Skip to content

Instantly share code, notes, and snippets.

@slaskawi

slaskawi/cloud.xml Secret

Created May 21, 2018 11:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save slaskawi/ca522cec11c4019b101afb9cbef5e2dd to your computer and use it in GitHub Desktop.
Save slaskawi/ca522cec11c4019b101afb9cbef5e2dd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cloud.xml
<?xml version='1.0' encoding='UTF-8'?>
<server xmlns="urn:jboss:domain:5.0">
<extensions>
<extension module="org.infinispan.extension"/>
<extension module="org.infinispan.server.endpoint"/>
<extension module="org.jboss.as.connector"/>
<extension module="org.jboss.as.deployment-scanner"/>
<extension module="org.jboss.as.jdr"/>
<extension module="org.jboss.as.jmx"/>
<extension module="org.jboss.as.logging"/>
<extension module="org.jboss.as.naming"/>
<extension module="org.jboss.as.remoting"/>
<extension module="org.jboss.as.security"/>
<extension module="org.jboss.as.transactions"/>
<extension module="org.jgroups.extension"/>
<extension module="org.wildfly.extension.elytron"/>
<extension module="org.wildfly.extension.io"/>
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter"/>
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/>
</handlers>
<logger log-boot="true" enabled="false">
<handlers>
<handler name="file"/>
</handlers>
</logger>
</audit-log>
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true"/>
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
<access-control>
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local"/>
</include>
</role>
</role-mapping>
</access-control>
</management>
<profile>
<subsystem xmlns="urn:jboss:domain:logging:3.0">
<console-handler name="CONSOLE">
<level name="INFO"/>
<formatter>
<named-formatter name="COLOR-PATTERN"/>
</formatter>
</console-handler>
<periodic-rotating-file-handler name="FILE" autoflush="true">
<formatter>
<named-formatter name="PATTERN"/>
</formatter>
<file relative-to="jboss.server.log.dir" path="server.log"/>
<suffix value=".yyyy-MM-dd"/>
<append value="true"/>
</periodic-rotating-file-handler>
<size-rotating-file-handler name="HR-ACCESS-FILE" autoflush="true">
<formatter>
<named-formatter name="ACCESS-LOG"/>
</formatter>
<file relative-to="jboss.server.log.dir" path="hotrod-access.log"/>
<append value="true"/>
<rotate-size value="10M"/>
<max-backup-index value="10"/>
</size-rotating-file-handler>
<size-rotating-file-handler name="REST-ACCESS-FILE" autoflush="true">
<formatter>
<named-formatter name="ACCESS-LOG"/>
</formatter>
<file relative-to="jboss.server.log.dir" path="rest-access.log"/>
<append value="true"/>
<rotate-size value="10M"/>
<max-backup-index value="10"/>
</size-rotating-file-handler>
<logger category="com.arjuna">
<level name="WARN"/>
</logger>
<logger category="org.jboss.as.config">
<level name="DEBUG"/>
</logger>
<!-- On AWS we observe lots and lots of connection errors from LBs -->
<logger category="org.jgroups.protocols.TCP">
<level name="ERROR"/>
</logger>
<logger category="org.infinispan.remoting.transport.jgroups.JGroupsTransport">
<level name="DEBUG"/>
</logger>
<logger category="sun.rmi">
<level name="WARN"/>
</logger>
<logger category="org.infinispan.HOTROD_ACCESS_LOG" use-parent-handlers="false">
<!-- Set to TRACE to enable access logging for hot rod or use DMR -->
<level name="INFO"/>
<handlers>
<handler name="HR-ACCESS-FILE"/>
</handlers>
</logger>
<logger category="org.infinispan.REST_ACCESS_LOG" use-parent-handlers="false">
<!-- Set to TRACE to enable access logging for rest or use DMR -->
<level name="INFO"/>
<handlers>
<handler name="REST-ACCESS-FILE"/>
</handlers>
</logger>
<root-logger>
<level name="INFO"/>
<handlers>
<handler name="CONSOLE"/>
<handler name="FILE"/>
</handlers>
</root-logger>
<formatter name="PATTERN">
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
</formatter>
<formatter name="COLOR-PATTERN">
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n"/>
</formatter>
<formatter name="ACCESS-LOG">
<pattern-formatter pattern="%X{address} %X{user} [%d{dd/MMM/yyyy:HH:mm:ss z}] &quot;%X{method} %m %X{protocol}&quot; %X{status} %X{requestSize} %X{responseSize} %X{duration}%n"/>
</formatter>
</subsystem>
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
<subsystem xmlns="urn:wildfly:elytron:1.2" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
<providers name="openssl"/>
</aggregate-providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
<provider-loader name="openssl" module="org.wildfly.openssl"/>
</providers>
<audit-logging>
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
</audit-logging>
<security-domains>
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
<realm name="local"/>
</security-domain>
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
<realm name="local" role-mapper="super-user-mapper"/>
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local"/>
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
</security-realms>
<mappers>
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
<permission-mapping>
<principal name="anonymous"/>
</permission-mapping>
<permission-mapping match-all="true">
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
</permission-mapping>
</simple-permission-mapper>
<constant-realm-mapper name="local" realm-name="local"/>
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
<constant-role-mapper name="super-user-mapper">
<role name="SuperUser"/>
</constant-role-mapper>
</mappers>
<http>
<http-authentication-factory name="management-http-authentication" http-server-mechanism-factory="global" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="Application Realm"/>
</mechanism>
<mechanism mechanism-name="FORM"/>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
</http>
<sasl>
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ApplicationRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
<properties>
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
</properties>
</configurable-sasl-server-factory>
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron"/>
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global"/>
</sasl>
</subsystem>
<subsystem xmlns="urn:infinispan:server:core:9.2" default-cache-container="clustered">
<cache-container name="clustered" default-cache="default" statistics="true">
<transport lock-timeout="60000" />
<global-state/>
<replicated-cache-configuration name="replicated">
<backups>
<backup site="Private" strategy="ASYNC" timeout="240000"/>
<backup site="Azure" strategy="ASYNC" timeout="240000"/>
<backup site="Amazon" strategy="ASYNC" timeout="240000"/>
</backups>
</replicated-cache-configuration>
<distributed-cache-configuration name="distributed">
<backups>
<backup site="Private" strategy="ASYNC" timeout="240000"/>
<backup site="Azure" strategy="ASYNC" timeout="240000"/>
<backup site="Amazon" strategy="ASYNC" timeout="240000"/>
</backups>
</distributed-cache-configuration>
<distributed-cache-configuration name="indexed">
<backups>
<backup site="Private" strategy="ASYNC" timeout="240000"/>
<backup site="Azure" strategy="ASYNC" timeout="240000"/>
<backup site="Amazon" strategy="ASYNC" timeout="240000"/>
</backups>
<indexing index="LOCAL" auto-config="true"/>
</distributed-cache-configuration>
<!-- https://github.com/keycloak/keycloak-documentation/blob/master/server_installation/topics/operating-mode/crossdc.adoc -->
<replicated-cache-configuration name="sessions-cfg" mode="SYNC" start="EAGER" batching="false">
<transaction mode="NON_DURABLE_XA" locking="PESSIMISTIC"/>
<locking acquire-timeout="0" />
<backups>
<backup site="Private" strategy="ASYNC" timeout="240000"/>
<backup site="Azure" strategy="ASYNC" timeout="240000"/>
<backup site="Amazon" strategy="ASYNC" timeout="240000"/>
</backups>
</replicated-cache-configuration>
<!-- Temporary, will be exported to *-configuration as soon as we know what caches are needed -->
<!-- https://github.com/keycloak/keycloak-documentation/blob/master/server_installation/topics/operating-mode/crossdc.adoc -->
<replicated-cache name="work" configuration="sessions-cfg"/>
<replicated-cache name="sessions" configuration="sessions-cfg"/>
<replicated-cache name="clientSessions" configuration="sessions-cfg"/>
<replicated-cache name="offlineSessions" configuration="sessions-cfg"/>
<replicated-cache name="offlineClientSessions" configuration="sessions-cfg"/>
<replicated-cache name="actionTokens" configuration="sessions-cfg"/>
<replicated-cache name="loginFailures" configuration="sessions-cfg"/>
<replicated-cache name="userStorage" configuration="sessions-cfg"/>
<!-- Clement -->
<replicated-cache name="tasks" configuration="replicated"/>
<replicated-cache name="active" configuration="replicated"/>
<distributed-cache name="players" configuration="indexed"/>
<distributed-cache name="txs" configuration="distributed"/>
<distributed-cache name="objects" configuration="distributed"/>
<distributed-cache name="admin" configuration="distributed"/>
<!-- Galder -->
<distributed-cache name="scores" configuration="distributed"/>
<!-- Test caches -->
<distributed-cache name="default" configuration="distributed"/>
<distributed-cache name="default0" configuration="distributed"/>
<distributed-cache name="default1" configuration="distributed"/>
<distributed-cache name="default2" configuration="distributed"/>
<distributed-cache name="default3" configuration="distributed"/>
<distributed-cache name="default4" configuration="distributed"/>
<distributed-cache name="default5" configuration="distributed"/>
<distributed-cache name="indexed0" configuration="indexed"/>
<distributed-cache name="indexed1" configuration="indexed"/>
<distributed-cache name="indexed2" configuration="indexed"/>
<distributed-cache name="indexed3" configuration="indexed"/>
<distributed-cache name="indexed4" configuration="indexed"/>
<distributed-cache name="indexed5" configuration="indexed"/>
<!-- Defaults -->
<replicated-cache name="repl" configuration="replicated"/>
<distributed-cache name="memcachedCache"/>
</cache-container>
</subsystem>
<subsystem xmlns="urn:infinispan:server:endpoint:9.2">
<hotrod-connector socket-binding="hotrod" cache-container="clustered">
<topology-state-transfer lazy-retrieval="false" lock-timeout="1000" replication-timeout="5000"/>
</hotrod-connector>
