search

codecentric / helm-charts

A curated set of Helm charts brought to you by codecentric
Apache License 2.0
611 stars 598 forks source link

keycloak with postgres as database crashloops because of password authentication failure #144

Closed gerrit8143 closed 3 years ago

gerrit8143 commented 4 years ago

Hi, i deployed the current keycloak helm chart with postgres support, but keycloak doesn't come up because it can't connect to postgres -> "Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "keycloak""

helm install --name keycloak --namespace keycloak codecentric/keycloak -f values-postgres.yaml

--- values.yaml 2019-11-27 10:02:56.000000000 +0100
+++ values-postgres.yaml    2019-11-27 09:56:59.000000000 +0100
@@ -278,10 +278,10 @@
   ## Persistence configuration
   persistence:
     # If true, the Postgres chart is deployed
-    deployPostgres: false
+    deployPostgres: true

     # The database vendor. Can be either "postgres", "mysql", "mariadb", or "h2"
-    dbVendor: h2
+    dbVendor: postgres

     ## The following values only apply if "deployPostgres" is set to "false"

@@ -319,7 +319,7 @@
   persistence:
     ## Enable PostgreSQL persistence using Persistent Volume Claims.
     ##
-    enabled: false
+    enabled: true

 test:
   enabled: true
Added 'keycloak' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user
/opt/jboss/tools/docker-entrypoint.sh: line 138: append_port_db_addr: command not found
=========================================================================

  Using PostgreSQL database

=========================================================================

09:06:02,219 INFO  [org.jboss.modules] (CLI command executor) JBoss Modules version 1.9.1.Final
09:06:02,312 INFO  [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.8.Final
09:06:02,402 INFO  [org.jboss.threads] (CLI command executor) JBoss Threads version 2.3.3.Final
09:06:02,547 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) starting
09:06:02,626 INFO  [org.jboss.vfs] (MSC service thread 1-2) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
09:06:03,385 INFO  [org.wildfly.security] (ServerService Thread Pool -- 18) ELY00001: WildFly Elytron version 1.9.1.Final
09:06:04,105 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
09:06:04,198 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
09:06:04,321 INFO  [org.jboss.as.patching] (MSC service thread 1-2) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
09:06:04,347 WARN  [org.jboss.as.domain.management.security] (MSC service thread 1-1) WFLYDM0111: Keystore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
09:06:04,434 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
09:06:04,436 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) started in 2209ms - Started 64 of 78 services (29 services are lazy, passive or on-demand)
The batch executed successfully
09:06:04,613 INFO  [org.jboss.as] (MSC service thread 1-1) WFLYSRV0050: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) stopped in 15ms
09:06:06,251 INFO  [org.jboss.modules] (CLI command executor) JBoss Modules version 1.9.1.Final
09:06:06,323 INFO  [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.8.Final
09:06:06,406 INFO  [org.jboss.threads] (CLI command executor) JBoss Threads version 2.3.3.Final
09:06:06,555 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) starting
09:06:06,648 INFO  [org.jboss.vfs] (MSC service thread 1-1) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
09:06:07,459 INFO  [org.wildfly.security] (ServerService Thread Pool -- 21) ELY00001: WildFly Elytron version 1.9.1.Final
09:06:08,395 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
09:06:08,492 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
09:06:08,650 INFO  [org.jboss.as.patching] (MSC service thread 1-2) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
09:06:08,658 WARN  [org.jboss.as.domain.management.security] (MSC service thread 1-2) WFLYDM0111: Keystore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
09:06:08,738 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
09:06:08,739 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) started in 2483ms - Started 64 of 85 services (36 services are lazy, passive or on-demand)
The batch executed successfully
09:06:08,924 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) stopped in 21ms
Executing cli script: /opt/jboss/startup-scripts/keycloak.cli
09:06:10,431 INFO  [org.jboss.modules] (CLI command executor) JBoss Modules version 1.9.1.Final
09:06:10,508 INFO  [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.8.Final
09:06:10,585 INFO  [org.jboss.threads] (CLI command executor) JBoss Threads version 2.3.3.Final
09:06:10,753 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) starting
09:06:10,865 INFO  [org.jboss.vfs] (MSC service thread 1-1) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
09:06:11,666 INFO  [org.wildfly.security] (ServerService Thread Pool -- 18) ELY00001: WildFly Elytron version 1.9.1.Final
09:06:12,356 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
09:06:12,443 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
09:06:12,581 INFO  [org.jboss.as.patching] (MSC service thread 1-1) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
09:06:12,594 WARN  [org.jboss.as.domain.management.security] (MSC service thread 1-2) WFLYDM0111: Keystore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
09:06:12,680 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
09:06:12,682 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) started in 2245ms - Started 64 of 78 services (29 services are lazy, passive or on-demand)
The batch executed successfully
09:06:12,830 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) stopped in 15ms
=========================================================================

  JBoss Bootstrap Environment

  JBOSS_HOME: /opt/jboss/keycloak

  JAVA: /usr/lib/jvm/java/bin/java

  JAVA_OPTS:  -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true 

=========================================================================

09:06:13,546 INFO  [org.jboss.modules] (main) JBoss Modules version 1.9.1.Final
09:06:13,967 INFO  [org.jboss.msc] (main) JBoss MSC version 1.4.8.Final
09:06:13,978 INFO  [org.jboss.threads] (main) JBoss Threads version 2.3.3.Final
09:06:14,143 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) starting
09:06:14,231 INFO  [org.jboss.vfs] (MSC service thread 1-2) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
09:06:14,976 INFO  [org.wildfly.security] (ServerService Thread Pool -- 20) ELY00001: WildFly Elytron version 1.9.1.Final
09:06:15,611 INFO  [org.jboss.as.controller.management-deprecated] (Controller Boot Thread) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/core-service=management/management-interface=http-interface' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
09:06:15,681 INFO  [org.jboss.as.controller.management-deprecated] (ServerService Thread Pool -- 9) WFLYCTL0028: Attribute 'security-realm' in the resource at address '/subsystem=undertow/server=default-server/https-listener=https' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
09:06:15,771 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
09:06:15,793 INFO  [org.xnio] (MSC service thread 1-2) XNIO version 3.7.2.Final
09:06:15,804 INFO  [org.xnio.nio] (MSC service thread 1-2) XNIO NIO Implementation Version 3.7.2.Final
09:06:15,864 INFO  [org.jboss.as.jaxrs] (ServerService Thread Pool -- 39) WFLYRS0016: RESTEasy version 3.7.0.Final
09:06:15,865 INFO  [org.wildfly.extension.io] (ServerService Thread Pool -- 38) WFLYIO001: Worker 'default' has auto-configured to 2 core threads with 16 task threads based on your 1 available processors
09:06:15,867 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 37) WFLYCLINF0001: Activating Infinispan subsystem.
09:06:15,868 INFO  [org.wildfly.extension.microprofile.config.smallrye._private] (ServerService Thread Pool -- 45) WFLYCONF0001: Activating WildFly MicroProfile Config Subsystem
09:06:15,898 INFO  [org.jboss.as.security] (ServerService Thread Pool -- 51) WFLYSEC0002: Activating Security Subsystem
09:06:15,902 INFO  [org.jboss.as.naming] (ServerService Thread Pool -- 48) WFLYNAM0001: Activating Naming Subsystem
09:06:15,903 INFO  [org.wildfly.extension.microprofile.metrics.smallrye] (ServerService Thread Pool -- 47) WFLYMETRICS0001: Activating Eclipse MicroProfile Metrics Subsystem
09:06:15,932 INFO  [org.wildfly.extension.microprofile.health.smallrye] (ServerService Thread Pool -- 46) WFLYHEALTH0001: Activating Eclipse MicroProfile Health Subsystem
09:06:15,989 INFO  [org.jboss.as.security] (MSC service thread 1-2) WFLYSEC0001: Current PicketBox version=5.0.3.Final
09:06:15,992 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 1.4)
09:06:16,060 INFO  [org.jboss.as.connector] (MSC service thread 1-2) WFLYJCA0009: Starting JCA Subsystem (WildFly/IronJacamar 1.4.16.Final)
09:06:16,071 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0005: Deploying non-JDBC-compliant driver class org.postgresql.Driver (version 42.2)
09:06:16,073 WARN  [org.wildfly.clustering.web.undertow] (ServerService Thread Pool -- 54) WFLYCLWEBUT0007: No routing provider found for default-server; using legacy provider based on static configuration
09:06:16,092 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0003: Undertow 2.0.21.Final starting
09:06:16,135 INFO  [io.smallrye.metrics] (MSC service thread 1-1) Converted [2] config entries and added [4] replacements
09:06:16,140 INFO  [io.smallrye.metrics] (MSC service thread 1-1) Converted [3] config entries and added [14] replacements
09:06:16,336 INFO  [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 5.0.12.Final
09:06:16,356 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 54) WFLYUT0014: Creating file handler for path '/opt/jboss/keycloak/welcome-content' with options [directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]']
09:06:16,378 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = postgresql
09:06:16,379 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = h2
09:06:16,426 INFO  [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0482: Strict pool mdb-strict-max-pool is using a max instance size of 4 (per class), which is derived from the number of CPUs on this host.
09:06:16,426 INFO  [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0481: Strict pool slsb-strict-max-pool is using a max instance size of 16 (per class), which is derived from thread worker pool sizing.
09:06:16,443 INFO  [org.jboss.as.naming] (MSC service thread 1-2) WFLYNAM0003: Starting Naming Service
09:06:16,539 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-1) WFLYMAIL0001: Bound mail session [java:jboss/mail/Default]
09:06:16,649 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0012: Started server default-server.
09:06:16,727 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0018: Host default-host starting
09:06:16,785 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTP listener default listening on 0.0.0.0:8080
09:06:16,798 INFO  [org.jboss.as.patching] (MSC service thread 1-1) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
09:06:16,800 INFO  [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0493: EJB subsystem suspension complete
09:06:16,824 WARN  [org.jboss.as.domain.management.security] (MSC service thread 1-2) WFLYDM0111: Keystore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
09:06:16,825 INFO  [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/jboss/keycloak/standalone/deployments
09:06:16,837 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
09:06:17,050 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443
09:06:17,062 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]
09:06:17,062 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS]
09:06:17,246 WARN  [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.keycloak-server.war" is using a private module ("org.kie") which may be changed or removed in future versions without notice.
09:06:17,666 INFO  [org.infinispan.factories.GlobalComponentRegistry] (MSC service thread 1-1) ISPN000128: Infinispan version: Infinispan 'Infinity Minus ONE +2' 9.4.14.Final
09:06:18,305 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 59) WFLYCLINF0002: Started clientSessions cache from keycloak container
09:06:18,309 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0002: Started realms cache from keycloak container
09:06:18,309 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 58) WFLYCLINF0002: Started authorization cache from keycloak container
09:06:18,310 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 56) WFLYCLINF0002: Started offlineSessions cache from keycloak container
09:06:18,310 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0002: Started sessions cache from keycloak container
09:06:18,310 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0002: Started work cache from keycloak container
09:06:18,310 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0002: Started actionTokens cache from keycloak container
09:06:18,310 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started loginFailures cache from keycloak container
09:06:18,311 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started users cache from keycloak container
09:06:18,311 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started offlineClientSessions cache from keycloak container
09:06:18,311 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started keys cache from keycloak container
09:06:18,312 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started authenticationSessions cache from keycloak container
09:06:18,406 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 68) WFLYCLINF0002: Started client-mappings cache from ejb container
09:06:18,432 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
09:06:19,299 INFO  [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0001: Loading config from standalone.xml or domain.xml
09:06:19,858 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started realmRevisions cache from keycloak container
09:06:19,865 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started userRevisions cache from keycloak container
09:06:19,881 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container
09:06:19,882 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 67) Node name: keycloak-0, Site name: null
09:06:20,503 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService Thread Pool -- 67) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
    at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:345)
    at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:352)
    at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:287)
    at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1325)
    at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:499)
    at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:632)
    at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:604)
    at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:624)
    at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:440)
    at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:789)
    at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:151)
    at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:64)
    at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:366)
    at org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lazyInit(LiquibaseDBLockProvider.java:65)
    at org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lambda$waitForLock$2(LiquibaseDBLockProvider.java:96)
    at org.keycloak.models.utils.KeycloakModelUtils.suspendJtaTransaction(KeycloakModelUtils.java:682)
    at org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.waitForLock(LiquibaseDBLockProvider.java:94)
    at org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:144)
    at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
    at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:137)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)
    at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2784)
    at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:364)
    at org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:277)
    at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:89)
    at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:119)
    at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
    at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
    at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
    at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
    at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:303)
    at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:143)
    at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:583)
    at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:554)
    at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
    at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
    at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
    at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:596)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
    at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
    at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
    at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
    at java.lang.Thread.run(Thread.java:748)
    at org.jboss.threads.JBossThread.run(JBossThread.java:485)
Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "keycloak"
    at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:514)
    at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:141)
    at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
    at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
    at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
    at org.postgresql.Driver.makeConnection(Driver.java:454)
    at org.postgresql.Driver.connect(Driver.java:256)
    at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:321)
    ... 55 more

