I have three EC2 instances in AWS:
instance A - docker with nginx container - private IP address 1.2.3.4
instance B and C - docker with keycloak containers - private IP address 1.2.3.5 and 1.2.3.6
RDS instance running MySQL 8 - host foo.us-east-1.rds.amazonaws.com
All in the same VPC. Instance B and C are in different subnets (different availability zones), but can communicate with each other via port 80 and 7600.
The docker instances launch without issue with the following command:
docker run \
--name test-node-1 \
-e DB_PORT=3306 \
-e PROXY_ADDRESS_FORWARDING=true \
-e DB_VENDOR=mysql \
-e DB_DATABASE=keycloak \
-e DB_ADDR=foo.us-east-1.rds.amazonaws.com \
-e KEYCLOAK_STATISTICS=all \
-e DB_USER=keycloak \
-e KEYCLOAK_USER=kcuser \
-e DB_PASSWORD=... \
-e KEYCLOAK_PASSWORD=... \
-p 80:8080 \
-p 7600:7600 \
jboss/keycloak:16.1.0
Both containers launch fine, but they aren't talking to each other.
Adding the following three environment variables:
-e JGROUPS_DISCOVERY_EXTERNAL_IP=1.2.3.5 \
-e JGROUPS_DISCOVERY_PROTOCOL=TCPPING \
-e JGROUPS_DISCOVERY_PROPERTIES='1.2.3.5[7600],1.2.3.6[7600]' \
Causes Keycloak to crash on startup:
=========================================================================
Using MySQL database
=========================================================================
17:01:35,028 INFO [org.jboss.modules] (CLI command executor) JBoss Modules version 2.0.0.Final
17:01:35,124 INFO [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.13.Final
17:01:35,134 INFO [org.jboss.threads] (CLI command executor) JBoss Threads version 2.4.0.Final
17:01:35,267 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 16.1.0 (WildFly Core 18.0.0.Final) starting
...
17:01:43,320 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
17:01:43,322 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 16.1.0 (WildFly Core 18.0.0.Final) started in 3261ms - Started 49 of 79 services (31 services are lazy, passive or on-demand)
The batch executed successfully
17:01:43,560 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0050: Keycloak 16.1.0 (WildFly Core 18.0.0.Final) stopped in 21ms
Setting JGroups discovery to TCPPING with properties {1.2.3.5[7600],1.2.3.6[7600]}
That last log line hangs for a few seconds, and then the process crashes. Note that it's the FIRST instance that crashes (I never get to launching the second one), so I don't think it's a matter of communication/firewall/etc, but port 80 and 7600 are open.
I'm using the jboss/Keycloak docker image v16.1 from Docker Hub.
The container will need a TCPPING.cli script, or the appropriate modifications made to standalone-ha.xml. The following TCPPING.cli file worked for me (mounted into the docker container with -v $(pwd)/TCPPING.cli:/opt/jboss/tools/cli/jgroups/discovery/TCPPING.cli):
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
/subsystem=jgroups/stack=udp:remove()
/subsystem=jgroups/stack=tcp/protocol=MPING:remove()
/subsystem=jgroups/stack=tcp/protocol=$keycloak_jgroups_discovery_protocol:add(add-index=0, properties={"initial_hosts"=>$keycloak_jgroups_discovery_protocol_properties})
/subsystem=jgroups/channel=ee:write-attribute(name=stack, value="tcp")
/subsystem=jgroups/stack=tcp/transport=TCP/property=external_addr/:add(value=${env.JGROUPS_DISCOVERY_EXTERNAL_IP:127.0.0.1})
run-batch
stop-embedded-server
Note that this is different from what is recommended in https://www.keycloak.org/2019/05/keycloak-cluster-setup - specifically the line
/subsystem=jgroups/stack=tcp/protocol=$keycloak_jgroups_discovery_protocol:add(add-index=0, properties={"initial_hosts"=>$keycloak_jgroups_discovery_protocol_properties})
I also changed the JGROUPS_DISCOVERY_PROPERTIES env var to only be the first server (e.g. -e JGROUPS_DISCOVERY_PROPERTIES=1.2.3.5[7600]) - each server in the cluster should just need to check with the master in order to join.
Related
I am trying to configure Keycloak to use postgres using docker-compose.
