Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-2346

[RH-SSO 7.6.X container images] RH-SSO 7.6.X container image fails to start in dual-stack enabled OpenShift cluster in the default setup

XMLWordPrintable

    • False
    • None
    • False
    • Compatibility/Configuration, User Experience
    • Workaround Exists
    • Hide

      Set JAVA_OPTS_APPEND environment vaiabler to the -Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true value:

      [iankko@localhost ~]$ oc set env dc/sso -e JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true"
deploymentconfig.apps.openshift.io/sso updated
      Show
      Set JAVA_OPTS_APPEND environment vaiabler to the -Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true value: [iankko@localhost ~]$ oc set env dc/sso -e JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true" deploymentconfig.apps.openshift.io/sso updated
    • Hide

      How Reproducible:
      Always

      Steps To Reproduce:

      • Provision a IPv4 / IPv6 dual-stack enabled OCP v4.10 cluster (OCP v_4.10.47_ cluster was used for testing, since OCP v4.10 was mentioned in the original / referenced SSOSUP-420 ticket). To make the common OCP v4.10 cluster IPv {4,6}

        dual-stack capable, perform the following:

      1. Take any common OCP v4.10 cluster with OVN-Kubernetes cluster network provided (a single node cluster variant was used in the test), where network interfaces on the single cluster node have also IPv6 counterparts of network addresses assigned,
      2. Following the official OCP v4.10 documentation edit the _network_configuration to add IPv6 CIDR, host prefix, and service network configurations: 
        [iankko@localhost ~]$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.10.47   True        False         25h     Cluster version is 4.10.47

      [iankko@localhost ~]$ oc get network -o jsonpath='{.items[*].spec}' | jq '.'
{
  "clusterNetwork": [
    {
      "cidr": "10.128.0.0/14",
      "hostPrefix": 23
    },
    {
      "cidr": "fd01::/48",
      "hostPrefix": 64
    }
  ],
  "externalIP": {
    "policy": {}
  },
  "networkType": "OVNKubernetes",
  "serviceNetwork": [
    "172.30.0.0/16",
    "fd02::/112"
  ]
}

      3. Import the sso76-openshift-rhel8 image stream (if not imported yet):

      [iankko@localhost ~]$ oc import-image -n openshift sso76-openshift-rhel8:7.6 --from=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8:7.6 --insecure=true --confirm

      4. Deploy the RH-SSO 7.6.X pod from the template:

      [iankko@localhost ~]$ oc new-app --template=sso76-ocp4-x509-https

      Current Result:
      The aforementioned error message is shown in the RH-SSO pod log upon start, and the pod fails to start.

      Expected Result:
      RH-SSO 7.6.X pod starts successfully.

      Show
      How Reproducible: Always Steps To Reproduce: Provision a IPv4 / IPv6 dual-stack enabled OCP v4.10 cluster (OCP v_4.10.47_ cluster was used for testing, since OCP v4.10 was mentioned in the original / referenced SSOSUP-420 ticket). To make the common OCP v4.10 cluster IPv {4,6} dual-stack capable, perform the following: Take any common OCP v4.10 cluster with OVN-Kubernetes cluster network provided (a single node cluster variant was used in the test), where network interfaces on the single cluster node have also IPv6 counterparts of network addresses assigned, Following the official OCP v4.10 documentation edit the _network_configuration to add IPv6 CIDR, host prefix, and service network configurations: [iankko@localhost ~]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.47 True False 25h Cluster version is 4.10.47 [iankko@localhost ~]$ oc get network -o jsonpath='{.items[*].spec}' | jq '.' { "clusterNetwork": [ { "cidr": "10.128.0.0/14", "hostPrefix": 23 }, { "cidr": "fd01::/48", "hostPrefix": 64 } ], "externalIP": { "policy": {} }, "networkType": "OVNKubernetes", "serviceNetwork": [ "172.30.0.0/16", "fd02::/112" ] } 3. Import the sso76-openshift-rhel8 image stream (if not imported yet): [iankko@localhost ~]$ oc import-image -n openshift sso76-openshift-rhel8:7.6 --from=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8:7.6 --insecure=true --confirm 4. Deploy the RH-SSO 7.6.X pod from the template: [iankko@localhost ~]$ oc new-app --template=sso76-ocp4-x509-https Current Result: The aforementioned error message is shown in the RH-SSO pod log upon start, and the pod fails to start. Expected Result: RH-SSO 7.6.X pod starts successfully.
    • CIAM Sprint 29, CIAM Sprint 32

      Originally based on SSOSUP-420 report, images from RH-SSO 7.6.X stream of container images for OpenShift (tested the ATM latest sso76-openshift-rhel8:7.6-17 one) fails to start in / on a dual-stack enabled OpenShift cluster (tested the OCP 4.10.47 version), with an error message like the following one (the RH-SSO pod log output below was shortened for brevity to list only relevant log messages):

