[keycloak-user] Accessing JGroups ports in Docker keycloak-ha-postgres

Stian Thorgersen sthorger at redhat.com
Fri Dec 2 01:27:34 EST 2016 

Nice work, but I'm not sure I want to merge this. It's hard to test and
maintain so we need to limit the amount of variations of the Docker images.

On 29 November 2016 at 10:31, Staffan <solsson at gmail.com> wrote:

> After lots of experimentation, I found keycloak-mysql to be more useful
> than keycloak-ha-postgres for HA in Kubernetes. See
> https://github.com/jboss-dockerfiles/keycloak/pull/62
>
> There is some more background in the JGroups mailing list thread "Expose
> JGroups ports in Docker keycloak-ha-postgres".
>
> /Staffan
>
> On Tue, Nov 8, 2016 at 11:29 AM, Staffan <solsson at gmail.com> wrote:
>
> > Hi,
> >
> > I've tried in different docker environments (compose, kubernetes,
> > standalone) to get a HA setup running using https://hub.docker.com/r/
> > jboss/keycloak-ha-postgres/.
> >
> > Keycloak nodes start all right, but are unaware of each other. Curiously
> I
> > fail to reach the JGroups ports from any other container or host system.
> >
> > When I try -Djboss.bind.address.private=0.0.0.0 there's an error during
> > startup:
> >
> > MSC000001: Failed to start service jboss.jgroups.channel.ee:
> > org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee
> :
> > java.security.PrivilegedActionException: java.net.BindException: [UDP] /
> > 0.0.0.0 is not a valid address on any local network interface
> >     at org.wildfly.clustering.jgroups.spi.service.ChannelBuilder.start(
> > ChannelBuilder.java:80)
> > Caused by: java.security.PrivilegedActionException:
> > java.net.BindException: [UDP] /0.0.0.0 is not a valid address on any
> > local network interface
> >     at org.wildfly.security.manager.WildFlySecurityManager.doChecked(
> > WildFlySecurityManager.java:640)
> > Caused by: java.net.BindException: [UDP] /0.0.0.0 is not a valid address
> > on any local network interface
> >     at org.jgroups.util.Util.checkIfValidAddress(Util.java:3522)
> >
> > ... or if I switch to stack="tcp" in the jgroups subsystem:
> >
> > MSC000001: Failed to start service jboss.jgroups.channel.ee:
> > org.jboss.msc.service.StartException in service jboss.jgroups.channel.ee
> :
> > java.security.PrivilegedActionException: java.net.BindException: [TCP] /
> > 0.0.0.0 is not a valid address on any local network interface
> >
> > I guess this is a generic Wildfly topic, but I'm curious how the official
> > Keycloak docker containers are tested. In a docker context, the only two
> > interfaces I can bind to are 0.0.0.0 and 127.0.0.1.
> >
> > regards
> > Staffan Olsson
> >
> >
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list