Docker compose file for reference:
version: "3.9"
services:
keycloak-postgres:
image: postgres:latest
restart: unless-stopped
ports:
- 5432:5432
environment:
POSTGRES_DB: ${POSTGRESQL_DB}
POSTGRES_USER: ${POSTGRESQL_USER}
POSTGRES_PASSWORD: ${POSTGRESQL_PASS}
volumes:
- postgres_data:/var/lib/postgresql/data
keycloak:
depends_on:
- keycloak-postgres
image: quay.io/keycloak/keycloak
container_name: keycloak
ports:
- 8030:8080
environment:
KC_DB: postgres
KC_DB_URL_HOST: keycloak-postgres
KC_DB_URL_DATABASE: ${POSTGRESQL_DB}
KC_DB_USERNAME: ${POSTGRESQL_USER}
KC_DB_PASSWORD: ${POSTGRESQL_PASS}
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
KC_PROXY: edge
KC_HTTP_ENABLED: true
restart: unless-stopped
command:
- start --optimized
volumes:
postgres_data:
driver: local
I have found that if I run start without the optimized flag, keycloak starts without any issues, but also does not use the postgres database - as there are no tables or anything created by Keycloak when I connect to the DB.
When I run with the optimized flag, I get the following error:
URL format error; must be "jdbc:h2:{ {.|mem:}[name] | [file:]fileName | {tcp|ssl}:[//]server[:port][,server2[:port]]/name }[;key=value...]" but is "jdbc:postgresql://keycloak-postgres:5432/keycloak" [90046-214]
From what I can make out the postgres connection string which Keycloak has generated is correct. However it is trying to connect to a h2 database, which is clearly incorrect.
I have looked through all the configuration options and just can't make out why:
a) Keycloak isn't storing any data in postgres in start mode.
b) Keycloak is trying to access a H2 database in --optimized mode.
Update
Following advice from sonOfRa and to try and simplify the problem I have now tried the following:
Run postgres as a seperate docker.
Created the below Dockerfile as per the documentation (have also tried with sonOfRa's cut down Dockerfile):
FROM quay.io/keycloak/keycloak:latest as builder
# Enable health and metrics support
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
# Configure a database vendor
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
ENV KC_DB_URL_HOST=192.168.1.25
ENV KC_DB_USERNAME=keycloak
ENV KC_DB_PASSWORD=keycloak_db_password
ENV KC_HOSTNAME=localhost
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
Run the following command to build the new Dockerfile:
docker build . -t mykeycloak
Run the following command to start Keycloak:
docker run --name mykeycloak \
-p 8030:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=change_me \
-e KC_HOSTNAME=auth.url.com \
-e KC_PROXY=edge \
-e KC_HTTP_ENABLED=true \
mykeycloak start
Output from console:
2023-01-11 14:06:19,961 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: auth.url.com, Strict HTTPS: true, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: true
2023-01-11 14:06:25,844 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2023-01-11 14:06:28,797 INFO [org.infinispan.server.core.transport.EPollAvailable] (keycloak-cache-init) ISPN005028: Native Epoll transport not available, using NIO instead: java.lang.UnsatisfiedLinkError: could not load a native library: netty_transport_native_epoll_aarch_64
2023-01-11 14:06:29,311 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2023-01-11 14:06:29,436 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2023-01-11 14:06:29,541 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2023-01-11 14:06:29,581 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2023-01-11 14:06:30,440 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.10.Final
2023-01-11 14:06:30,819 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
2023-01-11 14:06:30,820 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2023-01-11 14:06:31,143 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2023-01-11 14:06:31,144 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 20.00MB, but the OS only allocated 212.99KB
2023-01-11 14:06:31,146 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2023-01-11 14:06:31,147 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 25.00MB, but the OS only allocated 212.99KB
2023-01-11 14:06:33,179 INFO [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) cb354516ab9d-30183: no members discovered after 2009 ms: creating cluster as coordinator
2023-01-11 14:06:33,213 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [cb354516ab9d-30183|0] (1) [cb354516ab9d-30183]
2023-01-11 14:06:33,228 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `cb354516ab9d-30183`, physical addresses are `[172.17.0.2:52593]`
2023-01-11 14:06:35,021 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: cb354516ab9d-30183, Site name: null
2023-01-11 14:06:41,372 INFO [org.keycloak.quarkus.runtime.storage.legacy.liquibase.QuarkusJpaUpdaterProvider] (main) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
2023-01-11 14:06:53,286 INFO [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm
2023-01-11 14:07:00,559 INFO [io.quarkus] (main) Keycloak 20.0.2 on JVM (powered by Quarkus 2.13.3.Final) started in 45.755s. Listening on: http://0.0.0.0:8080
2023-01-11 14:07:00,561 INFO [io.quarkus] (main) Profile prod activated.
2023-01-11 14:07:00,562 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vault, vertx]
2023-01-11 14:07:02,212 INFO [org.keycloak.services] (main) KC-SERVICES0009: Added user 'admin' to realm 'master'
Unforuntely the result is the same.
I can access keycloak from the set URL and login using the admin user created on run. Everything seemingly works on the UI, except it does not store any data in the postgres database.
This is due to your use of the --optimized parameter. If you use it, it is assumed that you have already ran "build", which you did not do. It is recommended to create your own docker image which uses the upstream docker image as a base. This is described in the documentation here.
Essentially, you need to run the build command with --db=postgres (or the KC_DB=postgres environment variable), in order to tell Quarkus to build an optimized image that will later use postgres. That image can then be started with --optimized and it will correctly use postgres instead of H2.
Step 1 is to create a Dockerfile (not a docker-compose.yml!)
FROM quay.io/keycloak/keycloak
# Configure a database vendor
ENV KC_DB=postgres
WORKDIR /opt/keycloak
RUN /opt/keycloak/bin/kc.sh build
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
You can also include additional things at this point, like custom providers, but this is the minimal data that you need in order to make it work.
Now you have 2 options: You can build this image with docker build and push it to your own docker registry with docker push, or you can use it directly from your docker-compose.yaml. If you build and push, replace the image: quay.io/keycloak/keycloak line with image: your.registry/wherever/you/pushed. If you want to use it directly in your compose-file, you can remove the image: line completely, and replace it with
build: .
When doing this, you must ensure that the Dockerfile is in the same directory as the docker-compose.yaml
I have downloaded Wildfly-21.0.1.Final and deployed it on different 2 different machines on the same network. I haven't modified/updated the configuration and tried to start the applications servers using the following commands, but cluster is not forming
./bin/standalone.sh -c standalone-full-ha.xml -b 10.1xx.2.15 --u 230.0.0.1 & (on 1st node)
./bin/standalone.sh -c standalone-full-ha.xml -b 10.1xx.2.16 --u 230.0.0.1 & (on 2nd node)
Basically starting with the same multicast address but nodes are not discovering each other. Both are in the same network/subnet. We were able to form a cluster with JBoss4.
The logs in respective nodes
1st Node
[org.infinispan.CLUSTER] (ServerService Thread Pool -- 91) ISPN000094: Received new cluster view for channel ejb: [10.1xx.2.15|0] (1) [10.1xx.2.15]
2nd Node
[org.infinispan.CLUSTER] (ServerService Thread Pool -- 91) ISPN000094: Received new cluster view for channel ejb: [10.1xx.2.16|0] (1) [10.1xx.2.16]
Any help/idea is much appreciated.
WildFly's -b option sets the interface of the public interface, but not the private interface, which is the the default interface for clustering.
e.g.
./bin/standalone.sh -c standalone-full-ha.xml -b 10.1xx.2.15 -bprivate=10.1xx.2.15 -u 230.0.0.1
I have currently installed Keycloak 10.0.2 in domain mode with two servers on Ubuntu 18.04. When running manually as ./domain.sh --host-config=host-master.xml all the services start normally and the system works fine.
I wanted to run Keycloak as a service and followed the steps given in https://medium.com/#hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9. The problem is that the service shows as Active but navigating to the management URL results The site can't be reached error. I checked the generated log file and it seems that the services have started only partially.
2020-06-26 12:53:52,164 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 10.0.2 (WildFly Core 11.1.1.Final) (Host Controller) started in 12675ms - Started 83 of 86 services (28 services are lazy, passive or on-demand)
2020-06-26 12:53:52,238 INFO [org.jboss.as.host.controller] (server-registration-threads - 1) WFLYHC0020: Registering server server-one
Whereas when run manually I see that there are many more services that have started.
