[feedhenry-dev] keycloak-apb issue: create auth token
David Martin
davmarti at redhat.com
Fri Nov 24 09:30:43 UTC 2017
Hey Matthias,
I have seen this happen (on someone elses machine).
It turned out to be missing firewall rules as the pod couldn't reach the
keycloak pod/network
Might be worth checking your rules agains the docs
https://github.com/feedhenry/mcp-standalone/blob/master/
docs/walkthroughs/local-setup.adoc#firewall-requirements-required
On linux (Fedora 25), here's my rules
firewall-cmd --info-zone dockerc
dockerc (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 172.17.0.0/16
services:
ports: 443/tcp 53/udp 80/tcp 8443/tcp 8053/udp 5353/udp 8080/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
selinux may play a part either, so you could try disabling temporarily to
see if that works around the problem.
On 23 November 2017 at 20:49, Matthias Wessendorf <mwessend at redhat.com>
wrote:
> Hi,
>
> I need help with the keycloak-apb. I've changed it to consume 3.4.0:
>
> https://github.com/feedhenry/keycloak-apb/pull/29
>
> and when provisioning it brings up the image correctly, I keep getting
> errors with this task:
>
> "Generate keycloak auth token":
> https://github.com/matzew/keycloak-apb/blob/2d2cfec2c1c5e7452e7537a7509d91
> 642604e46a/roles/provision-keycloak-apb/tasks/main.yml#L61-L70
>
> See:
>
> ```
> FAILED - RETRYING: Generate keycloak auth token (344 retries left).
> FAILED - RETRYING: Generate keycloak auth token (343 retries left).
> FAILED - RETRYING: Generate keycloak auth token (342 retries left).
> FAILED - RETRYING: Generate keycloak auth token (341 retries left).
> FAILED - RETRYING: Generate keycloak auth token (340 retries left).
> FAILED - RETRYING: Generate keycloak auth token (339 retries left).
> FAILED - RETRYING: Generate keycloak auth token (338 retries left).
> FAILED - RETRYING: Generate keycloak auth token (337 retries left).
> FAILED - RETRYING: Generate keycloak auth token (336 retries left).
> FAILED - RETRYING: Generate keycloak auth token (335 retries left).
> FAILED - RETRYING: Generate keycloak auth token (334 retries left).
> FAILED - RETRYING: Generate keycloak auth token (333 retries left).
> FAILED - RETRYING: Generate keycloak auth token (332 retries left).
> FAILED - RETRYING: Generate keycloak auth token (331 retries left).
> FAILED - RETRYING: Generate keycloak auth token (330 retries left).
> FAILED - RETRYING: Generate keycloak auth token (329 retries left).
> FAILED - RETRYING: Generate keycloak auth token (328 retries left).
> FAILED - RETRYING: Generate keycloak auth token (327 retries left).
> FAILED - RETRYING: Generate keycloak auth token (326 retries left).
> FAILED - RETRYING: Generate keycloak auth token (325 retries left).
> FAILED - RETRYING: Generate keycloak auth token (324 retries left).
> ```
>
> The weird thing is... translating that translating this into a vanilla
> CURL... it all works:
>
> ```
> curl -v --data "grant_type=password&client_id=admin-cli&username=${USER}&password=${PASS}"
> http://keycloak-testapp.192.168.37.1.nip.io/auth/realms/
> master/protocol/openid-connect/token
> ```
>
> I get a JSON {access_token":".........
>
>
>
> Now,.... I've tried the same, with the old 2.5.4 image from Jimmi - and I
> get the same "FAILED - RETRYING: Generate keycloak auth token (338 retries
> left)" ... I've double checked, and ssh'ed into the pod, checking the
> contents of the actions - and yes, the pod now is 2.5.4 ... :-(
>
>
> So... perhaps... there is something wrong ?
>
> I use apb:latest (from upstream - not feedhenry) - and of course our MCP
> master (Origin v3.7.0-rc-0)
>
>
>
> Can one try the PR and see if that works for him ?
> (make apb_build && make apb_push)
>
> PS: you need to give the developer the 'cluster-admin' role, in order to
> push ... Phil and I ran into that earlier this week ...
>
>
> Thanks!
>
>
>
>
>
> --
> Project lead AeroGear.org
>
> _______________________________________________
> feedhenry-dev mailing list
> feedhenry-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/feedhenry-dev
>
>
--
David Martin
Red Hat Mobile
Twitter: @irldavem
IRC: @irldavem (feedhenry, mobile-internal)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/feedhenry-dev/attachments/20171124/948680ad/attachment.htm>
More information about the feedhenry-dev
mailing list