I have currently installed Keycloak 10.0.2 in domain mode with two servers on Ubuntu 18.04. When running manually as ./domain.sh --host-config=host-master.xml all the services start normally and the system works fine.
I wanted to run Keycloak as a service and followed the steps given in https://medium.com/#hasnat.saeed/setup-keycloak-server-on-ubuntu-18-04-ed8c7c79a2d9. The problem is that the service shows as Active but navigating to the management URL results The site can't be reached error. I checked the generated log file and it seems that the services have started only partially.
2020-06-26 12:53:52,164 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 10.0.2 (WildFly Core 11.1.1.Final) (Host Controller) started in 12675ms - Started 83 of 86 services (28 services are lazy, passive or on-demand)
2020-06-26 12:53:52,238 INFO [org.jboss.as.host.controller] (server-registration-threads - 1) WFLYHC0020: Registering server server-one
Whereas when run manually I see that there are many more services that have started.
[Server:server-one] 13:44:34,349 INFO [org.jboss.as.server] (ServerService Thread Pool -- 36) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
[Server:server-one] 13:44:34,463 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
[Server:server-one] 13:44:34,475 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 10.0.2 (WildFly Core 11.1.1.Final) started in 30123ms - Started 673 of 979 services (703
services are lazy, passive or on-demand)
Not sure what is going wrong. Need help resolving the issue.
Here are my configuration details:
Service Details
keycloak.service - Keycloak Authentication Server
Loaded: loaded (/etc/systemd/system/keycloak.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-06-26 13:47:12 UTC; 2min 23s ago
Main PID: 116569 (launch.sh)
Tasks: 187 (limit: 9479)
CGroup: /system.slice/keycloak.service
├─116569 /bin/bash /data/keycloak/bin/launch.sh domain domain.xml host-master.xml 0.0.0.0 YES
├─116578 /bin/sh /data/keycloak/bin/domain.sh -c domain.xml --host-config=host-master.xml
/etc/keycloak/keycloak.conf
# The mode you want to run
WILDFLY_MODE=domain
# The configuration you want to run
WILDFLY_DOMAIN_CONFIG=domain.xml
# Host configuration
WILDFLY_HOST_CONFIG=host-master.xml
# The address to bind to
WILDFLY_BIND=0.0.0.0
# Whether this host is a domain controller. If not run with --backup switch
IS_DC=YES
/data/keycloak/bin/launch.sh
#!/bin/bash
WILDFLY_HOME="/data/keycloak"
if [[ "$1" == "domain" ]]; then
if [[ "$5" == "YES" ]]; then
$WILDFLY_HOME/bin/domain.sh -c $2 --host-config=$3
else
$WILDFLY_HOME/bin/domain.sh -c $2 --host-config=$3 --backup
fi
else
$WILDFLY_HOME/bin/standalone.sh -c $2 -b $4
fi
/etc/systemd/system/keycloak.service
[Unit]
Description=Keycloak Authentication Server
After=syslog.target network.target
Before=httpd.service
[Service]
Environment=LAUNCH_JBOSS_IN_BACKGROUND=1
EnvironmentFile=-/etc/keycloak/keycloak.conf
User=keycloak
Group=keycloak
LimitNOFILE=102642
PIDFile=/var/run/keycloak/keycloak.pid
ExecStart=/data/keycloak/bin/launch.sh $WILDFLY_MODE $WILDFLY_DOMAIN_CONFIG $WILDFLY_HOST_CONFIG $WILDFLY_BIND $IS_DC
StandardOutput=null
[Install]
WantedBy=multi-user.target
I also followed the same Medium tutorial and faced the same issue as you. Turns out that I have to run the service as root user instead of keycloak user. I have no idea why though.
Related
I have three EC2 instances in AWS:
instance A - docker with nginx container - private IP address 1.2.3.4
instance B and C - docker with keycloak containers - private IP address 1.2.3.5 and 1.2.3.6
RDS instance running MySQL 8 - host foo.us-east-1.rds.amazonaws.com
All in the same VPC. Instance B and C are in different subnets (different availability zones), but can communicate with each other via port 80 and 7600.
