mysql - Kubernetes 上的 KeyCloak 未与外部 MySQL 连接
问题描述
我正在尝试在 kubernetes 上运行 KeyCloak 并连接到外部 MySQL 数据库。deployment.yaml
我使用和部署service.yaml
如下:
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: {{K8S_NAMESPACE}}
name: keycloak
labels:
app: keycloak
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
name: keycloak
template:
metadata:
labels:
name: keycloak
annotations:
sla: high
tier: application
sidecar.istio.io/inject: "false"
spec:
automountServiceAccountToken: true
imagePullSecrets:
- name: harbor-bot
serviceAccount: tenant-pod-root
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:14.0.0
imagePullPolicy: Always
resources:
limits:
cpu: 750m
memory: 768Mi
requests:
cpu: 750m
memory: 768Mi
env:
- name: KEYCLOAK_USER
value: {{KEYCLOAK_USER}}
- name: KEYCLOAK_PASSWORD
value: {{KEYCLOAK_PASSWORD}}
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: {{KEYCLOAK_DB_VENDOR}}
- name: DB_ADDR
value: {{KEYCLOAK_DB_ADDR}}
- name: DB_DATABASE
value: {{KEYCLOAK_DB_DATABASE}}
- name: DB_USER
value: {{KEYCLOAK_DB_USER}}
- name: DB_PASSWORD
value: {{KEYCLOAK_DB_PASSWORD}}
- name: DB_PORT
value: "3306"
- name: JDBC_PARAMS
value: "useSSL=false"
readinessProbe:
httpGet:
path: /auth/realms/master
port: 8080
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 8443
----------
apiVersion: v1
kind: Service
metadata:
labels:
name: keycloak
namespace: {{K8S_NAMESPACE}}
name: keycloak
spec:
ports:
- name: tcp-upstream
port: 8080
protocol: TCP
targetPort: 8080
selector:
name: keycloak
sessionAffinity: None
type: ClusterIP
当我尝试在 kubernetes 中运行此 yaml 时,出现以下错误:
12:41:55,174 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 17) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
"operation" => "add",
"address" => [("subsystem" => "naming")]
}, {
"operation" => "add",
"address" => [
("subsystem" => "naming"),
("service" => "remote-naming")
]
}]: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTransactionControl.operationPrepared(ParallelBootOperationStepHandler.java:458)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.ModelController$OperationTransactionControl.operationPrepared(ModelController.java:131)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:874)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:805)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:829)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
12:41:55,173 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 10) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
"operation" => "add",
"address" => [("subsystem" => "jgroups")],
"default-channel" => "ee"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("channel" => "ee")
],
"stack" => "udp",
"cluster" => "ejb"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("transport" => "UDP")
],
"socket-binding" => "jgroups-udp"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "PING")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "MERGE3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "FD_SOCK")
],
"socket-binding" => "jgroups-udp-fd"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "FD_ALL")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "VERIFY_SUSPECT")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "pbcast.NAKACK2")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "UNICAST3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "pbcast.STABLE")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "pbcast.GMS")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "UFC")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "MFC")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "udp"),
("protocol" => "FRAG3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("transport" => "TCP")
],
"socket-binding" => "jgroups-tcp"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "MPING")
],
"socket-binding" => "jgroups-mping"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "MERGE3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "FD_SOCK")
],
"socket-binding" => "jgroups-tcp-fd"
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "FD_ALL")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "VERIFY_SUSPECT")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "pbcast.NAKACK2")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "UNICAST3")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "pbcast.STABLE")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "pbcast.GMS")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "MFC")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "jgroups"),
("stack" => "tcp"),
("protocol" => "FRAG3")
]
}]: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTransactionControl.operationPrepared(ParallelBootOperationStepHandler.java:458)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.ModelController$OperationTransactionControl.operationPrepared(ModelController.java:131)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:874)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:805)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:829)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
12:41:55,173 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 12) WFLYCTL0403: Unexpected failure during execution of the following operation(s): [{
"operation" => "add",
"address" => [("subsystem" => "elytron")],
"final-providers" => "combined-providers",
"disallowed-providers" => ["OracleUcrypto"]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("aggregate-providers" => "combined-providers")
],
"providers" => [
"elytron",
"openssl"
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("provider-loader" => "elytron")
],
"module" => "org.wildfly.security.elytron"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("provider-loader" => "openssl")
],
"module" => "org.wildfly.openssl"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("file-audit-log" => "local-audit")
],
"path" => "audit.log",
"relative-to" => "jboss.server.log.dir",
"format" => "JSON"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("security-domain" => "ApplicationDomain")
],
"default-realm" => "ApplicationRealm",
"permission-mapper" => "default-permission-mapper",
"realms" => [
{
"realm" => "ApplicationRealm",
"role-decoder" => "groups-to-roles"
},
{"realm" => "local"}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("security-domain" => "ManagementDomain")
],
"default-realm" => "ManagementRealm",
"permission-mapper" => "default-permission-mapper",
"realms" => [
{
"realm" => "ManagementRealm",
"role-decoder" => "groups-to-roles"
