mifol68042
Reputation: 321
KeyCloak on Kubernetes not connecting with external MySQL
I am trying to run KeyCloak on kubernetes and connect to external MySQL database. I deployed using the deployment.yaml and service.yaml as below:
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: {{K8S_NAMESPACE}}
name: keycloak
labels:
app: keycloak
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
name: keycloak
template:
metadata:
labels:
name: keycloak
annotations:
sla: high
tier: application
sidecar.istio.io/inject: "false"
spec:
automountServiceAccountToken: true
imagePullSecrets:
- name: harbor-bot
serviceAccount: tenant-pod-root
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:14.0.0
imagePullPolicy: Always
resources:
limits:
cpu: 750m
memory: 768Mi
requests:
cpu: 750m
memory: 768Mi
env:
- name: KEYCLOAK_USER
value: {{KEYCLOAK_USER}}
- name: KEYCLOAK_PASSWORD
value: {{KEYCLOAK_PASSWORD}}
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: {{KEYCLOAK_DB_VENDOR}}
- name: DB_ADDR
value: {{KEYCLOAK_DB_ADDR}}
- name: DB_DATABASE
value: {{KEYCLOAK_DB_DATABASE}}
- name: DB_USER
value: {{KEYCLOAK_DB_USER}}
- name: DB_PASSWORD
value: {{KEYCLOAK_DB_PASSWORD}}
- name: DB_PORT
value: "3306"
- name: JDBC_PARAMS
value: "useSSL=false"
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
----------
apiVersion: v1
kind: Service
metadata:
labels:
name: keycloak
namespace: {{K8S_NAMESPACE}}
name: keycloak
spec:
ports:
- name: tcp-upstream
port: 8080
protocol: TCP
targetPort: 8080
selector:
name: keycloak
sessionAffinity: None
type: ClusterIP
When I try to run this yaml in kubernetes, I get the following error:
12:41:55,174 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 17) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
"operation" => "add",
"address" => [("subsystem" => "naming")]
}, {
"operation" => "add",
"address" => [
("subsystem" => "naming"),
("service" => "remote-naming")
]
}]: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
at [email protected]//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTransactionControl.operationPrepared(ParallelBootOperationStepHandler.java:458)
at [email protected]//org.jboss.as.controller.ModelController$OperationTransactionControl.operationPrepared(ModelController.java:131)
at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:874)
at [email protected]//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:805)
at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
at [email protected]//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:829)
at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)
12:41:55,173 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 10) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
"operation" => "add",
"address" => [("subsystem" => "jgroups")],
"default-channel" => "ee"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("channel" => "ee")
],
"stack" => "udp",
"cluster" => "ejb"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("transport" => "UDP")
],
"socket-binding" => "jgroups-udp"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "PING")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "MERGE3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "FD_SOCK")
],
"socket-binding" => "jgroups-udp-fd"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "FD_ALL")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "VERIFY_SUSPECT")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "pbcast.NAKACK2")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "UNICAST3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "pbcast.STABLE")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "pbcast.GMS")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "UFC")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "MFC")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "FRAG3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("transport" => "TCP")
],
"socket-binding" => "jgroups-tcp"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "MPING")
],
"socket-binding" => "jgroups-mping"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "MERGE3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "FD_SOCK")
],
"socket-binding" => "jgroups-tcp-fd"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "FD_ALL")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "VERIFY_SUSPECT")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "pbcast.NAKACK2")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "UNICAST3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "pbcast.STABLE")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "pbcast.GMS")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "MFC")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "FRAG3")
]
}]: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
at [email protected]//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTransactionControl.operationPrepared(ParallelBootOperationStepHandler.java:458)
at [email protected]//org.jboss.as.controller.ModelController$OperationTransactionControl.operationPrepared(ModelController.java:131)
at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:874)
at [email protected]//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:805)
at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
at [email protected]//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:829)
at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)
12:41:55,173 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 12) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
"operation" => "add",
"address" => [("subsystem" => "elytron")],
"final-providers" => "combined-providers",
"disallowed-providers" => ["OracleUcrypto"]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("aggregate-providers" => "combined-providers")
],
"providers" => [
"elytron",
"openssl"
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("provider-loader" => "elytron")
],
"module" => "org.wildfly.security.elytron"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("provider-loader" => "openssl")
],
"module" => "org.wildfly.openssl"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("file-audit-log" => "local-audit")
],
"path" => "audit.log",
"relative-to" => "jboss.server.log.dir",
"format" => "JSON"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("security-domain" => "ApplicationDomain")
],
"default-realm" => "ApplicationRealm",
"permission-mapper" => "default-permission-mapper",
"realms" => [
{
"realm" => "ApplicationRealm",
"role-decoder" => "groups-to-roles"
},
{"realm" => "local"}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("security-domain" => "ManagementDomain")
],
"default-realm" => "ManagementRealm",
"permission-mapper" => "default-permission-mapper",
"realms" => [
{
"realm" => "ManagementRealm",
"role-decoder" => "groups-to-roles"
},
{
"realm" => "local",
"role-mapper" => "super-user-mapper"
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("identity-realm" => "local")
],
"identity" => "$local"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("properties-realm" => "ApplicationRealm")
],
"users-properties" => {
"path" => "application-users.properties",
"relative-to" => "jboss.server.config.dir",
"digest-realm-name" => "ApplicationRealm"
},
"groups-properties" => {
"path" => "application-roles.properties",
"relative-to" => "jboss.server.config.dir"
}
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("properties-realm" => "ManagementRealm")
],
"users-properties" => {
"path" => "mgmt-users.properties",
"relative-to" => "jboss.server.config.dir",
"digest-realm-name" => "ManagementRealm"
},
"groups-properties" => {
"path" => "mgmt-groups.properties",
"relative-to" => "jboss.server.config.dir"
}
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("simple-permission-mapper" => "default-permission-mapper")
],
"mapping-mode" => "first",
"permission-mappings" => [
{
"principals" => ["anonymous"],
"permission-sets" => [{"permission-set" => "default-permissions"}]
},
{
"match-all" => true,
"permission-sets" => [
{"permission-set" => "login-permission"},
{"permission-set" => "default-permissions"}
]
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("constant-realm-mapper" => "local")
],
"realm-name" => "local"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("simple-role-decoder" => "groups-to-roles")
],
"attribute" => "groups"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("constant-role-mapper" => "super-user-mapper")
],
"roles" => ["SuperUser"]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("permission-set" => "login-permission")
],
"permissions" => [{"class-name" => "org.wildfly.security.auth.permission.LoginPermission"}]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("permission-set" => "default-permissions")
],
"permissions" => [
{
"class-name" => "org.wildfly.extension.batch.jberet.deployment.BatchPermission",
"module" => "org.wildfly.extension.batch.jberet",
"target-name" => "*"
},
{
"class-name" => "org.wildfly.transaction.client.RemoteTransactionPermission",
"module" => "org.wildfly.transaction.client"
},
{
"class-name" => "org.jboss.ejb.client.RemoteEJBPermission",
"module" => "org.jboss.ejb-client"
},
{
"class-name" => "org.jboss.ejb.client.RemoteEJBPermission",
"module" => "org.jboss.ejb-client"
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("http-authentication-factory" => "management-http-authentication")
],
"security-domain" => "ManagementDomain",
"http-server-mechanism-factory" => "global",
"mechanism-configurations" => [{
"mechanism-name" => "DIGEST",
"mechanism-realm-configurations" => [{"realm-name" => "ManagementRealm"}]
}]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("provider-http-server-mechanism-factory" => "global")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("sasl-authentication-factory" => "application-sasl-authentication")
],
"sasl-server-factory" => "configured",
"security-domain" => "ApplicationDomain",
"mechanism-configurations" => [
{
"mechanism-name" => "JBOSS-LOCAL-USER",
"realm-mapper" => "local"
},
{
"mechanism-name" => "DIGEST-MD5",
"mechanism-realm-configurations" => [{"realm-name" => "ApplicationRealm"}]
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("sasl-authentication-factory" => "management-sasl-authentication")
],
"sasl-server-factory" => "configured",
"security-domain" => "ManagementDomain",
"mechanism-configurations" => [
{
"mechanism-name" => "JBOSS-LOCAL-USER",
"realm-mapper" => "local"
},
{
"mechanism-name" => "DIGEST-MD5",
"mechanism-realm-configurations" => [{"realm-name" => "ManagementRealm"}]
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("configurable-sasl-server-factory" => "configured")
],
"sasl-server-factory" => "elytron",
"properties" => {"wildfly.sasl.local-user.default-user" => "$local"}
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("mechanism-provider-filtering-sasl-server-factory" => "elytron")
],
"sasl-server-factory" => "global",
"filters" => [{"provider-name" => "WildFlyElytron"}]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("provider-sasl-server-factory" => "global")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("key-store" => "applicationKS")
],
"credential-reference" => {"clear-text" => "password"},
"type" => "JKS",
"path" => "application.keystore",
"relative-to" => "jboss.server.config.dir"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("key-manager" => "applicationKM")
],
"key-store" => "applicationKS",
"generate-self-signed-certificate-host" => "localhost",
"credential-reference" => {"clear-text" => "password"}
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("server-ssl-context" => "applicationSSC")
],
"key-manager" => "applicationKM"
}]: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
at [email protected]//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTransactionControl.operationPrepared(ParallelBootOperationStepHandler.java:458)
at [email protected]//org.jboss.as.controller.ModelController$OperationTransactionControl.operationPrepared(ModelController.java:131)
at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:874)
at [email protected]//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:805)
at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
at [email protected]//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:829)
at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)
The user I have given to keycloak is already created as well as the database as in here.
I am not sure why there is an error like - java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
This is really confusing. The same keycloak runs without MySQL totally fine.
Upvotes: 0
Views: 1731
Answers (1)
Chetan S. Choudhary
Reputation: 310
You can try with defining module as :
<module xmlns="urn:jboss:module:1.1" name="com.mysql">
<resources>
<resource-root path="mysql-connector-java-8.0.26.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
And based on this module use driver in standalone.xml as:
<driver name="mysql" module="com.mysql">
<xa-datasource-class>com.mysql.cj.jdbc.MysqlXADataSource</xa-datasource-class>
</driver>
This is what helped me to get ride of this issue.
Upvotes: 1
Related Questions
- Can't connect to mysql pod in Kubernetes when using Secrets for password (Access denied)
- How to connect to mysql server pod from external standalone application?
- "Failed to connect to database" : Keycloak Operator external database Config not working
- Keycloak Docker container does not connect to MySQL database
- Can't connect to mysql in kubernetes
- Kubernetes - cannot connect to MySQL pod from other pod inside cluster although service exists
- Can't connect to mysql on my local machine from kubernetes
- Kubernetes pod host not allowed to connect to this mysql server
- How do I connect to a remote mysql kubernetes pod using mysql client
- Kubernetes MySQL connection timeout