[Server:server-one] 13:44:34,349 INFO [org.jboss.as.server] (ServerService Thread Pool -- 36) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
[Server:server-one] 13:44:34,463 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
[Server:server-one] 13:44:34,475 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 10.0.2 (WildFly Core 11.1.1.Final) started in 30123ms - Started 673 of 979 services (703
services are lazy, passive or on-demand)
Not sure what is going wrong. Need help resolving the issue.
Here are my configuration details:
Service Details
keycloak.service - Keycloak Authentication Server
Loaded: loaded (/etc/systemd/system/keycloak.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-06-26 13:47:12 UTC; 2min 23s ago
Main PID: 116569 (launch.sh)
Tasks: 187 (limit: 9479)
CGroup: /system.slice/keycloak.service
├─116569 /bin/bash /data/keycloak/bin/launch.sh domain domain.xml host-master.xml 0.0.0.0 YES
├─116578 /bin/sh /data/keycloak/bin/domain.sh -c domain.xml --host-config=host-master.xml
/etc/keycloak/keycloak.conf
# The mode you want to run
WILDFLY_MODE=domain
# The configuration you want to run
WILDFLY_DOMAIN_CONFIG=domain.xml
# Host configuration
WILDFLY_HOST_CONFIG=host-master.xml
# The address to bind to
WILDFLY_BIND=0.0.0.0
# Whether this host is a domain controller. If not run with --backup switch
IS_DC=YES
/data/keycloak/bin/launch.sh
#!/bin/bash
WILDFLY_HOME="/data/keycloak"
if [[ "$1" == "domain" ]]; then
if [[ "$5" == "YES" ]]; then
$WILDFLY_HOME/bin/domain.sh -c $2 --host-config=$3
else
$WILDFLY_HOME/bin/domain.sh -c $2 --host-config=$3 --backup
fi
else
$WILDFLY_HOME/bin/standalone.sh -c $2 -b $4
fi
/etc/systemd/system/keycloak.service
[Unit]
Description=Keycloak Authentication Server
After=syslog.target network.target
Before=httpd.service
[Service]
Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
EnvironmentFile=-/etc/keycloak/keycloak.conf
User=keycloak
Group=keycloak
LimitNOFILE=102642
PIDFile=/var/run/keycloak/keycloak.pid
ExecStart=/data/keycloak/bin/launch.sh $WILDFLY_MODE $WILDFLY_DOMAIN_CONFIG $WILDFLY_HOST_CONFIG $WILDFLY_BIND $IS_DC
StandardOutput=null
[Install]
WantedBy=multi-user.target
I also followed the same Medium tutorial and faced the same issue as you. Turns out that I have to run the service as root user instead of keycloak user. I have no idea why though.
I tried with 8.x and 10.x version of Keycloak, also with tried with Keycloak docker image but getting below issue, while configuring Keycloak with MySQL
12:27:16,047 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Foreign key constraint added to USER_GROUP_MEMBERSHIP (USER_ID)
12:27:17,356 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Primary key added to GROUP_ROLE_MAPPING (ROLE_ID, GROUP_ID)
12:27:18,637 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Foreign key constraint added to GROUP_ROLE_MAPPING (GROUP_ID)
12:27:19,384 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0348: Timeout after [300] seconds waiting for service container stability. Operation will roll back. Step that first updated the service container was 'add' at address '[
("core-service" => "management"),
("management-interface" => "http-interface")
]'
12:27:20,326 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Foreign key constraint added to GROUP_ROLE_MAPPING (ROLE_ID)
12:27:21,381 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Unique constraint added to REALM_DEFAULT_GROUPS(GROUP_ID)
12:27:23,153 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Foreign key constraint added to REALM_DEFAULT_GROUPS (REALM_ID)
12:27:24,389 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.server.DeployerChainAddHandler$FinalRuntimeStepHandler#2b5e08f5 for operation add-deployer-chains at address [] failed -- java.util.concurrent.TimeoutException: java.util.concurrent.TimeoutException
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.OperationContextImpl.waitForRemovals(OperationContextImpl.java:523)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1518)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1472)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1445)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.access$400(AbstractOperationContext.java:1319)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:876)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:726)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1413)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:527)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)
at org.jboss.as.server#11.1.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:448)
at org.jboss.as.server#11.1.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:401)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
at java.base/java.lang.Thread.run(Thread.java:834)
12:27:24,391 ERROR [org.jboss.as.controller.client] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.server.DeployerChainAddHandler$FinalRuntimeStepHandler#2b5e08f5 for operation add-deployer-chains at address [] failed -- java.util.concurrent.TimeoutException
By increasing timeout using command
$ bin/standalone.sh -Djboss.as.management.blocking.timeout=3600
It failed with error below
17:26:32,383 INFO [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 68) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
17:31:25,854 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffff7f000101:84ae906:5ee761e5:f in state RUN
17:31:25,870 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffff7f000101:84ae906:5ee761e5:f
17:31:27,355 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffff7f000101:84ae906:5ee761e5:12 in state RUN
17:31:27,356 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffff7f000101:84ae906:5ee761e5:12
17:31:31,222 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffff7f000101:84ae906:5ee761e5:15 in state RUN
17:31:31,225 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012095: Abort of action id 0:ffff7f000101:84ae906:5ee761e5:15 invoked while multiple threads active within it.