},
{
"realm" => "local",
"role-mapper" => "super-user-mapper"
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("identity-realm" => "local")
],
"identity" => "$local"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("properties-realm" => "ApplicationRealm")
],
"users-properties" => {
"path" => "application-users.properties",
"relative-to" => "jboss.server.config.dir",
"digest-realm-name" => "ApplicationRealm"
},
"groups-properties" => {
"path" => "application-roles.properties",
"relative-to" => "jboss.server.config.dir"
}
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("properties-realm" => "ManagementRealm")
],
"users-properties" => {
"path" => "mgmt-users.properties",
"relative-to" => "jboss.server.config.dir",
"digest-realm-name" => "ManagementRealm"
},
"groups-properties" => {
"path" => "mgmt-groups.properties",
"relative-to" => "jboss.server.config.dir"
}
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("simple-permission-mapper" => "default-permission-mapper")
],
"mapping-mode" => "first",
"permission-mappings" => [
{
"principals" => ["anonymous"],
"permission-sets" => [{"permission-set" => "default-permissions"}]
},
{
"match-all" => true,
"permission-sets" => [
{"permission-set" => "login-permission"},
{"permission-set" => "default-permissions"}
]
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("constant-realm-mapper" => "local")
],
"realm-name" => "local"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("simple-role-decoder" => "groups-to-roles")
],
"attribute" => "groups"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("constant-role-mapper" => "super-user-mapper")
],
"roles" => ["SuperUser"]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("permission-set" => "login-permission")
],
"permissions" => [{"class-name" => "org.wildfly.security.auth.permission.LoginPermission"}]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("permission-set" => "default-permissions")
],
"permissions" => [
{
"class-name" => "org.wildfly.extension.batch.jberet.deployment.BatchPermission",
"module" => "org.wildfly.extension.batch.jberet",
"target-name" => "*"
},
{
"class-name" => "org.wildfly.transaction.client.RemoteTransactionPermission",
"module" => "org.wildfly.transaction.client"
},
{
"class-name" => "org.jboss.ejb.client.RemoteEJBPermission",
"module" => "org.jboss.ejb-client"
},
{
"class-name" => "org.jboss.ejb.client.RemoteEJBPermission",
"module" => "org.jboss.ejb-client"
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("http-authentication-factory" => "management-http-authentication")
],
"security-domain" => "ManagementDomain",
"http-server-mechanism-factory" => "global",
"mechanism-configurations" => [{
"mechanism-name" => "DIGEST",
"mechanism-realm-configurations" => [{"realm-name" => "ManagementRealm"}]
}]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("provider-http-server-mechanism-factory" => "global")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("sasl-authentication-factory" => "application-sasl-authentication")
],
"sasl-server-factory" => "configured",
"security-domain" => "ApplicationDomain",
"mechanism-configurations" => [
{
"mechanism-name" => "JBOSS-LOCAL-USER",
"realm-mapper" => "local"
},
{
"mechanism-name" => "DIGEST-MD5",
"mechanism-realm-configurations" => [{"realm-name" => "ApplicationRealm"}]
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("sasl-authentication-factory" => "management-sasl-authentication")
],
"sasl-server-factory" => "configured",
"security-domain" => "ManagementDomain",
"mechanism-configurations" => [
{
"mechanism-name" => "JBOSS-LOCAL-USER",
"realm-mapper" => "local"
},
{
"mechanism-name" => "DIGEST-MD5",
"mechanism-realm-configurations" => [{"realm-name" => "ManagementRealm"}]
}
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("configurable-sasl-server-factory" => "configured")
],
"sasl-server-factory" => "elytron",
"properties" => {"wildfly.sasl.local-user.default-user" => "$local"}
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("mechanism-provider-filtering-sasl-server-factory" => "elytron")
],
"sasl-server-factory" => "global",
"filters" => [{"provider-name" => "WildFlyElytron"}]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("provider-sasl-server-factory" => "global")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("key-store" => "applicationKS")
],
"credential-reference" => {"clear-text" => "password"},
"type" => "JKS",
"path" => "application.keystore",
"relative-to" => "jboss.server.config.dir"
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("key-manager" => "applicationKM")
],
"key-store" => "applicationKS",
"generate-self-signed-certificate-host" => "localhost",
"credential-reference" => {"clear-text" => "password"}
}, {
"operation" => "add",
"address" => [
("subsystem" => "elytron"),
("server-ssl-context" => "applicationSSC")
],
"key-manager" => "applicationKM"
}]: java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTransactionControl.operationPrepared(ParallelBootOperationStepHandler.java:458)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.ModelController$OperationTransactionControl.operationPrepared(ModelController.java:131)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeDoneStage(AbstractOperationContext.java:874)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:805)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:468)
at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:829)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
我提供给 keycloak 的用户以及这里的数据库已经创建。
我不确定为什么会出现这样的错误 -java.lang.RuntimeException: WFLYCTL0195: Interrupted awaiting transaction commit or rollback
这真的很令人困惑。相同的 keycloak 在没有 MySQL 的情况下运行完全没问题。
解决方案
您可以尝试将模块定义为:
<module xmlns="urn:jboss:module:1.1" name="com.mysql">
<resources>
<resource-root path="mysql-connector-java-8.0.26.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
并基于此模块在standalone.xml 中使用驱动程序:
<driver name="mysql" module="com.mysql">
<xa-datasource-class>com.mysql.cj.jdbc.MysqlXADataSource</xa-datasource-class>
</driver>
这就是帮助我解决这个问题的原因。
推荐阅读
- javascript - 在后台点击组件外部后关闭弹出组件并将状态设置为False
- java - 无法从 BeanPostProcessor 中的占位符获取值
- netcdf - 在 Xarray 中修改纬度和经度数组
- python - 如何从 Python Pandas DataFrame 中的循环结果中删除重复项?
- myfaces - h:selectOneMenu 在 Myfaces 从 1.1.4 升级到 1.1.8 后不起作用
- html - 试图在第二步显示第一种和第二种形式
- python - python 3中subprocess.call和os.system之间的区别
- ios - 如何使用 fastlane 将我的 iOS 应用程序编译为 .xcarchive,然后单独签名并制作 IPA?
- python - 用列表中的值替换模板文件中的文本的 Python 脚本
- r - 如何减去列表中的数字?