keycloak not working on new docker deployment

[dvision1979]

Installed a vanilla docker deployment to the letter, from the latest master.

The keycloak container fails with the log here: https://gist.github.com/danionescu2007/13c4c9c348eddedb2c7cbea82abf9b80 If I retry starting the container it only throws a message:

User with username 'admin' already added to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'

and then exits.

Could you please help me debug this? Thank you in advance.

[dvision1979]

Thank you for your quick reaction 🥇

[holema]

Hello @danionescu2007,

thanks for your reporting. I found the error and fixed it in the version 0.73.3

You need to reset the installation. Follow these steps

1. docker-compose down -v
2. git add .
3. git stash
4. bash installDocker.sh

[dvision1979]

Thanks again. Also I think I have to do a git pull to get the latest version from master.

[holema]

exactly. First checkout the latest master with git pull And then my other steps afterwords.

git pull
docker-compose down -v
git add .
git stash
bash installDocker.sh

[holema]

Is it working now @danionescu2007

[dvision1979]

@holema , I am afraid it does not. I even pruned the docker volumes. No go. Started from scratch with git clone. Now it is building. I will keep you posted.

[dvision1979]

It might not be able to connect to the database?

20:10:29,315 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService Thread Pool -- 60) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
        at org.jboss.ironjacamar.jdbcadapters@1.5.3.Final//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:364)
        at org.jboss.ironjacamar.jdbcadapters@1.5.3.Final//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:371)
        at org.jboss.ironjacamar.jdbcadapters@1.5.3.Final//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:287)
        at org.jboss.ironjacamar.impl@1.5.3.Final//org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1328)
        at org.jboss.ironjacamar.impl@1.5.3.Final//org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:505)
        at org.jboss.ironjacamar.impl@1.5.3.Final//org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:640)
        at org.jboss.ironjacamar.impl@1.5.3.Final//org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:605)
        at org.jboss.ironjacamar.impl@1.5.3.Final//org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:624)
        at org.jboss.ironjacamar.impl@1.5.3.Final//org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:440)
        at org.jboss.ironjacamar.impl@1.5.3.Final//org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:789)
        at org.jboss.ironjacamar.jdbcadapters@1.5.3.Final//org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:151)
        at org.jboss.as.connector@26.0.1.Final//org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:64)
        at org.keycloak.keycloak-model-jpa@16.1.1//org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:414)
        at org.keycloak.keycloak-model-jpa@16.1.1//org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lazyInit(LiquibaseDBLockProvider.java:65)
        at org.keycloak.keycloak-model-jpa@16.1.1//org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lambda$waitForLock$2(LiquibaseDBLockProvider.java:96)
        at org.keycloak.keycloak-server-spi-private@16.1.1//org.keycloak.models.utils.KeycloakModelUtils.suspendJtaTransaction(KeycloakModelUtils.java:753)
        at org.keycloak.keycloak-model-jpa@16.1.1//org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.waitForLock(LiquibaseDBLockProvider.java:94)
        at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:134)
        at org.keycloak.keycloak-server-spi-private@16.1.1//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:239)
        at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:128)
        at org.keycloak.keycloak-wildfly-extensions@16.1.1//org.keycloak.provider.wildfly.WildflyPlatform.onStartup(WildflyPlatform.java:36)
        at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:114)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at org.jboss.resteasy.resteasy-core@4.7.4.Final//org.jboss.resteasy.core.ConstructorInjectorImpl.constructOutsideRequest(ConstructorInjectorImpl.java:225)

[holema]

What environment did you choose? prod or dev?

[dvision1979]

There were my settings:

KEYCLOAK_PW=REDACTED
MERCURE_JWT_SECRET=REDACTED
KEYCLOAK_ADMIN_PW=REDACTED
NEW_UUID=REDACTED
JITSI_ADMIN_PW=REDACTED
ENVIRONMENT=prod
HTTP_METHOD=https
PUBLIC_URL=SOMEDOMAIN.com
smtpHost=smtp.gmail.com
smtpPort=587
smtpUsername=REDACTED
smtpPassword=REDACTED
smtpEncryption=tls
smtpFrom=noreply@SERVER.LOCAL

[holema]

Thats realy strange. I just tested it with my docker and it worked fine. I´m using docker version: Docker version 20.10.14, build a224086 and docker-compose version: Docker Compose version v2.4.1 is your database container running?

