Skip to content

Instantly share code, notes, and snippets.

@vincentchalamon

vincentchalamon/cache-ispn-s3.xml

Last active November 8, 2023 13:17
Show Gist options
  • Save vincentchalamon/d1bc54ca474fc73dc8d673857f728a7a to your computer and use it in GitHub Desktop.
Save vincentchalamon/d1bc54ca474fc73dc8d673857f728a7a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cache-ispn-s3.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2019 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the @author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:14.0 http://www.infinispan.org/schemas/infinispan-config-14.0.xsd"
xmlns="urn:infinispan:config:14.0">
<jgroups>
<stack name="s3">
<TCP bind_port="7800"
recv_buf_size="${tcp.recv_buf_size:5M}"
send_buf_size="${tcp.send_buf_size:5M}"
thread_pool.enabled="true"
thread_pool.min_threads="2"
thread_pool.max_threads="8"
thread_pool.keep_alive_time="5000"/>
<aws.S3_PING region_name="${env.KC_CACHE_S3_REGION_NAME:eu-central-1}"
bucket_name="${env.KC_CACHE_S3_BUCKET_NAME:keycloak-cache}"
path_style_access_enabled="${env.KC_CACHE_S3_PATH_STYLE:false}"
endpoint="${env.KC_CACHE_S3_ENDPOINT:https://cellar-c2.services.clever-cloud.com}"/>
<MERGE3 min_interval="10000" max_interval="30000"/>
<FD_SOCK/>
<FD_ALL timeout="30000" interval="5000"/>
<VERIFY_SUSPECT timeout="1500"/>
<pbcast.NAKACK2 use_mcast_xmit="false" discard_delivered_msgs="true"/>
<UNICAST3/>
<pbcast.STABLE desired_avg_gossip="50000" max_bytes="4M"/>
<pbcast.GMS print_local_addr="true" join_timeout="2000"/>
<MFC max_credits="2M" min_threshold="0.4"/>
<FRAG2 frag_size="60K"/>
</stack>
</jgroups>
<cache-container name="keycloak">
<transport lock-timeout="60000" stack="s3"/>
<local-cache name="realms" simple-cache="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<local-cache name="users" simple-cache="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<distributed-cache name="sessions" owners="${env.KC_CACHE_OWNERS:2}">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="authenticationSessions" owners="${env.KC_CACHE_OWNERS:2}">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="offlineSessions" owners="${env.KC_CACHE_OWNERS:2}">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="clientSessions" owners="${env.KC_CACHE_OWNERS:2}">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="offlineClientSessions" owners="${env.KC_CACHE_OWNERS:2}">
<expiration lifespan="-1"/>
</distributed-cache>
<distributed-cache name="loginFailures" owners="${env.KC_CACHE_OWNERS:2}">
<expiration lifespan="-1"/>
</distributed-cache>
<local-cache name="authorization" simple-cache="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<memory max-count="10000"/>
</local-cache>
<replicated-cache name="work">
<expiration lifespan="-1"/>
</replicated-cache>
<local-cache name="keys" simple-cache="true">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="3600000"/>
<memory max-count="1000"/>
</local-cache>
<distributed-cache name="actionTokens" owners="${env.KC_CACHE_OWNERS:2}">
<encoding>
<key media-type="application/x-java-object"/>
<value media-type="application/x-java-object"/>
</encoding>
<expiration max-idle="-1" lifespan="-1" interval="300000"/>
<memory max-count="-1"/>
</distributed-cache>
</cache-container>
</infinispan>
Raw
compose.yaml
version: "3.8"
services:
database:
image: postgres:15-alpine
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
volumes:
- db_data:/var/lib/postgresql/data
s3:
image: adobe/s3mock
environment:
initialBuckets: keycloak
debug: true
# Nginx Proxy configuration (testing purpose only)
VIRTUAL_HOST: s3.docker.local
VIRTUAL_PORT: 9090
networks:
default:
aliases:
- s3.docker.local
ports:
- target: 9090
published: 9090
protocol: tcp
- target: 9091
published: 9091
protocol: tcp
keycloak:
image: keycloak/keycloak:22.0.5
working_dir: /opt/keycloak
entrypoint: bin/kc.sh --verbose
command: start
environment:
# https://www.keycloak.org/server/all-config#category-database
KC_DB: postgres
KC_DB_URL_HOST: database
KC_DB_URL_PORT: 5432
KC_DB_URL_DATABASE: keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: password
# https://www.keycloak.org/server/configuration#_creating_the_initial_admin_user
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: password
# https://www.keycloak.org/server/all-config#category-hostname
KC_HOSTNAME_URL: http://keycloak.docker.local
KC_ADMIN_HOSTNAME_URL: http://keycloak.docker.local
# https://www.keycloak.org/server/all-config#category-http
KC_HTTP_ENABLED: true
KC_HTTP_PORT: 80
# Custom cache options
KC_CACHE_CONFIG_FILE: cache-ispn-s3.xml
KC_CACHE_S3_REGION_NAME: eu-central-1
KC_CACHE_S3_BUCKET_NAME: keycloak
KC_CACHE_S3_ENDPOINT: http://s3.docker.local:9090
KC_CACHE_S3_PATH_STYLE: true
AWS_ACCESS_KEY_ID: aws_access_key
AWS_SECRET_KEY: aws_secret_key
# Nginx Proxy configuration (testing purpose only)
VIRTUAL_HOST: keycloak.docker.local
VIRTUAL_PORT: 80
KC_PROXY: edge
depends_on:
- database
volumes:
- ./conf:/opt/keycloak/conf:rw
# use nginx-proxy to prevent port conflict when scaling keycloak service (testing purpose)
nginx-proxy:
image: nginxproxy/nginx-proxy
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
ports:
- target: 80
published: 80
protocol: tcp
volumes:
db_data:
@vincentchalamon
Copy link
Author

vincentchalamon commented Nov 8, 2023
edited
Loading

Download Keycloak 22.0.5 source code and add compose.yaml file from above in root directory, and cache-ispn-s3.xml file from above in conf/ directory.

Download the following artifacts and store them in the providers/ directory:

Then, run the following command to start the project with a S3 Mock, a PostgreSQL database, a Keycloak service (with 3 instances for scalability), and a Nginx Proxy for web rendering:

docker compose up -d --scale keycloak=3

Note: to access Keycloak on your browser through http://keycloak.docker.local, you must add the following line in your /etc/hosts local file:

127.0.0.1    keycloak.docker.local s3.docker.local

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment