any suggestions
FYI -
keycloak domain cluster is done using JDBC_PING
You will need this startup script for your keycloak instances. It will setup a remote cache in your keycloak:
Then you will have to setup one or more infinispan servers. We set infinispan up on AWS EC2 using docker and basically edited the dedicated infinispan “clustered.xml” file for our needs. I can paste our configuration and terraform code here for you if you think that would be helpful. We are currently using keycloak 11.0.1, infinispan 9.4.11 and the database is postgres. I dont know if the infinispan configurations look the same in the newer versions.
1 Like
hey @SoerenSilkjaer
can you please paste your terraform code of spinning a infinispan and configuration of clustered.xml.
it will be helpful for me to configure it for domain cluster keycloak.
Thank you for helping.
Terraform
resource "aws_instance" "infinispan" {
ami = "ami-3bfab942" # Amazon Linux
instance_type = var.infinispan_instance_type
availability_zone = "eu-west-1a"
vpc_security_group_ids = var.ec2_securitygroup_id
subnet_id = var.private_subnet_ids[0]
iam_instance_profile = aws_iam_instance_profile.infinispan_instance_profile.name
key_name = var.ec2_keyname
tags = merge(var.required_tags,
{
Name = "${var.environment_name}-${var.infinispan_project_name}",
DB_ADDR = module.rds.hostname,
DB_DATABASE = var.ENV_DB_DATABASE
DB_USER = var.ENV_DB_USER,
DB_PASSWORD = data.aws_ssm_parameter.rds_db_password.value,
ENV_NAME = lower(var.environment_name)
}
)
user_data = data.template_file.user_data.rendered
}
data "template_file" "user_data" {
template = file("Scripts/InfinispanEC2UserData")
vars = {
DB_ADDR = module.rds.hostname,
DB_DATABASE = var.ENV_DB_DATABASE
DB_USER = var.ENV_DB_USER,
DB_PASSWORD = data.aws_ssm_parameter.rds_db_password.value,
ENV_NAME = lower(var.environment_name)
}
}
resource "aws_eip" "ip" {
instance = aws_instance.infinispan.id
vpc = true
}
resource "aws_iam_instance_profile" "infinispan_instance_profile" {
name = "${var.environment_name}-infinispan-instance-profile"
role = aws_iam_role.infinispan_iam_role.name
}
resource "aws_iam_role" "infinispan_iam_role" {
name = "${var.environment_name}-infinispan"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_role_policy" "read_only_ecr" {
name = "${var.environment_name}-infinispan-read-only-ecr"
role = aws_iam_role.infinispan_iam_role.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}
]
}
EOF
}Userdata file
Content-Type: multipart/mixed; boundary="==BOUNDARY=="
MIME-Version: 1.0
--==BOUNDARY==
MIME-Version: 1.0
Content-Type: text/cloud-boothook; charset="us-ascii"
#!/bin/bash -xe
# Redirect all logging in userdata to /var/log/user-data.log
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
sudo yum update -y
sudo yum install -y docker
sudo service docker start
aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin ${INSERT_ECR_REPO_HERE}
echo "docker pull ${INSERT_INFINISPAN_IMAGE_TAG_HERE}" >> /etc/rc.local
echo "docker run --net=host -e DB_ADDR=${DB_ADDR} -e DB_DATABASE=${DB_DATABASE} -e DB_USER=${DB_USER} -e DB_PASSWORD=${DB_PASSWORD} ${INSERT_INFINISPAN_IMAGE_TAG_HERE}" >> /etc/rc.local
echo "UserData finished"
--==BOUNDARY==--