Keycloak pod fails to start

Question

Keycloak pod fails to start

Opened this issue 7 years ago · 2 comments

I'm seeing the same thing as in #9 . I've done a little testing and it seems 100% reproducible if you have minishift addons enabled. The keycloak pod seems to startup successfully if they are all disabled. Here are the addons I have enabled in order to reproduce this -

wlan-196-125:syndesis cunningt$ minishift addons list

admin-user : enabled P(0)
anyuid : enabled P(0)
xpaas : enabled P(0)

10:09:52,553 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 51) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:85)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:162)
at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209)
at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299)
at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231)
at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132)
at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
... 6 more
Caused by: java.lang.RuntimeException: Failed to initialize TruststoreProviderFactory: /opt/jboss/keycloak/standalone/configuration/tls/openshift-truststore.jks
at org.keycloak.truststore.FileTruststoreProviderFactory.init(FileTruststoreProviderFactory.java:76)
at org.keycloak.services.DefaultKeycloakSessionFactory.loadFactories(DefaultKeycloakSessionFactory.java:209)
at org.keycloak.services.DefaultKeycloakSessionFactory.init(DefaultKeycloakSessionFactory.java:76)
at org.keycloak.services.resources.KeycloakApplication.createSessionFactory(KeycloakApplication.java:313)
at org.keycloak.services.resources.KeycloakApplication.(KeycloakApplication.java:110)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
... 19 more
Caused by: java.io.FileNotFoundException: /opt/jboss/keycloak/standalone/configuration/tls/openshift-truststore.jks (No such file or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.(FileInputStream.java:138)
at java.io.FileInputStream.(FileInputStream.java:93)
at org.keycloak.truststore.FileTruststoreProviderFactory.loadStore(FileTruststoreProviderFactory.java:95)
at org.keycloak.truststore.FileTruststoreProviderFactory.init(FileTruststoreProviderFactory.java:74)
... 28 more

Answer 1 · 2017-09-27T20:22:51.000Z

The keystore is created by an init-container during startup, but at the location /tls-keystore/openshift-truststore.jks (and not /opt/jboss/keycloak/standalone/configuration/tls/openshift-truststore.jks as in the logs).

Now that I look into the templates, its seems that Java is started with a reference to the latter path, so I actually wonder whether this ever worked. But @jimmidyson should know the mechanics much better.

Answer 2 · 2017-09-28T09:27:06.000Z

I think we'd have known by now if this never worked :)

The shared volume is mounted on a different mountpoint in the init container (https://github.com/syndesisio/syndesis-openshift-templates/blob/master/syndesis.yml#L887-L889) to in the main container (https://github.com/syndesisio/syndesis-openshift-templates/blob/master/syndesis.yml#L942-L943) so this is not the problem.

We have noticed bugs in OpenShift when the init container doesn't run properly, is just ignored or skipped totally, so could be that.