/' directory.")
|
||||
|
|
@ -82,4 +90,36 @@ public class CachingOptions {
|
|||
.buildTime(true)
|
||||
.build();
|
||||
|
||||
public static final Option<String> CACHE_REMOTE_HOST = new OptionBuilder<>(CACHE_REMOTE_HOST_PROPERTY, String.class)
|
||||
.category(OptionCategory.CACHE)
|
||||
.description(String.format("The hostname of the remote server for the remote store configuration. "
|
||||
+ "It replaces the 'host' attribute of 'remote-server' tag of the configuration specified via XML file (see '%s' option.). "
|
||||
+ "If the option is specified, '%s' and '%s' are required as well and the related configuration in XML file should not be present.",
|
||||
CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_USERNAME_PROPERTY, CACHE_REMOTE_PASSWORD_PROPERTY))
|
||||
.build();
|
||||
|
||||
public static final Option<Integer> CACHE_REMOTE_PORT = new OptionBuilder<>(CACHE_REMOTE_PORT_PROPERTY, Integer.class)
|
||||
.category(OptionCategory.CACHE)
|
||||
.description(String.format("The port of the remote server for the remote store configuration. "
|
||||
+ "It replaces the 'port' attribute of 'remote-server' tag of the configuration specified via XML file (see '%s' option.).",
|
||||
CACHE_CONFIG_FILE_PROPERTY))
|
||||
.defaultValue(11222)
|
||||
.build();
|
||||
|
||||
public static final Option<String> CACHE_REMOTE_USERNAME = new OptionBuilder<>(CACHE_REMOTE_USERNAME_PROPERTY, String.class)
|
||||
.category(OptionCategory.CACHE)
|
||||
.description(String.format("The username for the authentication to the remote server for the remote store. "
|
||||
+ "It replaces the 'username' attribute of 'digest' tag of the configuration specified via XML file (see '%s' option.). "
|
||||
+ "If the option is specified, '%s' and '%s' are required as well and the related configuration in XML file should not be present.",
|
||||
CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_HOST_PROPERTY, CACHE_REMOTE_PASSWORD_PROPERTY))
|
||||
.build();
|
||||
|
||||
public static final Option<String> CACHE_REMOTE_PASSWORD = new OptionBuilder<>(CACHE_REMOTE_PASSWORD_PROPERTY, String.class)
|
||||
.category(OptionCategory.CACHE)
|
||||
.description(String.format("The password for the authentication to the remote server for the remote store. "
|
||||
+ "It replaces the 'password' attribute of 'digest' tag of the configuration specified via XML file (see '%s' option.). "
|
||||
+ "If the option is specified, '%s' and '%s' are required as well and the related configuration in XML file should not be present.",
|
||||
CACHE_CONFIG_FILE_PROPERTY, CACHE_REMOTE_HOST_PROPERTY, CACHE_REMOTE_USERNAME_PROPERTY))
|
||||
.build();
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,6 +48,19 @@ final class CachingPropertyMappers {
|
|||
.paramLabel("password")
|
||||
.isMasked(true)
|
||||
.build(),
|
||||
fromOption(CachingOptions.CACHE_REMOTE_HOST)
|
||||
.paramLabel("hostname")
|
||||
.build(),
|
||||
fromOption(CachingOptions.CACHE_REMOTE_PORT)
|
||||
.paramLabel("port")
|
||||
.build(),
|
||||
fromOption(CachingOptions.CACHE_REMOTE_USERNAME)
|
||||
.paramLabel("username")
|
||||
.build(),
|
||||
fromOption(CachingOptions.CACHE_REMOTE_PASSWORD)
|
||||
.paramLabel("password")
|
||||
.isMasked(true)
|
||||
.build(),
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,18 +17,24 @@
|
|||
|
||||
package org.keycloak.quarkus.runtime.storage.legacy.infinispan;
|
||||
|
||||
import java.security.KeyManagementException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.concurrent.ExecutorService;
|
||||
import java.util.concurrent.Executors;
|
||||
import java.util.concurrent.Future;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import io.micrometer.core.instrument.Metrics;
|
||||
import org.infinispan.client.hotrod.impl.ConfigurationProperties;
|
||||
import org.infinispan.configuration.cache.PersistenceConfigurationBuilder;
|
||||
import org.infinispan.configuration.global.GlobalConfiguration;
|
||||
import org.infinispan.configuration.parsing.ConfigurationBuilderHolder;
|
||||
import org.infinispan.configuration.parsing.ParserRegistry;
|
||||
import org.infinispan.jboss.marshalling.core.JBossUserMarshaller;
|
||||
import org.infinispan.manager.DefaultCacheManager;
|
||||
import org.infinispan.metrics.config.MicrometerMeterRegisterConfigurationBuilder;
|
||||
import org.infinispan.persistence.remote.configuration.ExhaustedAction;
|
||||
import org.infinispan.persistence.remote.configuration.RemoteStoreConfigurationBuilder;
|
||||
import org.infinispan.remoting.transport.jgroups.JGroupsTransport;
|
||||
import org.jboss.logging.Logger;
|
||||
import org.jgroups.protocols.TCP_NIO2;
|
||||
|
|
@ -37,11 +43,20 @@ import org.jgroups.util.TLS;
|
|||
import org.jgroups.util.TLSClientAuth;
|
||||
import org.keycloak.quarkus.runtime.configuration.Configuration;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
|
||||
import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED_PROPERTY;
|
||||
import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE_FILE_PROPERTY;
|
||||
import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE_PASSWORD_PROPERTY;
|
||||
import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE_FILE_PROPERTY;
|
||||
import static org.keycloak.config.CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD_PROPERTY;
|
||||
import static org.keycloak.config.CachingOptions.CACHE_REMOTE_HOST_PROPERTY;
|
||||
import static org.keycloak.config.CachingOptions.CACHE_REMOTE_PASSWORD_PROPERTY;
|
||||
import static org.keycloak.config.CachingOptions.CACHE_REMOTE_PORT_PROPERTY;
|
||||
import static org.keycloak.config.CachingOptions.CACHE_REMOTE_USERNAME_PROPERTY;
|
||||
import static org.keycloak.connections.infinispan.InfinispanConnectionProvider.DISTRIBUTED_REPLICATED_CACHE_NAMES;
|
||||
import static org.keycloak.connections.infinispan.InfinispanConnectionProvider.USER_SESSION_CACHE_NAME;
|
||||
import static org.wildfly.security.sasl.util.SaslMechanismInformation.Names.SCRAM_SHA_512;
|
||||
|
||||
public class CacheManagerFactory {
|
||||
|
||||
|
|
@ -87,8 +102,9 @@ public class CacheManagerFactory {
|
|||
private DefaultCacheManager startCacheManager() {
|
||||
ConfigurationBuilderHolder builder = new ParserRegistry().parse(config);
|
||||
|
||||
if (builder.getNamedConfigurationBuilders().get("sessions").clustering().cacheMode().isClustered()) {
|
||||
if (builder.getNamedConfigurationBuilders().get(USER_SESSION_CACHE_NAME).clustering().cacheMode().isClustered()) {
|
||||
configureTransportStack(builder);
|
||||
configureRemoteStores(builder);
|
||||
}
|
||||
|
||||
if (metricsEnabled) {
|
||||
|
|
@ -177,6 +193,62 @@ public class CacheManagerFactory {
|
|||
|
||||
}
|
||||
|
||||
private void configureRemoteStores(ConfigurationBuilderHolder builder) {
|
||||
