Haventec IAM: From Development to Production

High Availability

To enable clustering and support a High Availability solution in Haventec IAM, we need to use one of the discovery protocols by JGroups. This is because Haventec IAM uses Infinispan for caching and Infinispan utilises JGroups for discovery.

In our case we support and recommend the use of JDBC_PING.

JDBC_PING uses a DB to store information about cluster nodes used for discovery. All cluster nodes are supposed to be able to access the same DB. When a node starts, it queries information about existing members from the database, determines the coordinator and then asks the coord to join the cluster. It also inserts information about itself into the table, so others can subsequently find it. You can read more about it Here

Environment Variables

To enable JDBC_PING we need to provide the following environment variables to the docker image at startup:


        JGROUPS_DISCOVERY_PROTOCOL=JDBC_PING
        JGROUPS_DISCOVERY_PROPERTIES=datasource_jndi_name=java:jboss/datasources/KeycloakDS
        JGROUPS_TRANSPORT_STACK=tcp
    

Another environment variable, JGROUPS_DISCOVERY_EXTERNAL_IP, will be automatically set via docker_entrypoint.sh for AWS Fargate deployments.

If you're not using AWS Fargate for the deployment, you need to provide the IP address of the node to the parameter JGROUPS_DISCOVERY_EXTERNAL_IP for node discovery

If you're running your Haventec IAM instance on AWS, we need to add some rules on the Security Groups

  • An Ingress and Egress rule referencing itself on TCP port 7600

Once that is configured we can increase the ECS tasks to 2

Next Steps

Create Admin User