      [iankko@localhost ~]$ oc logs -f sso-1-ll9v5
WARN Ping protocol openshift.DNS_PING is deprecated, replacing with dns.DNS_PING instead.
INFO Configuring JGroups discovery protocol to dns.DNS_PING
INFO Creating JGroups keystore via OpenShift's service serving x509 certificate secrets..
INFO JGroups keystore successfully created at: /opt/eap/keystores/jgroups-keystore.jks
INFO Creating HTTPS keystore via OpenShift's service serving x509 certificate secrets..
INFO HTTPS keystore successfully created at: /opt/eap/keystores/https-keystore.jks
INFO Creating RH-SSO truststore..
INFO RH-SSO truststore successfully created at: /opt/eap/keystores/truststore.jks
Warning: use -cacerts option to access cacerts keystore
INFO Importing certificates from system's Java CA certificate bundle into RH-SSO truststore..
INFO Successfully imported certificates from system's Java CA certificate bundle into RH-SSO truststore at: /opt/eap/keystores/truststore.jks
INFO Using PicketBox SSL configuration.
INFO Configuring JGroups cluster traffic encryption protocol to SYM_ENCRYPT.
WARN Detected missing JGroups encryption configuration, the communication within the cluster WILL NOT be encrypted.
Added 'W3gpBoaI' to '/opt/eap/standalone/configuration/keycloak-add-user.json', restart server to load user
INFO Access log is disabled, ignoring configuration.
INFO Running rh-sso-7/sso76-openshift-rhel8 image, version 7.6
...
15:40:23,710 INFO  [org.xnio] (MSC service thread 1-7) XNIO version 3.8.7.SP1-redhat-00001
15:40:23,718 INFO  [org.xnio.nio] (MSC service thread 1-7) XNIO NIO Implementation Version 3.8.7.SP1-redhat-00001
15:40:23,723 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service org.wildfly.network.interface.public: org.jboss.msc.service.StartException in service org.wildfly.network.interface.public: WFLYSRV0082: failed to resolve interface public
	at org.jboss.as.server@15.0.15.Final-redhat-00001//org.jboss.as.server.services.net.NetworkInterfaceService.start(NetworkInterfaceService.java:98)
	at org.jboss.msc@1.4.12.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
	at org.jboss.msc@1.4.12.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
	at org.jboss.msc@1.4.12.Final-redhat-00001//org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at org.jboss.threads@2.4.0.Final-redhat-00001//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.base/java.lang.Thread.run(Thread.java:829)

15:40:23,745 INFO  [org.jboss.remoting] (MSC service thread 1-6) JBoss Remoting version 5.0.25.SP1-redhat-00001
...
15:40:24,463 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("core-service" => "management"),
    ("management-interface" => "http-interface")
]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["jboss.http-upgrade-registry.http-management"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.remoting-http-upgrade-service.http-management is missing [jboss.http-upgrade-registry.http-management]"]
}
15:40:24,464 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("interface" => "public")]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.network.interface.public" => "WFLYSRV0082: failed to resolve interface public"}}
15:40:24,507 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "remoting"),
    ("http-connector" => "http-remoting-connector")
]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["jboss.http-upgrade-registry.default"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.remoting-http-upgrade-service.http-remoting-connector is missing [jboss.http-upgrade-registry.default]"]
}
15:40:24,507 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "jca")]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.transactions.global-default-local-provider"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.jca.transaction-integration is missing [org.wildfly.transactions.global-default-local-provider]"]
}
15:40:24,508 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "keycloak-server.war")]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.transactions.global-default-local-provider"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.deployment.unit.\"keycloak-server.war\".REGISTER is missing [org.wildfly.transactions.global-default-local-provider]"]
}
15:40:24,511 ERROR [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0459: Triggering roll back due to missing management services.
15:40:24,511 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("core-service" => "management"),
    ("management-interface" => "http-interface")
]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["jboss.http-upgrade-registry.http-management"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.remoting-http-upgrade-service.http-management is missing [jboss.http-upgrade-registry.http-management]"]
}
No property "keyOverrides" type could be determined for formatter "OPENSHIFT"15:40:24,522 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-3) WFLYSRV0028: Stopped deployment keycloak-server.war (runtime-name: keycloak-server.war) in 6ms
15:40:24,595 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0019: Host default-host stopping
15:40:24,597 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-8) WFLYMAIL0002: Unbound mail session [java:jboss/mail/Default]
15:40:24,597 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-3) WFLYJCA0019: Stopped Driver service with driver-name = postgresql
15:40:24,598 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-3) WFLYJCA0019: Stopped Driver service with driver-name = h2
15:40:24,600 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 73) WFLYSRV0021: Deploy of deployment "keycloak-server.war" was rolled back with the following failure message: 
{
    "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.transactions.global-default-local-provider"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.deployment.unit.\"keycloak-server.war\".REGISTER is missing [org.wildfly.transactions.global-default-local-provider]"]
}
15:40:24,609 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0004: Undertow 2.2.18.SP2-redhat-00001 stopping
15:40:24,678 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
15:40:24,689 INFO  [org.jboss.as] (MSC service thread 1-4) WFLYSRV0050: WildFly Core 15.0.15.Final-redhat-00001 stopped in 7ms

              rhn-jlieskov Ján Lieskovský (Inactive)
              rhn-jlieskov Ján Lieskovský (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: