[ClusterLabs] Pacemaker managing Keycloak
damiano giuliani
damianogiuliani87 at gmail.com
Mon Jan 31 06:56:19 EST 2022
Ehy Philip,
sorry for being late, today was a bad day!
to make keycloak reconnect to the postgres db when it fails, you have to
edit your current configuration file (it could be for
example /opt/keycloak/standalone/configuration/standalone-ha.xml or
standalone.xml doublecheck it)
replace the datasources block with:
<datasources>
<datasource jndi-name="java:jboss/datasources/KeycloakDS"
pool-name="KeycloakDS" enabled="true" use-java-context="true"
statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:postgresql://ltaoperdbs01/keycloakdb</connection-url>
<driver>postgresql</driver>
<pool>
<max-pool-size>100</max-pool-size>
</pool>
<security>
<user-name>keycloak</user-name>
<password>yourpassword</password>
</security>
<validation>
<check-valid-connection-sql>select
1</check-valid-connection-sql>
<background-validation>true</background-validation>
<background-validation-millis>15000</background-validation-millis>
<valid-connection-checker
class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"/>
<exception-sorter
class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"/>
<validate-on-match>false</validate-on-match>
</validation>
</datasource>
<drivers>
<driver name="postgresql" module="org.postgresql">
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
replacing with your postgres database informations.
dont forget to make this on all your keycloack cluster node.
probably you have to restart the services.
jave a look there if you need more info:
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/administration_and_configuration_guide/sect-example_datasources
let us how things are going after this.
BR
Damiano
Il giorno ven 28 gen 2022 alle ore 23:12 Philip Alesio <
philip.alesio at gmail.com> ha scritto:
> That would be great!
>
> On Fri, Jan 28, 2022 at 2:50 PM damiano giuliani <
> damianogiuliani87 at gmail.com> wrote:
>
>> Ehy, i solved the issue you talking about few months ago, you have to
>> modify .xml configuration on keycloak side, if you re not in hurry monday i
>> send you how i fix it.
>>
>> Damiano
>>
>> On Fri, 28 Jan 2022, 20:25 Ken Gaillot, <kgaillot at redhat.com> wrote:
>>
>>> On Fri, 2022-01-28 at 12:15 -0500, Philip Alesio wrote:
>>> > Hi Everyone,
>>> >
>>> > I'm attempting to create a failover cluster that uses Postgresql and
>>> > Keycloak and am having difficulty getting Keycloak running. Keycloak
>>> > is using a Postgresql database. In one case I'm using DRBD to
>>> > replicate the data and in another case I'm using Postgresql. The
>>> > failure, in both cases, is that Keycloak fails to connect to the
>>> > database. In both cases Pacemaker is running with the Postgresql
>>> > resource when I add the Keycloak resource. If I "docker run"
>>> > Keyclock, not adding it as a Pacemaker resource, Keycloak starts and
>>> > connects to the database.
>>> >
>>> > Below adds Keycloak as a Pacemaker resource:
>>> >
>>> > pcs cluster cib cluster1.xml
>>> > pcs -
>>> > f cluster1.xml resource create p_keycloak ocf:heartbeat:docker image=
>>> > jboss/keycloak name=keycloak run_opts="-d -e KEYCLOAK_USER=admin -
>>> > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -e DB_VENDOR=postgres -
>>> > e DB_USER=postgres -e DB_PASSWORD=postgres -
>>> > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -p 8080:8080 -
>>> > e DB_ADDR=postgres -
>>> > e DB_PORT='5432' –network=cluster1dkrnet" op monitor interval=60s
>>> > pcs -f
>>> > cluster1.xml resource group add g_receiver p_keycloak
>>> > pcs cluster cib-push cluster1.xml --config
>>> >
>>> > Below creates a Keycloak container that is not managed by Pacemaker:
>>> > > docker run --name keycloak -e KEYCLOAK_USER=admin -
>>> > > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -
>>> > > e DB_VENDOR=postgres -e DB_USER=postgres -e DB_PASSWORD=postgres -
>>> > > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -
>>> > > p 8080:8080 -e DB_ADDR=postgres -e DB_PORT='5432'
>>> > > --network=cluster1dkrnet jboss/keycloak
>>> >
>>> > Does anyone have experience with Pacemaker with Keyclock and/or if
>>> > there are any thoughts about why Keycloak is not connecting to the
>>> > Postgresql database?
>>> >
>>> > Thanks in advance.
>>>
>>> I'd check for SELinux denials first. A command executed from the
>>> command line is unconstrained, while being executed by a daemon is
>>> subject to SELinux policies.
>>>
>>> Other than that, maybe turn on any debugging options and check the
>>> keycloak logs from the container (e.g. using network logging or an
>>> exported host disk).
>>> --
>>> Ken Gaillot <kgaillot at redhat.com>
>>>
>>> _______________________________________________
>>> Manage your subscription:
>>> https://lists.clusterlabs.org/mailman/listinfo/users
>>>
>>> ClusterLabs home: https://www.clusterlabs.org/
>>>
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>>
>> ClusterLabs home: https://www.clusterlabs.org/
>>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20220131/037aa03b/attachment-0001.htm>
More information about the Users
mailing list