I’m running keycloak in AWS Fargate service. I have common Docker image and I’m using DNS_PING for sharing the list of current instance ip address. All instances are complaining about version mismatch:
[0me[33m13:15:43,480 WARN [org.jgroups.protocols.TCP] (Connection.Receiver [10.207.156.133:56741 - 10.207.156.179:8443]-87,ejb,ip-10-207-156-133) JGRP000010: packet from 10.207.156.179:8443 has different version (0.8.2) than ours (4.1.4); packet is discarded (received 3 identical messages from 10.207.156.179:8443 in the last 86016 ms)
The version 0.8.2 <-> 4.1.4 is strange. All instances are using Jboss Keycloak 9.0.2 image.
What can cause the issue? The user SSL is handled by AWS ALB but ALB>Keycloak is done via 8443.
Can the problem be that each container creates their own certificate and others do not trust to it?
I figured out the issue.
The actual problem was that I published instances to AWS CloudMap DNS directory as SRV records. The AWS Fargate puts the default port (HTTPS, 8443) to CloudMap and that was causing the strange version mismatch. I learned that JGroups DNS_PING uses TCP protocol after resolving instances and default port is 7600 for clustering setup.
I changed to DNS type to A and it published only ip address. Now it was using default TCP port 7600 for clustering and everything seems to be fine.
Hi @heikkis, please can you share your DNS_PING configuration…
I’m also running Keycloak (v 19.0.0) in AWS Fargate. I could make the clustering work using JDBC_PING but having difficulties with DNS_PING. No obvious errors in the logs but I just have this endpoint returning 401
https://******/auth/admin/master/console/whoami