<rest-connector socket-binding="rest" cache-container="clustered">
<cors-rules>
<cors-rule name="allow ALL" allow-credentials="true" max-age-seconds="2000">
<allowed-origins>*</allowed-origins>
<allowed-methods>GET,OPTIONS,POST,PUT,DELETE</allowed-methods>
<allowed-headers>Key-Content-Type, Content-Type</allowed-headers>
</cors-rule>
</cors-rules>
</rest-connector>
</subsystem>
<subsystem xmlns="urn:infinispan:server:jgroups:9.2">
<channels default="cluster">
<channel name="cluster"/>
<channel name="global" stack="relay-global"/>
</channels>
<stacks default="${jboss.default.jgroups.stack:kubernetes}">
<stack name="relay-global">
<transport type="TCP" socket-binding="jgroups-tcp-relay">
<property name="external_addr">${jboss.bind.ext_address:127.0.0.1}</property>
</transport>
<protocol type="TCPPING">
<property name="initial_hosts">${jboss.relay.global_cluster:127.0.0.1[55200]}</property>
</protocol>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd">
<property name="external_addr">${jboss.bind.ext_address:127.0.0.1}</property>
</protocol>
<protocol type="FD_ALL">
<!-- The timeout after which we suspect P -->
<!-- Let use 3 mins = 180 s -->
<property name="timeout">180000</property>
</protocol>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2">
<property name="use_mcast_xmit">false</property>
</protocol>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
</stack>
<stack name="kubernetes">
<transport type="TCP" socket-binding="jgroups-tcp">
<property name="logical_addr_cache_expiration">360000</property>
</transport>
<protocol type="kubernetes.KUBE_PING"/>
<protocol type="MERGE3"/>
<protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
<protocol type="FD_ALL"/>
<protocol type="VERIFY_SUSPECT"/>
<protocol type="pbcast.NAKACK2">
<property name="use_mcast_xmit">false</property>
</protocol>
<protocol type="UNICAST3"/>
<protocol type="pbcast.STABLE"/>
<protocol type="pbcast.GMS"/>
<protocol type="MFC"/>
<protocol type="FRAG3"/>
<relay site="${jboss.relay.site:stage}">
<remote-site name="Azure" stack="relay-global" cluster="global"/>
<remote-site name="Amazon" stack="relay-global" cluster="global"/>
<remote-site name="Private" stack="relay-global" cluster="global"/>
<property name="relay_multicasts">false</property>
<property name="max_site_masters">1000</property>
</relay>
</stack>
</stacks>
</subsystem>
<subsystem xmlns="urn:jboss:domain:io:2.0">
<worker name="default"/>
<buffer-pool name="default"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jca:5.0">
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false"/>
<bean-validation enabled="true"/>
<default-workmanager>
<short-running-threads>
<core-threads count="50"/>
<queue-length count="50"/>
<max-threads count="50"/>
<keepalive-time time="10" unit="seconds"/>
</short-running-threads>
<long-running-threads>
<core-threads count="50"/>
<queue-length count="50"/>
<max-threads count="50"/>
<keepalive-time time="10" unit="seconds"/>
</long-running-threads>
</default-workmanager>
<cached-connection-manager/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jdr:1.0"/>
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
<expose-resolved-model/>
<expose-expression-model/>
<remoting-connector/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:naming:2.0">
<remote-naming/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<endpoint/>
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
</security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:transactions:4.0">
<core-environment>
<process-id>
<uuid/>
</process-id>
</core-environment>
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
<object-store path="tx-object-store" relative-to="jboss.server.data.dir"/>
</subsystem>
</profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<!-- REST needs to bind to localhost since we want it to be available on oc port-forward -->
<interface name="rest">
<inet-address value="0.0.0.0"/>
</interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
<socket-binding name="hotrod" port="11222"/>
<socket-binding name="hotrod-internal" port="11223"/>
<socket-binding name="hotrod-multi-tenancy" port="11224"/>
<socket-binding name="jgroups-mping" port="0" multicast-address="${jboss.default.multicast.address:234.99.54.14}" multicast-port="45700"/>
<socket-binding name="jgroups-tcp" port="7600"/>
<socket-binding name="jgroups-tcp-fd" port="57600"/>
<socket-binding name="jgroups-tcp-relay" port="55200" />
<socket-binding name="memcached" port="11211"/>
<socket-binding name="rest" port="8080" interface="rest" />
<socket-binding name="rest-multi-tenancy" port="8081"/>
<socket-binding name="rest-ssl" port="8443"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<socket-binding name="websocket" port="8181"/>
<outbound-socket-binding name="remote-store-hotrod-server">
<remote-destination host="remote-host" port="11222"/>
</outbound-socket-binding>
<outbound-socket-binding name="remote-store-rest-server">
<remote-destination host="remote-host" port="8080"/>
</outbound-socket-binding>
</socket-binding-group>
</server>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment