1. Simplest Client
Create a config file infinispan-simplest.xml with the following content:
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:16.0 https://infinispan.org/schemas/infinispan-config-16.0.xsd
urn:infinispan:server:16.0 https://infinispan.org/schemas/infinispan-server-16.0.xsd"
xmlns="urn:infinispan:config:16.0"
xmlns:server="urn:infinispan:server:16.0">
<cache-container name="default" statistics="true" default-cache="my-cache">
<local-cache name="my-cache"/>
</cache-container>
<server xmlns="urn:infinispan:server:16.0">
<interfaces>
<interface name="public">
<inet-address value="${infinispan.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}">
<socket-binding name="default" port="${infinispan.bind.port:11222}"/>
</socket-bindings>
<security>
<security-realms>
<security-realm name="none"/>
</security-realms>
</security>
<endpoints socket-binding="default" security-realm="none"/>
</server>
</infinispan>Then in the same folder run:
docker run -v .:/user-config -p 11222:11222 infinispan/server:16.0 \
-c /user-config/infinispan-simplest.xml2. Authenticated Client
Create a config file infinispan-auth.xml with the following content:
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:16.0 https://infinispan.org/schemas/infinispan-config-16.0.xsd
urn:infinispan:server:16.0 https://infinispan.org/schemas/infinispan-server-16.0.xsd"
xmlns="urn:infinispan:config:16.0"
xmlns:server="urn:infinispan:server:16.0">
<cache-container name="default" statistics="true" default-cache="my-cache">
<security>
<authorization/>
</security>
<local-cache name="my-cache"/>
</cache-container>
<server xmlns="urn:infinispan:server:16.0">
<interfaces>
<interface name="public">
<inet-address value="${infinispan.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}">
<socket-binding name="default" port="${infinispan.bind.port:11222}"/>
</socket-bindings>
<security>
<security-realms>
<security-realm name="default">
<properties-realm/>
</security-realm>
</security-realms>
</security>
<endpoints socket-binding="default" security-realm="default" />
</server>
</infinispan>Then in the same folder run:
docker run -v .:/user-config -p 11222:11222 infinispan/server:16.0 \
-c /user-config/infinispan-simplest.xml3. Multiple clusters
Create a config file infinispan-auth-dist.xml with the following content:
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:16.0 https://infinispan.org/schemas/infinispan-config-16.0.xsd
urn:infinispan:server:16.0 https://infinispan.org/schemas/infinispan-server-16.0.xsd"
xmlns="urn:infinispan:config:16.0"
xmlns:server="urn:infinispan:server:16.0">
<cache-container name="default" statistics="true" default-cache="my-cache">
<transport cluster="${infinispan.cluster.name:cluster}" stack="${infinispan.cluster.stack:tcp}" node-name="${infinispan.node.name:}"/>
<security>
<authorization/>
</security>
<distributed-cache name="my-cache"/>
</cache-container>
<server xmlns="urn:infinispan:server:16.0">
<interfaces>
<interface name="public">
<inet-address value="${infinispan.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}">
<socket-binding name="default" port="${infinispan.bind.port:11222}"/>
</socket-bindings>
<security>
<security-realms>
<security-realm name="default">
<properties-realm/>
</security-realm>
</security-realms>
</security>
<endpoints socket-binding="default" security-realm="default" />
</server>
</infinispan>Now you need a docker-compose.yml file to start two clusters with two nodes each.