//if one of remote store command line parameters is defined, some other are required, otherwise assume it'd configured via xml only
|
||||
if (Configuration.getOptionalKcValue(CACHE_REMOTE_HOST_PROPERTY).isPresent() ||
|
||||
Configuration.getOptionalKcValue(CACHE_REMOTE_USERNAME_PROPERTY).isPresent() ||
|
||||
Configuration.getOptionalKcValue(CACHE_REMOTE_PASSWORD_PROPERTY).isPresent()) {
|
||||
|
||||
String cacheRemoteHost = requiredStringProperty(CACHE_REMOTE_HOST_PROPERTY);
|
||||
Integer cacheRemotePort = Configuration.getOptionalKcValue(CACHE_REMOTE_PORT_PROPERTY)
|
||||
.map(Integer::parseInt)
|
||||
.orElse(ConfigurationProperties.DEFAULT_HOTROD_PORT);
|
||||
String cacheRemoteUsername = requiredStringProperty(CACHE_REMOTE_USERNAME_PROPERTY);
|
||||
String cacheRemotePassword = requiredStringProperty(CACHE_REMOTE_PASSWORD_PROPERTY);
|
||||
|
||||
SSLContext sslContext;
|
||||
try {
|
||||
// uses the default Java Runtime TrustStore, or the one generated by Keycloak (see org.keycloak.truststore.TruststoreBuilder)
|
||||
sslContext = SSLContext.getInstance("TLS");
|
||||
sslContext.init(null, null, null);
|
||||
} catch (NoSuchAlgorithmException | KeyManagementException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
DISTRIBUTED_REPLICATED_CACHE_NAMES.forEach(cacheName -> {
|
||||
PersistenceConfigurationBuilder persistenceCB = builder.getNamedConfigurationBuilders().get(cacheName).persistence();
|
||||
|
||||
//if specified via command line -> cannot be defined in the xml file
|
||||
if (!persistenceCB.stores().isEmpty()) {
|
||||
throw new RuntimeException(String.format("Remote store for cache '%s' is already configured via CLI parameters. It should not be present in the XML file.", cacheName));
|
||||
}
|
||||
|
||||
persistenceCB.addStore(RemoteStoreConfigurationBuilder.class)
|
||||
.rawValues(true)
|
||||
.shared(true)
|
||||
.segmented(false)
|
||||
.remoteCacheName(cacheName)
|
||||
.connectionPool()
|
||||
.maxActive(16)
|
||||
.exhaustedAction(ExhaustedAction.CREATE_NEW)
|
||||
.remoteSecurity()
|
||||
.ssl()
|
||||
.enable()
|
||||
.sslContext(sslContext)
|
||||
.sniHostName(cacheRemoteHost)
|
||||
.authentication()
|
||||
.enable()
|
||||
.username(cacheRemoteUsername)
|
||||
.password(cacheRemotePassword)
|
||||
.realm("default")
|
||||
.saslMechanism(SCRAM_SHA_512)
|
||||
.addServer()
|
||||
.host(cacheRemoteHost)
|
||||
.port(cacheRemotePort);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
private static boolean booleanProperty(String propertyName) {
|
||||
return Configuration.getOptionalKcValue(propertyName).map(Boolean::parseBoolean).orElse(Boolean.FALSE);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,6 +39,28 @@ Cache:
|
|||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
@ -298,4 +320,4 @@ Security:
|
|||
Do NOT start the server using this command when deploying to production.
|
||||
|
||||
Use 'kc.sh start-dev --help-all' to list all available options, including build
|
||||
options.
|
||||
options.
|
||||
|
|
|
|||
|
|
@ -39,6 +39,28 @@ Cache:
|
|||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
|
|
@ -39,6 +39,28 @@ Cache:
|
|||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
@ -298,4 +320,4 @@ Security:
|
|||
Do NOT start the server using this command when deploying to production.
|
||||
|
||||
Use 'kc.sh start-dev --help-all' to list all available options, including build
|
||||
options.
|
||||
options.
