3:44 p.m.
Hello Everyone:
I'm trying to etup clustering with S3_ping. I'm getting
the below error message when starting up Keycloak in standalone clustered
mode.
NOTE:
I did a test as the user on my Linux node using awscli. The
username on the Linux box is the same as the IAM user in AWS. I gave
list,read and write permisison(Policy) for the user in IAM
20:37:04,480 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "jgroups"),
("channel" => "ee")
]) - failure description: {"WFLYCTL0080: Failed services" => {"
org.wildfly.clustering.jgroups.channel.ee" => "java.io.IOException: bucket
's3-ping-keycloak-sothebys-dev' could not be accessed (rsp=403 (Forbidden).
Maybe the bucket is owned by somebody else or the authentication failed
Caused by: java.io.IOException: bucket 's3-ping-keycloak-sothebys-dev'
could not be accessed (rsp=403 (Forbidden). Maybe the bucket is owned by
somebody else or the authentication failed"}}
###standaline-ha.xml snippet.
<stack name="tcp">
<transport type="TCP"
socket-binding="jgroups-tcp"/>
<socket-protocol type="MPING"
socket-binding="jgroups-mping"/>
<protocol type="MERGE3"/>
<protocol type="S3_PING">
<property name="access_key">
blahblah
</property>
<property name="secret_access_key">
blahblah
</property>
<property name="location">
s3-ping-somebucket
</property>
</protocol>
9:28 a.m.
You might be hitting this JGroups bug [1]. See Amazon documentation on S3
endpoints [2] for regions that support Version 2 signatures. Note that it
might be possible to use new NATIVE_S3_PING protocol but this one has not
yet been incorporated into Keycloak due to this WildFly issue [3]. As a
workaround, you might be able to use other discovery protocol, e.g.
JDBC_PING.
[1] https://issues.jboss.org/browse/JGRP-1914
[2] https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
[3] https://issues.jboss.org/browse/WFLY-8770
On Thu, May 17, 2018 at 10:44 PM, For Ever <forsudden(a)gmail.com> wrote:
Hello Everyone:
I'm trying to etup clustering with S3_ping. I'm getting
the below error message when starting up Keycloak in standalone clustered
mode.
NOTE:
I did a test as the user on my Linux node using awscli. The
username on the Linux box is the same as the IAM user in AWS. I gave
list,read and write permisison(Policy) for the user in IAM
20:37:04,480 ERROR [org.jboss.as.controller.management-operation]
(Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address:
([
("subsystem" => "jgroups"),
("channel" => "ee")
]) - failure description: {"WFLYCTL0080: Failed services" => {"
org.wildfly.clustering.jgroups.channel.ee" => "java.io.IOException: bucket
's3-ping-keycloak-sothebys-dev' could not be accessed (rsp=403
(Forbidden).
Maybe the bucket is owned by somebody else or the authentication failed
Caused by: java.io.IOException: bucket 's3-ping-keycloak-sothebys-dev'
could not be accessed (rsp=403 (Forbidden). Maybe the bucket is owned by
somebody else or the authentication failed"}}
###standaline-ha.xml snippet.
<stack name="tcp">
<transport type="TCP"
socket-binding="jgroups-tcp"/>
<socket-protocol type="MPING"
socket-binding="jgroups-mping"/>
<protocol type="MERGE3"/>
<protocol type="S3_PING">
<property name="access_key">
blahblah
</property>
<property name="secret_access_key">
blahblah
</property>
<property name="location">
s3-ping-somebucket
</property>
</protocol>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
2420
days inactive
2428
days old
1 comments
2 participants
participants (2)
-
For Ever -
Hynek Mlnarik