[keycloak-user] keycloak cluster - keycloak-user at lists.jboss.org "database error message session is closed" after stopping server-one
Olivier Rivat
orivat at janua.fr
Fri Feb 9 08:41:49 EST 2018
Hi,
I am trying to setup a cluster example.
I would like to test the HA of my keycloak cluster configured in domain
mode.
If I stop the master node (server-one), I obtain the error message on
slave server-two, when trying to authenticate:
ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default
task-7) Connection is broken: "session closed" [90067-193]
For this I have deployed:
-keyclock 3.4 (latest)
-Wildfly 11
-installed the Jboss EAP adapter.
1) app-jee-vanilla application
==============================
I have used keycloak quick start example and used app-profile-jee-vanilla
The app-jee-vanillan is deployed in wildfly server
wildfly server is authenticating against Keycloak ins standalone mode.
I have first tested in standalone mode and everything works fine fine as
expected.
(Keyclock is strated in standalone mode on port 8180 and wildfly on port
8080)
2) Configuring the cluster
===========================
1. I have configured the cluster
2. I have run teh command add-user.sh to a create a secret beween master
and slave
3. I have copied teh secret in the host-slave.xml
4. I have created an admin user
bin/add-user-keycloak.sh -r master -u admin6 -p admin6 --domain
5. This admin user has been copied to
mkdir ${KEYCLOAK_HOME}/domain/servers/server-one/configuration
◦ Then copy "keycloak-add-user.json" to the directory above.
6) Both servers are started successfuly with the command
(master)
./domain.sh --host-config=host-master.xml -Djboss.http.port=8180
-Djboss.https.port=8543 -Djboss.ajp.port=8109
-Djboss.management.http.port=10090
(slave)
./domain.sh --host-config=host-slave.xml -Djboss.http.port=8180
-Djboss.https.port=8543 -Djboss.ajp.port=8109
-Djboss.management.http.port=10090
7) I can authenticate successfully to http://localhost:8080/vanilla,
whivh redirects to the the cluster for authentication
8) Stopping Node server-two
I am connecting to the cluster admin console at URL http://localhost:10090
I can stop node server-two, and still continue to log to teh vanilla app
as before.
9) Stopping node server-one (master-node)
I am connecting to the cluster admin console at URL
http://localhost:10090 and stopping node1 (server-one) which is the
master node
server-ones shows:
[Server:server-one] 14:30:25,320 INFO [org.jboss.as] (MSC service
thread 1-7) WFLYSRV0050: Keycloak 3.4.3.Final (WildFly Core 3.0.8.Final)
stopped in 389ms
[Server:server-one]
14:30:25,380 INFO [org.jboss.as.process.Server:server-one.status]
(reaper for Server:server-one) WFLYPC0011: Process 'Server:server-one'
finished with an exit status of 0
[Host Controller] 14:30:25,420 INFO [org.jboss.as.host.controller]
(ProcessControllerConnection-thread - 2) WFLYHC0027: Unregistering
server server-one
When I try to connect to the vanilla app, I obtain teh following error
message on server-two:
[Server:server-two] 14:30:25,233 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,237 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,335 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,337 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:30:25,338 INFO
[org.infinispan.remoting.transport.jgroups.JGroupsTransport] (thread-2)
ISPN000094: Received new cluster view for channel ejb:
[asus:server-two|2] (1) [asus:server-two]
[Server:server-two] 14:32:10,526 WARN [org.keycloak.events] (default
task-5) type=REFRESH_TOKEN_ERROR, realmId=master,
clientId=app-profile-vanilla,
userId=202be260-c68e-4871-944e-46122e903531, ipAddress=127.0.0.1,
error=invalid_token, grant_type=refresh_token,
refresh_token_type=Refresh,
refresh_token_id=ae38ae31-a0bc-4958-964e-fc4e6ec9b13f,
client_auth_method=client-secret
[Server:server-two] 14:32:27,087 WARN
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-7) SQL
Error: 90067, SQLState: 90067
[Server:server-two] 14:32:27,087 ERROR
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-7)
Connection is broken: "session closed" [90067-193]
[Server:server-two] 14:32:27,089 WARN [org.keycloak.services] (default
task-7) KC-SERVICES0013: Failed authentication:
javax.persistence.PersistenceException:
org.hibernate.exception.GenericJDBCException: could not prepare statement
[Server:server-two] at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1692)
[Server:server-two] at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1602)
[Server:server-two]
Hence, it is no longer possibel to authenticate.
What could be the cause of the error message:
ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default
task-7) Connection is broken: "session closed" [90067-193]
Could it be a misconfiguration ?
Could it be a bug ?
How is it possible to overcome this issue ?
Note:
This issue is happening with H2 and postgresql database as well.
Regards,
Olivier
--
<http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/images/LogoSignature.gif>
<http://www.janua.fr/images/6g_top.gif>
Olivier Rivat
CTO
orivat at janua.fr <mailto:dchikhaoui at janua.fr>
Gsm: +33(0)682 801 609
Tél: +33(0)489 829 238
Fax: +33(0)955 260 370
http://www.janua.fr <http://www.janua.fr/>
<http://www.janua.fr/images/6g_top.gif>
More information about the keycloak-user
mailing list