Theme downloaded but not deployed as expected

[sirockin]

Describe the bug

I have specified my keycloak instance as follows with a link to a .jar file containing an external theme defining login pages (flow-light), packaged as specified here.

Seperately I have specified a realm resource with loginTheme: flow-light

extensions-init container runs before main keycloak pod and downloads specified jar file. But when I navigate to the realm's login, instead of seeing the configured theme, I see the standard theme, and an error message in the keycloak pod:

21:57:39,004 ERROR [org.keycloak.theme.DefaultThemeManager] (default task-3) Failed to find LOGIN theme flow-light, using built-in themes

Version

• quay.io/keycloak/keycloak-operator:18.0.2-legacy
• quay.io/keycloak/keycloak-init-container:18.0.2-legacy
• quay.io/keycloak/keycloak:18.0.2-legacy

Expected behavior

Theme should used for my realm login

Actual behavior

Theme download but, keycloak pod log shows an error when the login screen is displayed indicating that it can't find the theme.

How to Reproduce?

Copy and apply CRDs and operator.yaml from repo.

Apply the following keycloak and realm files:

apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
  name: mykeycloak
  labels:
    app: mykeycloak
spec:
  instances: 1
  externalAccess:
    enabled: false
  extensions:
    - https://flow-systems.gitlab.io/flow-cloud/ui/spa/flow-keycloak-theme-0.jar    

--- 
apiVersion: keycloak.org/v1alpha1
kind: KeycloakRealm
metadata:
  name: flow-cloud-realm
  labels:
    realm: flow-cloud-realm
spec:
  realm:
    realm: "flow-cloud"
    enabled: True
    displayName: "Flow Cloud"
    registrationAllowed: true
    rememberMe: true
    resetPasswordAllowed: true
    editUsernameAllowed: true
    loginTheme: flow-light
  instanceSelector:
    matchLabels:
      app: mykeycloak

Anything else?

Although the symptoms are similar to https://github.com/keycloak/keycloak-operator/issues/449, in my case, I see no log in the main container indicating that the jar file has been installed.

Theme at https://flow-systems.gitlab.io/flow-cloud/ui/spa/flow-keycloak-theme-0.jar as per yaml above.

Logs from extensions-init container:

Target directory: /opt/extensions

Downloading extension from https://flow-systems.gitlab.io/flow-cloud/ui/spa/flow-keycloak-theme-0.jar
Extension downloaded successfully
 -->  16 15 04 bb dd d3 7d 85.jar

All extensions downloaded successfully

When I exec into the keycloak-0 pod there is no /opt/exensions directory and the themes folder does not show my theme:

sh-4.4$ ls /opt
jboss
sh-4.4$ ls /opt/jboss/keycloak/themes
base  keycloak  keycloak.v2  README.txt

Logs from keycloak-0 pod:

08:08:12,172 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0012: Started server default-server.
08:08:12,185 INFO  [org.jboss.as.patching] (MSC service thread 1-2) WFLYPAT0050: Keycloak cumulative patch ID is: base, one-off patches include: none
08:08:12,255 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
08:08:12,253 INFO  [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/jboss/keycloak/standalone/deployments
08:08:12,263 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) Queuing requests.
08:08:12,264 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0018: Host default-host starting
08:08:12,258 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0027: Starting deployment of " 16 15 04 bb dd d3 7d 85.jar" (runtime-name: " 16 15 04 bb dd d3 7d 85.jar")
08:08:12,400 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0006: Undertow AJP listener ajp listening on 0.0.0.0:8009
08:08:12,405 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443
08:08:12,409 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0006: Undertow HTTP listener default listening on 0.0.0.0:8080
08:08:12,464 INFO  [org.jboss.as.ejb3] (MSC service thread 1-2) WFLYEJB0493: Jakarta Enterprise Beans subsystem suspension complete
08:08:12,716 INFO  [org.jboss.modcluster] (ServerService Thread Pool -- 56) MODCLUSTER000001: Initializing mod_cluster version 1.4.4.Final
08:08:12,752 INFO  [org.jboss.modcluster] (ServerService Thread Pool -- 56) MODCLUSTER000032: Listening to proxy advertisements on /224.0.1.105:23364
08:08:14,026 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-1) WFLYJCA0001: Bound data source [java:jboss/datasources/KeycloakDS]
08:08:14,061 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS]
08:08:18,443 INFO  [org.jgroups.protocols.pbcast.GMS] (ServerService Thread Pool -- 57) keycloak-0: no members discovered after 3123 ms: creating cluster as coordinator
08:08:20,028 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 57) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.10.Final
08:08:20,175 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 60) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
08:08:20,178 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 59) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
08:08:20,188 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 61) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller'
08:08:20,185 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 57) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
08:08:20,182 INFO  [org.infinispan.CONTAINER] (ServerService Thread Pool -- 56) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
08:08:20,523 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 59) ISPN000078: Starting JGroups channel `ejb`
08:08:20,523 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 56) ISPN000078: Starting JGroups channel `ejb`
08:08:20,522 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 61) ISPN000078: Starting JGroups channel `ejb`
08:08:20,526 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 57) ISPN000078: Starting JGroups channel `ejb`
08:08:20,533 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 59) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
08:08:20,535 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 57) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
08:08:20,534 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 56) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
08:08:20,534 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000078: Starting JGroups channel `ejb`
08:08:20,533 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 61) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
08:08:20,539 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000094: Received new cluster view for channel ejb: [keycloak-0|0] (1) [keycloak-0]
08:08:20,566 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 56) ISPN000079: Channel `ejb` local address is `keycloak-0`, physical addresses are `[10.244.1.84:7600]`
08:08:20,572 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 59) ISPN000079: Channel `ejb` local address is `keycloak-0`, physical addresses are `[10.244.1.84:7600]`
08:08:20,583 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 57) ISPN000079: Channel `ejb` local address is `keycloak-0`, physical addresses are `[10.244.1.84:7600]`
08:08:20,591 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 60) ISPN000079: Channel `ejb` local address is `keycloak-0`, physical addresses are `[10.244.1.84:7600]`
08:08:20,609 INFO  [org.infinispan.CLUSTER] (ServerService Thread Pool -- 61) ISPN000079: Channel `ejb` local address is `keycloak-0`, physical addresses are `[10.244.1.84:7600]`
08:08:22,069 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0002: Started clientSessions cache from keycloak container
08:08:22,048 INFO  [org.infinispan.CONFIG] (MSC service thread 1-2) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
08:08:22,081 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 57) WFLYCLINF0002: Started offlineSessions cache from keycloak container
08:08:22,103 INFO  [org.infinispan.CONFIG] (MSC service thread 1-2) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
08:08:22,116 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 56) WFLYCLINF0002: Started sessions cache from keycloak container
08:08:22,178 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0002: Started offlineClientSessions cache from keycloak container
08:08:22,181 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 59) WFLYCLINF0002: Started loginFailures cache from keycloak container
08:08:22,237 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 68) WFLYCLINF0002: Started authorization cache from keycloak container
08:08:22,239 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0002: Started users cache from keycloak container
08:08:22,243 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0002: Started authenticationSessions cache from keycloak container
08:08:22,241 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 63) WFLYCLINF0002: Started actionTokens cache from keycloak container
08:08:22,240 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0002: Started work cache from keycloak container
08:08:22,244 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0002: Started keys cache from keycloak container
08:08:22,262 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started realms cache from keycloak container
08:08:22,393 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 69) WFLYCLINF0002: Started http-remoting-connector cache from ejb container
08:08:22,798 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0273: Excluded subsystem webservices via jboss-deployment-structure.xml does not exist.
08:08:24,064 INFO  [org.keycloak.services] (ServerService Thread Pool -- 69) KC-SERVICES0001: Loading config from standalone.xml or domain.xml
08:08:24,597 INFO  [org.keycloak.url.DefaultHostnameProviderFactory] (ServerService Thread Pool -- 69) Frontend: <request>, Admin: <frontend>, Backend: <request>