17:31:31,250 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012381: Action id 0:ffff7f000101:84ae906:5ee761e5:15 completed with multiple threads - thread ServerService Thread Pool -- 68 was in progress with java.net.SocketInputStream.socketRead0(Native Method)
java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
java.net.SocketInputStream.read(SocketInputStream.java:171)
java.net.SocketInputStream.read(SocketInputStream.java:141)
com.mysql.cj.protocol.ReadAheadInputStream.fill(ReadAheadInputStream.java:107)
com.mysql.cj.protocol.ReadAheadInputStream.readFromUnderlyingStreamIfNecessary(ReadAheadInputStream.java:150)
com.mysql.cj.protocol.ReadAheadInputStream.read(ReadAheadInputStream.java:180)
java.io.FilterInputStream.read(FilterInputStream.java:133)
com.mysql.cj.protocol.FullReadInputStream.readFully(FullReadInputStream.java:64)
com.mysql.cj.protocol.a.SimplePacketReader.readHeader(SimplePacketReader.java:63)
com.mysql.cj.protocol.a.SimplePacketReader.readHeader(SimplePacketReader.java:45)
com.mysql.cj.protocol.a.TimeTrackingPacketReader.readHeader(TimeTrackingPacketReader.java:52)
com.mysql.cj.protocol.a.TimeTrackingPacketReader.readHeader(TimeTrackingPacketReader.java:41)
com.mysql.cj.protocol.a.MultiPacketReader.readHeader(MultiPacketReader.java:54)
com.mysql.cj.protocol.a.MultiPacketReader.readHeader(MultiPacketReader.java:44)
com.mysql.cj.protocol.a.NativeProtocol.readMessage(NativeProtocol.java:533)
com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:703)
com.mysql.cj.protocol.a.NativeProtocol.sendCommand(NativeProtocol.java:642)
com.mysql.cj.protocol.a.NativeProtocol.sendQueryPacket(NativeProtocol.java:941)
com.mysql.cj.protocol.a.NativeProtocol.sendQueryString(NativeProtocol.java:887)
com.mysql.cj.NativeSession.execSQL(NativeSession.java:1073)
com.mysql.cj.jdbc.StatementImpl.executeInternal(StatementImpl.java:724)
com.mysql.cj.jdbc.StatementImpl.execute(StatementImpl.java:648)
org.jboss.jca.adapters.jdbc.WrappedStatement.execute(WrappedStatement.java:198)
liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:307)
liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:55)
liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:113)
liquibase.database.AbstractJdbcDatabase.execute(AbstractJdbcDatabase.java:1277)
liquibase.database.AbstractJdbcDatabase.executeStatements(AbstractJdbcDatabase.java:1259)
liquibase.changelog.ChangeSet.execute(ChangeSet.java:582)
liquibase.changelog.visitor.UpdateVisitor.visit(UpdateVisitor.java:51)
liquibase.changelog.ChangeLogIterator.run(ChangeLogIterator.java:79)
liquibase.Liquibase.update(Liquibase.java:214)
liquibase.Liquibase.update(Liquibase.java:192)
liquibase.Liquibase.update(Liquibase.java:188)
org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.updateChangeSet(LiquibaseJpaUpdaterProvider.java:182)
org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:102)
org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:81)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory$2.run(DefaultJpaConnectionProviderFactory.java:341)
org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.update(DefaultJpaConnectionProviderFactory.java:334)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.migration(DefaultJpaConnectionProviderFactory.java:306)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lambda$lazyInit$0(DefaultJpaConnectionProviderFactory.java:182)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory$$Lambda$802/938288417.run(Unknown Source)
org.keycloak.models.utils.KeycloakModelUtils.suspendJtaTransaction(KeycloakModelUtils.java:682)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:133)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:81)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:59)
org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:204)
org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:51)
org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:33)
org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:204)
org.keycloak.services.DefaultKeycloakSession.realmLocalStorage(DefaultKeycloakSession.java:157)
org.keycloak.models.cache.infinispan.RealmCacheSession.getRealmDelegate(RealmCacheSession.java:148)
org.keycloak.models.cache.infinispan.RealmCacheSession.getMigrationModel(RealmCacheSession.java:141)
org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:97)
org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:244)
org.keycloak.services.resources.KeycloakApplication.migrateAndBootstrap(KeycloakApplication.java:185)
org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:147)
org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:138)
