Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-2533

OCP/RH-SSO operator is not able to connect to the PostGreSQL database if only IPv6 interface is configured on Openshift.

    XMLWordPrintable

Details

    • False
    • None
    • False

    Description

      1 - Infra

      • Openshift 4.x deployed on bare metal.
      • RH-SSO operator 7.61
      • External PostgreSQL database
      • Dual stack IPv4/IPv6 configured OR IPV6 only, without IPv4 (This is only supported on bare metal).

      Note:

      Having IPv6 support only is a specificity of Openshift, when installed on bare metal.

      See doc
      https://docs.openshift.com/container-platform/4.13/installing/installing_with_agent_based_installer/installing-with-agent-based-installer.html#installing-ocp-agent-boot_installing-with-agent-based-installer

      2. Issue description

      2.1) OCP/RH-SSO operator 7.6.1 is working with FINE dual stack IPv4/IPv6 configured, when connecting to an external PostgreSQL database.

      2.2) When IPV4 is removed, and there is only IPv6 interface, keycloak-0 pod is not coming up and healthcheck probes (Liveness / Readiness) are failing.

      ~~~
      ~~~
      oc get po
      NAME READY STATUS RESTARTS AGE

      keycloak-0 0/1 Running 1 (5m38s ago) 11m
      ~~~

      and event messages

      ~~~
      12m Normal Pulling pod/keycloak-0 Pulling image "registry.redhat.io/rh-sso-7/sso7-rhel8-init-container@sha256:89dd17de222ac44106e7a881cac48f7715721dd1eb9aeb6d1d74ff15a8d41ef5"
      12m Normal Pulled pod/keycloak-0 Successfully pulled image "registry.redhat.io/rh-sso-7/sso7-rhel8-init-container@sha256:89dd17de222ac44106e7a881cac48f7715721dd1eb9aeb6d1d74ff15a8d41ef5" in 10.114006897s (10.114014439s including waiting)
      12m Normal Pulling pod/keycloak-0 Pulling image "registry.redhat.io/rh-sso-7/sso76-openshift-rhel8@sha256:5841ed3857211f5b84b207ea01177fac1d2b68fdbac6178598ecd48936c1b3ab"
      12m Normal Started pod/keycloak-0 Started container extensions-init
      12m Normal Created pod/keycloak-0 Created container extensions-init
      12m Normal Pulled pod/keycloak-0 Successfully pulled image "registry.redhat.io/rh-sso-7/sso76-openshift-rhel8@sha256:5841ed3857211f5b84b207ea01177fac1d2b68fdbac6178598ecd48936c1b3ab" in 105.598703ms (105.604615ms including waiting)
      12m Normal Created pod/keycloak-0 Created container keycloak
      12m Normal Started pod/keycloak-0 Started container keycloak
      119s Warning Unhealthy pod/keycloak-0 Liveness probe failed:
      7m2s Warning Unhealthy pod/keycloak-0 Readiness probe failed: {...
      ~~~

      2.3) When the IPv4 is enabled back again, keycloak-0 pod is able to come up successfully.

      3) Synthesis

      This shows that OCP/RH-SSO is not able to connect to the PostgreSQL database if only IPv6 interface (and IPv4 disabled) is configured on Openshift (installed on bare metal).

      As soon as IPV4 is reenabled to have dual stack support (IPv4, IPv6), Keycloak-0 pod is able to come up successfully.

      It means that there is an underlying network communication issue when IPv4 is disabled, as RH-SSO is not able to communicate with the PostgreSQL database.

      Attachments

        Activity

          People

            rhn-jlieskov Ján Lieskovský
            rhn-support-orivat Olivier Rivat
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: