keycloak cluster - keycloak-user@lists.jboss.org "database error message session is closed" after stopping server-one
7:41 a.m.
Hi,
I am trying to setup a cluster example.
I would like to test the HA of my keycloak cluster configured in domain
mode.
If I stop the master node (server-one), I obtain the error message on
slave server-two, when trying to authenticate:
ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default
task-7) Connection is broken: "session closed" [90067-193]
For this I have deployed:
-keyclock 3.4 (latest)
-Wildfly 11
-installed the Jboss EAP adapter.
1) app-jee-vanilla application
==============================
I have used keycloak quick start example and used app-profile-jee-vanilla
The app-jee-vanillan is deployed in wildfly server
wildfly server is authenticating against Keycloak ins standalone mode.
I have first tested in standalone mode and everything works fine fine as
expected.
(Keyclock is strated in standalone mode on port 8180 and wildfly on port
8080)
2) Configuring the cluster
===========================
1. I have configured the cluster
2. I have run teh command add-user.sh to a create a secret beween master
and slave
3. I have copied teh secret in the host-slave.xml
4. I have created an admin user
bin/add-user-keycloak.sh -r master -u admin6 -p admin6 --domain
5. This admin user has been copied to
mkdir ${KEYCLOAK_HOME}/domain/servers/server-one/configuration
◦ Then copy "keycloak-add-user.json" to the directory above.
6) Both servers are started successfuly with the command
(master)
./domain.sh --host-config=host-master.xml -Djboss.http.port=8180
-Djboss.https.port=8543 -Djboss.ajp.port=8109
-Djboss.management.http.port=10090
(slave)
./domain.sh --host-config=host-slave.xml -Djboss.http.port=8180
-Djboss.https.port=8543 -Djboss.ajp.port=8109
-Djboss.management.http.port=10090
7) I can authenticate successfully to http://localhost:8080/vanilla,
whivh redirects to the the cluster for authentication
8) Stopping Node server-two
I am connecting to the cluster admin console at URL http://localhost:10090
I can stop node server-two, and still continue to log to teh vanilla app
as before.
9) Stopping node server-one (master-node)
I am connecting to the cluster admin console at URL
http://localhost:10090 and stopping node1 (server-one) which is the
master node
server-ones shows:
[Server:server-one] 14:30:25,320 INFO [org.jboss.as] (MSC service
thread 1-7) WFLYSRV0050: Keycloak 3.4.3.Final (WildFly Core 3.0.8.Final)
stopped in 389ms
[Server:server-one]
14:30:25,380 INFO [org.jboss.as.process.Server:server-one.status]
(reaper for Server:server-one) WFLYPC0011: Process 'Server:server-one'
finished with an exit status of 0
[Host Controller] 14:30:25,420 INFO [org.jboss.as.host.controller]
(ProcessControllerConnection-thread - 2) WFLYHC0027: Unregistering
server server-one
When I try to connect to the vanilla app, I obtain teh following error
message on server-two:
[Server:server-two] 14:30:25,233 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,237 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,335 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,337 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,338 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:32:10,526 WARN [org.keycloak.events] (default
task-5) type=REFRESH_TOKEN_ERROR, realmId=master,
clientId=app-profile-vanilla,
userId=202be260-c68e-4871-944e-46122e903531, ipAddress=127.0.0.1,
error=invalid_token, grant_type=refresh_token,
refresh_token_type=Refresh,
refresh_token_id=ae38ae31-a0bc-4958-964e-fc4e6ec9b13f,
client_auth_method=client-secret
[Server:server-two] 14:32:27,087 WARN
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-7) SQL
Error: 90067, SQLState: 90067
[Server:server-two] 14:32:27,087 ERROR
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-7)
Connection is broken: "session closed" [90067-193]
[Server:server-two] 14:32:27,089 WARN [org.keycloak.services] (default
task-7) KC-SERVICES0013: Failed authentication:
javax.persistence.PersistenceException:
org.hibernate.exception.GenericJDBCException: could not prepare statement
[Server:server-two] at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1692)
[Server:server-two] at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1602)
[Server:server-two]
Hence, it is no longer possibel to authenticate.
What could be the cause of the error message:
ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default
task-7) Connection is broken: "session closed" [90067-193]
Could it be a misconfiguration ?
Could it be a bug ?
How is it possible to overcome this issue ?
Note:
This issue is happening with H2 and postgresql database as well.
Regards,
Olivier
--
<http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/i...
<http://www.janua.fr/images/6g_top.gif>
Olivier Rivat
CTO
orivat(a)janua.fr <mailto:dchikhaoui@janua.fr>
Gsm: +33(0)682 801 609
Tél: +33(0)489 829 238
Fax: +33(0)955 260 370
http://www.janua.fr <http://www.janua.fr/>
<http://www.janua.fr/images/6g_top.gif>
4:51 a.m.
Hi,
I have done exactly the same thing with a fresh new install, and obtains
same error
1) Keycloak cluster in domain mode
2) master started as follows
./domain.sh --host-config=host-master.xml -Djboss.http.port=8180
-Djboss.https.port=8543 -Djboss.ajp.port=8109
-Djboss.management.http.port=10090
3) slave started as follows:
./domain.sh --host-config=host-master.xml -Djboss.http.port=8180
-Djboss.https.port=8543 -Djboss.ajp.port=8109
-Djboss.management.http.port=10090
4) perform a couple of authentication with an app deployed against cluster
5) stop server-one (using management consoel at port 10090)
6) try to authenticate
But get following execption on server-two.
When server-one has been closed, it has also closed connection keycloak
server-two.
I think that the discprenacy is lying here.
Why does stopping keycloak server-one entails closing keycloak
server-two connection as well ?
It sounds/smells like a bug.
[Server:server-two] 11:35:31,920 INFO [org.wildfly.extension.undertow]
(ServerService Thread Pool -- 50) WFLYUT0021: Registered web context:
'/auth' for server 'default-server'
[Server:server-two] 11:35:41,148 INFO [org.jboss.as.server]
(ServerService Thread Pool -- 49) WFLYSRV0010: Deployed
"keycloak-server.war" (runtime-name : "keycloak-server.war")
[Server:server-two] 11:35:41,205 INFO [org.jboss.as.server] (Controller
Boot Thread) WFLYSRV0212: Resuming server
[Server:server-two] 11:35:41,249 INFO [org.jboss.as] (Controller Boot
Thread) WFLYSRV0025: Keycloak 3.4.3.Final (WildFly Core 3.0.8.Final)
started in 24224ms - Started 629 of 982 services (704 services are lazy,
passive or on-demand)
[Server:server-two] 11:36:15,150 WARN [org.keycloak.events] (default
task-3) type=LOGIN_ERROR, realmId=master, clientId=app-profile-vanilla,
userId=null, ipAddress=127.0.0.1, error=client_not_found
[Server:server-two] 11:36:48,047 WARN [org.keycloak.events] (default
task-4) type=LOGIN_ERROR, realmId=master, clientId=app-profile-vanilla,
userId=null, ipAddress=127.0.0.1, error=client_not_found
[Server:server-two] 11:38:48,863 WARN
[org.keycloak.connections.httpclient.DefaultHttpClientFactory] (default
task-55) Truststore is disabled
[Server:server-two] 11:40:43,727 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 11:40:43,729 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 11:40:43,831 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 11:40:43,831 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 11:40:43,831 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 11:41:18,712 WARN
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-59) SQL
Error: 90067, SQLState: 90067
[Server:server-two] 11:41:18,714 ERROR
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-59)
Connection is broken: "session closed" [90067-193]
[Server:server-two] 11:41:18,732 WARN [org.keycloak.services] (default
task-59) KC-SERVICES0013: Failed authentication:
javax.persistence.PersistenceException:
org.hibernate.exception.GenericJDBCException: could not prepare statement
[Server:server-two] at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1692)
[Server:server-two] at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1602)
[Server:server-two] at
org.hibernate.jpa.internal.QueryImpl.getResultList(QueryImpl.java:492)
[Server:server-two] at
org.keycloak.models.jpa.JpaUserProvider.getUserByUsername(JpaUserProvider.java:535)
[Server:server-two] at
org.keycloak.storage.UserStorageManager.getUserByUsername(UserStorageManager.java:388)
[Server:server-two] at
org.keycloak.models.cache.infinispan.UserCacheSession.getUserByUsername(UserCacheSession.java:249)
[Server:server-two] at
org.keycloak.models.utils.KeycloakModelUtils.findUserByNameOrEmail(KeycloakModelUtils.java:213)
[Server:server-two] at
org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator.validateUserAndPassword(AbstractUsernameFormAuthenticator.java:153)
[Server:server-two] at
org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.validateForm(UsernamePasswordForm.java:56)
[Server:server-two] at
org.keycloak.authentication.authenticators.browser.UsernamePasswordForm.action(UsernamePasswordForm.java:49)
[Server:server-two] at
org.keycloak.authentication.DefaultAuthenticationFlow.processAction(DefaultAuthenticationFlow.java:92)
Waiting for your updates,
Regards,
Olivier
Le 09/02/2018 à 14:41, Olivier Rivat a écrit :
Hi,
I am trying to setup a cluster example.
I would like to test the HA of my keycloak cluster configured in
domain mode.
If I stop the master node (server-one), I obtain the error message on
slave server-two, when trying to authenticate:
ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default
task-7) Connection is broken: "session closed" [90067-193]
For this I have deployed:
-keyclock 3.4 (latest)
-Wildfly 11
-installed the Jboss EAP adapter.
1) app-jee-vanilla application
==============================
I have used keycloak quick start example and used app-profile-jee-vanilla
The app-jee-vanillan is deployed in wildfly server
wildfly server is authenticating against Keycloak ins standalone mode.
I have first tested in standalone mode and everything works fine fine
as expected.
(Keyclock is strated in standalone mode on port 8180 and wildfly on
port 8080)
2) Configuring the cluster
===========================
1. I have configured the cluster
2. I have run teh command add-user.sh to a create a secret beween
master and slave
3. I have copied teh secret in the host-slave.xml
4. I have created an admin user
bin/add-user-keycloak.sh -r master -u admin6 -p admin6 --domain
5. This admin user has been copied to
mkdir ${KEYCLOAK_HOME}/domain/servers/server-one/configuration
◦ Then copy "keycloak-add-user.json" to the directory above.
6) Both servers are started successfuly with the command
(master)
./domain.sh --host-config=host-master.xml -Djboss.http.port=8180
-Djboss.https.port=8543 -Djboss.ajp.port=8109
-Djboss.management.http.port=10090
(slave)
./domain.sh --host-config=host-slave.xml -Djboss.http.port=8180
-Djboss.https.port=8543 -Djboss.ajp.port=8109
-Djboss.management.http.port=10090
7) I can authenticate successfully to http://localhost:8080/vanilla,
whivh redirects to the the cluster for authentication
8) Stopping Node server-two
I am connecting to the cluster admin console at URL http://localhost:10090
I can stop node server-two, and still continue to log to teh vanilla
app as before.
9) Stopping node server-one (master-node)
I am connecting to the cluster admin console at URL
http://localhost:10090 and stopping node1 (server-one) which is the
master node
server-ones shows:
[Server:server-one] 14:30:25,320 INFO [org.jboss.as] (MSC service
thread 1-7) WFLYSRV0050: Keycloak 3.4.3.Final (WildFly Core
3.0.8.Final) stopped in 389ms
[Server:server-one]
14:30:25,380 INFO [org.jboss.as.process.Server:server-one.status]
(reaper for Server:server-one) WFLYPC0011: Process 'Server:server-one'
finished with an exit status of 0
[Host Controller] 14:30:25,420 INFO [org.jboss.as.host.controller]
(ProcessControllerConnection-thread - 2) WFLYHC0027: Unregistering
server server-one
When I try to connect to the vanilla app, I obtain teh following error
message on server-two:
[Server:server-two] 14:30:25,233 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(thread-2) ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,237 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(thread-2) ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,335 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(thread-2) ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,337 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(thread-2) ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,338 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport]
(thread-2) ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:32:10,526 WARN [org.keycloak.events] (default
task-5) type=REFRESH_TOKEN_ERROR, realmId=master,
clientId=app-profile-vanilla,
userId=202be260-c68e-4871-944e-46122e903531, ipAddress=127.0.0.1,
error=invalid_token, grant_type=refresh_token,
refresh_token_type=Refresh,
refresh_token_id=ae38ae31-a0bc-4958-964e-fc4e6ec9b13f,
client_auth_method=client-secret
[Server:server-two] 14:32:27,087 WARN
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-7)
SQL Error: 90067, SQLState: 90067
[Server:server-two] 14:32:27,087 ERROR
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-7)
Connection is broken: "session closed" [90067-193]
[Server:server-two] 14:32:27,089 WARN [org.keycloak.services]
(default task-7) KC-SERVICES0013: Failed authentication:
javax.persistence.PersistenceException:
org.hibernate.exception.GenericJDBCException: could not prepare statement
[Server:server-two] at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1692)
[Server:server-two] at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1602)
[Server:server-two]
Hence, it is no longer possibel to authenticate.
What could be the cause of the error message:
ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default
task-7) Connection is broken: "session closed" [90067-193]
Could it be a misconfiguration ?
Could it be a bug ?
How is it possible to overcome this issue ?
Note:
This issue is happening with H2 and postgresql database as well.
Regards,
Olivier
--
<http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/i...
<http://www.janua.fr/images/6g_top.gif>
Olivier Rivat
CTO
orivat(a)janua.fr <mailto:dchikhaoui@janua.fr>
Gsm: +33(0)682 801 609
Tél: +33(0)489 829 238
Fax: +33(0)955 260 370
http://www.janua.fr <http://www.janua.fr/>
<http://www.janua.fr/images/6g_top.gif>
--
<http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/i...
<http://www.janua.fr/images/6g_top.gif>
Olivier Rivat
CTO
orivat(a)janua.fr <mailto:dchikhaoui@janua.fr>
Gsm: +33(0)682 801 609
Tél: +33(0)489 829 238
Fax: +33(0)955 260 370
http://www.janua.fr <http://www.janua.fr/>
<http://www.janua.fr/images/6g_top.gif>
2512
days inactive
2513
days old
1 comments
1 participants
participants (1)
-
Olivier Rivat