The docker instances launch without issue with the following command:
docker run \
--name test-node-1 \
-e DB_PORT=3306 \
-e PROXY_ADDRESS_FORWARDING=true \
-e DB_VENDOR=mysql \
-e DB_DATABASE=keycloak \
-e DB_ADDR=foo.us-east-1.rds.amazonaws.com \
-e KEYCLOAK_STATISTICS=all \
-e DB_USER=keycloak \
-e KEYCLOAK_USER=kcuser \
-e DB_PASSWORD=... \
-e KEYCLOAK_PASSWORD=... \
-p 80:8080 \
-p 7600:7600 \
jboss/keycloak:16.1.0
Both containers launch fine, but they aren't talking to each other.
Adding the following three environment variables:
-e JGROUPS_DISCOVERY_EXTERNAL_IP=1.2.3.5 \
-e JGROUPS_DISCOVERY_PROTOCOL=TCPPING \
-e JGROUPS_DISCOVERY_PROPERTIES='1.2.3.5[7600],1.2.3.6[7600]' \
Causes Keycloak to crash on startup:
=========================================================================
Using MySQL database
=========================================================================
17:01:35,028 INFO [org.jboss.modules] (CLI command executor) JBoss Modules version 2.0.0.Final
17:01:35,124 INFO [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.13.Final
17:01:35,134 INFO [org.jboss.threads] (CLI command executor) JBoss Threads version 2.4.0.Final
17:01:35,267 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 16.1.0 (WildFly Core 18.0.0.Final) starting
...
17:01:43,320 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
17:01:43,322 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 16.1.0 (WildFly Core 18.0.0.Final) started in 3261ms - Started 49 of 79 services (31 services are lazy, passive or on-demand)
The batch executed successfully
17:01:43,560 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0050: Keycloak 16.1.0 (WildFly Core 18.0.0.Final) stopped in 21ms
Setting JGroups discovery to TCPPING with properties {1.2.3.5[7600],1.2.3.6[7600]}
That last log line hangs for a few seconds, and then the process crashes. Note that it's the FIRST instance that crashes (I never get to launching the second one), so I don't think it's a matter of communication/firewall/etc, but port 80 and 7600 are open.
I'm using the jboss/Keycloak docker image v16.1 from Docker Hub.
The container will need a TCPPING.cli script, or the appropriate modifications made to standalone-ha.xml. The following TCPPING.cli file worked for me (mounted into the docker container with -v $(pwd)/TCPPING.cli:/opt/jboss/tools/cli/jgroups/discovery/TCPPING.cli):
embed-server --server-config=standalone-ha.xml --std-out=echo
batch
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
/subsystem=jgroups/stack=udp:remove()
/subsystem=jgroups/stack=tcp/protocol=MPING:remove()
/subsystem=jgroups/stack=tcp/protocol=$keycloak_jgroups_discovery_protocol:add(add-index=0, properties={"initial_hosts"=>$keycloak_jgroups_discovery_protocol_properties})
/subsystem=jgroups/channel=ee:write-attribute(name=stack, value="tcp")
/subsystem=jgroups/stack=tcp/transport=TCP/property=external_addr/:add(value=${env.JGROUPS_DISCOVERY_EXTERNAL_IP:127.0.0.1})
run-batch
stop-embedded-server
Note that this is different from what is recommended in https://www.keycloak.org/2019/05/keycloak-cluster-setup - specifically the line
/subsystem=jgroups/stack=tcp/protocol=$keycloak_jgroups_discovery_protocol:add(add-index=0, properties={"initial_hosts"=>$keycloak_jgroups_discovery_protocol_properties})
I also changed the JGROUPS_DISCOVERY_PROPERTIES env var to only be the first server (e.g. -e JGROUPS_DISCOVERY_PROPERTIES=1.2.3.5[7600]) - each server in the cluster should just need to check with the master in order to join.
