[ClusterLabs] Pacemaker managing Keycloak

damiano giuliani damianogiuliani87 at gmail.com
Fri Jan 28 14:50:13 EST 2022 

Ehy, i solved the issue you talking about few months ago, you have to
modify .xml configuration on keycloak side, if you re not in hurry monday i
send you how i fix it.

Damiano

On Fri, 28 Jan 2022, 20:25 Ken Gaillot, <kgaillot at redhat.com> wrote:

> On Fri, 2022-01-28 at 12:15 -0500, Philip Alesio wrote:
> > Hi Everyone,
> >
> > I'm attempting to create a failover cluster that uses Postgresql and
> > Keycloak and am having difficulty getting Keycloak running.  Keycloak
> > is using a Postgresql database.  In one case I'm using DRBD to
> > replicate the data and in another case I'm using Postgresql.  The
> > failure, in both cases, is that Keycloak fails to connect to the
> > database.  In both cases Pacemaker is running with the Postgresql
> > resource when I add the Keycloak resource. If I "docker run"
> > Keyclock, not adding it as a Pacemaker resource, Keycloak starts and
> > connects to the database.
> >
> > Below adds Keycloak as a Pacemaker resource:
> >
> >                 pcs cluster cib  cluster1.xml
> >                 pcs -
> > f cluster1.xml resource create p_keycloak ocf:heartbeat:docker image=
> > jboss/keycloak name=keycloak run_opts="-d -e KEYCLOAK_USER=admin -
> > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -e DB_VENDOR=postgres -
> > e DB_USER=postgres -e DB_PASSWORD=postgres -
> > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -p 8080:8080 -
> > e DB_ADDR=postgres -
> > e DB_PORT='5432' –network=cluster1dkrnet" op monitor interval=60s
> >                 pcs -f
> > cluster1.xml resource group add g_receiver p_keycloak
> >                 pcs cluster cib-push  cluster1.xml --config
> >
> > Below creates a Keycloak container that is not managed by Pacemaker:
> > > docker run --name keycloak -e KEYCLOAK_USER=admin -
> > > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -
> > > e DB_VENDOR=postgres -e DB_USER=postgres -e DB_PASSWORD=postgres -
> > > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -
> > > p 8080:8080 -e DB_ADDR=postgres -e DB_PORT='5432'
> > > --network=cluster1dkrnet jboss/keycloak
> >
> >  Does anyone have experience with Pacemaker with Keyclock and/or if
> > there are any thoughts about why Keycloak is not connecting to the
> > Postgresql database?
> >
> > Thanks in advance.
>
> I'd check for SELinux denials first. A command executed from the
> command line is unconstrained, while being executed by a daemon is
> subject to SELinux policies.
>
> Other than that, maybe turn on any debugging options and check the
> keycloak logs from the container (e.g. using network logging or an
> exported host disk).
> --
> Ken Gaillot <kgaillot at redhat.com>
>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20220128/7aa041b3/attachment.htm>

More information about the Users mailing list