version: '3.8'
services:
# Cluster 1 - Node 1
infinispan-cluster1-node1:
image: infinispan/server:16.0
container_name: infinispan-cluster1-node1
hostname: cluster1-node1
networks:
cluster1_network:
ipv4_address: 172.20.0.11
ports:
- "11222:11222"
environment:
- USER=username
- PASS=changeme
- JAVA_OPTIONS=-Djgroups.bind.address=NON_LOOPBACK
volumes:
- .:/user-config
command: >
-c /user-config/infinispan-auth-dist.xml
-b 0.0.0.0
--cluster-name=cluster1
# Cluster 1 - Node 2
infinispan-cluster1-node2:
image: infinispan/server:16.0
container_name: infinispan-cluster1-node2
hostname: cluster1-node2
networks:
cluster1_network:
ipv4_address: 172.20.0.12
ports:
- "11223:11222"
environment:
- USER=username
- PASS=changeme
- JAVA_OPTIONS=-Djgroups.bind.address=NON_LOOPBACK
volumes:
- .:/user-config
command: >
-c /user-config/infinispan-auth-dist.xml
-b 0.0.0.0
--cluster-name=cluster1
depends_on:
- infinispan-cluster1-node1
# Cluster 2 - Node 1
infinispan-cluster2-node1:
image: infinispan/server:16.0
container_name: infinispan-cluster2-node1
hostname: cluster2-node1
networks:
cluster2_network:
ipv4_address: 172.21.0.11
ports:
- "12222:11222"
environment:
- USER=username
- PASS=changeme
- JAVA_OPTIONS=-Djgroups.bind.address=NON_LOOPBACK
volumes:
- .:/user-config
command: >
-c /user-config/infinispan-auth-dist.xml
-b 0.0.0.0
--cluster-name=cluster2
# Cluster 2 - Node 2
infinispan-cluster2-node2:
image: infinispan/server:16.0
container_name: infinispan-cluster2-node2
hostname: cluster2-node2
networks:
cluster2_network:
ipv4_address: 172.21.0.12
ports:
- "12223:11222"
environment:
- USER=username
- PASS=changeme
- JAVA_OPTIONS=-Djgroups.bind.address=NON_LOOPBACK
volumes:
- .:/user-config
command: >
-c /user-config/infinispan-auth-dist.xml
-b 0.0.0.0
--cluster-name=cluster2
depends_on:
- infinispan-cluster2-node1
networks:
cluster1_network:
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
cluster2_network:
driver: bridge
ipam:
config:
- subnet: 172.21.0.0/16Now in the same folder run:
docker compose up -dYou can see the server logs and stop everything with:
docker compose logs
docker compose down -v4. TLS clusters
To setup a tls cluster a set of certificates is needed so that client and server can verify each other identity. To create all the certs and organized them in trust and key store, run the following
keytool -genkeypair -alias infinispan \
-keyalg RSA -keysize 2048 -keystore server.keystore \
-storepass changeme -keypass changeme -validity 365 \
-dname "CN=infinispan, OU=Test, O=MyOrg, L=City, S=State, C=US" \
-ext SAN=ip:192.168.1.100,ip:127.0.0.1,dns:localhost
keytool -exportcert -alias infinispan \
-keystore server.keystore -storepass changeme \
-rfc -file infinispan.crt
keytool -importcert -alias infinispan \
-file infinispan.crt -keystore client.truststore \
-storepass changeme -noprompt
rm infinispan.crt
keytool -genkeypair -alias infinispan \
-keyalg RSA -keysize 2048 -keystore client.keystore \
-storepass changeme -keypass changeme -validity 365 \
-dname "CN=infinispan, OU=Test, O=MyOrg, L=City, S=State, C=US" \
-ext SAN=ip:192.168.1.100,ip:127.0.0.1,dns:localhost
keytool -exportcert -alias infinispan \
-keystore client.keystore -storepass changeme \
-rfc -file infinispan.crt
keytool -importcert -alias infinispan \
-file infinispan.crt -keystore server.truststore \
-storepass changeme -noprompt
rm infinispan.crtCreate a infinispan-tls.xml configuration file:
<infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:16.0 https://infinispan.org/schemas/infinispan-config-16.0.xsd
urn:infinispan:server:16.0 https://infinispan.org/schemas/infinispan-server-16.0.xsd"
xmlns="urn:infinispan:config:16.0"
xmlns:server="urn:infinispan:server:16.0">
<cache-container name="default" statistics="true" default-cache="my-cache">
<local-cache name="my-cache"/>
</cache-container>
<server xmlns="urn:infinispan:server:16.0">
<interfaces>
<interface name="public">
<inet-address value="${infinispan.bind.address:127.0.0.1}"/>
</interface>
</interfaces>
<socket-bindings default-interface="public" port-offset="${infinispan.socket.binding.port-offset:0}">
<socket-binding name="default" port="${infinispan.bind.port:11222}"/>
</socket-bindings>
<security>
<security-realms>
<security-realm name="none">
<server-identities>
<ssl>
<keystore path="/user-config/server.keystore" password="changeme"/>
<truststore path="/user-config/server.truststore" password="changeme"/>
</ssl>
</server-identities>
</security-realm>
</security-realms>
</security>
<endpoints>
<endpoint socket-binding="default" security-realm="none" require-ssl-client-auth="true">
<hotrod-connector/>
<rest-connector/>
</endpoint>
</endpoints>
</server>
</infinispan>docker run -v .:/user-config -p 11222:11222 infinispan/server:16.0 \
-c /user-config/infinispan-tls.xml