[feedhenry-dev] keycloak-apb issue: create auth token

Matthias Wessendorf mwessend at redhat.com
Mon Nov 27 08:36:40 UTC 2017 

Hey Dave,

it used to work, but checking I see I had a few ports less than you:

ports: 8443/tcp 53/udp 8053/udp 443/tcp


updating now, and trying it all again


On Fri, Nov 24, 2017 at 10:30 AM, David Martin <davmarti at redhat.com> wrote:

> Hey Matthias,
>
>
> I have seen this happen (on someone elses machine).
> It turned out to be missing firewall rules as the pod couldn't reach the
> keycloak pod/network
>
> Might be worth checking your rules agains the docs
> https://github.com/feedhenry/mcp-standalone/blob/master/docs
> /walkthroughs/local-setup.adoc#firewall-requirements-required
>
> On linux (Fedora 25), here's my rules
>
> firewall-cmd  --info-zone dockerc
> dockerc (active)
>   target: default
>   icmp-block-inversion: no
>   interfaces:
>   sources: 172.17.0.0/16
>   services:
>   ports: 443/tcp 53/udp 80/tcp 8443/tcp 8053/udp 5353/udp 8080/tcp
>   protocols:
>   masquerade: no
>   forward-ports:
>   source-ports:
>   icmp-blocks:
>   rich rules:
>
> selinux may play a part either, so you could try disabling temporarily to
> see if that works around the problem.
>
>
> On 23 November 2017 at 20:49, Matthias Wessendorf <mwessend at redhat.com>
> wrote:
>
>> Hi,
>>
>> I need help with the keycloak-apb. I've changed it to consume 3.4.0:
>>
>> https://github.com/feedhenry/keycloak-apb/pull/29
>>
>> and when provisioning it brings up the image correctly, I keep getting
>> errors with this task:
>>
>> "Generate keycloak auth token":
>> https://github.com/matzew/keycloak-apb/blob/2d2cfec2c1c5e745
>> 2e7537a7509d91642604e46a/roles/provision-keycloak-apb/
>> tasks/main.yml#L61-L70
>>
>> See:
>>
>> ```
>> FAILED - RETRYING: Generate keycloak auth token (344 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (343 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (342 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (341 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (340 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (339 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (338 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (337 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (336 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (335 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (334 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (333 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (332 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (331 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (330 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (329 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (328 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (327 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (326 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (325 retries left).
>> FAILED - RETRYING: Generate keycloak auth token (324 retries left).
>> ```
>>
>> The weird thing is... translating that translating this into a vanilla
>> CURL... it all works:
>>
>> ```
>> curl -v --data "grant_type=password&client_id
>> =admin-cli&username=${USER}&password=${PASS}"
>> http://keycloak-testapp.192.168.37.1.nip.io/auth/realms/mast
>> er/protocol/openid-connect/token
>> ```
>>
>> I get a JSON {access_token":".........
>>
>>
>>
>> Now,.... I've tried the same, with the old 2.5.4 image from Jimmi - and I
>> get the same "FAILED - RETRYING: Generate keycloak auth token (338 retries
>> left)" ... I've double checked, and ssh'ed into the pod, checking the
>> contents of the actions - and yes, the pod now is 2.5.4 ... :-(
>>
>>
>> So... perhaps... there is something wrong ?
>>
>> I use apb:latest (from upstream - not feedhenry) - and of course our MCP
>> master (Origin v3.7.0-rc-0)
>>
>>
>>
>> Can one try the PR and see if that works for him ?
>> (make apb_build && make apb_push)
>>
>> PS: you need to give the developer the 'cluster-admin' role, in order to
>> push ... Phil and I ran into that earlier this week ...
>>
>>
>> Thanks!
>>
>>
>>
>>
>>
>> --
>> Project lead AeroGear.org
>>
>> _______________________________________________
>> feedhenry-dev mailing list
>> feedhenry-dev at redhat.com
>> https://www.redhat.com/mailman/listinfo/feedhenry-dev
>>
>>
>
>
> --
> David Martin
> Red Hat Mobile
> Twitter: @irldavem
> IRC: @irldavem (feedhenry, mobile-internal)
>



-- 
Project lead AeroGear.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/feedhenry-dev/attachments/20171127/57f78edd/attachment.htm>

More information about the feedhenry-dev mailing list