search

keycloak / keycloak-operator

ARCHIVED Kubernetes Operator for the no longer supported WildFly distribution of Keycloak
Apache License 2.0
432 stars 280 forks source link

expired certificate during upgrade #434

Closed lucamaf closed 2 years ago

lucamaf commented 2 years ago

Describe the bug

I have keycloak installed using the Operator on top of Openshift 4.9 and I upgraded recently from version 15 to version 16 and keycloak won't start with the following error in the logs:

18:10:01,755 WARN [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY00024: Certificate [dstrootcax3] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Thu Sep 30 14:01:15 GMT 2021

I suspect it depends on a secret created with the first installation of keycloak operator (version 13)

Version

16

Expected behavior

complete the upgrade using the operator correctly and seeing the keycloak pod starting up correctly

Actual behavior

No response

How to Reproduce?

No response

Anything else?

No response

jonathanvila commented 2 years ago

Hi @lucamaf , thank you for reporting this issue.

This is a warning , and in theory should not stop KC from starting.

In order to investigate better the issue ... are you using the keycloak-metrics-spi extension ? you can check the Keycloak CR. Do you see any other errors in the log ? ( can you attach it here ? )

Thank you.

titansmc commented 2 years ago

I am having the same warning, the service seems to start properly, but it never goes through the probe:

Added 'admin' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user
-b 0.0.0.0
=========================================================================

  Using PostgreSQL database

=========================================================================

11:58:48,675 INFO  [org.jboss.modules] (CLI command executor) JBoss Modules version 1.12.0.Final
11:58:48,717 INFO  [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.13.Final
11:58:48,723 INFO  [org.jboss.threads] (CLI command executor) JBoss Threads version 2.4.0.Final
11:58:48,796 INFO  [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) starting
11:58:48,844 INFO  [org.jboss.vfs] (MSC service thread 1-1) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
11:58:49,324 INFO  [org.wildfly.security] (ServerService Thread Pool -- 18) ELY00001: WildFly Elytron version 1.17.1.Final
11:58:49,954 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY00023: KeyStore file '/opt/jboss/keycloak/standalone/configuration/application.keystore' does not exist. Used blank.
11:58:49,959 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY01084: KeyStore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
11:58:49,979 INFO  [org.jboss.as.patching] (MSC service thread 1-2) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
11:58:50,053 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
11:58:50,054 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) started in 1373ms - Started 49 of 72 services (24 services are lazy, passive or on-demand)
The batch executed successfully
11:58:50,166 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) stopped in 8ms
11:58:51,244 INFO  [org.jboss.modules] (CLI command executor) JBoss Modules version 1.12.0.Final
11:58:51,284 INFO  [org.jboss.msc] (CLI command executor) JBoss MSC version 1.4.13.Final
11:58:51,289 INFO  [org.jboss.threads] (CLI command executor) JBoss Threads version 2.4.0.Final
11:58:51,361 INFO  [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) starting
11:58:51,408 INFO  [org.jboss.vfs] (MSC service thread 1-1) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
11:58:51,931 INFO  [org.wildfly.security] (ServerService Thread Pool -- 21) ELY00001: WildFly Elytron version 1.17.1.Final
11:58:52,541 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY00023: KeyStore file '/opt/jboss/keycloak/standalone/configuration/application.keystore' does not exist. Used blank.
11:58:52,545 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY01084: KeyStore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
11:58:52,558 INFO  [org.jboss.as.patching] (MSC service thread 1-2) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
11:58:52,648 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
11:58:52,649 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) started in 1401ms - Started 49 of 79 services (31 services are lazy, passive or on-demand)
The batch executed successfully
11:58:52,755 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) stopped in 8ms
Creating Keycloak truststore..
Keycloak truststore successfully created at: /opt/jboss/keycloak/standalone/configuration/keystores/truststore.jks
Warning: use -cacerts option to access cacerts keystore
Importing certificates from system's Java CA certificate bundle into Keycloak truststore..
Successfully imported certificates from system's Java CA certificate bundle into Keycloak truststore at: /opt/jboss/keycloak/standalone/configuration/keystores/truststore.jks
Setting JGroups discovery to dns.DNS_PING with properties {dns_query=>keycloak-discovery.keycloak-operator}
Setting cache owners to 2 replicas
Enabling replication of AuthenticationSessions with 2 replicas
=========================================================================

  JBoss Bootstrap Environment

  JBOSS_HOME: /opt/jboss/keycloak

  JAVA: java

  JAVA_OPTS:  -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true   --add-exports=java.desktop/sun.awt=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.management/javax.management=ALL-UNNAMED --add-opens=java.naming/javax.naming=ALL-UNNAMED

=========================================================================

11:59:14,936 INFO  [org.jboss.modules] (main) JBoss Modules version 1.12.0.Final
11:59:15,282 INFO  [org.jboss.msc] (main) JBoss MSC version 1.4.13.Final
11:59:15,288 INFO  [org.jboss.threads] (main) JBoss Threads version 2.4.0.Final
11:59:15,382 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) starting
11:59:15,443 INFO  [org.jboss.vfs] (MSC service thread 1-1) VFS000002: Failed to clean existing content for temp file provider of type temp. Enable DEBUG level log to find what caused this
11:59:15,892 INFO  [org.wildfly.security] (ServerService Thread Pool -- 21) ELY00001: WildFly Elytron version 1.17.1.Final
11:59:16,430 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
11:59:16,447 INFO  [org.xnio] (MSC service thread 1-2) XNIO version 3.8.4.Final
11:59:16,451 INFO  [org.xnio.nio] (MSC service thread 1-2) XNIO NIO Implementation Version 3.8.4.Final
11:59:16,479 INFO  [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 5.0.23.Final
11:59:16,494 INFO  [org.jboss.as.clustering.jgroups] (ServerService Thread Pool -- 42) WFLYCLJG0001: Activating JGroups subsystem. JGroups version 4.2.11
11:59:16,509 INFO  [org.jboss.as.jaxrs] (ServerService Thread Pool -- 40) WFLYRS0016: RESTEasy version 4.7.2.Final
11:59:16,517 WARN  [org.jboss.as.txn] (ServerService Thread Pool -- 53) WFLYTX0013: The node-identifier attribute on the /subsystem=transactions is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique.
11:59:16,530 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 38) WFLYCLINF0001: Activating Infinispan subsystem.
11:59:16,535 INFO  [org.jboss.as.naming] (ServerService Thread Pool -- 49) WFLYNAM0001: Activating Naming Subsystem
11:59:16,538 INFO  [org.wildfly.extension.metrics] (ServerService Thread Pool -- 47) WFLYMETRICS0001: Activating Base Metrics Subsystem
11:59:16,540 INFO  [org.wildfly.extension.health] (ServerService Thread Pool -- 37) WFLYHEALTH0001: Activating Base Health Subsystem
11:59:16,542 INFO  [org.wildfly.extension.io] (ServerService Thread Pool -- 39) WFLYIO001: Worker 'default' has auto-configured to 2 IO threads with 16 max task threads based on your 1 available processors
11:59:16,571 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 1.4)
11:59:16,590 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0005: Deploying non-JDBC-compliant driver class org.postgresql.Driver (version 42.2)
11:59:16,644 WARN  [org.wildfly.clustering.web.undertow] (ServerService Thread Pool -- 54) WFLYCLWEBUT0007: No routing provider found for default-server; using legacy provider based on static configuration
11:59:16,653 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0003: Undertow 2.2.12.Final starting
11:59:16,654 INFO  [org.jboss.as.connector] (MSC service thread 1-1) WFLYJCA0009: Starting Jakarta Connectors Subsystem (WildFly/IronJacamar 1.5.2.Final)
11:59:16,682 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = postgresql
11:59:16,683 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = h2
11:59:16,683 INFO  [org.jboss.as.naming] (MSC service thread 1-1) WFLYNAM0003: Starting Naming Service
11:59:16,687 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 54) WFLYUT0014: Creating file handler for path '/opt/jboss/keycloak/welcome-content' with options [directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]']
11:59:16,714 INFO  [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0481: Strict pool slsb-strict-max-pool is using a max instance size of 16 (per class), which is derived from thread worker pool sizing.
11:59:16,715 INFO  [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0482: Strict pool mdb-strict-max-pool is using a max instance size of 4 (per class), which is derived from the number of CPUs on this host.
11:59:16,734 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-1) WFLYMAIL0001: Bound mail session [java:jboss/mail/Default]
11:59:16,768 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY00023: KeyStore file '/opt/jboss/keycloak/standalone/configuration/application.keystore' does not exist. Used blank.
11:59:16,788 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY01084: KeyStore /opt/jboss/keycloak/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
11:59:17,014 INFO  [org.jboss.as.patching] (MSC service thread 1-2) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
11:59:17,026 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0012: Started server default-server.
11:59:17,038 INFO  [org.jboss.as.server.deployment.scanner] (MSC service thread 1-2) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/jboss/keycloak/standalone/deployments
11:59:17,050 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
11:59:17,070 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY00024: Certificate [dstrootcax3] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Thu Sep 30 14:01:15 GMT 2021
    at java.base/sun.security.x509.CertificateValidity.valid(CertificateValidity.java:277)
    at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:675)
    at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:648)
    at org.wildfly.extension.elytron@17.0.3.Final//org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:230)
    at org.wildfly.extension.elytron@17.0.3.Final//org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:192)
    at org.jboss.msc@1.4.13.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
    at org.jboss.msc@1.4.13.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
    at org.jboss.msc@1.4.13.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1363)
    at java.base/java.lang.Thread.run(Thread.java:829)

11:59:17,070 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY00024: Certificate [globalsignrootca-r2] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Wed Dec 15 08:00:00 GMT 2021
    at java.base/sun.security.x509.CertificateValidity.valid(CertificateValidity.java:277)
    at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:675)
    at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:648)
    at org.wildfly.extension.elytron@17.0.3.Final//org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:230)
    at org.wildfly.extension.elytron@17.0.3.Final//org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:192)
    at org.jboss.msc@1.4.13.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
    at org.jboss.msc@1.4.13.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
    at org.jboss.msc@1.4.13.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1363)
    at java.base/java.lang.Thread.run(Thread.java:829)

11:59:17,071 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-1) WFLYELY00024: Certificate [cybertrustglobalroot] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Wed Dec 15 08:00:00 GMT 2021
    at java.base/sun.security.x509.CertificateValidity.valid(CertificateValidity.java:277)
    at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:675)
    at java.base/sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:648)
    at org.wildfly.extension.elytron@17.0.3.Final//org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:230)
    at org.wildfly.extension.elytron@17.0.3.Final//org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:192)
    at org.jboss.msc@1.4.13.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
    at org.jboss.msc@1.4.13.Final//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
    at org.jboss.msc@1.4.13.Final//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
    at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1363)
    at java.base/java.lang.Thread.run(Thread.java:829)