09:06:20,512 INFO  [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server shutdown has been requested via an OS signal
09:06:20,521 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 67) MSC000001: Failed to start service jboss.deployment.unit."keycloak-server.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."keycloak-server.war".undertow-deployment: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
    at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
    at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
    at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
    at java.lang.Thread.run(Thread.java:748)
    at org.jboss.threads.JBossThread.run(JBossThread.java:485)
Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
    at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:164)
    at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2784)
    at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:364)
    at org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:277)
    at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:89)
    at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:119)
    at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
    at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
    at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
    at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
    at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:303)
    at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:143)
    at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:583)
    at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:554)
    at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
    at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
    at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
    at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:596)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)
    at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
    ... 8 more
Caused by: java.lang.RuntimeException: Failed to connect to database
    at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:372)
    at org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lazyInit(LiquibaseDBLockProvider.java:65)
    at org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lambda$waitForLock$2(LiquibaseDBLockProvider.java:96)
    at org.keycloak.models.utils.KeycloakModelUtils.suspendJtaTransaction(KeycloakModelUtils.java:682)
    at org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.waitForLock(LiquibaseDBLockProvider.java:94)
    at org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:144)
    at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
    at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:137)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)
    ... 31 more
Caused by: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
    at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:159)
    at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:64)
    at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:366)
    ... 43 more
Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
    at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:690)
    at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:440)
    at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:789)
    at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:151)
    ... 45 more
Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection
    at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:345)
    at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:352)
    at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:287)
    at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1325)
    at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:499)
    at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:632)
    at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:604)
    at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:624)
    ... 48 more
Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "keycloak"
    at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:514)
    at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:141)
    at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
    at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
    at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
    at org.postgresql.Driver.makeConnection(Driver.java:454)
    at org.postgresql.Driver.connect(Driver.java:256)
    at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:321)
    ... 55 more