I tried with 8.x and 10.x version of Keycloak, also with tried with Keycloak docker image but getting below issue, while configuring Keycloak with MySQL
12:27:16,047 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Foreign key constraint added to USER_GROUP_MEMBERSHIP (USER_ID)
12:27:17,356 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Primary key added to GROUP_ROLE_MAPPING (ROLE_ID, GROUP_ID)
12:27:18,637 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Foreign key constraint added to GROUP_ROLE_MAPPING (GROUP_ID)
12:27:19,384 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0348: Timeout after [300] seconds waiting for service container stability. Operation will roll back. Step that first updated the service container was 'add' at address '[
("core-service" => "management"),
("management-interface" => "http-interface")
]'
12:27:20,326 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Foreign key constraint added to GROUP_ROLE_MAPPING (ROLE_ID)
12:27:21,381 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Unique constraint added to REALM_DEFAULT_GROUPS(GROUP_ID)
12:27:23,153 DEBUG [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 71) Foreign key constraint added to REALM_DEFAULT_GROUPS (REALM_ID)
12:27:24,389 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.server.DeployerChainAddHandler$FinalRuntimeStepHandler#2b5e08f5 for operation add-deployer-chains at address [] failed -- java.util.concurrent.TimeoutException: java.util.concurrent.TimeoutException
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.OperationContextImpl.waitForRemovals(OperationContextImpl.java:523)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1518)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1472)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1445)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext$Step.access$400(AbstractOperationContext.java:1319)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:876)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:726)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1413)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:527)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)
at org.jboss.as.server#11.1.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:448)
at org.jboss.as.server#11.1.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:401)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
at java.base/java.lang.Thread.run(Thread.java:834)
12:27:24,391 ERROR [org.jboss.as.controller.client] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.server.DeployerChainAddHandler$FinalRuntimeStepHandler#2b5e08f5 for operation add-deployer-chains at address [] failed -- java.util.concurrent.TimeoutException
By increasing timeout using command
$ bin/standalone.sh -Djboss.as.management.blocking.timeout=3600
It failed with error below
17:26:32,383 INFO [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 68) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
17:31:25,854 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffff7f000101:84ae906:5ee761e5:f in state RUN
17:31:25,870 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffff7f000101:84ae906:5ee761e5:f
17:31:27,355 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffff7f000101:84ae906:5ee761e5:12 in state RUN
17:31:27,356 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffff7f000101:84ae906:5ee761e5:12
17:31:31,222 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffff7f000101:84ae906:5ee761e5:15 in state RUN
17:31:31,225 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012095: Abort of action id 0:ffff7f000101:84ae906:5ee761e5:15 invoked while multiple threads active within it.
17:31:31,250 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012381: Action id 0:ffff7f000101:84ae906:5ee761e5:15 completed with multiple threads - thread ServerService Thread Pool -- 68 was in progress with java.net.SocketInputStream.socketRead0(Native Method)
java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
java.net.SocketInputStream.read(SocketInputStream.java:171)
java.net.SocketInputStream.read(SocketInputStream.java:141)
com.mysql.cj.protocol.ReadAheadInputStream.fill(ReadAheadInputStream.java:107)
com.mysql.cj.protocol.ReadAheadInputStream.readFromUnderlyingStreamIfNecessary(ReadAheadInputStream.java:150)
com.mysql.cj.protocol.ReadAheadInputStream.read(ReadAheadInputStream.java:180)
java.io.FilterInputStream.read(FilterInputStream.java:133)
com.mysql.cj.protocol.FullReadInputStream.readFully(FullReadInputStream.java:64)
com.mysql.cj.protocol.a.SimplePacketReader.readHeader(SimplePacketReader.java:63)
com.mysql.cj.protocol.a.SimplePacketReader.readHeader(SimplePacketReader.java:45)
com.mysql.cj.protocol.a.TimeTrackingPacketReader.readHeader(TimeTrackingPacketReader.java:52)
com.mysql.cj.protocol.a.TimeTrackingPacketReader.readHeader(TimeTrackingPacketReader.java:41)
com.mysql.cj.protocol.a.MultiPacketReader.readHeader(MultiPacketReader.java:54)
com.mysql.cj.protocol.a.MultiPacketReader.readHeader(MultiPacketReader.java:44)
com.mysql.cj.protocol.a.NativeProtocol.readMessage(NativeProtocol.java:533)
