keycloak-uncached
Changes
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml 20(+16 -4)
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/template.xml 73(+62 -11)
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host.xml 20(+10 -10)
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-master.xml 29(+27 -2)
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-slave.xml 9(+4 -5)
distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml 2(+1 -1)
Details
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml
old mode 100644
new mode 100755
index a8a839a..d2a8706
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/subsystems.xml
@@ -18,11 +18,22 @@
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
- <subsystems name="default">
+ <subsystems name="load-balancer">
+ <!-- Each subsystem to be included relative to the src/main/resources directory -->
+ <subsystem>logging.xml</subsystem>
+ <subsystem>io.xml</subsystem>
+ <subsystem supplement="domain">jmx.xml</subsystem>
+ <subsystem>naming.xml</subsystem>
+ <subsystem>remoting.xml</subsystem>
+ <subsystem>request-controller.xml</subsystem>
+ <subsystem>security.xml</subsystem>
+ <subsystem>security-manager.xml</subsystem>
+ </subsystems>
+ <subsystems name="auth-server-standalone">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
- <subsystem>keycloak-datasources.xml</subsystem>
+ <subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
@@ -43,11 +54,12 @@
<subsystem>undertow.xml</subsystem>
<subsystem>keycloak-server.xml</subsystem>
</subsystems>
- <subsystems name="ha">
+
+ <subsystems name="auth-server-clustered">
<!-- Each subsystem to be included relative to the src/main/resources directory -->
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
- <subsystem>keycloak-datasources.xml</subsystem>
+ <subsystem supplement="domain">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/template.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/template.xml
old mode 100644
new mode 100755
index 86326ba..1d26d1a
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/template.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/domain/template.xml
@@ -41,12 +41,51 @@
</management>
<profiles>
- <profile name="default">
- <?SUBSYSTEMS socket-binding-group="standard-sockets"?>
- </profile>
- <profile name="ha">
- <?SUBSYSTEMS socket-binding-group="ha-sockets"?>
- </profile>
+ <!-- Non clustered authentication server profile -->
+ <profile name="auth-server-standalone">
+ <?SUBSYSTEMS socket-binding-group="standard-sockets"?>
+ </profile>
+ <!--
+ Clustering authentication server setup.
+
+ You must configure a remote shared external database like PostgreSQL or MySql if you want this to be
+ able to work on multiple machines.
+ -->
+ <profile name="auth-server-clustered">
+ <?SUBSYSTEMS socket-binding-group="ha-sockets"?>
+ </profile>
+ <!--
+ This is a profile for the built-in Underto Loadbalancer
+ It should be removed in production systems and replaced with a better software or hardware based one
+ -->
+ <profile name="load-balancer">
+ <?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
+ <subsystem xmlns="urn:jboss:domain:undertow:3.0">
+ <buffer-cache name="default"/>
+ <server name="default-server">
+ <http-listener name="default" socket-binding="http" redirect-socket="https"/>
+ <host name="default-host" alias="localhost">
+ <location name="/" handler="lb-handler"/>
+ <filter-ref name="server-header"/>
+ <filter-ref name="x-powered-by-header"/>
+ </host>
+ </server>
+ <servlet-container name="default">
+ <jsp-config/>
+ <websockets/>
+ </servlet-container>
+ <handlers>
+ <reverse-proxy name="lb-handler">
+ <host name="host1" outbound-socket-binding="remote-host1" scheme="ajp" path="/" instance-id="myroute1"/>
+ <host name="host2" outbound-socket-binding="remote-host2" scheme="ajp" path="/" instance-id="myroute2"/>
+ </reverse-proxy>
+ </handlers>
+ <filters>
+ <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
+ <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
+ </filters>
+ </subsystem>
+ </profile>
</profiles>
<!--
@@ -64,23 +103,35 @@
<socket-binding-groups>
<socket-binding-group name="standard-sockets" default-interface="public">
- <!-- Needed for server groups using the 'default' profile -->
<?SOCKET-BINDINGS?>
</socket-binding-group>
<socket-binding-group name="ha-sockets" default-interface="public">
- <!-- Needed for server groups using the 'ha' profile -->
+ <?SOCKET-BINDINGS?>
+ </socket-binding-group>
+ <!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
+ <socket-binding-group name="load-balancer-sockets" default-interface="public">
+ <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
+ <socket-binding name="http" port="${jboss.http.port:8080}"/>
+ <socket-binding name="https" port="${jboss.https.port:8443}"/>
+ <outbound-socket-binding name="remote-host1">
+ <remote-destination host="localhost" port="8159"/>
+ </outbound-socket-binding>
+ <outbound-socket-binding name="remote-host2">
+ <remote-destination host="localhost" port="8259"/>
+ </outbound-socket-binding>
<?SOCKET-BINDINGS?>
</socket-binding-group>
</socket-binding-groups>
<server-groups>
- <server-group name="main-server-group" profile="default">
+ <!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
+ <server-group name="load-balancer-group" profile="load-balancer">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
- <socket-binding-group ref="standard-sockets"/>
+ <socket-binding-group ref="load-balancer-sockets"/>
</server-group>
- <server-group name="other-server-group" profile="ha">
+ <server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host.xml
old mode 100644
new mode 100755
index ade5e47..a5c9afb
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host.xml
@@ -17,6 +17,12 @@
~ limitations under the License.
-->
+<!--
+ Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
+ is also started by this host controller file. The other instance must be started
+ via host-slave.xml
+-->
+
<host name="master" xmlns="urn:jboss:domain:4.0">
<extensions>
<?EXTENSIONS?>
@@ -74,8 +80,6 @@
<domain-controller>
<local/>
- <!-- Alternative remote domain controller configuration with a host and port -->
- <!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller>
<interfaces>
@@ -100,7 +104,10 @@
</jvms>
<servers>
- <server name="server-one" group="main-server-group">
+ <!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
+ <server name="load-balancer" group="load-balancer-group">
+ </server>
+ <server name="server-one" group="auth-server-group" auto-start="true">
<!-- Remote JPDA debugging for a specific server
<jvm name="default">
<jvm-options>
@@ -108,17 +115,10 @@
</jvm-options>
</jvm>
-->
- </server>
- <server name="server-two" group="main-server-group" auto-start="true">
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="150"/>
</server>
- <server name="server-three" group="other-server-group" auto-start="false">
- <!-- server-three avoids port conflicts by incrementing the ports in
- the default socket-group declared in the server-group -->
- <socket-bindings port-offset="250"/>
- </server>
</servers>
<profile>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-master.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-master.xml
old mode 100644
new mode 100755
index e73bbef..f5d89ee
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-master.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-master.xml
@@ -18,8 +18,9 @@
-->
<!--
- A simple configuration for a Host Controller that only acts as the master domain controller
- and does not itself directly control any servers.