|
||||
|
|
|
|||
|
|
@ -39,6 +39,28 @@ Cache:
|
|||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
|
|
@ -40,6 +40,28 @@ Cache:
|
|||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
@ -303,4 +325,4 @@ By default, this command tries to update the server configuration by running a
|
|||
$ kc.sh start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
configuration you have set when manually running the 'build' command.
|
||||
|
|
|
|||
|
|
@ -40,6 +40,28 @@ Cache:
|
|||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
|
|
@ -40,6 +40,28 @@ Cache:
|
|||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
@ -303,4 +325,4 @@ By default, this command tries to update the server configuration by running a
|
|||
$ kc.sh start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
configuration you have set when manually running the 'build' command.
|
||||
|
|
|
|||
|
|
@ -40,6 +40,28 @@ Cache:
|
|||
'cache-mtls-truststore.p12' under conf/ directory.
|
||||
--cache-embedded-mtls-trust-store-password <password>
|
||||
The password to access the Truststore.
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
|
|
|
|||
|
|
@ -16,6 +16,31 @@ Options:
|
|||
built a server image using the 'build' command.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
|
||||
Database:
|
||||
|
||||
--db-password <password>
|
||||
|
|
@ -213,4 +238,4 @@ By default, this command tries to update the server configuration by running a
|
|||
$ kc.sh start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
configuration you have set when manually running the 'build' command.
|
||||
|
|
|
|||
|
|
@ -16,6 +16,31 @@ Options:
|
|||
built a server image using the 'build' command.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
|
||||
Database:
|
||||
|
||||
--db-password <password>
|
||||
|
|
|
|||
|
|
@ -16,6 +16,31 @@ Options:
|
|||
built a server image using the 'build' command.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
|
||||
Database:
|
||||
|
||||
--db-password <password>
|
||||
|
|
@ -213,4 +238,4 @@ By default, this command tries to update the server configuration by running a
|
|||
$ kc.sh start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
configuration you have set when manually running the 'build' command.
|
||||
|
|
|
|||
|
|
@ -16,6 +16,31 @@ Options:
|
|||
built a server image using the 'build' command.
|
||||
-v, --verbose Print out error details when running this command.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache-remote-host <hostname>
|
||||
The hostname of the remote server for the remote store configuration. It
|
||||
replaces the 'host' attribute of 'remote-server' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-username' and 'cache-remote-password' are required
|
||||
as well and the related configuration in XML file should not be present.
|
||||
--cache-remote-password <password>
|
||||
The password for the authentication to the remote server for the remote store.
|
||||
It replaces the 'password' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-username' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
--cache-remote-port <port>
|
||||
The port of the remote server for the remote store configuration. It replaces
|
||||
the 'port' attribute of 'remote-server' tag of the configuration specified
|
||||
via XML file (see 'cache-config-file' option.). Default: 11222.
|
||||
--cache-remote-username <username>
|
||||
The username for the authentication to the remote server for the remote store.
|
||||
It replaces the 'username' attribute of 'digest' tag of the configuration
|
||||
specified via XML file (see 'cache-config-file' option.). If the option is
|
||||
specified, 'cache-remote-host' and 'cache-remote-password' are required as
|
||||
well and the related configuration in XML file should not be present.
|
||||
|
||||
Database:
|
||||
|
||||
--db-password <password>
|
||||
|
|
|
|||
|
|
@ -185,6 +185,8 @@ public abstract class AbstractQuarkusDeployableContainer implements DeployableCo
|
|||
if ("local".equals(cacheMode)) {
|
||||
// Save ~2s for each Quarkus startup, when we know ISPN cluster is empty. See https://github.com/keycloak/keycloak/issues/21033
|
||||
commands.add("-Djgroups.join_timeout=10");
|
||||
} else {
|
||||
commands.add("--cache=ispn");
|
||||
}
|
||||
|
||||
log.debugf("FIPS Mode: %s", configuration.getFipsMode());
|
||||
|
|
|
|||
Loading…
Reference in a new issue