com.mysql.cj.protocol.a.NativeProtocol.checkErrorMessage(NativeProtocol.java:703)
com.mysql.cj.protocol.a.NativeProtocol.sendCommand(NativeProtocol.java:642)
com.mysql.cj.protocol.a.NativeProtocol.sendQueryPacket(NativeProtocol.java:941)
com.mysql.cj.protocol.a.NativeProtocol.sendQueryString(NativeProtocol.java:887)
com.mysql.cj.NativeSession.execSQL(NativeSession.java:1073)
com.mysql.cj.jdbc.StatementImpl.executeInternal(StatementImpl.java:724)
com.mysql.cj.jdbc.StatementImpl.execute(StatementImpl.java:648)
org.jboss.jca.adapters.jdbc.WrappedStatement.execute(WrappedStatement.java:198)
liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:307)
liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:55)
liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:113)
liquibase.database.AbstractJdbcDatabase.execute(AbstractJdbcDatabase.java:1277)
liquibase.database.AbstractJdbcDatabase.executeStatements(AbstractJdbcDatabase.java:1259)
liquibase.changelog.ChangeSet.execute(ChangeSet.java:582)
liquibase.changelog.visitor.UpdateVisitor.visit(UpdateVisitor.java:51)
liquibase.changelog.ChangeLogIterator.run(ChangeLogIterator.java:79)
liquibase.Liquibase.update(Liquibase.java:214)
liquibase.Liquibase.update(Liquibase.java:192)
liquibase.Liquibase.update(Liquibase.java:188)
org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.updateChangeSet(LiquibaseJpaUpdaterProvider.java:182)
org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:102)
org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:81)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory$2.run(DefaultJpaConnectionProviderFactory.java:341)
org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.update(DefaultJpaConnectionProviderFactory.java:334)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.migration(DefaultJpaConnectionProviderFactory.java:306)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lambda$lazyInit$0(DefaultJpaConnectionProviderFactory.java:182)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory$$Lambda$802/938288417.run(Unknown Source)
org.keycloak.models.utils.KeycloakModelUtils.suspendJtaTransaction(KeycloakModelUtils.java:682)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:133)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:81)
org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:59)
org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:204)
org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:51)
org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:33)
org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:204)
org.keycloak.services.DefaultKeycloakSession.realmLocalStorage(DefaultKeycloakSession.java:157)
org.keycloak.models.cache.infinispan.RealmCacheSession.getRealmDelegate(RealmCacheSession.java:148)
org.keycloak.models.cache.infinispan.RealmCacheSession.getMigrationModel(RealmCacheSession.java:141)
org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:97)
org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:244)
org.keycloak.services.resources.KeycloakApplication.migrateAndBootstrap(KeycloakApplication.java:185)
org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:147)
org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:138)
org.keycloak.services.resources.KeycloakApplication$$Lambda$778/1366630785.run(Unknown Source)
org.keycloak.provider.wildfly.WildflyPlatform.onStartup(WildflyPlatform.java:29)
org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:125)
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
java.lang.reflect.Constructor.newInstance(Constructor.java:423)
org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)
org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2805)
org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:369)
org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:281)
org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:92)
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:119)
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)
io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)
io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:585)
io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:556)
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction$$Lambda$734/2095679667.call(Unknown Source)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$735/1593765930.call(Unknown Source)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$735/1593765930.call(Unknown Source)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$735/1593765930.call(Unknown Source)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$735/1593765930.call(Unknown Source)
io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:598)
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)
org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
java.util.concurrent.FutureTask.run(FutureTask.java:266)
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
java.lang.Thread.run(Thread.java:748)
org.jboss.threads.JBossThread.run(JBossThread.java:485)
17:31:31,252 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012108: CheckedAction::check - atomic action 0:ffff7f000101:84ae906:5ee761e5:15 aborting with 1 threads active!
17:31:31,252 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffff7f000101:84ae906:5ee761e5:15
17:31:31,514 WARN [com.arjuna.ats.arjuna] (ServerService Thread Pool -- 68) ARJUNA012077: Abort called on already aborted atomic action 0:ffff7f000101:84ae906:5ee761e5:15
17:31:31,516 WARN [com.arjuna.ats.arjuna] (ServerService Thread Pool -- 68) ARJUNA012077: Abort called on already aborted atomic action 0:ffff7f000101:84ae906:5ee761e5:12
17:31:31,517 WARN [com.arjuna.ats.arjuna] (ServerService Thread Pool -- 68) ARJUNA012077: Abort called on already aborted atomic action 0:ffff7f000101:84ae906:5ee761e5:f
17:31:31,518 FATAL [org.keycloak.services] (ServerService Thread Pool -- 68) java.lang.RuntimeException: Failed to update database
17:31:31,520 INFO [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server shutdown has been requested via an OS signal
17:31:32,024 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 75) WFLYCLINF0003: Stopped sessions cache from keycloak container
17:31:32,038 INFO [org.jboss.as.server.deployment] (MSC service thread 1-6) WFLYSRV0028: Stopped deployment keycloak-server.war (runtime-name: keycloak-server.war) in 490ms
17:31:32,068 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException
at org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$2.execute(MicroProfileMetricsSubsystemAdd.java:86)
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1413)
at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:527)
at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)
at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)
at org.jboss.as.server.ServerService.boot(ServerService.java:448)
at org.jboss.as.server.ServerService.boot(ServerService.java:401)
at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
at java.lang.Thread.run(Thread.java:748)
17:31:32,081 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 55) WFLYSRV0022: Deploy of deployment "keycloak-server.war" was rolled back with no failure message
17:31:32,132 INFO [org.jboss.as] (MSC service thread 1-5) WFLYSRV0050: Keycloak 10.0.1 (WildFly Core 11.1.1.Final) stopped in 584ms
I am looking for solution like:
If I could get initial DDL & DML of Keycloak
If Keycloak could continue from where it failed
If timeout could be increased. In this case, I tried below command but it not work
docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=password -e DB_VENDOR=mysql -e DB_DATABASE=keycloak -e DB_USER=keycloak -e DB_PASSWORD=keycloak -e DB_ADDR=mysql -e ROOT_LOGLEVEL=DEBUG -e JAVA_OPTIONS="-Djboss.as.management.blocking.timeout=900" -e KEYCLOAK_LOGLEVEL=DEBUG --link=mysql jboss/keycloak
I ran into this issue today, after my Keycloak instance suddenly stopped working.
I took a look at my underlying PostgreSQL database and retrieved the locks.
And what I saw, was that a Liquibase lock was not released.
So I used this commmand to search for open activities inside the PostgreSQL DB:
SELECT pid, state, username, query, query_start
FROM pg_stat_activity
WHERE pid in (
select pid from pg_locks l
join pg_class t on l.relation = t.oid
where t.relkind = 'r'
);
which returned the following:
pid | state | usename | query | query_start
-----+--------+----------+----------------------------------------------------------------------+-------------------------------
32 | active | keycloak | SELECT ID FROM public.databasechangeloglock WHERE ID=1000 FOR UPDATE | 2020-10-11 14:21:07.396058+00
354 | active | keycloak | SELECT ID FROM public.databasechangeloglock WHERE ID=1000 FOR UPDATE | 2020-10-11 19:42:06.636659+00
Those database locks come from Liquibase which is used by Keycloak to upgrade your data structure/definition. Those locks were not released while upgrading the schema.
After dropping the table, the service now works again.
DROP TABLE databasechangeloglock;
In my case neither increasing the blocking timeout nor adding a default timeout to the transaction manager worked.
<coordinator-environment default-timeout="600" .../> # did not work
...
JAVA_TOOLS_OPTS: "-Djboss.as.management.blocking.timeout=3600" # did not work
Seems that your keycloak tried to update schema during startup and it took too much time, so wildfly broke Keycloak deployment by timeout. Try to add following property to wildfly:
${KEYCLOAK_HOME}/bin/standalone.sh -Djboss.as.management.blocking.timeout=3600
If you running keycloak as docker container then try using the following env variable
JAVA_TOOLS_OPTS: "-Djboss.as.management.blocking.timeout=3600"
Note: This will be displayed in the keycloak container logs. (This can be helpful to confirm whether keycloak picks up the env variable or not)
Let me know if this works and if you need anything.
jboss.as.management.blocking.timeout seems wildfly's deployment timeout.
In the above error case (ARJUNA012121: TransactionReaper::doCancellations worker) you can adjust the transaction timeout. It can be set in the standalone-ha.xml file. For examples, to set it to 600 seconds:
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
<coordinator-environment default-timeout="600"/>
...
</subsystem>
For docker deployments, the environment variable to set is JAVA_OPTS_APPEND
Example:
JAVA_OPTS_APPEND="-Djboss.as.management.blocking.timeout=7200"
I also had this problem.
All solutions regarding the modification of timeout or system resources are just workarounds and does not always work.
Initially, I thought to a network problem. It was not. It was because of the database which became "locked". I did not tried the previous solution https://stackoverflow.com/a/64308446/7529228, but I think it can work.
I did an "hardest" solution :
I dumped the Postgres database (docker exec -it f84 pg_dump -c -U keycloak keycloak --no-owner > db-dump.sql where f84 is the ID of the container)
I removed the Keycloak instance (Volume, network, ... everything)
I deployed a new Keycloak instance.
I restored my database (cat db-dump.sql | docker exec -i keycloak_postgres.1.kyu24eqvnwaahg1obmy5omtfh psql -U keycloak keycloak - Adapt with your own container name)
I restarted the keycloak instance, then problem solved.
Thanks to https://pvelati.dev/2021/03/dump-and-restore-postgres-db-with-docker/ for the database dump/restoration procedure.
Make sure that you choose the right MySQL version.
Use MySQL 5.7 instead of MySQL 8.0.32 for Keycloak versions between 4.0.0 and 16.1.1. Or migrate to a newer Keycloak version.
Example of docker-compose.yml with Keycloak 16.1.0 using MySQL 5.7 (you can change the version; I also tested it with Keycloak 10).
version: '3'
volumes:
mysql_data:
driver: local
services:
mysql:
image: mysql:5.7
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:16.1.0
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the MySQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "connectTimeout=30000"
ports:
- 8080:8080
depends_on:
- mysql
Run the following docker-compose.yml example to reproduce the error. The error example is using Keycloak 16.1.0 with MySQL 8.0.32, instead of MySQL 5.7.
version: '3'
volumes:
mysql_data:
driver: local
services:
mysql:
image: mysql:8.0.32
volumes:
- mysql_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: keycloak
MYSQL_USER: keycloak
MYSQL_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:16.1.0
environment:
DB_VENDOR: MYSQL
DB_ADDR: mysql
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the MySQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "connectTimeout=30000"
ports:
- 8080:8080
depends_on:
- mysql
And the following error message will appear:
Timeout after [300] seconds waiting for service container stability. Operation will roll back.
My advice is to check which MySQL version is compatible with your Keycloak.
Source:
https://www.keycloak.org/docs/16.1/server_installation/index.html#mysql-database
https://github.com/keycloak/keycloak-containers/blob/ef2c7027be5fb9a65c34e3511dc45c950831634e/docker-compose-examples/keycloak-mysql.yml
I meet misunderstanding situation.
I try to set Wildfly 10.1.0 on Ubuntu 16.04 to work in domain mode. To testing I have additional virtual machine.
Base system: Domain Controller
Virtual Machine: Host Controller
Generally to configuration I'm using wildfly documentation but it doesn't work correct.
Without authentication Host Server can connect to Domain Controller, but problem occur when I want use authentication - there is some strange behavior which I don't understand.
On domain controller:
set everything in host-master.xml
create Management User with below option:
user: test
password: test
Is this new user going to be used for one AS process to connect to
another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition secret value="dGVzdA=="
3.server start without problem using domain.sh --host-config=host-master.xml
On Host Controller:
set everything in host-slave.xml with secret value:
<security-realm name="ManagementRealm">
<server-identities>
<secret value="dGVzdA==" />
</server-identities>
<authentication>
<local default-user="$local" skip-group-loading="true"/>
<properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
</authorization>
</security-realm>
start server using domain.sh --host-config=host-slave.xml
When I am starting server obtain following error:
*[Host Controller] 22:23:03,553 WARN [org.jboss.as.host.controller] **(Controller Boot Thread) WFLYHC0001: Could not connect to remote domain controller remote://192.168.56.1:9999 -- java.lang.IllegalStateException: WFLYHC0043: Unable to connect due to authentication failure.*
./domain.sh --host-config=host-slave.xml
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /home/test1/Warsztat/wildfly
JAVA: java
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
=========================================================================
22:22:59,931 INFO [org.jboss.modules] (main) JBoss Modules version 1.5.2.Final
22:23:00,212 INFO [org.jboss.as.process.Host Controller.status] (main) WFLYPC0018: Starting process 'Host Controller'
[Host Controller] 22:23:01,207 INFO [org.jboss.modules] (main) JBoss Modules version 1.5.2.Final
[Host Controller] 22:23:01,521 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final
[Host Controller] 22:23:01,586 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: WildFly Full 10.1.0.Final (WildFly Core 2.2.0.Final) starting
[Host Controller] 22:23:02,624 INFO [org.xnio] (MSC service thread 1-1) XNIO version 3.4.0.Final
[Host Controller] 22:23:02,634 INFO [org.xnio.nio] (MSC service thread 1-1) XNIO NIO Implementation Version 3.4.0.Final
[Host Controller] 22:23:02,741 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-2) WFLYDM0111: Keystore /home/test1/Warsztat/wildfly/domain/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
[Host Controller] 22:23:02,752 INFO [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 4.0.21.Final
[Host Controller] 22:23:02,834 INFO [org.jboss.as.remoting] (MSC service thread 1-1) WFLYRMT0001: Listening on 192.168.56.111:9999
[Host Controller] 22:23:03,553 WARN [org.jboss.as.host.controller] **(Controller Boot Thread) WFLYHC0001: Could not connect to remote domain controller remote://192.168.56.1:9999 -- java.lang.IllegalStateException: WFLYHC0043: Unable to connect due to authentication failure.**
[Host Controller] 22:23:03,554 WARN [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0147: No domain controller discovery options remain.