+ Runs an HTTP Loadbalancer that balances to two separate auth server instances. The first auth server instance
+ is also started by this host controller file. The other instance must be started
+ via host-slave.xml
-->
<host name="master" xmlns="urn:jboss:domain:4.0">
<extensions>
@@ -84,6 +85,12 @@
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
+ <interface name="public">
+ <inet-address value="${jboss.bind.address:127.0.0.1}"/>
+ </interface>
+
+ <?INTERFACES?>
+
</interfaces>
<jvms>
@@ -95,6 +102,24 @@
</jvm>
</jvms>
+ <servers>
+ <!-- load-balancer should be removed in production systems and replaced with a better softare or hardare based one -->
+ <server name="load-balancer" group="load-balancer-group">
+ </server>
+ <server name="server-one" group="auth-server-group" auto-start="true">
+ <!-- Remote JPDA debugging for a specific server
+ <jvm name="default">
+ <jvm-options>
+ <option value="-agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=n"/>
+ </jvm-options>
+ </jvm>
+ -->
+ <!-- server-two avoids port conflicts by incrementing the ports in
+ the default socket-group declared in the server-group -->
+ <socket-bindings port-offset="150"/>
+ </server>
+ </servers>
+
<profile>
<?SUBSYSTEMS socket-binding-group="standard-sockets"?>
</profile>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-slave.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-slave.xml
old mode 100644
new mode 100755
index 91e673a..f8695d7
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-slave.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/host/host-slave.xml
@@ -69,7 +69,7 @@
</audit-log>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
- <socket interface="management" port="${jboss.management.native.port:9999}"/>
+ <socket interface="management" port="${jboss.management.native.port:3456}"/>
</native-interface>
</management-interfaces>
</management>
@@ -77,7 +77,7 @@
<domain-controller>
<remote security-realm="ManagementRealm">
<discovery-options>
- <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}"/>
+ <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
</discovery-options>
</remote>
</domain-controller>
@@ -104,11 +104,10 @@
</jvms>
<servers>
- <server name="server-one" group="main-server-group"/>
- <server name="server-two" group="other-server-group">
+ <server name="server-two" group="auth-server-group" auto-start="true">
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
- <socket-bindings port-offset="150"/>
+ <socket-bindings port-offset="250"/>
</server>
</servers>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml
old mode 100644
new mode 100755
index abc98d0..d52c9a4
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems.xml
@@ -21,7 +21,7 @@
<subsystems>
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
- <subsystem>keycloak-datasources.xml</subsystem>
+ <subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem>ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems-ha.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems-ha.xml
old mode 100644
new mode 100755
index f0eacf7..b96cb8a
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems-ha.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/configuration/standalone/subsystems-ha.xml
@@ -21,7 +21,7 @@
<subsystems>
<subsystem>logging.xml</subsystem>
<subsystem>bean-validation.xml</subsystem>
- <subsystem>keycloak-datasources.xml</subsystem>
+ <subsystem supplement="default">keycloak-datasources.xml</subsystem>
<subsystem>ee.xml</subsystem>
<subsystem supplement="ha">ejb3.xml</subsystem>
<subsystem>io.xml</subsystem>
diff --git a/distribution/server-dist/assembly.xml b/distribution/server-dist/assembly.xml
index f350dd7..c8dd06c 100755
--- a/distribution/server-dist/assembly.xml
+++ b/distribution/server-dist/assembly.xml
@@ -39,6 +39,7 @@
<outputDirectory/>
<filtered>false</filtered>
<excludes>
+ <exclude>**/*.sh</exclude>
<exclude>**/module.xml</exclude>
<exclude>welcome-content/**</exclude>
<exclude>appclient</exclude>
@@ -50,6 +51,14 @@
</excludes>
</fileSet>
<fileSet>
+ <directory>target/${project.build.finalName}</directory>
+ <outputDirectory/>
+ <includes>
+ <include>**/*.sh</include>
+ </includes>
+ <fileMode>0755</fileMode>
+ </fileSet>
+ <fileSet>
<directory>src/main/welcome-content</directory>
<outputDirectory>welcome-content</outputDirectory>
<includes>
diff --git a/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml b/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml
old mode 100644
new mode 100755
index c2f6dd3..c823e4f
--- a/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml
+++ b/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-datasources.xml
@@ -30,7 +30,7 @@
</security>
</datasource>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
- <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
+ <?KEYCLOAK_DS_CONNECTION_URL?>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
@@ -44,4 +44,14 @@
</drivers>
</datasources>
</subsystem>
+ <supplement name="default">
+ <replacement placeholder="KEYCLOAK_DS_CONNECTION_URL">
+ <connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
+ </replacement>
+ </supplement>
+ <supplement name="domain">
+ <replacement placeholder="KEYCLOAK_DS_CONNECTION_URL">
+ <connection-url>jdbc:h2:${jboss.server.data.dir}/../../shared-database/keycloak;AUTO_SERVER=TRUE</connection-url>
+ </replacement>
+ </supplement>
</config>