09:06:20,531 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0010: Unbound data source [java:jboss/datasources/KeycloakDS]
09:06:20,533 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-1) WFLYMAIL0002: Unbound mail session [java:jboss/mail/Default]
09:06:20,537 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0008: Undertow HTTPS listener https suspending
09:06:20,540 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0007: Undertow HTTPS listener https stopped, was bound to 0.0.0.0:8443
09:06:20,544 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0019: Host default-host stopping
09:06:20,544 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0019: Stopped Driver service with driver-name = postgresql
09:06:20,548 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2) WFLYJCA0010: Unbound data source [java:jboss/datasources/ExampleDS]
09:06:20,551 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-2) WFLYJCA0019: Stopped Driver service with driver-name = h2
09:06:20,554 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 56) WFLYCLINF0003: Stopped work cache from keycloak container
09:06:20,554 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0003: Stopped clientSessions cache from keycloak container
09:06:20,555 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0003: Stopped offlineClientSessions cache from keycloak container
09:06:20,555 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0003: Stopped actionTokens cache from keycloak container
09:06:20,555 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0003: Stopped sessions cache from keycloak container
09:06:20,556 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0003: Stopped authorization cache from keycloak container
09:06:20,557 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0003: Stopped realms cache from keycloak container
09:06:20,557 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0003: Stopped loginFailures cache from keycloak container
09:06:20,557 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0003: Stopped offlineSessions cache from keycloak container
09:06:20,557 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 58) WFLYCLINF0003: Stopped authenticationSessions cache from keycloak container
09:06:20,558 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0003: Stopped keys cache from keycloak container
09:06:20,558 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0003: Stopped users cache from keycloak container
09:06:20,571 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0008: Undertow HTTP listener default suspending
09:06:20,572 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0007: Undertow HTTP listener default stopped, was bound to 0.0.0.0:8080
09:06:20,573 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 68) WFLYCLINF0003: Stopped client-mappings cache from ejb container
09:06:20,575 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0004: Undertow 2.0.21.Final stopping
09:06:20,580 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0028: Stopped deployment keycloak-server.war (runtime-name: keycloak-server.war) in 65ms
09:06:20,587 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException
    at org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$2.execute(MicroProfileMetricsSubsystemAdd.java:86)
    at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
    at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
    at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
    at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1412)
    at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:521)
    at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:472)
    at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:434)
    at org.jboss.as.server.ServerService.boot(ServerService.java:435)
    at org.jboss.as.server.ServerService.boot(ServerService.java:394)
    at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:374)
    at java.lang.Thread.run(Thread.java:748)

09:06:20,590 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.server.DeployerChainAddHandler$FinalRuntimeStepHandler@5d9ef235 for operation add-deployer-chains at address [] failed handling operation rollback -- java.util.concurrent.RejectedExecutionException: java.util.concurrent.RejectedExecutionException
    at org.jboss.threads.RejectingExecutor.execute(RejectingExecutor.java:37)
    at org.jboss.threads.EnhancedQueueExecutor.rejectShutdown(EnhancedQueueExecutor.java:2026)
    at org.jboss.threads.EnhancedQueueExecutor.execute(EnhancedQueueExecutor.java:757)
    at org.jboss.as.controller.notification.NotificationSupports$NonBlockingNotificationSupport.emit(NotificationSupports.java:95)
    at org.jboss.as.controller.OperationContextImpl.notifyModificationBegun(OperationContextImpl.java:876)
    at org.jboss.as.controller.OperationContextImpl.ensureWriteLockForRuntime(OperationContextImpl.java:865)
    at org.jboss.as.controller.OperationContextImpl.removeService(OperationContextImpl.java:638)
    at org.jboss.as.server.DeployerChainAddHandler$FinalRuntimeStepHandler$1.handleRollback(DeployerChainAddHandler.java:135)
    at org.jboss.as.controller.AbstractOperationContext$RollbackDelegatingResultHandler.handleResult(AbstractOperationContext.java:1561)
    at org.jboss.as.controller.AbstractOperationContext$Step.invokeResultHandler(AbstractOperationContext.java:1533)
    at org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1515)
    at org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1472)
    at org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1455)
    at org.jboss.as.controller.AbstractOperationContext$Step.access$400(AbstractOperationContext.java:1319)
    at org.jboss.as.controller.AbstractOperationContext.executeResultHandlerPhase(AbstractOperationContext.java:876)
    at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:756)
    at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
    at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1412)
    at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:521)
    at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:472)
    at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:434)
    at org.jboss.as.server.ServerService.boot(ServerService.java:435)
    at org.jboss.as.server.ServerService.boot(ServerService.java:394)
    at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:374)
    at java.lang.Thread.run(Thread.java:748)
    Suppressed: java.util.concurrent.RejectedExecutionException: Executor is being shut down
        at org.jboss.threads.EnhancedQueueExecutor.rejectShutdown(EnhancedQueueExecutor.java:2028)
        ... 23 more

09:06:20,591 ERROR [org.jboss.as.controller.client] (Controller Boot Thread) WFLYCTL0190: Step handler org.jboss.as.server.DeployerChainAddHandler$FinalRuntimeStepHandler@5d9ef235 for operation add-deployer-chains at address [] failed handling operation rollback -- java.util.concurrent.RejectedExecutionException

vmwiz commented 4 years ago

Same issue here, for me it happen after updating the configuration. Initial deployment works fine but as soon as I redeploy keycloak (without touching to postgresql) I'm getting the same error org.postgresql.util.PSQLException: FATAL: password authentication failed for user "keycloak".

I tought it was because the chart was regenerating a new secret at deployment time so I configured keycloak.persistence.existingSecret and postgresql.existingSecret to a known secret before applying the chart but I'm still getting the same exception.

unguiculus commented 4 years ago

The chart is tested with Postgres, which does work. Here's the values: https://github.com/codecentric/helm-charts/blob/master/charts/keycloak/ci/postgres-ha-values.yaml#L30-L34

It looks like you don't set a password for Postgres. That might be the problem. Could you check that?

gerrit8143 commented 4 years ago

yes, password was not set because i thought it would be set automatically when empty:

  ## PostgreSQL Password for the new user.
  ## If not set, a random 10 characters password will be used.
  ##
  postgresqlPassword: ""

i now tried with password "keycloak" but same problem:

Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "keycloak"

postgresql:
  ### PostgreSQL User to create.
  ##
  postgresqlUsername: keycloak

  ## PostgreSQL Password for the new user.
  ## If not set, a random 10 characters password will be used.
  ##
  postgresqlPassword: "keycloak"

  ## PostgreSQL Database to create.
  ##
  postgresqlDatabase: keycloak

  ## Persistent Volume Storage configuration.
  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
  ##
  persistence:
    ## Enable PostgreSQL persistence using Persistent Volume Claims.
    ##
    enabled: true

i also tried with https://github.com/codecentric/helm-charts/blob/master/charts/keycloak/ci/postgres-ha-values.yaml#L30-L34 but without luck.

unguiculus commented 4 years ago

I can reproduce the problem if I don't set a password. However, if I set it explicitly, it works fine.

unguiculus commented 4 years ago

I'd suggest you always set a passsword to avoid it being regenerated on upgrades.

gerrit8143 commented 4 years ago

i can't get it working even with postgresql password set and a fresh install with the current values.yaml from the repo:

Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "keycloak"

jansmets commented 4 years ago

I did have a $ and ! in the password, using a simple password without special chars seemed to work.

fefi42 commented 4 years ago

I had the same issue. I used a sidecar container to access a postgres on cloud sql. I set the password through a secret using persistence.existingSecret and persistence.existingSecretKey. However this resulted in the password authentication failed for user exception.

Setting the password directly over the persistence.dbPassword fixed it for me.

Is there any explanation for this?

zeph commented 4 years ago

yes @fefi42 and @jansmets , there is a DB_PASSWORD_FILE parameter available, and I fear we have to use it, otherwise ur passwords (and mine) will be shell interpreted...https://hub.docker.com/r/jboss/keycloak/

I'm having fun with sealedsecrets on top of it... I will provide a pull request

do thank #mobivia and #atu for the sponsoring

zeph commented 4 years ago

I will go into the same /secrets folder with a different volume name persistence instead of password (the current http password) https://blog.sebastian-daschner.com/entries/multiple-kubernetes-volumes-directory

zeph commented 4 years ago

p.s. credits for the hint got to @szottE

zeph commented 4 years ago

@unguiculus can you have a look at my patch? https://github.com/codecentric/helm-charts/pull/164 i might pass through MUC on 12/2 if u wanna go for a beer (on my way back to Berlin)

unguiculus commented 4 years ago

@zeph Too bad. I'd love to go for a beer but I'm in Nuremberg on Feb 12 speaking at https://www.meetup.com/de-DE/Kubernetes-Nurnberg/events/267907233/.

zeph commented 4 years ago

@unguiculus I can be there... I'll stop at Brenner PASS on the 11th Feb. night... sleep over, start in the morning and be at Nuremberg on that event too. Pass the night there and leave for Berlin on the morning after. See ya there... please now merge my pull request, I'm struggling also on ArgoCD to use the requirements.yaml properly https://github.com/argoproj/argo-cd/issues/3055

igorfernandes commented 4 years ago

I had the same issue, but my problem was that I use inside keycloak information.

keycloak:
  postgresql:
    postgresqlPassword: keycloak

Postgres need to be outer than the keycloak block.

keycloak:
  replicas: 4

postgresql:
  postgresqlPassword: keycloak

Maybe this helps other people.

oliverkane commented 4 years ago

Hey folks, I just thought I'd point out that I had this issue but it only occurred when I attempted to install outside of the default namespace.

Using these values

init:
  image:
    repository: busybox
    tag: 1.31
    pullPolicy: IfNotPresent
  resources: {}
    # limits:
    #   cpu: "10m"
    #   memory: "32Mi"
    # requests:
    #   cpu: "10m"
    #   memory: "32Mi"

clusterDomain: cluster.local

## Optionally override the fully qualified name
# fullnameOverride: keycloak

## Optionally override the name
# nameOverride: keycloak

keycloak:
  replicas: 1

  image:
    repository: docker.io/jboss/keycloak
    # Overrides the image tag whose default is the chart version.
    tag: ""
    pullPolicy: IfNotPresent

    ## Optionally specify an array of imagePullSecrets.
    ## Secrets must be manually created in the namespace.
    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    ##
    pullSecrets: []
    # - myRegistrKeySecretName

  hostAliases: []
  #  - ip: "1.2.3.4"
  #    hostnames:
  #      - "my.host.com"

  proxyAddressForwarding: true

  enableServiceLinks: false

  podManagementPolicy: Parallel

  restartPolicy: Always

  serviceAccount:
    # Specifies whether a service account should be created
    create: false
    # The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template
    name:

  securityContext:
    fsGroup: 1000

  containerSecurityContext:
    runAsUser: 1000
    runAsNonRoot: true

  ## The path keycloak will be served from. To serve keycloak from the root path, use two quotes (e.g. "").
  basepath: auth

  ## Additional init containers, e. g. for providing custom themes
  extraInitContainers: |
  ## Additional sidecar containers, e. g. for a database proxy, such as Google's cloudsql-proxy
  extraContainers: |
  ## lifecycleHooks defines the container lifecycle hooks
  lifecycleHooks: |
    # postStart:
    #   exec:
    #     command: ["/bin/sh", "-c", "ls"]
  ## Override the default for the Keycloak container, e.g. for clusters with large cache that requires rebalancing.
  terminationGracePeriodSeconds: 60

  ## Additional arguments to start command e.g. -Dkeycloak.import= to load a realm
  extraArgs: ""

  ## Username for the initial Keycloak admin user
  username: keycloak

  ## Password for the initial Keycloak admin user. Applicable only if existingSecret is not set.
  ## If not set, a random 10 characters password will be used
  password: ""

  # Specifies an existing secret to be used for the admin password
  existingSecret: ""

  # The key in the existing secret that stores the password
  existingSecretKey: password

  ## jGroups configuration (only for HA deployment)
  jgroups:
    exposePort: true
    discoveryProtocol: dns.DNS_PING
    discoveryProperties: >
      "dns_query={{ template "keycloak.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}"
  javaToolOptions: >-
    -XX:+UseContainerSupport
    -XX:MaxRAMPercentage=50.0
  ## Allows the specification of additional environment variables for Keycloak
  extraEnv: |
    # - name: KEYCLOAK_LOGLEVEL
    #   value: DEBUG
    # - name: WILDFLY_LOGLEVEL
    #   value: DEBUG
    # - name: CACHE_OWNERS
    #   value: "2"
    # - name: DB_QUERY_TIMEOUT
    #   value: "60"
    # - name: DB_VALIDATE_ON_MATCH
    #   value: true
    # - name: DB_USE_CAST_FAIL
    #   value: false
  affinity: |
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              {{- include "keycloak.selectorLabels" . | nindent 10 }}
            matchExpressions:
              - key: role
                operator: NotIn
                values:
                  - test
          topologyKey: kubernetes.io/hostname
      preferredDuringSchedulingIgnoredDuringExecution:
        - weight: 100
          podAffinityTerm:
            labelSelector:
              matchLabels:
                {{- include "keycloak.selectorLabels" . | nindent 12 }}
              matchExpressions:
                - key: role
                  operator: NotIn
                  values:
                    - test
            topologyKey: failure-domain.beta.kubernetes.io/zone
  nodeSelector: {}
  priorityClassName: ""
  tolerations: []

  ## Additional pod labels
  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
  podLabels: {}

  ## Extra Annotations to be added to pod
  podAnnotations: {}

  livenessProbe: |
    httpGet:
      path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/
      port: http
    initialDelaySeconds: 300
    timeoutSeconds: 5
  readinessProbe: |
    httpGet:
      path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/realms/master
      port: http
    initialDelaySeconds: 30
    timeoutSeconds: 1
  resources: {}
    # limits:
    #   cpu: "100m"
    #   memory: "1024Mi"
    # requests:
    #   cpu: "100m"
    #   memory: "1024Mi"

  ## WildFly CLI configurations. They all end up in the file 'keycloak.cli' configured in the configmap which is
  ## executed on server startup.
  cli:
    enabled: true
    nodeIdentifier: |
      {{ .Files.Get "scripts/node-identifier.cli" }}
    logging: |
      {{ .Files.Get "scripts/logging.cli" }}
    ha: |
      {{ .Files.Get "scripts/ha.cli" }}
    datasource: |
      {{ .Files.Get "scripts/datasource.cli" }}
    # Custom CLI script
    custom: |
  ## Custom startup scripts to run before Keycloak starts up
  startupScripts: {}
    # mystartup.sh: |
    #   #!/bin/sh
    #
    #   echo 'Hello from my custom startup script!'

  ## Add additional volumes and mounts, e. g. for custom themes
  extraVolumes: |
  extraVolumeMounts: |
  ## Add additional ports, eg. for custom admin console
  extraPorts: |
  podDisruptionBudget: {}
    # maxUnavailable: 1
    # minAvailable: 1

  ## Extra annotations to be added to statefulset
  statefulsetAnnotations: {}

  service:
    annotations: {}
    # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"

    labels: {}
    # key: value

    ## ServiceType
    ## ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types
    type: ClusterIP

    ## Optional static port assignment for service type NodePort.
    # nodePort: 30000

    httpPort: 80
    httpNodePort: ""

    httpsPort: 8443
    httpsNodePort: ""

    # Optional: jGroups port for high availability clustering
    jgroupsPort: 7600

    ## Add additional ports, eg. for custom admin console
    extraPorts: |
  ## Ingress configuration.
  ## ref: https://kubernetes.io/docs/user-guide/ingress/
  ingress:
    enabled: true
    path: /

    annotations: {}
      # kubernetes.io/ingress.class: nginx
      # kubernetes.io/tls-acme: "true"
      # ingress.kubernetes.io/affinity: cookie

    labels: {}
    # key: value

    ## List of hosts for the ingress
    hosts:
      - myhost

    ## TLS configuration
    tls: 
     - hosts:
         - myhost
       secretName: myhost-tls

  ## OpenShift route configuration.
  ## ref: https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html
  route:
    enabled: false
    path: /

    annotations: {}
      # kubernetes.io/tls-acme: "true"
      # haproxy.router.openshift.io/disable_cookies: "true"
      # haproxy.router.openshift.io/balance: roundrobin

    labels: {}
      # key: value

    # Host name for the route
    host:

    # TLS configuration
    tls:
      enabled: true
      insecureEdgeTerminationPolicy: Redirect
      termination: edge

  ## Persistence configuration
  persistence:
    # If true, the Postgres chart is deployed
    deployPostgres: true

    # The database vendor. Can be either "postgres", "mysql", "mariadb", or "h2"
    dbVendor: postgres

    ## The following values only apply if "deployPostgres" is set to "false"
    dbName: keycloak
    dbHost: mykeycloak
    dbPort: 5432

    ## Database Credentials are loaded from a Secret residing in the same Namespace as keycloak.
    ## The Chart can read credentials from an existing Secret OR it can provision its own Secret.

