[ClusterLabs] Pacemaker managing Keycloak

Philip Alesio philip.alesio at gmail.com
Fri Jan 28 17:12:05 EST 2022 

That would be great!

On Fri, Jan 28, 2022 at 2:50 PM damiano giuliani <
damianogiuliani87 at gmail.com> wrote:

> Ehy, i solved the issue you talking about few months ago, you have to
> modify .xml configuration on keycloak side, if you re not in hurry monday i
> send you how i fix it.
>
> Damiano
>
> On Fri, 28 Jan 2022, 20:25 Ken Gaillot, <kgaillot at redhat.com> wrote:
>
>> On Fri, 2022-01-28 at 12:15 -0500, Philip Alesio wrote:
>> > Hi Everyone,
>> >
>> > I'm attempting to create a failover cluster that uses Postgresql and
>> > Keycloak and am having difficulty getting Keycloak running.  Keycloak
>> > is using a Postgresql database.  In one case I'm using DRBD to
>> > replicate the data and in another case I'm using Postgresql.  The
>> > failure, in both cases, is that Keycloak fails to connect to the
>> > database.  In both cases Pacemaker is running with the Postgresql
>> > resource when I add the Keycloak resource. If I "docker run"
>> > Keyclock, not adding it as a Pacemaker resource, Keycloak starts and
>> > connects to the database.
>> >
>> > Below adds Keycloak as a Pacemaker resource:
>> >
>> >                 pcs cluster cib  cluster1.xml
>> >                 pcs -
>> > f cluster1.xml resource create p_keycloak ocf:heartbeat:docker image=
>> > jboss/keycloak name=keycloak run_opts="-d -e KEYCLOAK_USER=admin -
>> > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -e DB_VENDOR=postgres -
>> > e DB_USER=postgres -e DB_PASSWORD=postgres -
>> > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -p 8080:8080 -
>> > e DB_ADDR=postgres -
>> > e DB_PORT='5432' –network=cluster1dkrnet" op monitor interval=60s
>> >                 pcs -f
>> > cluster1.xml resource group add g_receiver p_keycloak
>> >                 pcs cluster cib-push  cluster1.xml --config
>> >
>> > Below creates a Keycloak container that is not managed by Pacemaker:
>> > > docker run --name keycloak -e KEYCLOAK_USER=admin -
>> > > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -
>> > > e DB_VENDOR=postgres -e DB_USER=postgres -e DB_PASSWORD=postgres -
>> > > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -
>> > > p 8080:8080 -e DB_ADDR=postgres -e DB_PORT='5432'
>> > > --network=cluster1dkrnet jboss/keycloak
>> >
>> >  Does anyone have experience with Pacemaker with Keyclock and/or if
>> > there are any thoughts about why Keycloak is not connecting to the
>> > Postgresql database?
>> >
>> > Thanks in advance.
>>
>> I'd check for SELinux denials first. A command executed from the
>> command line is unconstrained, while being executed by a daemon is
>> subject to SELinux policies.
>>
>> Other than that, maybe turn on any debugging options and check the
>> keycloak logs from the container (e.g. using network logging or an
>> exported host disk).
>> --
>> Ken Gaillot <kgaillot at redhat.com>
>>
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>>
>> ClusterLabs home: https://www.clusterlabs.org/
>>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20220128/e16a4edc/attachment.htm>

More information about the Users mailing list