WIP Test with keycloak HA

README.md

@@ -10,7 +10,7 @@ See [docker-compose.yml](https://github.com/Reposoft/openidc-keycloak-test/blob/
 Might be run like this:
 ```
 compose="docker-compose -f build-contracts/docker-compose.yml"
-$compose up --build -d postgres keycloak openidc
+$compose up --build -d mysql keycloak openidc
 $compose up --build keycloak-setup #TODO
 $compose up --build -d testclient
 $compose logs -f

build-contracts/docker-compose.yml

@@ -1,31 +1,38 @@
 version: '2'
 services:
-  postgres:
-    image: postgres:9.6
+  mysql:
+    image: mariadb:10.1
     expose:
-      - "5432"
+      - "3306"
     environment:
-      POSTGRES_USER: keycloak
-      POSTGRES_PASSWORD: keycloak
+      MYSQL_ROOT_PASSWORD: openidctest
+      MYSQL_DATABASE: keycloak
+      MYSQL_USER: keycloak
+      MYSQL_PASSWORD: keycloak
+    # Causes: Change Set META-INF/jpa-changelog-1.0.0.Final.xml::1.0.0.Final::[email protected] failed.  Error: Specified key was too long; max key length is 767 bytes [Failed SQL: ALTER TABLE keycloak.REALM_SOCIAL_CONFIG ADD PRIMARY KEY (REALM_ID, NAME)]: liquibase.exception.DatabaseException: Specified key was too long; max key length is 767 bytes [Failed SQL: ALTER TABLE keycloak.REALM_SOCIAL_CONFIG ADD PRIMARY KEY (REALM_ID, NAME)]
+    #command:
+    #  - --character-set-server=utf8mb4
+    #  - --collation-server=utf8mb4_unicode_ci
   keycloak:
-    image: jboss/keycloak-postgres:2.3.0.Final
+    build:
+      context: ../keycloak-ha-mysql
+    image: solsson/keycloak-ha-mysql
     links:
-      - postgres
+      - mysql
     environment:
       KEYCLOAK_USER: admin
       KEYCLOAK_PASSWORD: openidctest
-      POSTGRES_USER: keycloak
-      POSTGRES_PASSWORD: keycloak
+      MYSQL_DATABASE: keycloak
+      MYSQL_USER: keycloak
+      MYSQL_PASSWORD: keycloak
       # Workaround for container using legacy Docker links, resulting in
-      # "WFLYCTL0211: Cannot resolve expression 'jdbc:postgresql://${env.POSTGRES_PORT_5432_TCP_ADDR}...")n
-      POSTGRES_PORT_5432_TCP_ADDR: postgres
+      # "WFLYCTL0211: Cannot resolve expression 'jdbc:mysql://${env.MYSQL_PORT_3306_TCP_ADDR}:${env.MYSQL_PORT_3306_TCP_PORT}
+      MYSQL_PORT_3306_TCP_ADDR: mysql
+      MYSQL_PORT_3306_TCP_PORT: "3306"
     expose:
       - "8080"
-      - "9090"
-    # For local browser; you also need "keycloak" in your hosts file
-    ports:
-      - "8080:8080"
-      - "9990:9990"
+      - "7600"
+      - "57600"
     # Uncomment the following and docker-compose up keycloak again to export realms
     volumes:
       - ./keycloak-setup/export:/export
@@ -34,6 +41,31 @@ services:
     #  - -Dkeycloak.migration.action=export
     #  - -Dkeycloak.migration.provider=dir
     #  - -Dkeycloak.migration.dir=/export
+  keycloak2:
+    build:
+      context: ../keycloak-ha-mysql
+    image: solsson/keycloak-ha-mysql
+    links:
+      - mysql
+    environment:
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: openidctest
+      MYSQL_DATABASE: keycloak
+      MYSQL_USER: keycloak
+      MYSQL_PASSWORD: keycloak
+      MYSQL_PORT_3306_TCP_ADDR: mysql
+      MYSQL_PORT_3306_TCP_PORT: "3306"
+    expose:
+      - "8080"
+      - "7600"
+      - "57600"
+  keycloak-ha:
+    build: ./ha
+    links:
+      - keycloak
+    # For local browser; you also need "keycloak" in your hosts file
+    ports:
+      - "8080:80"
   httpd-openidc:
     build: ../httpd-openidc
     image: localhost:5000/reposoft/httpd-openidc
@@ -44,7 +76,7 @@ services:
     build: ./openidc
     depends_on:
       - httpd-openidc
-      - keycloak
+      - keycloak-ha
     # Don't allow direct communication with keycloak; depends on hosting scenario
     #links:
     #  - keycloak

build-contracts/ha/Dockerfile

@@ -0,0 +1,11 @@
+FROM httpd:2.4
+
+RUN sed -i 's|#LoadModule proxy_module|LoadModule proxy_module|' conf/httpd.conf \
+  && sed -i 's|#LoadModule proxy_http_module|LoadModule proxy_http_module|' conf/httpd.conf \
+  && sed -i 's|#LoadModule proxy_balancer_module|LoadModule proxy_balancer_module|' conf/httpd.conf \
+  && sed -i 's|#LoadModule slotmem_shm_module|LoadModule slotmem_shm_module|' conf/httpd.conf \
+  && sed -i 's|#LoadModule lbmethod_byrequests_module|LoadModule lbmethod_byrequests_module|' conf/httpd.conf
+
+RUN echo "Include conf/proxy.conf" >> conf/httpd.conf
+
+COPY proxy.conf conf/

build-contracts/ha/proxy.conf

@@ -0,0 +1,18 @@
+
+#LogLevel debug
+
+# Getting rid of:
+# [proxy_http:debug] [pid 8:tid 139765064062720] mod_proxy_http.c(1894): [client 172.27.0.1:41148] AH01113: HTTP: declining URL balancer://keycloakinform/
+# [proxy:warn] [pid 8:tid 139765064062720] [client 172.27.0.1:41148] AH01144: No protocol handler was valid for the URL /inform. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
+# 172.27.0.1 - - [07/Nov/2016:10:08:17 +0000] "POST /inform HTTP/1.1" 500 528
+#<Location /inform>
+#  Require all denied
+#</Location>
+
+<Proxy "balancer://keycloak">
+    BalancerMember "http://keycloak:8080"
+    BalancerMember "http://keycloak2:8080"
+    ProxySet lbmethod=byrequests
+</Proxy>
+ProxyPass "/" "balancer://keycloak/"
+#ProxyPassReverse "/" "balancer://keycloak/"

keycloak-ha-mysql/Dockerfile

@@ -0,0 +1,7 @@
+FROM jboss/keycloak-mysql:2.3.0.Final
+
+CMD ["-b", "0.0.0.0", "--server-config", "standalone-ha.xml"]
+
+RUN rm keycloak/standalone/configuration/standalone.xml
+
+ADD standalone-ha.xml keycloak/standalone/configuration/standalone-ha.xml