keycloak-apb issue: create auth token

Hi,

I need help with the keycloak-apb. I've changed it to consume 3.4.0:

https://github.com/feedhenry/keycloak-apb/pull/29

and when provisioning it brings up the image correctly, I keep getting errors with this task:

"Generate keycloak auth token":

https://github.com/matzew/keycloak-apb/blob/2d2cfec2c1c5e7452e7537a7509d91642604e46a/roles/provision-keycloak-apb/tasks/main.yml#L61-L70

See:

```

FAILED - RETRYING: Generate keycloak auth token (344 retries left).

FAILED - RETRYING: Generate keycloak auth token (343 retries left).

FAILED - RETRYING: Generate keycloak auth token (342 retries left).

FAILED - RETRYING: Generate keycloak auth token (341 retries left).

FAILED - RETRYING: Generate keycloak auth token (340 retries left).

FAILED - RETRYING: Generate keycloak auth token (339 retries left).

FAILED - RETRYING: Generate keycloak auth token (338 retries left).

FAILED - RETRYING: Generate keycloak auth token (337 retries left).

FAILED - RETRYING: Generate keycloak auth token (336 retries left).

FAILED - RETRYING: Generate keycloak auth token (335 retries left).

FAILED - RETRYING: Generate keycloak auth token (334 retries left).

FAILED - RETRYING: Generate keycloak auth token (333 retries left).

FAILED - RETRYING: Generate keycloak auth token (332 retries left).

FAILED - RETRYING: Generate keycloak auth token (331 retries left).

FAILED - RETRYING: Generate keycloak auth token (330 retries left).

FAILED - RETRYING: Generate keycloak auth token (329 retries left).

FAILED - RETRYING: Generate keycloak auth token (328 retries left).

FAILED - RETRYING: Generate keycloak auth token (327 retries left).

FAILED - RETRYING: Generate keycloak auth token (326 retries left).

FAILED - RETRYING: Generate keycloak auth token (325 retries left).

FAILED - RETRYING: Generate keycloak auth token (324 retries left).

```

The weird thing is... translating that translating this into a vanilla CURL... it all works:

```

curl -v --data "grant_type=password&client_id=admin-cli&username=${USER}&password=${PASS}" http://keycloak-testapp.192.168.37.1.nip.io/auth/realms/master/protocol/openid-connect/token

```

I get a JSON {access_token":".........

Now,.... I've tried the same, with the old 2.5.4 image from Jimmi - and I get the same "FAILED - RETRYING: Generate keycloak auth token (338 retries left)" ... I've double checked, and ssh'ed into the pod, checking the contents of the actions - and yes, the pod now is 2.5.4 ... :-(

So... perhaps... there is something wrong ?

I use apb:latest (from upstream - not feedhenry) - and of course our MCP master (Origin v3.7.0-rc-0)

Can one try the PR and see if that works for him ? 

(make apb_build && make apb_push)

PS: you need to give the developer the 'cluster-admin' role, in order to push ... Phil and I ran into that earlier this week ... 

Thanks!

--

Project lead AeroGear.org

_______________________________________________
feedhenry-dev mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/feedhenry-dev

Hey Matthias,

I have seen this happen (on someone elses machine).

It turned out to be missing firewall rules as the pod couldn't reach the keycloak pod/network

Might be worth checking your rules agains the docs

https://github.com/feedhenry/mcp-standalone/blob/master/docs/walkthroughs/local-setup.adoc#firewall-requirements-required

On linux (Fedora 25), here's my rules

firewall-cmd  --info-zone dockerc

dockerc (active)

  target: default

  icmp-block-inversion: no

  interfaces: 

  sources: 172.17.0.0/16

  services: 

  ports: 443/tcp 53/udp 80/tcp 8443/tcp 8053/udp 5353/udp 8080/tcp

  protocols: 

  masquerade: no

  forward-ports: 

  source-ports: 

  icmp-blocks: 

  rich rules: 

selinux may play a part either, so you could try disabling temporarily to see if that works around the problem.

On 23 November 2017 at 20:49, Matthias Wessendorf <[hidden email]> wrote:

Hi,

I need help with the keycloak-apb. I've changed it to consume 3.4.0:

https://github.com/feedhenry/keycloak-apb/pull/29

and when provisioning it brings up the image correctly, I keep getting errors with this task:

"Generate keycloak auth token":

https://github.com/matzew/keycloak-apb/blob/2d2cfec2c1c5e7452e7537a7509d91642604e46a/roles/provision-keycloak-apb/tasks/main.yml#L61-L70

See:

```

FAILED - RETRYING: Generate keycloak auth token (344 retries left).

FAILED - RETRYING: Generate keycloak auth token (343 retries left).

FAILED - RETRYING: Generate keycloak auth token (342 retries left).

FAILED - RETRYING: Generate keycloak auth token (341 retries left).

FAILED - RETRYING: Generate keycloak auth token (340 retries left).

FAILED - RETRYING: Generate keycloak auth token (339 retries left).

FAILED - RETRYING: Generate keycloak auth token (338 retries left).

FAILED - RETRYING: Generate keycloak auth token (337 retries left).

FAILED - RETRYING: Generate keycloak auth token (336 retries left).

FAILED - RETRYING: Generate keycloak auth token (335 retries left).

FAILED - RETRYING: Generate keycloak auth token (334 retries left).

FAILED - RETRYING: Generate keycloak auth token (333 retries left).

FAILED - RETRYING: Generate keycloak auth token (332 retries left).

FAILED - RETRYING: Generate keycloak auth token (331 retries left).

FAILED - RETRYING: Generate keycloak auth token (330 retries left).

FAILED - RETRYING: Generate keycloak auth token (329 retries left).

FAILED - RETRYING: Generate keycloak auth token (328 retries left).

FAILED - RETRYING: Generate keycloak auth token (327 retries left).

FAILED - RETRYING: Generate keycloak auth token (326 retries left).

FAILED - RETRYING: Generate keycloak auth token (325 retries left).

FAILED - RETRYING: Generate keycloak auth token (324 retries left).

```

The weird thing is... translating that translating this into a vanilla CURL... it all works:

```

curl -v --data "grant_type=password&client_id=admin-cli&username=${USER}&password=${PASS}" http://keycloak-testapp.192.168.37.1.nip.io/auth/realms/master/protocol/openid-connect/token

```

I get a JSON {access_token":".........

Now,.... I've tried the same, with the old 2.5.4 image from Jimmi - and I get the same "FAILED - RETRYING: Generate keycloak auth token (338 retries left)" ... I've double checked, and ssh'ed into the pod, checking the contents of the actions - and yes, the pod now is 2.5.4 ... :-(

So... perhaps... there is something wrong ?

I use apb:latest (from upstream - not feedhenry) - and of course our MCP master (Origin v3.7.0-rc-0)

Can one try the PR and see if that works for him ? 

(make apb_build && make apb_push)

PS: you need to give the developer the 'cluster-admin' role, in order to push ... Phil and I ran into that earlier this week ... 

Thanks!

--

Project lead AeroGear.org

_______________________________________________
feedhenry-dev mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/feedhenry-dev

--

David Martin

Red Hat Mobile

Twitter: @irldavem

IRC: @irldavem (feedhenry, mobile-internal)