[Host Controller] 22:23:03,555 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0002: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: WFLYHC0120: Tried all domain controller discovery option(s) but unable to connect
[Host Controller] 22:23:03,556 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0178: Aborting with exit code 99
[Host Controller] 22:23:03,603 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: WildFly Full 10.1.0.Final (WildFly Core 2.2.0.Final) stopped in 22ms
[Host Controller]
22:23:04,063 INFO [org.jboss.as.process.Host Controller.status] (reaper for Host Controller) WFLYPC0011: Process 'Host Controller' finished with an exit status of 99
22:23:04,066 INFO [org.jboss.as.process] (Thread-8) WFLYPC0017: Shutting down process controller
22:23:04,066 INFO [org.jboss.as.process] (Thread-8) WFLYPC0016: All processes finished; exiting
But if I add name="test" on Host Controller to host-slave.xml file like below (name must be the same as a user management creating in Domain Controller) it works!
<host xmlns="urn:jboss:domain:4.2" name="test">
I completely don't understand it and I can't find any explanation that situation?
Any body knows why do I have to add name="test"?
Ok - I found explanations.
In Security Realms documentation is information about how to define your own username for authentication:
By default when a slave host controller authenticates against the
master domain controller it uses its configured name as its username.
If you want to override the username used for authentication a
username attribute can be added to the element.
In my cases I have to add user name like below:
<domain-controller>
<remote security-realm="ManagementRealm" username="atest">
<discovery-options>
<static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:192.168.56.1}" port="${jboss.domain.master.port:9999}"/>
</discovery-options>
</remote>
</domain-controller>
And now I can set name freely.
This is expected behavior. You need to mention name in host-slave.xml same as user name created on master EAP. With the help of that only master instance able to authenticate slave instance.
In wildfly documentation too they created user slave and used same in host-slave.xml file.
Using the jboss cli, We are deploying the Oracle Jdbc 12 (ojdbc7.jar) to a jboss server version 6.4, running with JDK 1.8. The command looks like this:
call %JBOSSHOME%\bin\jboss-cli.bat -c "deploy %JBOSSHOME%\ojdbc7.jar --name=OracleJDBCDriver12c"
The command above succeeds, and jboss goes about its business with all Oracle datasources working as expected. However, after we shutdown and restart the jboss server, the ojdbc deployment is "lost". Here are some text from the server log, during startup:
09:13:54,716 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-5) JBAS010403: Deploying JDBC-compliant driver class oracle.jdbc.OracleDriver (version 12.1)
And then further down the log:
09:13:57,642 INFO [org.jboss.as.repository] (DeploymentScanner-threads - 2) JBAS014901: Content removed from location C:\java\jboss-eap-6.4\standalone\data\content\a2\348e4944956fac05235f7cd5d30bf872afb157\content
09:13:57,644 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS015858: Undeployed "OracleJDBCDriver12c" (runtime-name: "OracleJDBCDriver12c")
It seems from the logs that jboss for some reason decides to undeploy the ojdbc jar deployment. Would anyone have any idea why?