    ## Specify existing Secret
    # If set, specifies the Name of an existing Secret to read db credentials from.
    existingSecret: ""
    existingSecretPasswordKey: ""  # read keycloak db password from existingSecret under this Key
    existingSecretUsernameKey: ""  # read keycloak db user from existingSecret under this Key

    ## Provision new Secret
    # Only used if existingSecret is not specified. In this case a new secret is created
    # populated by the variables below.
    dbUser: keycloak
    dbPassword: "sdflkjlkjlkjlkjsdfgsdfgsdfghddftghlikujoiuoiuoiusdfg"

postgresql:
  ### PostgreSQL User to create.
  ##
  postgresqlUsername: keycloak

  ## PostgreSQL Password for the new user.
  ## If not set, a random 10 characters password will be used.
  ##
  postgresqlPassword: "sdflkjlkjlkjlkjsdfgsdfgsdfghddftghlikujoiuoiuoiusdfg"

  ## PostgreSQL Database to create.
  ##
  postgresqlDatabase: keycloak

  ## Persistent Volume Storage configuration.
  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
  ##
  persistence:
    ## Enable PostgreSQL persistence using Persistent Volume Claims.
    ##
    enabled: true

test:
  enabled: false
  image:
    repository: unguiculus/docker-python3-phantomjs-selenium
    tag: v1
    pullPolicy: IfNotPresent
  securityContext:
    fsGroup: 1000
  containerSecurityContext:
    runAsUser: 1000
    runAsNonRoot: true

prometheus:
  operator:
    ## Are you using Prometheus Operator?
    enabled: false

    serviceMonitor:
      ## Optionally set a target namespace in which to deploy serviceMonitor
      namespace: ""

      ## Additional labels to add to the ServiceMonitor so it is picked up by the operator.
      ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release.
      selector:
        release: prometheus

      ## Interval at which Prometheus scrapes metrics
      interval: 10s

      ## Timeout at which Prometheus timeouts scrape run
      scrapeTimeout: 10s

      ## The path to scrape
      path: /auth/realms/master/metrics

    prometheusRules:
      ## Add Prometheus Rules?
      enabled: false

      ## Additional labels to add to the PrometheusRule so it is picked up by the operator.
      ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator'
      selector:
        app: prometheus-operator
        release: prometheus

      ## Some example rules.
      rules: {}
      #  - alert: keycloak-IngressHigh5xxRate
      #    annotations:
      #      message: The percentage of 5xx errors for keycloak over the last 5 minutes is over 1%.
      #    expr: (sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak",status=~"5[0-9]{2}"}[1m]))/sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak"}[1m])))*100 > 1
      #    for: 5m
      #    labels:
      #      severity: warning
      #  - alert: keycloak-IngressHigh5xxRate
      #    annotations:
      #      message: The percentage of 5xx errors for keycloak over the last 5 minutes is over 5%.
      #    expr: (sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak",status=~"5[0-9]{2}"}[1m]))/sum(rate(nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak"}[1m])))*100 > 5
      #    for: 5m
      #    labels:
      #      severity: critical
ghost commented 3 years ago

I too have the same issue as @oliverkane

I needed to run a temp keycloak for testing, and i thought i would do it in another namespace but got the same org.postgresql.util.PSQLException: FATAL: password authentication failed for user "keycloak" error.

chart version: 11.5 keycloak: 8.0.0

In addition when running the same helm chart targeting the keycloak namespace, it works fine.

maxdebayser commented 3 years ago

I had the same problem. In my case it turned out that the postgres init scripts were slower than expected in my environment, so the readiness or liveness probe killed the pod before the user initialization was complete. When the pod came back, the init scripts assumed that the initialization was ready because the data directory was populated.

oliverkane commented 3 years ago

For what it's worth, I've been using ORY's stack in development. Keycloak has been wonderful in production, because of all the features it offers, but for development it's just far too slow and hungry in terms of resources (2 gigs to start up?! and like a minute on modest hardware). If you don't mind building out some basic UI or using their examples with a bit of forking, they're cloud native and I've been very happy with them.

https://www.ory.sh/hydra

github-actions[bot] commented 3 years ago

This issue has been marked as stale because it has been open for 30 days with no activity. It will be automatically closed in 10 days if no further activity occurs.

fuomag9 commented 2 years ago

Same issue here, I can't manage to fix it