keycloak-aplcache
Changes
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/subsystems.xml 126(+60 -66)
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/template.xml 56(+10 -46)
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host.xml 18(+14 -4)
distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-master.xml 16(+12 -4)
Details
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/subsystems.xml b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/subsystems.xml
index d2a8706..ab9bfa9 100755
--- a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/subsystems.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/subsystems.xml
@@ -15,71 +15,65 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-
-<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
- <subsystems name="load-balancer">
- <!-- Each subsystem to be included relative to the src/main/resources directory -->
- <subsystem>logging.xml</subsystem>
- <subsystem>io.xml</subsystem>
- <subsystem supplement="domain">jmx.xml</subsystem>
- <subsystem>naming.xml</subsystem>
- <subsystem>remoting.xml</subsystem>
- <subsystem>request-controller.xml</subsystem>
- <subsystem>security.xml</subsystem>
- <subsystem>security-manager.xml</subsystem>
- </subsystems>
- <subsystems name="auth-server-standalone">
- <!-- Each subsystem to be included relative to the src/main/resources directory -->
- <subsystem>logging.xml</subsystem>
- <subsystem>bean-validation.xml</subsystem>
- <subsystem supplement="default">keycloak-datasources.xml</subsystem>
- <subsystem>ee.xml</subsystem>
- <subsystem>ejb3.xml</subsystem>
- <subsystem>io.xml</subsystem>
- <subsystem>keycloak-infinispan.xml</subsystem>
- <subsystem>jaxrs.xml</subsystem>
- <subsystem>jca.xml</subsystem>
- <subsystem>jdr.xml</subsystem>
- <subsystem supplement="domain">jmx.xml</subsystem>
- <subsystem>jpa.xml</subsystem>
- <subsystem>jsf.xml</subsystem>
- <subsystem>mail.xml</subsystem>
- <subsystem>naming.xml</subsystem>
- <subsystem>remoting.xml</subsystem>
- <subsystem>request-controller.xml</subsystem>
- <subsystem>security.xml</subsystem>
- <subsystem>security-manager.xml</subsystem>
- <subsystem>transactions.xml</subsystem>
- <subsystem>undertow.xml</subsystem>
- <subsystem>keycloak-server.xml</subsystem>
- </subsystems>
-
- <subsystems name="auth-server-clustered">
- <!-- Each subsystem to be included relative to the src/main/resources directory -->
- <subsystem>logging.xml</subsystem>
- <subsystem>bean-validation.xml</subsystem>
- <subsystem supplement="domain">keycloak-datasources.xml</subsystem>
- <subsystem>ee.xml</subsystem>
- <subsystem supplement="ha">ejb3.xml</subsystem>
- <subsystem>io.xml</subsystem>
- <subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
- <subsystem>jaxrs.xml</subsystem>
- <subsystem>jca.xml</subsystem>
- <subsystem>jdr.xml</subsystem>
- <subsystem>jgroups.xml</subsystem>
- <subsystem supplement="domain">jmx.xml</subsystem>
- <subsystem>jpa.xml</subsystem>
- <subsystem>jsf.xml</subsystem>
- <subsystem>mail.xml</subsystem>
- <subsystem>mod_cluster.xml</subsystem>
- <subsystem>naming.xml</subsystem>
- <subsystem>remoting.xml</subsystem>
- <subsystem>request-controller.xml</subsystem>
- <subsystem>security.xml</subsystem>
- <subsystem>security-manager.xml</subsystem>
- <subsystem>transactions.xml</subsystem>
- <subsystem supplement="ha">undertow.xml</subsystem>
- <subsystem>keycloak-server.xml</subsystem>
- </subsystems>
+ <subsystems name="auth-server-standalone">
+ <subsystem>logging.xml</subsystem>
+ <subsystem>bean-validation.xml</subsystem>
+ <subsystem>core-management.xml</subsystem>
+ <subsystem supplement="default">keycloak-datasources.xml</subsystem>
+ <subsystem>ee.xml</subsystem>
+ <subsystem>ejb3.xml</subsystem>
+ <subsystem>io.xml</subsystem>