org.keycloak.services.resources.KeycloakApplication$$Lambda$778/1366630785.run(Unknown Source)
org.keycloak.provider.wildfly.WildflyPlatform.onStartup(WildflyPlatform.java:29)
org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:125)
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
java.lang.reflect.Constructor.newInstance(Constructor.java:423)
org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)
org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2805)
org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:369)
org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:281)
org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:92)
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:119)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)
io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)
io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:585)
io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:556)
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction$$Lambda$734/2095679667.call(Unknown Source)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$735/1593765930.call(Unknown Source)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$735/1593765930.call(Unknown Source)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$735/1593765930.call(Unknown Source)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$735/1593765930.call(Unknown Source)
io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:598)
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)
org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
java.util.concurrent.FutureTask.run(FutureTask.java:266)
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
java.lang.Thread.run(Thread.java:748)
org.jboss.threads.JBossThread.run(JBossThread.java:485)
17:31:31,252 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012108: CheckedAction::check - atomic action 0:ffff7f000101:84ae906:5ee761e5:15 aborting with 1 threads active!
17:31:31,252 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffff7f000101:84ae906:5ee761e5:15
17:31:31,514 WARN [com.arjuna.ats.arjuna] (ServerService Thread Pool -- 68) ARJUNA012077: Abort called on already aborted atomic action 0:ffff7f000101:84ae906:5ee761e5:15
17:31:31,516 WARN [com.arjuna.ats.arjuna] (ServerService Thread Pool -- 68) ARJUNA012077: Abort called on already aborted atomic action 0:ffff7f000101:84ae906:5ee761e5:12
17:31:31,517 WARN [com.arjuna.ats.arjuna] (ServerService Thread Pool -- 68) ARJUNA012077: Abort called on already aborted atomic action 0:ffff7f000101:84ae906:5ee761e5:f
17:31:31,518 FATAL [org.keycloak.services] (ServerService Thread Pool -- 68) java.lang.RuntimeException: Failed to update database
17:31:31,520 INFO [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server shutdown has been requested via an OS signal
17:31:32,024 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 75) WFLYCLINF0003: Stopped sessions cache from keycloak container
17:31:32,038 INFO [org.jboss.as.server.deployment] (MSC service thread 1-6) WFLYSRV0028: Stopped deployment keycloak-server.war (runtime-name: keycloak-server.war) in 490ms
17:31:32,068 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException
at org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$2.execute(MicroProfileMetricsSubsystemAdd.java:86)
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1413)
at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:527)
at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)
at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)
at org.jboss.as.server.ServerService.boot(ServerService.java:448)
at org.jboss.as.server.ServerService.boot(ServerService.java:401)
at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
at java.lang.Thread.run(Thread.java:748)
17:31:32,081 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 55) WFLYSRV0022: Deploy of deployment "keycloak-server.war" was rolled back with no failure message
17:31:32,132 INFO [org.jboss.as] (MSC service thread 1-5) WFLYSRV0050: Keycloak 10.0.1 (WildFly Core 11.1.1.Final) stopped in 584ms
I am looking for solution like:
If I could get initial DDL & DML of Keycloak
If Keycloak could continue from where it failed
If timeout could be increased. In this case, I tried below command but it not work
docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=password -e DB_VENDOR=mysql -e DB_DATABASE=keycloak -e DB_USER=keycloak -e DB_PASSWORD=keycloak -e DB_ADDR=mysql -e ROOT_LOGLEVEL=DEBUG -e JAVA_OPTIONS="-Djboss.as.management.blocking.timeout=900" -e KEYCLOAK_LOGLEVEL=DEBUG --link=mysql jboss/keycloak
I ran into this issue today, after my Keycloak instance suddenly stopped working.