Thanks
That's what I see in my logs:
[jbossas-DOMAIN.rhcloud.com SHA]\> tail_all
2014/05/26 09:08:35,527 INFO [org.jboss.as.messaging] (MSC service thread 1-4)
JBAS011601: Bound messaging object to jndi name java:/ConnectionFactory
2014/05/26 09:08:35,599 INFO [org.jboss.as.deployment.connector] (MSC service t
hread 1-2) JBAS010406: Registered connection factory java:/JmsXA
2014/05/26 09:08:35,620 INFO [org.hornetq.ra.HornetQResourceAdapter] (MSC servi
ce thread 1-2) HornetQ resource adaptor started
2014/05/26 09:08:35,621 INFO [org.jboss.as.connector.services.ResourceAdapterAc
tivatorService$ResourceAdapterActivator] (MSC service thread 1-2) IJ020002: Depl
oyed: file://RaActivatorhornetq-ra
2014/05/26 09:08:35,623 INFO [org.jboss.as.deployment.connector] (MSC service t
hread 1-4) JBAS010401: Bound JCA ConnectionFactory [java:/JmsXA]
2014/05/26 09:08:35,785 INFO [org.jboss.as.server.deployment] (MSC service thre
ad 1-4) JBAS015876: Starting deployment of "ROOT.war"
2014/05/26 09:08:38,512 INFO [org.jboss.web] (MSC service thread 1-4) JBAS01821
0: Registering web context:
2014/05/26 09:08:38,532 INFO [org.jboss.as] (MSC service thread 1-1) JBAS015951
: Admin console listening on http://127.2.148.129:9990
2014/05/26 09:08:38,532 INFO [org.jboss.as] (MSC service thread 1-1) JBAS015874
: JBoss AS 7.1.1.Final "Brontes" started in 19348ms - Started 211 of 330 service
s (116 services are passive or on-demand)
2014/05/26 09:08:38,785 INFO [org.jboss.as.server] (DeploymentScanner-threads -
2) JBAS018559: Deployed "ROOT.war"
[jbossas-DOMAIN.rhcloud.com SHA]\> find . -name ROOT.war
find: `./.ssh': Permission denied
find: `./.sandbox': Permission denied
./app-root/runtime/dependencies/jbossas/deployments/ROOT.war
find: `./.tmp': Permission denied
./app-deployments/2014-05-26_08-49-32.024/dependencies/jbossas/deployments/ROOT.
war
[jbossas-DOMAIN.rhcloud.com SHA]\>
But when I go to the root url I see the default Welcome to your JBoss AS application on OpenShift page. I am not using maven. Tried to follow the instructions for Jboss (jboss-as-7.1.1.Final) from this page - did not delete the src folder though. What do I need to do ? Do I need to delete the src folder (?) and add a deployments folder ?
Build output (eclipse Java EE Luna M7)
Stopping jbossas cartridge
Sending SIGTERM to jboss:301473 ...
Building git ref 'master', commit e48bedf
Skipping Maven build due to absence of pom.xml
Preparing build for deployment
Deployment id is 72c749b6
Activating deployment
Deploying JBoss
Starting jbossas cartridge
Found 127.2.148.129:8080 listening port
Found 127.2.148.129:9999 listening port
/var/lib/openshift/538267574382ece7950004a4/jbossas/standalone/deployments /var/lib/openshift/SHA/jbossas
/var/lib/openshift/538267574382ece7950004a4/jbossas
Artifacts deployed: ./ROOT.war
-------------------------
Git Post-Receive Result: success
Activation status: success
Deployment completed with status: success
Repository already uptodate.
EDIT: hmm, the war is 24k which is little - the project is a regular java web application project - runs fine locally both on glassfish and jboss
I would accept an answer telling me how to do it from eclipse (edit: asked here) but till then producing manually the war (right click on the project then export as war) and then scp'ing straight from git Bash (msysgit, mingwin):
$ scp "~/ROOT.war" SHA#APP-DOMAIN.rhcloud.com:/var/lib/\
openshift/SHA/app-root/dependencies/jbossas/deployments
as detailed here (detailed is an euphemism) solved it.
For the gory details of finally setting this up see here
This question is pretty old so I am sure that the problem has been solved, however I was having the same problem and I am sure someone else will do as well. In my case the git wasn't tracking the src folder in my local repository.
You just need to open up a terminal in your git repo folder and type git status to show which folders are not being tracked, then git add [file/foldername] and finally republish it.