+ <subsystem>keycloak-infinispan.xml</subsystem>
+ <subsystem>jaxrs.xml</subsystem>
+ <subsystem>jca.xml</subsystem>
+ <subsystem>jdr.xml</subsystem>
+ <subsystem supplement="domain">jmx.xml</subsystem>
+ <subsystem>jpa.xml</subsystem>
+ <subsystem>jsf.xml</subsystem>
+ <subsystem>mail.xml</subsystem>
+ <subsystem>naming.xml</subsystem>
+ <subsystem>remoting.xml</subsystem>
+ <subsystem>request-controller.xml</subsystem>
+ <subsystem supplement="domain-wildfly">elytron.xml</subsystem>
+ <subsystem>security.xml</subsystem>
+ <subsystem>security-manager.xml</subsystem>
+ <subsystem>transactions.xml</subsystem>
+ <subsystem>undertow.xml</subsystem>
+ <subsystem>keycloak-server.xml</subsystem>
+ </subsystems>
+ <subsystems name="auth-server-clustered">
+ <!-- Each subsystem to be included relative to the src/main/resources directory -->
+ <subsystem>logging.xml</subsystem>
+ <subsystem>bean-validation.xml</subsystem>
+ <subsystem>core-management.xml</subsystem>
+ <subsystem supplement="domain">keycloak-datasources.xml</subsystem>
+ <subsystem>ee.xml</subsystem>
+ <subsystem supplement="ha">ejb3.xml</subsystem>
+ <subsystem>io.xml</subsystem>
+ <subsystem supplement="ha">keycloak-infinispan.xml</subsystem>
+ <subsystem>jaxrs.xml</subsystem>
+ <subsystem>jca.xml</subsystem>
+ <subsystem>jdr.xml</subsystem>
+ <subsystem>jgroups.xml</subsystem>
+ <subsystem supplement="domain">jmx.xml</subsystem>
+ <subsystem>jpa.xml</subsystem>
+ <subsystem>jsf.xml</subsystem>
+ <subsystem>mail.xml</subsystem>
+ <subsystem>mod_cluster.xml</subsystem>
+ <subsystem>naming.xml</subsystem>
+ <subsystem>remoting.xml</subsystem>
+ <subsystem>request-controller.xml</subsystem>
+ <subsystem supplement="domain-wildfly">elytron.xml</subsystem>
+ <subsystem>security.xml</subsystem>
+ <subsystem>security-manager.xml</subsystem>
+ <subsystem>transactions.xml</subsystem>
+ <subsystem supplement="ha">undertow.xml</subsystem>
+ <subsystem>keycloak-server.xml</subsystem>
+ </subsystems>
+ <subsystems name="load-balancer">
+ <subsystem>logging.xml</subsystem>
+ <subsystem>io.xml</subsystem>
+ <subsystem>undertow-load-balancer.xml</subsystem>
+ </subsystems>
</config>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/template.xml b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/template.xml
index e7b5885..5774706 100755
--- a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/template.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/domain/template.xml
@@ -17,7 +17,7 @@
~ limitations under the License.
-->
-<domain xmlns="urn:jboss:domain:4.0">
+<domain xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
@@ -60,31 +60,6 @@
-->
<profile name="load-balancer">
<?SUBSYSTEMS socket-binding-group="load-balancer-sockets"?>
- <subsystem xmlns="urn:jboss:domain:undertow:3.0">
- <buffer-cache name="default"/>
- <server name="default-server">
- <http-listener name="default" socket-binding="http" redirect-socket="https"/>
- <host name="default-host" alias="localhost">
- <location name="/" handler="lb-handler"/>
- <filter-ref name="server-header"/>
- <filter-ref name="x-powered-by-header"/>
- </host>
- </server>
- <servlet-container name="default">
- <jsp-config/>
- <websockets/>
- </servlet-container>
- <handlers>
- <reverse-proxy name="lb-handler">
- <host name="host1" outbound-socket-binding="remote-host1" scheme="ajp" path="/" instance-id="myroute1"/>
- <host name="host2" outbound-socket-binding="remote-host2" scheme="ajp" path="/" instance-id="myroute2"/>
- </reverse-proxy>
- </handlers>
- <filters>
- <response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
- <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
- </filters>
- </subsystem>
</profile>
</profiles>
@@ -96,12 +71,8 @@
These default configurations require the binding specification to be done in host.xml.