11:59:17,081 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow AJP listener ajp listening on 0.0.0.0:8009
11:59:17,083 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTP listener default listening on 0.0.0.0:8080
11:59:17,083 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) Queuing requests.
11:59:17,083 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0018: Host default-host starting
11:59:17,089 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443
11:59:17,096 INFO  [org.jboss.as.ejb3] (MSC service thread 1-1) WFLYEJB0493: Jakarta Enterprise Beans subsystem suspension complete
11:59:17,103 INFO  [org.jboss.modcluster] (ServerService Thread Pool -- 56) MODCLUSTER000001: Initializing mod_cluster version 1.4.3.Final
11:59:17,107 INFO  [org.jboss.modcluster] (ServerService Thread Pool -- 56) MODCLUSTER000032: Listening to proxy advertisements on /224.0.1.105:23364
11:59:17,179 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS]
11:59:17,179 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]
11:59:20,432 INFO  [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 56) keycloak-0: no members discovered after 3006 ms: creating cluster as coordinator
11:59:20,793 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 57) ISPN000128: Infinispan version: Infinispan 'Taedonggang' 12.1.7.Final
11:59:20,793 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 60) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
11:59:20,793 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 57) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
11:59:20,794 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 56) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
11:59:20,796 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 58) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
11:59:20,826 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 59) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
11:59:20,934 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000078: Starting JGroups channel ejb
11:59:20,935 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 57) ISPN000078: Starting JGroups channel ejb
11:59:20,935 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 59) ISPN000078: Starting JGroups channel ejb
11:59:20,934 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 58) ISPN000078: Starting JGroups channel ejb
11:59:20,934 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 56) ISPN000078: Starting JGroups channel ejb
11:59:20,938 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 59) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
11:59:20,938 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
11:59:20,938 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 56) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
11:59:20,939 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 57) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
11:59:20,940 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 58) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
11:59:20,943 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.133.78.38:7600]
11:59:20,957 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 57) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.133.78.38:7600]
11:59:20,957 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 59) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.133.78.38:7600]
11:59:20,958 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 58) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.133.78.38:7600]
11:59:20,959 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 56) ISPN000079: Channel ejb local address is keycloak-0, physical addresses are [10.133.78.38:7600]
11:59:20,986 INFO  [org.infinispan.CONFIG] (MSC service thread 1-2) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
11:59:20,988 INFO  [org.infinispan.CONFIG] (MSC service thread 1-2) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
11:59:21,142 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 58) WFLYCLINF0002: Started http-remoting-connector cache from ejb container
11:59:21,225 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started work cache from keycloak container
11:59:21,229 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0002: Started clientSessions cache from keycloak container
11:59:21,233 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 58) WFLYCLINF0002: Started authenticationSessions cache from keycloak container
11:59:21,233 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0002: Started offlineClientSessions cache from keycloak container
11:59:21,234 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started offlineSessions cache from keycloak container
11:59:21,236 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started actionTokens cache from keycloak container
11:59:21,255 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started sessions cache from keycloak container
11:59:21,256 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 59) WFLYCLINF0002: Started loginFailures cache from keycloak container
11:59:21,264 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 56) WFLYCLINF0002: Started keys cache from keycloak container
11:59:21,264 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0002: Started authorization cache from keycloak container
11:59:21,264 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started users cache from keycloak container
11:59:21,265 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0002: Started realms cache from keycloak container
11:59:21,319 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
11:59:21,716 INFO  [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0001: Loading config from standalone.xml or domain.xml
11:59:22,087 INFO  [org.keycloak.url.DefaultHostnameProviderFactory] (ServerService Thread Pool -- 67) Frontend: <request>, Admin: <frontend>, Backend: <request>
11:59:22,369 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started realmRevisions cache from keycloak container
11:59:22,373 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started userRevisions cache from keycloak container
11:59:22,377 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container
11:59:22,378 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 67) Node name: keycloak-0, Site name: null
11:59:23,087 INFO  [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (ServerService Thread Pool -- 67) Database info: {databaseUrl=jdbc:postgresql://keycloak-postgresql.keycloak-operator:5432/keycloak, databaseUser=postgres, databaseProduct=PostgreSQL 13.3, databaseDriver=PostgreSQL JDBC Driver 42.2.5}
11:59:23,891 INFO  [org.hibernate.jpa.internal.util.LogHelper] (ServerService Thread Pool -- 67) HHH000204: Processing PersistenceUnitInfo [
    name: keycloak-default
    ...]
11:59:23,936 INFO  [org.hibernate.Version] (ServerService Thread Pool -- 67) HHH000412: Hibernate Core {5.3.23.Final}
11:59:23,937 INFO  [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 67) HHH000206: hibernate.properties not found
11:59:24,053 INFO  [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 67) HCANN000001: Hibernate Commons Annotations {5.0.5.Final}
11:59:24,170 INFO  [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 67) HHH000400: Using dialect: org.hibernate.dialect.PostgreSQL95Dialect
11:59:24,317 INFO  [org.hibernate.engine.jdbc.env.internal.LobCreatorBuilderImpl] (ServerService Thread Pool -- 67) HHH000424: Disabling contextual LOB creation as createClob() method threw error : java.lang.reflect.InvocationTargetException
11:59:24,321 INFO  [org.hibernate.type.BasicTypeRegistry] (ServerService Thread Pool -- 67) HHH000270: Type registration [java.util.UUID] overrides previous : org.hibernate.type.UUIDBinaryType@e03ba8c
11:59:24,324 INFO  [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 67) Envers integration enabled? : true
11:59:24,499 INFO  [org.hibernate.orm.beans] (ServerService Thread Pool -- 67) HHH10005002: No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader.
11:59:24,677 INFO  [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 67) HV000001: Hibernate Validator 6.0.22.Final
11:59:25,507 INFO  [org.hibernate.hql.internal.QueryTranslatorFactoryInitiator] (ServerService Thread Pool -- 67) HHH000397: Using ASTQueryTranslatorFactory
11:59:26,104 INFO  [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0006: Importing users from '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'
11:59:26,243 WARN  [org.keycloak.services] (ServerService Thread Pool -- 67) KC-SERVICES0104: Not creating user admin. It already exists.
11:59:26,871 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication
11:59:26,872 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication
11:59:26,872 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication
11:59:26,873 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakSecurityHeadersFilter from Application class org.keycloak.services.resources.KeycloakApplication
11:59:26,873 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication
11:59:26,873 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication
11:59:26,873 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication
11:59:26,873 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002210: Adding provider singleton org.keycloak.services.util.ObjectMapperResolver from Application class org.keycloak.services.resources.KeycloakApplication
11:59:26,873 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RealmsResource from Application class org.keycloak.services.resources.KeycloakApplication
11:59:26,873 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 67) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RobotsResource from Application class org.keycloak.services.resources.KeycloakApplication
11:59:26,929 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 67) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
11:59:26,981 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
11:59:27,033 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
11:59:27,035 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 16.0.0 (WildFly Core 17.0.3.Final) started in 12383ms - Started 676 of 978 services (696 services are lazy, passive or on-demand)
11:59:27,036 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://0.0.0.0:9990/management
11:59:27,037 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://0.0.0.0:9990
lucamaf commented 2 years ago

