[ClusterLabs] Pacemaker managing Keycloak
damianogiuliani87 at gmail.com
Fri Jan 28 14:50:13 EST 2022
Ehy, i solved the issue you talking about few months ago, you have to
modify .xml configuration on keycloak side, if you re not in hurry monday i
send you how i fix it.
On Fri, 28 Jan 2022, 20:25 Ken Gaillot, <kgaillot at redhat.com> wrote:
> On Fri, 2022-01-28 at 12:15 -0500, Philip Alesio wrote:
> > Hi Everyone,
> > I'm attempting to create a failover cluster that uses Postgresql and
> > Keycloak and am having difficulty getting Keycloak running. Keycloak
> > is using a Postgresql database. In one case I'm using DRBD to
> > replicate the data and in another case I'm using Postgresql. The
> > failure, in both cases, is that Keycloak fails to connect to the
> > database. In both cases Pacemaker is running with the Postgresql
> > resource when I add the Keycloak resource. If I "docker run"
> > Keyclock, not adding it as a Pacemaker resource, Keycloak starts and
> > connects to the database.
> > Below adds Keycloak as a Pacemaker resource:
> > pcs cluster cib cluster1.xml
> > pcs -
> > f cluster1.xml resource create p_keycloak ocf:heartbeat:docker image=
> > jboss/keycloak name=keycloak run_opts="-d -e KEYCLOAK_USER=admin -
> > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -e DB_VENDOR=postgres -
> > e DB_USER=postgres -e DB_PASSWORD=postgres -
> > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -p 8080:8080 -
> > e DB_ADDR=postgres -
> > e DB_PORT='5432' –network=cluster1dkrnet" op monitor interval=60s
> > pcs -f
> > cluster1.xml resource group add g_receiver p_keycloak
> > pcs cluster cib-push cluster1.xml --config
> > Below creates a Keycloak container that is not managed by Pacemaker:
> > > docker run --name keycloak -e KEYCLOAK_USER=admin -
> > > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -
> > > e DB_VENDOR=postgres -e DB_USER=postgres -e DB_PASSWORD=postgres -
> > > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -
> > > p 8080:8080 -e DB_ADDR=postgres -e DB_PORT='5432'
> > > --network=cluster1dkrnet jboss/keycloak
> > Does anyone have experience with Pacemaker with Keyclock and/or if
> > there are any thoughts about why Keycloak is not connecting to the
> > Postgresql database?
> > Thanks in advance.
> I'd check for SELinux denials first. A command executed from the
> command line is unconstrained, while being executed by a daemon is
> subject to SELinux policies.
> Other than that, maybe turn on any debugging options and check the
> keycloak logs from the container (e.g. using network logging or an
> exported host disk).
> Ken Gaillot <kgaillot at redhat.com>
> Manage your subscription:
> ClusterLabs home: https://www.clusterlabs.org/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users