Keycloak config ignore env variables - keycloak

Hi I try to start an standalone keycloak Server within a Docker container.
I set an "env" variable for production, local oder test for that the server connects to the correct MySQL DB.
But upon start up on AWS it seems to ignore the env vars. Localy Dockermachine works fine.
Here is the config setup:
in standalone.xml:
...for (empty) local
<datasource jndi-name="java:/jboss/datasources/KeycloakMysqlDS-default" pool-name="KeycloakMysqlDS-default" enabled="true">
...for production
<datasource jndi-name="java:/jboss/datasources/KeycloakMysqlDS-production" pool-name="KeycloakMysqlDS-production" enabled="true">
...
<provider name="default" enabled="true">
<properties>
<property name="dataSource" value="java:jboss/datasources/KeycloakMysqlDS-${env.env}"/>
....
The 'env' var is verified set to "production" on AWS and empty on local and also reacts in local dockermachine changes.
Just on starting on the AWS dockermachine it uses the default instead of the {env.env} var.
Anyone saw the behaviour before? Or have an idea how to correct it?
Thanks in advance
Gregor
UPDATE:
Well the error does not happen on startup.
It happens several minutes afterwards:
...
WARN [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (JCA PoolFiller) IJ000610: Unable to fill pool: java:/jboss/datasources/KeycloakMysqlDS-default: ... Connection refused.
...
So it probably not a problem with the env var.
Instead Keycloak seems to try to open connection to setted datasource... is it true?

Completley another problem...
Keycloak bid to another IP by default. Had to set the ip to 0.0.0.0 to work inside a Docker container.
in configuration.xml...
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:0.0.0.0}"/>
<!--<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>-->
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:0.0.0.0}"/>
<!--<inet-address value="${jboss.bind.address:127.0.0.1}"/>-->
</interface>
</interfaces>

Related

Cannot resolve system property when using referencing it using jboss-cli

I am attempting to flush a JNDI datasource using the jboss-cli, but the datasource is defined using a ${jndi.prefix} variable, and the CLI can't seem to be able to resolve it.
Here is my datasource in standalone.xml:
<datasource jndi-name="${jndi.prefix}/CORE" pool-name="${jndi.prefix}/CORE_Pool" enabled="true" use-java-context="true" use-ccm="true">
<connection-url>jdbc:sqlserver://10.222.255.100;DatabaseName=CORE</connection-url>
<driver>sqlserver</driver>
<pool>
<min-pool-size>1</min-pool-size>
<max-pool-size>10</max-pool-size>
<prefill>true</prefill>
</pool>
<security>
<user-name>CORE_DBO</user-name>
<password>password</password>
</security>
</datasource>
and jndi.prefix is defined in system-properties:
<system-properties>
<property name="jndi.prefix" value="java:"/>
</system-properties>
I can see it using the CLI, but when trying to resolve it, I am told that it is unrecognized:
[standalone#localhost:9990 /] cd system-property
[standalone#localhost:9990 system-property] cd jndi.prefix
[standalone#localhost:9990 system-property=jndi.prefix] ls
value=java:
[standalone#localhost:9990 system-property=jndi.prefix] /subsystem=datasources/data-source=${jndi.prefix}\/CORE_Pool/:read-resource
Unrecognized system property jndi.prefix
I have tried swapping the ${jndi.prefix} in the datasource with the literal value java: and that worked, but we have tons of environments that would have to be updated, so I am not fond of that solution.
Why can't the CLI resolve this variable when it is clearly defined?
The system properties you can use in the CLI aren't the ones defined in your Wildfly configuration :
System property values used in management CLI commands must have already been defined in order to be resolved. You must either pass in a properties file (--properties=/path/to/file.properties) or property value pairs (-Dkey=value) when starting your management CLI instance. The properties file uses a standard KEY=VALUE syntax.
(source for EAP, but it's most probably the same for Wildfly)

Wildfly 14 domain - Connection timeout

Situation: Windows 10 Host machine needs to communicate with Fedora 26 virtual machine. Windows 10 is my host in domain, fedora is slave. VirtualBox machine has 2 adapters, one is Bridged, and the other is Internal Network Adapter.
IPv4 of my host machine is: 192.168.0.17
Slave machine IP is: 192.168.0.35
When running domain on Windows, and accessing 192.168.0.17:9990 I can bring up management console. But when starting domain on Fedora, it says Connection timeout, cant connect to remote://192.168.0.17:9990
Picture below is my current situation.
What have I done: I have disabled and stopped firewalld on fedora, iptables aren't running, as I can't even disable them.
I have enabled firewall rule on windows that lets me communicate between host and vm.
I have tried pinging Host machine from Fedora, and it is all good.
I have tried changing ports on <static-discovery/> tag, but it won't ping 9990, nor 9999.
I have tried connecting to host management console via jboss-cli on host machine, and it is working.
I have tried connecting to host management console via jboss-cli on slave machine, and it is working.
My host.xml file on Windows:
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true"/>
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
<domain-controller>
<local/>
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:192.168.0.17}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:192.168.0.17}"/>
</interface>
<interface name="unsecured">
<inet-address value="192.168.0.17"/>
</interface>
</interfaces>
My host.xml file on slave:
<domain-controller>
<remote security-realm="ManagementRealm">
<discovery-options>
<static-discovery name="master-native" protocol="remote" host="192.168.0.17" port="9999" />
<static-discovery name="master-https" protocol="https-remoting" host="192.168.0.17" port="9993" security-realm="ManagementRealm"/>
<static-discovery name="master-http" protocol="http-remoting" host="192.168.0.17" port="9990" />
</discovery-options>
</remote>
</domain-controller>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:10.211.55.2}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:10.211.55.2}"/>
</interface>
<interface name="unsecured">
<inet-address value="10.211.55.2" />
</interface>
</interfaces>
I have followed this tutorial: https://docs.jboss.org/author/display/WFLY10/Clustering+and+Domain+Setup+Walkthrough
Following picture is the output on Fedora when starting domain.sh, and output on windows when starting domain.bat
9990 port is for http-remoting not remote protocol (port 9999), change it and try again.
See: Domain Configuration