[dvision1979]

Here I have Docker version 20.10.17, build 100c701 with Docker Compose version v2.6.1

[dvision1979]

This is the ending of the mariadb log:

2022-07-21 20:24:10+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.8.3+maria~jammy started.
2022-07-21 20:24:10+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2022-07-21 20:24:10+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.8.3+maria~jammy started.
2022-07-21 20:24:10+00:00 [Note] [Entrypoint]: MariaDB upgrade not required
2022-07-21 20:24:10 0 [Note] mariadbd (server 10.8.3-MariaDB-1:10.8.3+maria~jammy) starting as process 1 ...
2022-07-21 20:24:11 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-07-21 20:24:11 0 [Note] InnoDB: Number of transaction pools: 1
2022-07-21 20:24:11 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2022-07-21 20:24:11 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
2022-07-21 20:24:11 0 [Warning] mariadbd: io_uring_queue_init() failed with ENOSYS: check seccomp filters, and the kernel version (newer than 5.1 required)
2022-07-21 20:24:11 0 [Warning] InnoDB: liburing disabled: falling back to innodb_use_native_aio=OFF
2022-07-21 20:24:11 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
2022-07-21 20:24:11 0 [Note] InnoDB: Completed initialization of buffer pool
2022-07-21 20:24:11 0 [Note] InnoDB: File system buffers for log disabled (block size=512 bytes)
2022-07-21 20:24:11 0 [Note] InnoDB: 128 rollback segments are active.
2022-07-21 20:24:11 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
2022-07-21 20:24:11 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
2022-07-21 20:24:11 0 [Note] InnoDB: log sequence number 46709; transaction id 14
2022-07-21 20:24:11 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2022-07-21 20:24:11 0 [Note] Plugin 'FEEDBACK' is disabled.
2022-07-21 20:24:11 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
2022-07-21 20:24:11 0 [Note] Server socket created on IP: '0.0.0.0'.
2022-07-21 20:24:11 0 [Note] Server socket created on IP: '::'.
2022-07-21 20:24:11 0 [Note] InnoDB: Buffer pool(s) load completed at 220721 20:24:11
2022-07-21 20:24:11 0 [Note] mariadbd: ready for connections.
Version: '10.8.3-MariaDB-1:10.8.3+maria~jammy'  socket: '/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution

[holema]

could you send me the file which is located in the keycloak directory. there must be a realm export. You can send this file to entwicklung@h2-invent.com, because there are some credentials in there.

end can you give me the docker inpect for the keycloak. That would be great

[holema]

And you can have a look in the docker-entrypoint-init-db directory. There must be a file with the secrets for the database. this passwords have to match with the password set in the docker inspect environments.

[holema]

thanks. I downloaded it can you add this line to the docker compse: under service.keycloak.environment JDBC_PARAMS: "useSSL=false"

[dvision1979]

[holema]

exactly

[holema]

i found the error. I will just create a hotfix. give me 5 minutes

[dvision1979]

Take your time, I'm here 💯

[holema]

try

git fetch
git add .
git stash
git checkout hotfix/keycloak_db_host
bash installDocker.sh

[holema]

you can delete the post with files you uploaded. https://github.com/H2-invent/jitsi-admin/issues/323#issuecomment-1191907714

[holema]

could you give me the docker inspect of the container. and there the environments

[holema]

could you send me the database inspect. thats all realy strange, because the queus and the jitsi-admin could establish a connection.

[dvision1979]

Which linux flavor do you prefer for the host? In the docs it was mentioned debian 10, so that's what I am using.

[dvision1979]

docker-compose down -v
docker image prune

and then rebuild, right?

[holema]

docker-compose-down -v
docker system prune -a
git add .
git stash
bash installDocker.sh

[holema]

Is the error still there?

[dvision1979]

yes

[holema]

is the hostname and the db_addr in the inpect now the same? docker inspect <keycloakcontainer> | grep -i "db_addr" docker inspect <dbcontainer> |grep -i "hostname"

[dvision1979]

checking

[dvision1979]

[holema]

okay, so the first problem is solved :) keycloak log ist still throwing the same error?

[dvision1979]

retrying now with JDBC_PARAMS: "useSSL=false" added to keycloak. Yes, still crashes and stops.

[holema]

do you have a ssh connection, so i can have a look on the server thats so strange.

[dvision1979]

sure, just a sec to set it up

[dvision1979]

got it?

[holema]

thanks. i`m on the server

[dvision1979]

right now is still building [EDIT] and it crashed again

[dvision1979]

the source is checkout at root@webconference:~/docker/jitsi-admin#

[holema]

I found it already. did it also take so long for becoming healty:

[dvision1979]

yes it did

[holema]

normay it schould be finished after at least 40sec. so there it seems to be the first problem. I just take a look

[dvision1979]

take your time 👍

[dvision1979]

could container_name: ... help, in the db-ja section of the docker-compose?

[holema]

I try to rebuild it now with the same settings in the docker.conf I have in my environment

[holema]

could container_name: ... help, in the db-ja section of the docker-compose?

normaly only the hostname is important to route through the internal network.

[dvision1979]

roger that

[holema]

was it hanging also on step16 when you start the build?

[dvision1979]

what's on step 16? some chmod or chown? because yes it was

[holema]

yes it to one minute. I dont know why. normaly this takes only seconds. I saw the server is huge. normaly it should deploy it in seconds.