<div dir="ltr">Ehy Philip,<div><br></div><div>sorry for being late, today was a bad day!</div><div>to make keycloak reconnect to the postgres db when it fails, you have to edit your current configuration file (it could be for example /opt/keycloak/standalone/configuration/standalone-ha.xml  or standalone.xml doublecheck it)</div><div><br></div><div>replace the datasources block with:</div><div><br></div><div>            <datasources><br>                <datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}"><br>                    <connection-url>jdbc:postgresql://ltaoperdbs01/keycloakdb</connection-url><br>                    <driver>postgresql</driver><br>                    <pool><br>                        <max-pool-size>100</max-pool-size><br>                    </pool><br>                    <security><br>                        <user-name>keycloak</user-name><br>                        <password>yourpassword</password><br>                    </security><br>                    <validation><br>                         <check-valid-connection-sql>select 1</check-valid-connection-sql><br>                         <background-validation>true</background-validation><br>                         <background-validation-millis>15000</background-validation-millis><br>                         <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"/><br>                         <exception-sorter  class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"/><br>                         <validate-on-match>false</validate-on-match><br>                    </validation><br><br>                </datasource><br>                <drivers><br>                    <driver name="postgresql" module="org.postgresql"><br>                        <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class><br>                    </driver><br>                </drivers><br>            </datasources><br></div><div><br></div><div>replacing  with your postgres database informations.<br></div><div><br></div><div>dont forget to make this on all your keycloack cluster node.</div><div><br></div><div>probably you have to restart the services.</div><div><br></div><div>jave a look there if you need more info:</div><div><br></div><div><a href="https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/administration_and_configuration_guide/sect-example_datasources">https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/administration_and_configuration_guide/sect-example_datasources</a><br></div><div><br></div><div>let us how things are going after this.</div><div><br></div><div>BR</div><div><br></div><div>Damiano</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Il giorno ven 28 gen 2022 alle ore 23:12 Philip Alesio <<a href="mailto:philip.alesio@gmail.com">philip.alesio@gmail.com</a>> ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">That would be great!</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jan 28, 2022 at 2:50 PM damiano giuliani <<a href="mailto:damianogiuliani87@gmail.com" target="_blank">damianogiuliani87@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Ehy, i solved the issue you talking about few months ago, you have to modify .xml configuration on keycloak side, if you re not in hurry monday i send you how i fix it.<div dir="auto"><br></div><div dir="auto">Damiano</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 28 Jan 2022, 20:25 Ken Gaillot, <<a href="mailto:kgaillot@redhat.com" rel="noreferrer" target="_blank">kgaillot@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fri, 2022-01-28 at 12:15 -0500, Philip Alesio wrote:<br>
> Hi Everyone,<br>
> <br>
> I'm attempting to create a failover cluster that uses Postgresql and<br>
> Keycloak and am having difficulty getting Keycloak running.  Keycloak<br>
> is using a Postgresql database.  In one case I'm using DRBD to<br>
> replicate the data and in another case I'm using Postgresql.  The<br>
> failure, in both cases, is that Keycloak fails to connect to the<br>
> database.  In both cases Pacemaker is running with the Postgresql<br>
> resource when I add the Keycloak resource. If I "docker run"<br>
> Keyclock, not adding it as a Pacemaker resource, Keycloak starts and<br>
> connects to the database. <br>
> <br>
> Below adds Keycloak as a Pacemaker resource:<br>
> <br>
>                 pcs cluster cib  cluster1.xml<br>
>                 pcs -<br>
> f cluster1.xml resource create p_keycloak ocf:heartbeat:docker image=<br>
> jboss/keycloak name=keycloak run_opts="-d -e KEYCLOAK_USER=admin -<br>
> e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -e DB_VENDOR=postgres -<br>
> e DB_USER=postgres -e DB_PASSWORD=postgres -<br>
> e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -p 8080:8080 -<br>
> e DB_ADDR=postgres -<br>
> e DB_PORT='5432' –network=cluster1dkrnet" op monitor interval=60s<br>
>                 pcs -f<br>
> cluster1.xml resource group add g_receiver p_keycloak<br>
>                 pcs cluster cib-push  cluster1.xml --config<br>
>  <br>
> Below creates a Keycloak container that is not managed by Pacemaker: <br>
> > docker run --name keycloak -e KEYCLOAK_USER=admin -<br>
> > e KEYCLOAK_PASSWORD=admin -e DB_ADDR=postgres -<br>
> > e DB_VENDOR=postgres -e DB_USER=postgres -e DB_PASSWORD=postgres -<br>
> > e DB_DATABASE=keycloak_db -e JDBC_PARAMS=useSSL=false -<br>
> > p 8080:8080 -e DB_ADDR=postgres -e DB_PORT='5432' <br>
> > --network=cluster1dkrnet jboss/keycloak<br>
> <br>
>  Does anyone have experience with Pacemaker with Keyclock and/or if<br>
> there are any thoughts about why Keycloak is not connecting to the<br>
> Postgresql database?<br>
> <br>
> Thanks in advance.<br>
<br>
I'd check for SELinux denials first. A command executed from the<br>
command line is unconstrained, while being executed by a daemon is<br>
subject to SELinux policies.<br>
<br>
Other than that, maybe turn on any debugging options and check the<br>
keycloak logs from the container (e.g. using network logging or an<br>
exported host disk).<br>
-- <br>
Ken Gaillot <<a href="mailto:kgaillot@redhat.com" rel="noreferrer noreferrer" target="_blank">kgaillot@redhat.com</a>><br>
<br>
_______________________________________________<br>
Manage your subscription:<br>
<a href="https://lists.clusterlabs.org/mailman/listinfo/users" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.clusterlabs.org/mailman/listinfo/users</a><br>
<br>
ClusterLabs home: <a href="https://www.clusterlabs.org/" rel="noreferrer noreferrer noreferrer" target="_blank">https://www.clusterlabs.org/</a><br>
</blockquote></div>
_______________________________________________<br>
Manage your subscription:<br>
<a href="https://lists.clusterlabs.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.clusterlabs.org/mailman/listinfo/users</a><br>
<br>
ClusterLabs home: <a href="https://www.clusterlabs.org/" rel="noreferrer" target="_blank">https://www.clusterlabs.org/</a><br>
</blockquote></div>
_______________________________________________<br>
Manage your subscription:<br>
<a href="https://lists.clusterlabs.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.clusterlabs.org/mailman/listinfo/users</a><br>
<br>
ClusterLabs home: <a href="https://www.clusterlabs.org/" rel="noreferrer" target="_blank">https://www.clusterlabs.org/</a><br>
</blockquote></div>