in my case the service is never starting but it is crash looping I attached the full log here https://gist.githubusercontent.com/lucamaf/a44754e389d21806ee44a70a0cc5210d/raw/5ad34f185bead9d3cb2633c34e9ab7f291899d14/keycloak-log I can confirm I'm using the keycloak metrics extension

jonathanvila commented 2 years ago

Hi @lucamaf Can you remove the extension and see if affects ? ( edit the Keycloak CR and comment out the extension )

lucamaf commented 2 years ago

that did the trick actually, now I have it running!

On Wed, Dec 22, 2021 at 3:39 PM Jonathan Vila @.***> wrote:

Hi @lucamaf https://github.com/lucamaf Can you remove the extension and see if affects ? ( edit the Keycloak CR and comment out the extension )

— Reply to this email directly, view it on GitHub https://github.com/keycloak/keycloak-operator/issues/434#issuecomment-999625006, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANFTI7DUG3EFTDXRRFTDWTUSHPLHANCNFSM5KR7E56Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

--

LUCA MATTIA FERRARI

EMEA SENIOR SOLUTION ARCHITECT, ITILV3

Red Hat Spain https://www.redhat.com/

travessera de Gracia, 11

08021, Barcelona

@.*** M: +34-653-225-181 http://redhatemailsignature-marketing.itos.redhat.com/

titansmc commented 2 years ago

I have just removed my extention (a theme we have developed ) but it doesn't get any better, what did you do ? @lucamaf

lucamaf commented 2 years ago

I just commented out the whole extension part in the yaml definition (I just had the metric extension)

jonathanvila commented 2 years ago

Hi A new version of the metric extension has been released fixing this issue with Keycloak 16.0.0 ( due to Wildfly 25 )

Please can you point your extension to : https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar

Thank you

andreaTP commented 2 years ago

Seems this issue is resolved, please feel free to re-open if that's not the case.