[ClusterLabs] Pacemaker managing Keycloak

damiano giuliani damianogiuliani87 at gmail.com
Mon Jan 31 06:56:19 EST 2022


Ehy Philip,

sorry for being late, today was a bad day!
to make keycloak reconnect to the postgres db when it fails, you have to
edit your current configuration file (it could be for
example /opt/keycloak/standalone/configuration/standalone-ha.xml  or
standalone.xml doublecheck it)

replace the datasources block with:

            <datasources>
                <datasource jndi-name="java:jboss/datasources/KeycloakDS"
pool-name="KeycloakDS" enabled="true" use-java-context="true"
statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">

<connection-url>jdbc:postgresql://ltaoperdbs01/keycloakdb</connection-url>
                    <driver>postgresql</driver>
                    <pool>
                        <max-pool-size>100</max-pool-size>
                    </pool>
                    <security>
                        <user-name>keycloak</user-name>
                        <password>yourpassword</password>
                    </security>
                    <validation>
                         <check-valid-connection-sql>select
1</check-valid-connection-sql>
                         <background-validation>true</background-validation>

 <background-validation-millis>15000</background-validation-millis>
                         <valid-connection-checker
class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"/>
                         <exception-sorter
 class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"/>
                         <validate-on-match>false</validate-on-match>
                    </validation>

                </datasource>
                <drivers>
                    <driver name="postgresql" module="org.postgresql">

<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
                    </driver>
                </drivers>
            </datasources>

replacing  with your postgres database informations.

dont forget to make this on all your keycloack cluster node.

probably you have to restart the services.

jave a look there if you need more info:

https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/administration_and_configuration_guide/sect-example_datasources

let us how things are going after this.

BR

Damiano

Il giorno ven 28 gen 2022 alle ore 23:12 Philip Alesio <
philip.alesio at gmail.com> ha scritto:

> That would be great!
>
> On Fri, Jan 28, 2022 at 2:50 PM damiano giuliani <
> damianogiuliani87 at gmail.com> wrote:
>
>> Ehy, i solved the issue you talking about few months ago, you have to
>> modify .xml configuration on keycloak side, if you re not in hurry monday i
>> send you how i fix it.
>>
>> Damiano
>>
>> On Fri, 28 Jan 2022, 20:25 Ken Gaillot, <kgaillot at redhat.com> wrote:
>>
>>> On Fri, 2022-01-28 at 12:15 -0500, Philip Alesio wrote:
>>> > Hi Everyone,
>>> >
>>> > I'm attempting to create a failover cluster that uses Postgresql and
>>> > Keycloak and am having difficulty getting Keycloak running.  Keycloak
>>> > is using a Postgresql database.  In one case I'm using DRBD to
>>> > replicate the data and in another case I'm using Postgresql.  The
>>> > failure, in both cases, is that Keycloak fails to connect to the
>>> > database.  In both cases Pacemaker is running with the Postgresql
>>> > resource when I add the Keycloak resource. If I "docker run"
>>> > Keyclock, not adding it as a Pacemaker resource, Keycloak starts and
>>> > connects to the database.
>>> >
>>> > Below adds Keycloak as a Pacemaker resource:
>>> >
>>> >                 pcs cluster cib  cluster1.xml
>>> >                 pcs -
>>> > f cluster1.xml resource create p_keycloak ocf:heartbeat:docker image=
>>> > jboss/keycloak name=keycloak run_opts="-d -e KEYCLOAK_USER=admin -
>>> > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -e DB_VENDOR=postgres -
>>> > e DB_USER=postgres -e DB_PASSWORD=postgres -
>>> > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -p 8080:8080 -
>>> > e DB_ADDR=postgres -
>>> > e DB_PORT='5432' –network=cluster1dkrnet" op monitor interval=60s
>>> >                 pcs -f
>>> > cluster1.xml resource group add g_receiver p_keycloak
>>> >                 pcs cluster cib-push  cluster1.xml --config
>>> >
>>> > Below creates a Keycloak container that is not managed by Pacemaker:
>>> > > docker run --name keycloak -e KEYCLOAK_USER=admin -
>>> > > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -
>>> > > e DB_VENDOR=postgres -e DB_USER=postgres -e DB_PASSWORD=postgres -
>>> > > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -
>>> > > p 8080:8080 -e DB_ADDR=postgres -e DB_PORT='5432'
>>> > > --network=cluster1dkrnet jboss/keycloak
>>> >
>>> >  Does anyone have experience with Pacemaker with Keyclock and/or if
>>> > there are any thoughts about why Keycloak is not connecting to the
>>> > Postgresql database?
>>> >
>>> > Thanks in advance.
>>>
>>> I'd check for SELinux denials first. A command executed from the
>>> command line is unconstrained, while being executed by a daemon is
>>> subject to SELinux policies.
>>>
>>> Other than that, maybe turn on any debugging options and check the
>>> keycloak logs from the container (e.g. using network logging or an
>>> exported host disk).
>>> --
>>> Ken Gaillot <kgaillot at redhat.com>
>>>
>>> _______________________________________________
>>> Manage your subscription:
>>> https://lists.clusterlabs.org/mailman/listinfo/users
>>>
>>> ClusterLabs home: https://www.clusterlabs.org/
>>>
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>>
>> ClusterLabs home: https://www.clusterlabs.org/
>>
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20220131/037aa03b/attachment-0001.htm>


More information about the Users mailing list