infinispan
Install Infinispan or Red Hat DataGrid server configurations.
Requirements
Infinispan 16.1+ requires Java 25, which is only available on RHEL 9.7+ and RHEL 10.1+ For more details please go through the official Infinispan 16.1 release notes
RHEL 8 is not supported with Infinispan 16.1+ (Java 25 is not available), More details
For RHEL 8 systems, use Infinispan 16.0.x or earlier versions
Role Defaults
Service configuration defaults
Variable |
Description |
Default |
|---|---|---|
|
Alternate port for the service |
|
|
Alternate port for the jgroups cluster |
|
|
Alternate port for the jgroups relaying cluster |
|
|
Optional port offset for colocated installations |
|
|
Instance name for service (ie. cluster node identifier) |
|
|
Enable persitence datasource for keycloak caches |
|
|
Posix account for the service installation |
|
|
Posix group for the service installation |
|
|
Main logfile format: FILE or JSON-FILE |
|
|
Root logging level: TRACE, DEBUG, INFO, WARN, ERROR |
|
|
Enable additional audit.log logfile |
|
|
Enable additional hotrod-access.log |
|
|
Enable additional rest-access.log |
|
|
Max file size, triggers rotation |
|
|
Enable TLS server certificate |
|
|
Path to keystore containing server identity certificate |
|
|
Keystore password |
|
|
Alias for the certificate to load from keystore |
|
|
Key passphrase for TLS server identity |
|
|
Creates remote caches for keycloak |
|
|
RHEL java package runtime |
|
|
Name of the systemd service unit, appended with |
|
|
Description of the systemd service unit |
|
|
systemd restart-on-failure behavior activation |
`true`` |
|
systemd StartLimitIntervalSec |
|
|
systemd StartLimitBurst |
|
|
systemd RestartSec |
|
|
Name of the cache on which to enable the RESP protocol; if empty, disable RESP |
|
Cluster configuration
Variable |
Description |
Default |
|---|---|---|
|
Enable cross-DC relaying |
|
|
List of site names for cross-DC relaying |
|
|
Site the inventory host is in when cross-DC is enabled |
|
|
Clustering discovery protocol, value from [ |
`` |
|
The NIC name to be used for cluster IPv4 addresses (ie. ‘eth0’) |
|
|
List of node definitions for jgroups cluster, read below for the format |
|
The infinispan_jgroups_cluster_nodes parameter, when empty, tell the collection to geenrate the list from the hosts variables in ansible_play_hosts;
otherwise, it can be passed-in using the following dictionary format:
infinispan_jgroups_cluster_nodes:
- address: 10.0.0.175
inventory_host: '10.0.0.175[7800]'
name: us-east-2-datagrid-1
port: 7800
site: us-east-2
value: 'tcp://10.0.0.175:7800'
- address: 10.0.0.179
inventory_host: "10.0.0.179[7800]"
name: us-east-2-datagrid-2
port: 7800
site: us-east-2
value: 'tcp://10.0.0.179:7800'
where address, port, and inventory_host are connection details; name is the name of the host in the cluster, site is the name of the cluster in the xsite configuration,
and value is explicit connection string.
Download and install defaults
Variable |
Description |
Default |
|---|---|---|
|
Perform an offline install |
|
|
Infinispan version to install |
|
|
Archive name for Infinispan download |
|
|
Download URL for infinispan |
|
|
Directory where to extract installation archives |
|
|
Specific unxtracted installation path for infinispan |
|
|
Directory where to download archives |
|
|
Check health of service at end of installation |
|
|
Alternate bind address for the daemon |
|
|
List of cache definitions to configure statically |
|
|
List of users to create |
|
|
Path of infinispan rest api |
|
|
Ensure firewalld is running and configure infinispan ports |
|
Role Variables
The following are a set of required variables for the role:
Variable |
Description |
Required |
|---|---|---|
|
Password for the administration console user account |
|
|
List of user definitions to create |
|
|
JAVA_HOME of installed JRE, leave empty for using specified |
|
Sample user definition format:
infinispan_users:
- { name: 'testuser1', password: 'test', roles: 'observer' }
- { name: 'testuser2', password: 'test', roles: 'application' }
The following are required when infinispan_jgroups_discovery is JDBC_PING:
Variable |
Description |
Default |
|---|---|---|
|
backend database engine (values: |
|
|
driver version to download |
|
|
URL for jdbc connection |
|
|
username for jdbc connection |
|
|
password for jdbc connection |
|
When setting up cross-DC relaying, also setup mariadb in active-active mode (ie. with galera cluster), and switch the JDBC to url to the sequential scheme; similar configuration for other database engines.
Dependencies
The role depends on the following collections:
To install, from the collection root directory, run:
ansible-galaxy collections install -r requirements.yml
Python lxml and jmespath libraries are needed on the host that executes this module. To install, from the collection root directory, run:
pip install -r requirements.txt
Example Playbook
The following is an example playbook that makes use of the role to install Infinispan
---
- hosts: ...
collections:
- middleware_automation.infinispan
tasks:
- name: Include Infinispan role
include_role:
name: infinispan
vars:
infinispan_supervisor_password: "changeme"
infinispan_users: []
Offline installation
Performing an offline installation is possible by:
setting
infinispan_offline_installtotruemaking the file available to ansible controller, using as filename
infinispan_bundle.
Keycloak integration
Enabling infinispan_keycloak_caches will prepare the following caches in a dedicated cache container for remote keycloak access:
- sessions
- offlineSessions
- clientSessions
- offlineClientSessions
- loginFailures
- actionTokens
- work
for more details, refer to the: INSTALLATION AND CONFIGURATION GUIDE - 3.4.6. Infinispan caches
Deploying custom cache configurations
It is possible to deploy caches statically in the infinispan.xml server configuration, by populating the infinispan_caches list of dicts.
In case of clustered deployments, this configuration must be executed against all nodes in the cluster, as they are not propagated by the service.
To deploy cache configurations at runtime, refer to the infinispan_cache role instead.
For more details, refer to:
How to configure caches
A cache configuration can be passed-in as an XML file or string, as it is generated by the infinispan server console; otherwise, it is possible to define configuration dicts, used to populate the available templates.
To pass XML directly, as string or with a file:
infinispan_caches:
- cache_xml: >
<local-cache name="testcachexml" statistics="true">
<encoding media-type="application/x-protostream"/>
</local-cache>
- cache_xml: "{{ lookup('file', user_data_file) }}"
To configure caches:
infinispan_caches:
- cache_config:
name: 'my-distributed-cache'
template: 'distribute-cache'
encoding: 'application/x-jboss-marshalling'
persistence: false
It is possible to mix and match the two configurations in the infinispan_caches list.
Vector Search Support
Infinispan 15+ natively supports vector search for AI/ML use cases, allowing k-Nearest Neighbor (kNN) queries on vector embeddings.
To enable vector search, your client application must:
Define ProtoStream entities with
@Vectorannotations specifying dimension and similarity algorithmRegister the ProtoStream schema with Infinispan when connecting
Create indexed caches (either via the client API or using the templates in this role with
indexing: trueandindexing_entitiespointing to your registered schemas)
The Ansible role supports configuring indexed caches through the indexing parameter:
infinispan_cache_config:
name: 'vector-search-cache'
template: 'distributed'
encoding: 'application/x-protostream'
indexing: true
indexing_storage: 'filesystem'
indexing_entities:
- 'com.example.YourEntity' # Must be registered first by your application
Note: Infinispan requires at least one indexed entity when indexing is enabled. Your application must register the ProtoStream schema before creating the indexed cache, or the cache creation will fail.
For more details, refer to:
NOTE: While downstream product Data Grid exposes Vector Search capabilities, it’s not yet officially supported.
License
Apache License 2.0