08:08:27,089 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 69) WFLYCLINF0002: Started realmRevisions cache from keycloak container
08:08:27,126 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 69) WFLYCLINF0002: Started userRevisions cache from keycloak container
08:08:27,159 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 69) WFLYCLINF0002: Started authorizationRevisions cache from keycloak container
08:08:27,172 INFO  [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (ServerService Thread Pool -- 69) Node name: keycloak-0, Site name: null
08:08:28,845 INFO  [org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory] (ServerService Thread Pool -- 69) Database info: {databaseUrl=jdbc:postgresql://keycloak-postgresql.default:5432/root, databaseUser=keycloak, databaseProduct=PostgreSQL 10.21, databaseDriver=PostgreSQL JDBC Driver 42.3.3}
08:08:37,756 INFO  [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] (ServerService Thread Pool -- 69) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
08:08:48,557 INFO  [org.hibernate.jpa.internal.util.LogHelper] (ServerService Thread Pool -- 69) HHH000204: Processing PersistenceUnitInfo [
    name: keycloak-default
    ...]
08:08:48,719 INFO  [org.hibernate.Version] (ServerService Thread Pool -- 69) HHH000412: Hibernate Core {5.3.24.Final}
08:08:48,727 INFO  [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 69) HHH000206: hibernate.properties not found
08:08:49,224 INFO  [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 69) HCANN000001: Hibernate Commons Annotations {5.0.5.Final}
08:08:49,750 INFO  [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 69) HHH000400: Using dialect: org.hibernate.dialect.PostgreSQL95Dialect
08:08:49,918 INFO  [org.hibernate.engine.jdbc.env.internal.LobCreatorBuilderImpl] (ServerService Thread Pool -- 69) HHH000424: Disabling contextual LOB creation as createClob() method threw error : java.lang.reflect.InvocationTargetException
08:08:49,935 INFO  [org.hibernate.type.BasicTypeRegistry] (ServerService Thread Pool -- 69) HHH000270: Type registration [java.util.UUID] overrides previous : org.hibernate.type.UUIDBinaryType@7e32b1ac
08:08:49,959 INFO  [org.hibernate.envers.boot.internal.EnversServiceImpl] (ServerService Thread Pool -- 69) Envers integration enabled? : true
08:08:51,063 INFO  [org.hibernate.orm.beans] (ServerService Thread Pool -- 69) HHH10005002: No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader.
08:08:51,745 INFO  [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 69) HV000001: Hibernate Validator 6.0.23.Final
08:08:55,736 INFO  [org.hibernate.hql.internal.QueryTranslatorFactoryInitiator] (ServerService Thread Pool -- 69) HHH000397: Using ASTQueryTranslatorFactory
08:08:57,740 INFO  [org.keycloak.services] (ServerService Thread Pool -- 69) KC-SERVICES0050: Initializing master realm
08:09:04,158 INFO  [org.keycloak.services] (ServerService Thread Pool -- 69) KC-SERVICES0006: Importing users from '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'
08:09:05,635 INFO  [org.keycloak.services] (ServerService Thread Pool -- 69) KC-SERVICES0009: Added user 'admin' to realm 'master'
08:09:06,320 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.keycloak.services.resources.KeycloakApplication
08:09:06,325 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002200: Adding class resource org.keycloak.services.resources.ThemeResource from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,329 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002205: Adding provider class org.keycloak.services.error.KeycloakErrorHandler from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,332 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002205: Adding provider class org.keycloak.services.error.KcUnrecognizedPropertyExceptionHandler from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,334 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002200: Adding class resource org.keycloak.services.resources.JsResource from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,349 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002205: Adding provider class org.keycloak.services.filters.KeycloakSecurityHeadersFilter from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,351 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RobotsResource from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,353 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002210: Adding provider singleton org.keycloak.services.util.ObjectMapperResolver from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,355 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.WelcomeResource from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,357 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.RealmsResource from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,358 INFO  [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 69) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication
08:09:06,724 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 69) WFLYUT0021: Registered web context: '/auth' for server 'default-server'
08:09:07,074 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 33) WFLYSRV0010: Deployed " 16 15 04 bb dd d3 7d 85.jar" (runtime-name : " 16 15 04 bb dd d3 7d 85.jar")
08:09:07,078 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0010: Deployed "keycloak-server.war" (runtime-name : "keycloak-server.war")
08:09:07,290 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
08:09:07,305 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 18.0.2 (WildFly Core 18.1.1.Final) started in 70103ms - Started 719 of 1022 services (699 services are lazy, passive or on-demand) - Server configuration file in use: standalone-ha.xml
08:09:07,310 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://0.0.0.0:9990/management
08:09:07,317 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://0.0.0.0:9990
08:09:16,147 WARN  [org.wildfly.extension.elytron] (default task-2) WFLYELY01085: Generated self-signed certificate at /opt/jboss/keycloak/standalone/configuration/application.keystore. Please note that self-signed certificates are not secure and should only be used for testing purposes. Do not use this self-signed certificate in production.
SHA-1 fingerprint of the generated key is ce:ec:e0:ca:12:c9:57:22:59:40:e7:38:4e:a1:e9:1d:aa:84:f4:4c
SHA-256 fingerprint of the generated key is e2:bc:b2:2a:22:8e:6a:e3:79:4e:7a:37:cc:6c:11:9a:ba:d5:64:2d:4b:98:47:72:14:91:d5:df:e4:22:51:f1
08:09:57,741 ERROR [org.keycloak.theme.DefaultThemeManager] (default task-4) Failed to find LOGIN theme flow-light, using built-in themes

[stianst]

Thanks (again) for reporting this issue. Keycloak 19 was the last version that included this legacy Operator, and with the release of Keycloak 20 the Operator reached EOL and this repository will be archived, please see our blog post on this topic. If this issue is still valid for the Realm Operator, please re-open it there. Thanks for your understanding. And be sure to check out our new Operator!