keycloak-apb issue: create auth token

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

keycloak-apb issue: create auth token

Matthias Wessendorf
Hi,

I need help with the keycloak-apb. I've changed it to consume 3.4.0:


and when provisioning it brings up the image correctly, I keep getting errors with this task:

"Generate keycloak auth token":

See:

```
FAILED - RETRYING: Generate keycloak auth token (344 retries left).
FAILED - RETRYING: Generate keycloak auth token (343 retries left).
FAILED - RETRYING: Generate keycloak auth token (342 retries left).
FAILED - RETRYING: Generate keycloak auth token (341 retries left).
FAILED - RETRYING: Generate keycloak auth token (340 retries left).
FAILED - RETRYING: Generate keycloak auth token (339 retries left).
FAILED - RETRYING: Generate keycloak auth token (338 retries left).
FAILED - RETRYING: Generate keycloak auth token (337 retries left).
FAILED - RETRYING: Generate keycloak auth token (336 retries left).
FAILED - RETRYING: Generate keycloak auth token (335 retries left).
FAILED - RETRYING: Generate keycloak auth token (334 retries left).
FAILED - RETRYING: Generate keycloak auth token (333 retries left).
FAILED - RETRYING: Generate keycloak auth token (332 retries left).
FAILED - RETRYING: Generate keycloak auth token (331 retries left).
FAILED - RETRYING: Generate keycloak auth token (330 retries left).
FAILED - RETRYING: Generate keycloak auth token (329 retries left).
FAILED - RETRYING: Generate keycloak auth token (328 retries left).
FAILED - RETRYING: Generate keycloak auth token (327 retries left).
FAILED - RETRYING: Generate keycloak auth token (326 retries left).
FAILED - RETRYING: Generate keycloak auth token (325 retries left).
FAILED - RETRYING: Generate keycloak auth token (324 retries left).
```

The weird thing is... translating that translating this into a vanilla CURL... it all works:

```
curl -v --data "grant_type=password&client_id=admin-cli&username=${USER}&password=${PASS}" http://keycloak-testapp.192.168.37.1.nip.io/auth/realms/master/protocol/openid-connect/token
```

I get a JSON {access_token":".........



Now,.... I've tried the same, with the old 2.5.4 image from Jimmi - and I get the same "FAILED - RETRYING: Generate keycloak auth token (338 retries left)" ... I've double checked, and ssh'ed into the pod, checking the contents of the actions - and yes, the pod now is 2.5.4 ... :-(


So... perhaps... there is something wrong ?

I use apb:latest (from upstream - not feedhenry) - and of course our MCP master (Origin v3.7.0-rc-0)



Can one try the PR and see if that works for him ? 
(make apb_build && make apb_push)

PS: you need to give the developer the 'cluster-admin' role, in order to push ... Phil and I ran into that earlier this week ... 


Thanks!





--
Project lead AeroGear.org

_______________________________________________
feedhenry-dev mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/feedhenry-dev
Reply | Threaded
Open this post in threaded view
|

Re: keycloak-apb issue: create auth token

David Martin
Hey Matthias,


I have seen this happen (on someone elses machine).
It turned out to be missing firewall rules as the pod couldn't reach the keycloak pod/network

Might be worth checking your rules agains the docs

On linux (Fedora 25), here's my rules

firewall-cmd  --info-zone dockerc
dockerc (active)
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 172.17.0.0/16
  services: 
  ports: 443/tcp 53/udp 80/tcp 8443/tcp 8053/udp 5353/udp 8080/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

selinux may play a part either, so you could try disabling temporarily to see if that works around the problem.


On 23 November 2017 at 20:49, Matthias Wessendorf <[hidden email]> wrote:
Hi,

I need help with the keycloak-apb. I've changed it to consume 3.4.0:


and when provisioning it brings up the image correctly, I keep getting errors with this task:

"Generate keycloak auth token":

See:

```
FAILED - RETRYING: Generate keycloak auth token (344 retries left).
FAILED - RETRYING: Generate keycloak auth token (343 retries left).
FAILED - RETRYING: Generate keycloak auth token (342 retries left).
FAILED - RETRYING: Generate keycloak auth token (341 retries left).
FAILED - RETRYING: Generate keycloak auth token (340 retries left).
FAILED - RETRYING: Generate keycloak auth token (339 retries left).
FAILED - RETRYING: Generate keycloak auth token (338 retries left).
FAILED - RETRYING: Generate keycloak auth token (337 retries left).
FAILED - RETRYING: Generate keycloak auth token (336 retries left).
FAILED - RETRYING: Generate keycloak auth token (335 retries left).
FAILED - RETRYING: Generate keycloak auth token (334 retries left).
FAILED - RETRYING: Generate keycloak auth token (333 retries left).
FAILED - RETRYING: Generate keycloak auth token (332 retries left).
FAILED - RETRYING: Generate keycloak auth token (331 retries left).
FAILED - RETRYING: Generate keycloak auth token (330 retries left).
FAILED - RETRYING: Generate keycloak auth token (329 retries left).
FAILED - RETRYING: Generate keycloak auth token (328 retries left).
FAILED - RETRYING: Generate keycloak auth token (327 retries left).
FAILED - RETRYING: Generate keycloak auth token (326 retries left).
FAILED - RETRYING: Generate keycloak auth token (325 retries left).
FAILED - RETRYING: Generate keycloak auth token (324 retries left).
```

The weird thing is... translating that translating this into a vanilla CURL... it all works:

```
curl -v --data "grant_type=password&client_id=admin-cli&username=${USER}&password=${PASS}" http://keycloak-testapp.192.168.37.1.nip.io/auth/realms/master/protocol/openid-connect/token
```

I get a JSON {access_token":".........