I took a look at my underlying PostgreSQL database and retrieved the locks.
And what I saw, was that a Liquibase lock was not released.
So I used this commmand to search for open activities inside the PostgreSQL DB:
SELECT pid, state, username, query, query_start
FROM pg_stat_activity
WHERE pid in (
select pid from pg_locks l
join pg_class t on l.relation = t.oid
where t.relkind = 'r'
);
which returned the following:
pid | state | usename | query | query_start
-----+--------+----------+----------------------------------------------------------------------+-------------------------------
32 | active | keycloak | SELECT ID FROM public.databasechangeloglock WHERE ID=1000 FOR UPDATE | 2020-10-11 14:21:07.396058+00
354 | active | keycloak | SELECT ID FROM public.databasechangeloglock WHERE ID=1000 FOR UPDATE | 2020-10-11 19:42:06.636659+00
Those database locks come from Liquibase which is used by Keycloak to upgrade your data structure/definition. Those locks were not released while upgrading the schema.
After dropping the table, the service now works again.
DROP TABLE databasechangeloglock;
In my case neither increasing the blocking timeout nor adding a default timeout to the transaction manager worked.
<coordinator-environment default-timeout="600" .../> # did not work
...
JAVA_TOOLS_OPTS: "-Djboss.as.management.blocking.timeout=3600" # did not work
Seems that your keycloak tried to update schema during startup and it took too much time, so wildfly broke Keycloak deployment by timeout. Try to add following property to wildfly:
${KEYCLOAK_HOME}/bin/standalone.sh -Djboss.as.management.blocking.timeout=3600
If you running keycloak as docker container then try using the following env variable
JAVA_TOOLS_OPTS: "-Djboss.as.management.blocking.timeout=3600"
Note: This will be displayed in the keycloak container logs. (This can be helpful to confirm whether keycloak picks up the env variable or not)
Let me know if this works and if you need anything.
jboss.as.management.blocking.timeout seems wildfly's deployment timeout.
In the above error case (ARJUNA012121: TransactionReaper::doCancellations worker) you can adjust the transaction timeout. It can be set in the standalone-ha.xml file. For examples, to set it to 600 seconds:
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
<coordinator-environment default-timeout="600"/>
...
</subsystem>
For docker deployments, the environment variable to set is JAVA_OPTS_APPEND
Example:
JAVA_OPTS_APPEND="-Djboss.as.management.blocking.timeout=7200"
I also had this problem.
All solutions regarding the modification of timeout or system resources are just workarounds and does not always work.
Initially, I thought to a network problem. It was not. It was because of the database which became "locked". I did not tried the previous solution https://stackoverflow.com/a/64308446/7529228, but I think it can work.
I did an "hardest" solution :
I dumped the Postgres database (docker exec -it f84 pg_dump -c -U keycloak keycloak --no-owner > db-dump.sql where f84 is the ID of the container)
I removed the Keycloak instance (Volume, network, ... everything)
I deployed a new Keycloak instance.
I restored my database (cat db-dump.sql | docker exec -i keycloak_postgres.1.kyu24eqvnwaahg1obmy5omtfh psql -U keycloak keycloak - Adapt with your own container name)
I restarted the keycloak instance, then problem solved.
Thanks to https://pvelati.dev/2021/03/dump-and-restore-postgres-db-with-docker/ for the database dump/restoration procedure.
Make sure that you choose the right MySQL version.
Use MySQL 5.7 instead of MySQL 8.0.32 for Keycloak versions between 4.0.0 and 16.1.1. Or migrate to a newer Keycloak version.
Example of docker-compose.yml with Keycloak 16.1.0 using MySQL 5.7 (you can change the version; I also tested it with Keycloak 10).
version: '3'
volumes:
mysql_data:
driver: local
services:
mysql:
image: mysql:5.7
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:16.1.0
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the MySQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "connectTimeout=30000"
ports:
- 8080:8080
depends_on:
- mysql
Run the following docker-compose.yml example to reproduce the error. The error example is using Keycloak 16.1.0 with MySQL 8.0.32, instead of MySQL 5.7.
version: '3'
volumes:
mysql_data:
driver: local
services:
mysql:
image: mysql:8.0.32
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:16.1.0
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the MySQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "connectTimeout=30000"
ports:
- 8080:8080
depends_on:
- mysql
And the following error message will appear:
Timeout after [300] seconds waiting for service container stability. Operation will roll back.
My advice is to check which MySQL version is compatible with your Keycloak.
Source:
https://www.keycloak.org/docs/16.1/server_installation/index.html#mysql-database
https://github.com/keycloak/keycloak-containers/blob/ef2c7027be5fb9a65c34e3511dc45c950831634e/docker-compose-examples/keycloak-mysql.yml
I am using :
docker version: 1.11.1, build 5604cbe . I have made entries in /etc/default/docker as follows to configure REST API of docker for jenkins user group :
# Use DOCKER_OPTS to modify the daemon startup options.
#DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"
DOCKER_OPTS="G- jenkins -H unix://var/run/docker.sock -H tcp://0.0.0.0:9090"
export DOCKER_HOST="tcp://0.0.0.0:9090"
ps- I have also tried with 127.0.0.1
Then I did sudo service docker restart
command $ ps aux|grep docker returned:
root 12385 0.0 0.2 421840 36016 ? Ssl 19:21 0:00 /usr/bin/docker daemon -H fd://
root 12391 0.0 0.0 294652 12188 ? Ssl 19:21 0:00 docker-containerd -l /var/run/docker/libcontainerd/docker-containerd.sock --runtime docker-runc
root 12654 0.0 0.0 21296 1028 pts/1 S+ 19:28 0:00 grep --color=auto docker
Seems like The REST API is not getting bind to port:9090.
Then I am using Jenkins Docker build step plugin to connect with docker REST API. It returns following :
Building in workspace /var/lib/jenkins/jobs/Telco_automated_build/workspace
[Docker] INFO: Pulling image registry.hub.docker.com/pratyush/product:latest
ERROR: Build step failed with exception
javax.ws.rs.ProcessingException: org.apache.http.conn.HttpHostConnectException: Connect to 127.0.0.1:9090 [/127.0.0.1] failed: Connection refused
at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:513)
at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:246)
at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:667)
at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:664)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:228)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:424)
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:664)
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:424)
at org.glassfish.jersey.client.JerseyInvocation$Builder.post(JerseyInvocation.java:333)
at com.github.dockerjava.jaxrs.PullImageCmdExec.execute(PullImageCmdExec.java:37)
at com.github.dockerjava.jaxrs.PullImageCmdExec.execute(PullImageCmdExec.java:17)
at com.github.dockerjava.jaxrs.AbstrDockerCmdExec.exec(AbstrDockerCmdExec.java:57)
at com.github.dockerjava.core.command.AbstrDockerCmd.exec(AbstrDockerCmd.java:29)
at com.github.dockerjava.core.command.PullImageCmdImpl.exec(PullImageCmdImpl.java:15)
at org.jenkinsci.plugins.dockerbuildstep.cmd.PullImageCommand.execute(PullImageCommand.java:75)
at org.jenkinsci.plugins.dockerbuildstep.DockerBuilder.perform(DockerBuilder.java:75)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
At the jenkins global setting when i hit test-connection it returns:
Something went wrong, cannot connect to http://127.0.0.1:9090/, cause: org.apache.http.conn.HttpHostConnectException: Connect to 127.0.0.1:9090 [/127.0.0.1] failed: Connection refused
PS- I have restarted Jenkins server after changing global setting.
Any help, where am I missing ?
Ubuntu 16.04 uses systemd now I believe. In which case the docker daemon arguments are not set using /etc/default/docker. You can see they're not being picked up in the output of your $ ps aux|grep docker.
Instead you need to follow the instructions to set daemon args in systemd-based setups.