Set system properties in standalone-full.xml in wildfly 8.2

I have added system-properties tag in standalone-full.xml, but its not working in standalone mode. However, if I add the same tag in domain.xml it's working for domain mode.
<?xml version='1.0' encoding='UTF-8'?>
<server xmlns="urn:jboss:domain:2.2">
<extensions>
....
</extensions>
<system-properties>
<property name="java.util.Arrays.useLegacyMergeSort" value="true"/>
</system-properties>
</server>
According to this article on jBoss General configuration concepts
System property values can be set in a number of places in domain.xml, host.xml and standalone.xml.
Then what about standalone-full.xml?
I don't want to set it through command line and not even in java code.
In standalone it's probably too late to set it in the configuration files. You'll need to add it to the standalone.conf or standalone.conf.bat in the JAVA_OPTS environment variable. A global property like that needs to be set before anything else attempts to use java.util.Arrays.
If you have started the Wildfly server with standalone-full.xml instead of standalone.xml(the default) than this should be reflected in the start of the server:
standalone.sh -b <hostIP> -c standalone-full.xml -Dorg...
Then this will have effect on first start.
If you change something in this config file, you will need to reload Wildfly(configuration) from jboss cli:
[standalone#localhost:9990 /] :reload
For Wildfly 10 it's working nontheless. I was able to read the property for an instance started with the standalone-full.xml containing some properties.
The manual must be outdated then I guess? Because even Wildfly itself inserts a new property in the standalone-full.xml when using the Wildfly admin webinterface: http://localhost:9990 > Configuration > System Properties (Wildfly will add the property of course to the xml config which was used to start the instance). That's enough proof for me.

enabling jmx remote in jboss 6.1

I'm trying to enable jmx remote in jboss 6.1. When I've added options like below
-Djboss.platform.mbeanserver
-Djavax.management.builder.initial=org.jboss.system.server.jmx.MBeanServerBuilderImpl
-Dcom.sun.management.jmxremote.port=12349
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
, jboss can't start properly and I'got following error:
" Deployment "JBossLogService" is in error due to the following reason(s): java.lang.IllegalStateException: The LogManager was not properly installed (you must set the "java.util.logging.manager" system property to "org.jboss.logmanager.LogManager"), **ERROR**"
Do you have any ideas how to fix it ?
In Jboss EAP 6.1 JMX is enabled by default.
ensure you have:
<extension module="org.jboss.as.jmx"/> under <extensions>
<subsystem xmlns="urn:jboss:domain:jmx:1.2">
<expose-resolved-model/>
<expose-expression-model/>
<remoting-connector/>
</subsystem>
use -Djboss.bind.address.management=YOURSERVERIP as command line argument to start you AS or change it here:
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:**127.0.0.1**}"/>
</interface>
..
</interfaces>
use jconsole start script under JBOSS_HOME/bin/jconsole.sh (it loads JBoss remoting libraries on classpath )
to use jvisualvm instead refer to https://github.com/johnaoahra80/jboss-as-tool-integration/tree/master/visualvm
use that url in jconsole service:jmx:remoting-jmx://yourIP:magementport (default is 9999)
use user/password you crated using JBOSS_HOME/bin/add-user.sh
add next options
-Djava.util.logging.manager=org.jboss.logmanager.LogManager
-Xbootclasspath/p:$JBOSS_HOME/modules/system/layers/base/org/jboss/logmanager/main/jboss-logmanager-version.jar
-Xbootclasspath/p:$JBOSS_HOME/modules/system/layers/base/org/jboss/log4j/logmanager/main/log4j-jboss-logmanager-version.jar
-Xbootclasspath/p:$JBOSS_HOME/modules/system/layers/base/org/apache/log4j/main/log4j-jboss-logmanager-version.jar
-Dcom.sun.management.jmxremote

JBoss domain dynamic port offset configuration

I cannot seem to get configuring port-offsets via properties file on the domain managed setup to start multiple server instances in a server group.
I have the following configuration in host.xml:
<servers>
<server name="instance-one" group="main-server-group" auto-start="true">
<socket-bindings port-offset="${jboss.instance1.offset}"/>
</server>
<server name="instance-two" group="main-server-group" auto-start="true">
<!-- server-two avoids port conflicts by incrementing the ports in
the default socket-group declared in the server-group -->
<socket-bindings port-offset="${jboss.instance2.offset}"/>
</server>
</servers>
The properties are configured via properties file (custom-domain.properties):
jboss.domain.base.dir=custom-domain
jboss.instance1.offset=10300
jboss.instance2.offset=20300
And I try to startup the domain using
./domain.sh -P=custom-domain.properties
The problem is that jboss.instance1.offset and jboss.instance2.offset are not being applied to the corresponding properties in host.xml. If I have hardcoded values in the host.xml it appears to start up instance 1 and instance 2 on the hardcoded port offsets.
Does custom property configuration not work in domain setup?
Thanks for any help.