Now,.... I've tried the same, with the old 2.5.4 image from Jimmi - and I get the same "FAILED - RETRYING: Generate keycloak auth token (338 retries left)" ... I've double checked, and ssh'ed into the pod, checking the contents of the actions - and yes, the pod now is 2.5.4 ... :-(


So... perhaps... there is something wrong ?

I use apb:latest (from upstream - not feedhenry) - and of course our MCP master (Origin v3.7.0-rc-0)



Can one try the PR and see if that works for him ? 
(make apb_build && make apb_push)

PS: you need to give the developer the 'cluster-admin' role, in order to push ... Phil and I ran into that earlier this week ... 


Thanks!





--
Project lead AeroGear.org

_______________________________________________
feedhenry-dev mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/feedhenry-dev




--
David Martin
Red Hat Mobile
Twitter: @irldavem
IRC: @irldavem (feedhenry, mobile-internal)

_______________________________________________
feedhenry-dev mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/feedhenry-dev
Reply | Threaded
Open this post in threaded view
|

Re: keycloak-apb issue: create auth token

Matthias Wessendorf
Hey Dave,

it used to work, but checking I see I had a few ports less than you:

ports: 8443/tcp 53/udp 8053/udp 443/tcp


updating now, and trying it all again 


On Fri, Nov 24, 2017 at 10:30 AM, David Martin <[hidden email]> wrote:
Hey Matthias,


I have seen this happen (on someone elses machine).
It turned out to be missing firewall rules as the pod couldn't reach the keycloak pod/network

Might be worth checking your rules agains the docs

On linux (Fedora 25), here's my rules

firewall-cmd  --info-zone dockerc
dockerc (active)
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 172.17.0.0/16
  services: 
  ports: 443/tcp 53/udp 80/tcp 8443/tcp 8053/udp 5353/udp 8080/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

selinux may play a part either, so you could try disabling temporarily to see if that works around the problem.


On 23 November 2017 at 20:49, Matthias Wessendorf <[hidden email]> wrote:
Hi,

I need help with the keycloak-apb. I've changed it to consume 3.4.0:


and when provisioning it brings up the image correctly, I keep getting errors with this task:

"Generate keycloak auth token":

See:

```
FAILED - RETRYING: Generate keycloak auth token (344 retries left).
FAILED - RETRYING: Generate keycloak auth token (343 retries left).
FAILED - RETRYING: Generate keycloak auth token (342 retries left).
FAILED - RETRYING: Generate keycloak auth token (341 retries left).
FAILED - RETRYING: Generate keycloak auth token (340 retries left).
FAILED - RETRYING: Generate keycloak auth token (339 retries left).
FAILED - RETRYING: Generate keycloak auth token (338 retries left).
FAILED - RETRYING: Generate keycloak auth token (337 retries left).
FAILED - RETRYING: Generate keycloak auth token (336 retries left).
FAILED - RETRYING: Generate keycloak auth token (335 retries left).
FAILED - RETRYING: Generate keycloak auth token (334 retries left).
FAILED - RETRYING: Generate keycloak auth token (333 retries left).
FAILED - RETRYING: Generate keycloak auth token (332 retries left).
FAILED - RETRYING: Generate keycloak auth token (331 retries left).
FAILED - RETRYING: Generate keycloak auth token (330 retries left).
FAILED - RETRYING: Generate keycloak auth token (329 retries left).
FAILED - RETRYING: Generate keycloak auth token (328 retries left).
FAILED - RETRYING: Generate keycloak auth token (327 retries left).
FAILED - RETRYING: Generate keycloak auth token (326 retries left).
FAILED - RETRYING: Generate keycloak auth token (325 retries left).
FAILED - RETRYING: Generate keycloak auth token (324 retries left).
```

The weird thing is... translating that translating this into a vanilla CURL... it all works:

```
curl -v --data "grant_type=password&client_id=admin-cli&username=${USER}&password=${PASS}" http://keycloak-testapp.192.168.37.1.nip.io/auth/realms/master/protocol/openid-connect/token
```

I get a JSON {access_token":".........



Now,.... I've tried the same, with the old 2.5.4 image from Jimmi - and I get the same "FAILED - RETRYING: Generate keycloak auth token (338 retries left)" ... I've double checked, and ssh'ed into the pod, checking the contents of the actions - and yes, the pod now is 2.5.4 ... :-(


So... perhaps... there is something wrong ?

I use apb:latest (from upstream - not feedhenry) - and of course our MCP master (Origin v3.7.0-rc-0)



Can one try the PR and see if that works for him ? 
(make apb_build && make apb_push)

PS: you need to give the developer the 'cluster-admin' role, in order to push ... Phil and I ran into that earlier this week ... 


Thanks!





--
Project lead AeroGear.org

_______________________________________________
feedhenry-dev mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/feedhenry-dev




--
David Martin
Red Hat Mobile
Twitter: @irldavem
IRC: @irldavem (feedhenry, mobile-internal)



--
Project lead AeroGear.org

_______________________________________________
feedhenry-dev mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/feedhenry-dev