Good day. I am using Keycloak 19.0.3 with Infinispan 12.1.10.Final. When I start these services with docker-compose, I get errors in the console:
2022-10-21T13:44:50.917975170Z 2022-10-21 16:44:50,917 WARN [org.jgroups.protocols.MPING] (MPING-5,2968f3144a2d-49378) 97795e92-dbd1-dc14-5868-5a39: discarding discovery request for cluster 'infinispan' from 97795e92-dbd1-dc14-5898-93126650a399; our cluster name is 'ISPN'. Please separate your clusters properly
And a similar error from the infinispan logs. So Keycloak and Infinispan are in different jgroups channels. This behavior persists when using udp and kubernetes pings, and when using the default cache settings. Whatever I do, Keycloak gives the string
[org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
And it cannot connect correctly to an external infinispan
dockerFile
FROM quay.io/keycloak/keycloak:19.0.3
USER root
RUN rm -f /opt/keycloak/conf/keycloak.conf
RUN rm -f /opt/keycloak/conf/cache-ispn.xml
COPY --chown=1000:jboss configuration/keycloak.conf /opt/keycloak/conf/keycloak.conf
COPY --chown=1000:jboss configuration/cache-ispn.xml /opt/keycloak/conf/cache.xml
COPY --chown=1000:jboss dependencies/modules/ /opt/keycloak/providers/
RUN /opt/keycloak/bin/kc.sh build --cache-config-file=cache.xml
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]
cache-ispn.xml
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:11.0 http://www.infinispan.org/schemas/infinispan-config-11.0.xsd"
xmlns="urn:infinispan:config:11.0">
<cache-container name="keycloak">
<transport cluster="infinispan" lock-timeout="60000"/>
<local-cache name="realms">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<local-cache name="users">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<replicated-cache name="sessions" owners="2">
<expiration lifespan="-1"/>
</replicated-cache>
<replicated-cache name="authenticationSessions" owners="2">
<expiration lifespan="-1"/>
</replicated-cache>
<replicated-cache name="offlineSessions" owners="2">
<expiration lifespan="-1"/>
</replicated-cache>
<replicated-cache name="clientSessions" owners="2">
<expiration lifespan="-1"/>
</replicated-cache>
<replicated-cache name="offlineClientSessions" owners="2">
<expiration lifespan="-1"/>
</replicated-cache>
<replicated-cache name="loginFailures" owners="2">
<expiration lifespan="-1"/>
</replicated-cache>
<local-cache name="authorization">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<replicated-cache name="work">
<expiration lifespan="-1"/>
</replicated-cache>
<local-cache name="keys">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="3600000"/>
<memory max-count="1000"/>
</local-cache>
<replicated-cache name="actionTokens" owners="2">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="-1" lifespan="-1" interval="300000"/>
<memory max-count="-1"/>
</replicated-cache>
</cache-container>
</infinispan>
keycloak.conf
cache=ispn
cache-stack=tcp ##also try with kubernetes and dns.ping.query in jvm opt
hostname-strict=false
http-enabled=true
db-pool-min-size=10
db-pool-max-size=100
http-relative-path=/auth
features=token-exchange, admin-fine-grained-authz
I found a similar problem - Configure Infinispan for Keycloak 17, but its solution didn’t work for me. When I worked with Keycloak on Wildfly, all the necessary jgroups parameters were available for change, but I don’t quite understand how to do it now. Is there any way to change the cluster name for Keycloak through the configuration?