-->
<interfaces>
- <interface name="management">
- <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
- </interface>
- <interface name="public">
- <inet-address value="${jboss.bind.address:127.0.0.1}"/>
- </interface>
+ <interface name="management"/>
+ <interface name="public"/>
<?INTERFACES?>
</interfaces>
@@ -114,32 +85,25 @@
</socket-binding-group>
<!-- load-balancer-sockets should be removed in production systems and replaced with a better softare or hardare based one -->
<socket-binding-group name="load-balancer-sockets" default-interface="public">
- <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
- <socket-binding name="http" port="${jboss.http.port:8080}"/>
- <socket-binding name="https" port="${jboss.https.port:8443}"/>
- <outbound-socket-binding name="remote-host1">
- <remote-destination host="localhost" port="8159"/>
- </outbound-socket-binding>
- <outbound-socket-binding name="remote-host2">
- <remote-destination host="localhost" port="8259"/>
- </outbound-socket-binding>
+ <!-- Needed for server groups using the 'load-balancer' profile -->
<?SOCKET-BINDINGS?>
</socket-binding-group>
</socket-binding-groups>
<server-groups>
- <!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
- <server-group name="load-balancer-group" profile="load-balancer">
+ <server-group name="auth-server-group" profile="auth-server-clustered">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
- <socket-binding-group ref="load-balancer-sockets"/>
+ <socket-binding-group ref="ha-sockets"/>
</server-group>
- <server-group name="auth-server-group" profile="auth-server-clustered">
+
+ <!-- load-balancer-group should be removed in production systems and replaced with a better softare or hardare based one -->
+ <server-group name="load-balancer-group" profile="load-balancer">
<jvm name="default">
<heap size="64m" max-size="512m"/>
</jvm>
- <socket-binding-group ref="ha-sockets"/>
+ <socket-binding-group ref="load-balancer-sockets"/>
</server-group>
</server-groups>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host.xml b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host.xml
index a5c9afb..6a4dba4 100755
--- a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host.xml
@@ -23,7 +23,7 @@
via host-slave.xml
-->
-<host name="master" xmlns="urn:jboss:domain:4.0">
+<host name="master" xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
@@ -40,6 +40,11 @@
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
+ <server-identities>
+ <ssl>
+ <keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
+ </ssl>
+ </server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@@ -54,8 +59,8 @@
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
- <file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
- <file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
+ <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
+ <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
@@ -72,7 +77,8 @@
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
- <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
+ <http-interface security-realm="ManagementRealm">
+ <http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
@@ -80,6 +86,8 @@
<domain-controller>
<local/>
+ <!-- Alternative remote domain controller configuration with a host and port -->
+ <!-- <remote protocol="remote" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/> -->
</domain-controller>
<interfaces>
@@ -99,6 +107,8 @@
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
+ <option value="-XX:MetaspaceSize=96m"/>
+ <option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-master.xml b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-master.xml
index f5d89ee..095fcc4 100755
--- a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-master.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-master.xml
@@ -22,7 +22,7 @@
is also started by this host controller file. The other instance must be started
via host-slave.xml
-->
-<host name="master" xmlns="urn:jboss:domain:4.0">
+<host name="master" xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
@@ -39,6 +39,11 @@
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
+ <server-identities>
+ <ssl>
+ <keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
+ </ssl>
+ </server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@@ -53,8 +58,8 @@
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
- <file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
- <file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
+ <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
+ <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
@@ -71,7 +76,8 @@
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
- <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
+ <http-interface security-realm="ManagementRealm">
+ <http-upgrade enabled="true" />
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
@@ -98,6 +104,8 @@
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
+ <option value="-XX:MetaspaceSize=96m"/>
+ <option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-slave.xml b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-slave.xml
index f8695d7..99648c0 100755
--- a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-slave.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/host-slave.xml
@@ -17,7 +17,7 @@
~ limitations under the License.
-->
-<host xmlns="urn:jboss:domain:4.0">
+<host xmlns="urn:jboss:domain:5.0">
<extensions>
<?EXTENSIONS?>
</extensions>
@@ -27,7 +27,7 @@
<security-realm name="ManagementRealm">
<server-identities>
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
- <secret value="c2xhdmVfdXNlcl9wYXNzd29yZA=="/>
+ <secret value="c2xhdmVfdXMzcl9wYXNzd29yZA=="/>
</server-identities>
<authentication>
@@ -39,6 +39,11 @@
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
+ <server-identities>
+ <ssl>
+ <keystore path="application.keystore" relative-to="jboss.domain.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
+ </ssl>
+ </server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
<properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
@@ -53,8 +58,8 @@
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
- <file-handler name="host-file" formatter="json-formatter" relative-to="jboss.domain.data.dir" path="audit-log.log"/>
- <file-handler name="server-file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
+ <file-handler name="host-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.domain.data.dir"/>
+ <file-handler name="server-file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir"/>
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
@@ -69,15 +74,15 @@
</audit-log>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
- <socket interface="management" port="${jboss.management.native.port:3456}"/>
+ <socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
</management-interfaces>
</management>
<domain-controller>
- <remote security-realm="ManagementRealm">
+ <remote username="$local" security-realm="ManagementRealm">
<discovery-options>
- <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:127.0.0.1}" port="${jboss.domain.master.port:9999}"/>
+ <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}"/>
</discovery-options>
</remote>
</domain-controller>
@@ -99,6 +104,8 @@
<heap size="64m" max-size="256m"/>
<jvm-options>
<option value="-server"/>
+ <option value="-XX:MetaspaceSize=96m"/>
+ <option value="-XX:MaxMetaspaceSize=256m"/>
</jvm-options>
</jvm>
</jvms>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/subsystems.xml b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/subsystems.xml
index ada31ff..67bc4cd 100644
--- a/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/subsystems.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources-wf11/configuration/host/subsystems.xml
@@ -19,6 +19,8 @@
<!-- See src/resources/configuration/ReadMe.txt for how the configuration assembly works -->
<config>
<subsystems>
+ <subsystem>core-management.xml</subsystem>
<subsystem>jmx.xml</subsystem>
+ <subsystem supplement="host">elytron.xml</subsystem>
</subsystems>
</config>