From b1b4c93a085423ac3b2d780b3cc87643b057508e Mon Sep 17 00:00:00 2001 From: Pedro Ruivo Date: Fri, 29 Nov 2024 11:23:40 +0000 Subject: [PATCH] Cleanup and improve Infinispan template Closes #1064 Signed-off-by: Pedro Ruivo --- doc/kubernetes/collector/build.sh | 36 +++++++++++++++++-- .../ispn-helm/templates/infinispan.yaml | 32 +++++++++-------- provision/infinispan/ispn-helm/values.yaml | 8 +++-- 3 files changed, 58 insertions(+), 18 deletions(-) diff --git a/doc/kubernetes/collector/build.sh b/doc/kubernetes/collector/build.sh index 3ea7b157f..b2f4fd7d5 100755 --- a/doc/kubernetes/collector/build.sh +++ b/doc/kubernetes/collector/build.sh @@ -94,7 +94,7 @@ helm template --debug ${STARTDIR}/../../../provision/infinispan/ispn-helm \ --set cacheDefaults.crossSiteMode=SYNC \ --set cacheDefaults.stateTransferMode=AUTO \ --set cacheDefaults.xsiteFailurePolicy=FAIL \ - --set cacheDefaults.txMode=NON_XA \ + --set cacheDefaults.txMode=NON_DURABLE_XA \ --set cacheDefaults.txLockMode=PESSIMISTIC \ --set image= \ --set fd.interval=2000 \ @@ -126,7 +126,7 @@ helm template --debug ${STARTDIR}/../../../provision/infinispan/ispn-helm \ --set cacheDefaults.crossSiteMode=SYNC \ --set cacheDefaults.stateTransferMode=AUTO \ --set cacheDefaults.xsiteFailurePolicy=FAIL \ - --set cacheDefaults.txMode=NON_XA \ + --set cacheDefaults.txMode=NON_DURABLE_XA \ --set cacheDefaults.txLockMode=PESSIMISTIC \ --set image= \ --set fd.interval=2000 \ @@ -137,3 +137,35 @@ helm template --debug ${STARTDIR}/../../../provision/infinispan/ispn-helm \ --set alertmanager.webhook.username=keycloak \ --set alertmanager.webhook.password=changme \ > ${BUILDDIR}/helm/ispn-site-b.yaml + +# Infinispan volatile sessions +helm template --debug ${STARTDIR}/../../../provision/infinispan/ispn-helm \ + --set namespace=keycloak \ + --set replicas=3 \ + --set crossdc.enabled=true \ + --set crossdc.local.name=site-1 \ + --set crossdc.local.gossipRouterEnabled=true \ + --set crossdc.remote.name=site-b \ + --set crossdc.remote.gossipRouterEnabled=true \ + --set crossdc.remote.namespace=keycloak \ + --set crossdc.remote.url=openshift://api.site-b \ + --set crossdc.remote.secret=xsite-token-secret \ + --set crossdc.route.enabled=true \ + --set crossdc.route.tls.keystore.secret=xsite-keystore-secret \ + --set crossdc.route.tls.truststore.secret=xsite-truststore-secret \ + --set metrics.histograms=false \ + --set hotrodPassword="strong-password" \ + --set cacheDefaults.crossSiteMode=SYNC \ + --set cacheDefaults.stateTransferMode=AUTO \ + --set cacheDefaults.xsiteFailurePolicy=FAIL \ + --set cacheDefaults.txMode=NON_DURABLE_XA \ + --set cacheDefaults.txLockMode=PESSIMISTIC \ + --set image= \ + --set fd.interval=2000 \ + --set fd.timeout=10000 \ + --set createSessionsCaches=true \ + --set acceleratorDNS=a3da6a6cbd4e27b02.awsglobalaccelerator.com \ + --set alertmanager.webhook.url=https://tjqr2vgc664b6noj6vugprakoq0oausj.lambda-url.eu-west-1.on.aws/ \ + --set alertmanager.webhook.username=keycloak \ + --set alertmanager.webhook.password=changme \ + > ${BUILDDIR}/helm/ispn-volatile.yaml diff --git a/provision/infinispan/ispn-helm/templates/infinispan.yaml b/provision/infinispan/ispn-helm/templates/infinispan.yaml index b07ee8416..7cd51d11f 100644 --- a/provision/infinispan/ispn-helm/templates/infinispan.yaml +++ b/provision/infinispan/ispn-helm/templates/infinispan.yaml @@ -229,11 +229,13 @@ metadata: name: crossdc-push-state-status namespace: {{ $namespace }} data: - batch: | - site push-site-status --cache=actionTokens - site push-site-status --cache=authenticationSessions - site push-site-status --cache=loginFailures - site push-site-status --cache=work + batch: |- + {{- range $cache, $config := .Values.caches -}} + {{- if and (not $.Values.createSessionsCaches) (eq $cache "sessions" "offlineSessions" "clientSessions" "offlineClientSessions") }} + {{- continue}} + {{- end}} + site push-site-status --cache={{ $cache }} + {{- end }} # end::infinispan-crossdc-push-state-status[] --- # tag::infinispan-crossdc-reset-push-state-status[] @@ -243,11 +245,13 @@ metadata: name: crossdc-reset-push-state-status namespace: {{ $namespace }} data: - batch: | - site clear-push-site-status --cache=actionTokens - site clear-push-site-status --cache=authenticationSessions - site clear-push-site-status --cache=loginFailures - site clear-push-site-status --cache=work + batch: |- + {{- range $cache, $config := .Values.caches -}} + {{- if and (not $.Values.createSessionsCaches) (eq $cache "sessions" "offlineSessions" "clientSessions" "offlineClientSessions") }} + {{- continue}} + {{- end}} + site clear-push-site-status --cache={{ $cache }} + {{- end }} # end::infinispan-crossdc-reset-push-state-status[] --- # tag::infinispan-crossdc-clear-caches[] @@ -257,12 +261,12 @@ metadata: name: crossdc-clear-caches namespace: {{ $namespace }} data: - batch: |+ - {{range $cache, $config := .Values.caches -}} + batch: |- + {{- range $cache, $config := .Values.caches -}} {{- if and (not $.Values.createSessionsCaches) (eq $cache "sessions" "offlineSessions" "clientSessions" "offlineClientSessions") }} - {{continue}} + {{- continue}} {{- end}} clearcache {{ $cache }} - {{ end }} + {{- end }} # end::infinispan-crossdc-clear-caches[] {{ end }} diff --git a/provision/infinispan/ispn-helm/values.yaml b/provision/infinispan/ispn-helm/values.yaml index c45284047..b2de5e7f7 100644 --- a/provision/infinispan/ispn-helm/values.yaml +++ b/provision/infinispan/ispn-helm/values.yaml @@ -16,14 +16,18 @@ cacheDefaults: lockTimeout: 4000 # WARN|FAIL|IGNORE. ASYNC only works with WARN|IGNORE xsiteFailurePolicy: FAIL - # NONE|NON_XA - txMode: NON_XA + # NONE|NON_XA|NON_DURABLE_XA|FULL_XA + txMode: NON_DURABLE_XA # OPTIMISTIC|PESSIMISTIC txLockMode: PESSIMISTIC caches: actionTokens: {} authenticationSessions: mergePolicy: ALWAYS_REMOVE + indexing: + enabled: true + indexed-entities: + - keycloak.RootAuthenticationSessionEntity sessions: mergePolicy: ALWAYS_REMOVE indexing: