- First, we will describe the steps for installing Keycloak. The steps include:
- Instaling PostgreSql
- Installing Keycloak
- Installing Infinispan
- Integrating Keycloak and Infinispan
- Each node will be installed in the separate virtual machine.
- Ubuntu 24.04 LTS will be used as the operating system for each node.
- We are not going to use clusters for now
- In this article we will describe the steps for installing Infinispan.
- We failed to integrate Infinispan and Keycloak. But we will tell how we tried to achieve the result.
- Suppose our Intranetwork is 10.183.96.0/19
- Suppose the IP of the virtual machine = 10.183.97.12
sudo apt update
sudo apt upgrade
sudo apt install openjdk-21-jdk
java -version
- here is a response of the last command
openjdk version "21.0.7" 2025-04-15
OpenJDK Runtime Environment (build 21.0.7+6-Ubuntu-0ubuntu124.04)
OpenJDK 64-Bit Server VM (build 21.0.7+6-Ubuntu-0ubuntu124.04, mixed mode, sharing)
- goto download to get info about the lates stable version
- download zip file
wget https://github.com/infinispan/infinispan/releases/download/15.2.0.Final/infinispan-server-15.2.0.Final.zip
- unzip the file into
/opt-folder
sudo apt-get install unzip
sudo unzip infinispan-server-15.2.0.Final.zip -d /opt/
- run for test (type Ctrl+C to stop the server)
cd /opt/infinispan-server-15.2.0.Final
sudo bin/server.sh
- Making Infinispan Available Outside of a Virtual Machine
- open the file
sudo nano /opt/infinispan-server-15.2.0.Final/server/conf/infinispan.xml
<infinispan ... xmlns:server="urn:infinispan:server:15.2">
...
<server xmlns="urn:infinispan:server:15.2">
<interfaces>
<interface name="public">
<inet-address value="${infinispan.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
...
<server xmlns="urn:infinispan:server:15.2">
<interfaces>
<interface name="public">
<inet-address value="${infinispan.bind.address:10.183.97.12}"/>
</interface>
</interfaces>
...
cd /opt/infinispan-server-15.2.0.Final
sudo bin/server.sh
- and outside the virtual machine goto
http://10.183.97.12:11222/. The home page shows the hint about creating user with 'admin'-rights
- stop the server ((type Ctrl+C)
- run the commands:
yury@insp:~$ cd /opt/infinispan-server-15.2.0.Final
yury@insp:/opt/infinispan-server-15.2.0.Final$ sudo bin/cli.sh
[sudo] password for yury:
[disconnected]> user create yury -p Qq01011967 -g admin
[disconnected]> exit
yury@insp:/opt/infinispan-server-15.2.0.Final$
- start the server and outside the virtual machine goto
http://10.183.97.12:11222/
- you can login as
yury with the password=Qq01011967
- stop the server
- create system user for the infinispan service (you have a sample of the service in the file:
sudo nano /opt/infinispan-server-15.2.0.Final/docs/systemd/infinispan.service)
sudo groupadd infinispan
sudo useradd -r -g infinispan -d /opt/infinispan-server-15.2.0.Final -s /sbin/nologin infinispan
- change the owner of the folder:
sudo chown -R infinispan:infinispan /opt/infinispan-server-15.2.0.Final
- create the file of the service
sudo nano /etc/systemd/system/infinispan.service
# This script allows you to run Infinispan Server as a systemd service.
# Modify environment properties in this script as appropriate.
# Copy this script to the following location: /etc/systemd/system
# Activate with 'systemctl daemon-reload'
# 'systemctl start|enable infinispan'
[Unit]
Description=Infinispan Server Service
After=network.target
[Service]
# Delays the service’s start until all jobs are dispatched
Type=idle
# specifies the user and group under which the service will run
User=infinispan
Group=infinispan
Environment="INFINISPAN_HOME=/opt/infinispan-server-15.2.0.Final"
#Environment="JAVA_HOME=/usr/java/jdk-11.0.8"
ExecStart=/bin/bash -c ${INFINISPAN_HOME}/bin/server.sh
# Considers these exit codes as successful service termination
SuccessExitStatus=143
# Time to wait for service to stop before forcible terminating it
TimeoutStopSec=10
# Service is restarted if it fails
Restart=on-failure
# Wait time before restarting the service after a failure
RestartSec=30
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable infinispan.service
sudo systemctl start infinispan.service
sudo systemctl status infinispan.service
sudo journalctl -u infinispan.service
- They wrote in the docset
- You can edit the required values in the server.conf configuration file. For example, to set the options to pass to the JVM, edit the following lines...
JAVA_OPTS="-Xms64m -Xmx512m -XX:MetaspaceSize=64M -Djava.net.preferIPv4Stack=true"
JAVA_OPTS="$JAVA_OPTS -Djava.awt.headless=true"
- We do not follow their
number-of-entities-requires-memory algorithm. Instead we set -Xmx into 70% of the memory in the virtual machine and -Xms into 70% of the memory in the virtual machine.
- Open the file
sudo nano /opt/infinispan-server-15.2.0.Final/bin/server.conf
- right before the line
Specify options to pass to the Java VM. we insert two lines like below
JAVA_OPTS="-Xms3000m -Xmx4200m -XX:MetaspaceSize=64M -Djava.net.preferIPv4Stack=true"
JAVA_OPTS="$JAVA_OPTS -Djava.awt.headless=true"
#
# Specify options to pass to the Java VM.
#
if [ "x$JAVA_OPTS" = "x" ]; then
JAVA_OPTS="-Xms64m -Xmx512m -XX:MetaspaceSize=64M -Djava.net.preferIPv4Stack=true"
JAVA_OPTS="$JAVA_OPTS -Djava.awt.headless=true"
else
echo "JAVA_OPTS already set in environment; overriding default settings with values: $JAVA_OPTS"
fi
…
sudo systemctl restart infinispan.service
sudo systemctl status infinispan.service
-
you do not need to setup Jdbc driver until you use
JDBC_PING2 autodetecting protocol
- We tested
JDBC_PING2. It worked for us for pair of Infinispan servers.
-
Note: Infinispan's
JDBC_PING2 protocol is not related to Keycloak's JDBC_PING2 which is a default now
- Infinispan uses
select * from public.jgroups
- Keycloak uses
select * FROM public.jgroups_ping
- Here is how to install jdbc driver for infinispan
- to know the latest version of the jdbc goto
https://jdbc.postgresql.org/
- run the command
yury@insp:~$ cd /opt/infinispan-server-15.2.0.Final
yury@insp:/opt/infinispan-server-15.2.0.Final$ sudo bin/cli.sh
[disconnected]> connect 10.183.97.12:11222
Username: yury
Password: **********
[insp-35800@cluster//containers/default]> install org.postgresql:postgresql:42.7.7
[insp-35800@cluster//containers/default]> disconnect
[disconnected]> exit
yury@insp:/opt/infinispan-server-15.2.0.Final$
- the jar-file will be here
/opt/infinispan-server-15.2.0.Final/server/lib/postgresql-42.7.7.jar
- on the postgresql virtual machine
yury@psql:~$ sudo -u postgres createuser --interactive
Enter name of role to add: infinispan
Shall the new role be a superuser? (y/n) y
sudo -u postgres psql
ALTER USER infinispan WITH PASSWORD 'infinispan';
\q
- on the postgresql virtual machine
- create a tablespace and a database
sudo mkdir /data
sudo mkdir /data/infinispandbs
sudo chown postgres:postgres /data/infinispandbs
sudo -u postgres psql
CREATE TABLESPACE infinispants OWNER infinispan LOCATION '/data/infinispandbs';
\q
sudo -u postgres psql
CREATE DATABASE infinispandb OWNER infinispan TABLESPACE infinispants;
\q
- on the infinispan virtual machine
- open the file
sudo nano /opt/infinispan-server-15.2.0.Final/server/conf/infinispan.xml
- inser the content
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:15.2 https://infinispan.org/schemas/infinispan-config-15.2.xsd
urn:infinispan:server:15.2 https://infinispan.org/schemas/infinispan-server-15.2.xsd"
xmlns="urn:infinispan:config:15.2"
xmlns:server="urn:infinispan:server:15.2">
...
<server xmlns="urn:infinispan:server:15.2">
...
<data-sources>
<!-- Defines a unique name for the datasource and JNDI name that you
reference in JDBC cache store configuration.
Enables statistics for the datasource, if required. -->
<data-source name="ds"
jndi-name="jdbc/postgres"
statistics="true">
<!-- Specifies the JDBC driver that creates connections. -->
<connection-factory driver="org.postgresql.Driver"
url="jdbc:postgresql://10.183.97.10:5432/infinispandb"
username="infinispan"
password="infinispan">
<!-- Sets optional JDBC driver-specific connection properties.
<connection-property name="name">value</connection-property>
-->
</connection-factory>
<!-- Defines connection pool tuning properties. -->
<connection-pool initial-size="1"
max-size="10"
min-size="3"
background-validation="1s"
idle-removal="1m"
blocking-timeout="1s"
leak-detection="10s"/>
</data-source>
</data-sources>
...
</server>
</infinispan>
yury@insp:/opt/infinispan-server-15.2.0.Final$ cd /opt/infinispan-server-15.2.0.Final
yury@insp:/opt/infinispan-server-15.2.0.Final$ sudo bin/cli.sh
[disconnected]> connect 10.183.97.12:11222
Username: yury
Password: **********
[insp-24413@cluster//containers/default]> server datasource ls
["ds"]
[insp-24413@cluster//containers/default]> server datasource test ds
ISPN012502: Connection to data source 'ds' successful
[insp-24413@cluster//containers/default]> disconnect
[disconnected]> exit
yury@insp:/opt/infinispan-server-15.2.0.Final$
- to set up JGroups-stack modify the file
sudo nano /opt/infinispan-server-15.2.0.Final/server/conf/infinispan.xml
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:15.2 https://infinispan.org/schemas/infinispan-config-15.2.xsd
urn:infinispan:server:15.2 https://infinispan.org/schemas/infinispan-server-15.2.xsd"
xmlns="urn:infinispan:config:15.2"
xmlns:server="urn:infinispan:server:15.2">
<jgroups>
<stack name="jdbc" extends="tcp">
<JDBC_PING2 stack.combine="REPLACE" stack.position="MPING" />
</stack>
</jgroups>
<cache-container>
<transport stack="jdbc" server:data-source="ds" />
...
</cache-container>
...
- We tested these setting (just followed their docset). It works for pair of infinispan instances.
-
Note: Infinispan's
JDBC_PING2 protocol is not related to Keycloak's JDBC_PING2 (!!!)
- During our test, a Keycloak instance established a connection to an Infinispan instance without a JDBC driver.(Infinispan did not have the JDBC driver installed).
- We found that the issue is related to message marshalling/unmarshalling.