Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix idp #7575

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix idp #7575

wants to merge 2 commits into from

Conversation

amore17
Copy link
Contributor

@amore17 amore17 commented Oct 23, 2024

No description provided.

@amore17
temp_commit
017ee68 
Signed-off-by: Anuja More <[email protected]>
@amore17 amore17 added the WIP Work in progress - not ready yet for review label Oct 23, 2024
@amore17 amore17 force-pushed the fix_idp branch 2 times, most recently from aaf9e41 to 4276606 Compare October 23, 2024 09:08
@amore17
ipatests: bump test_idp keycloak version to 23.0.6
d15ea15 
The test is using keycloak 17 which is an old version and it is
not supported anymore.

Fixes: https://pagure.io/freeipa/issue/9528

Signed-off-by: Anuja More <[email protected]>
@rcritten
Copy link
Contributor

The commit message mentions bumping the Keycloak version 23.0.6 but it is actually bumping it to 25.0.4.

@rcritten
Copy link
Contributor

The root of the failures looks like it is due to kcadm.sh failing. This causes all the other tests to fail.

/opt/keycloak/bin/kcadm.sh config credentials --server https://replica0.ipa.test:8443/auth/ --realm master --user admin --password
Logging into https://replica0.ipa.test:8443/auth/ as user admin of realm master
Failed to send request - Connect to replica0.ipa.test:8443 [replica0.ipa.test/192.168.121.122] failed: Connection refused

@amore17 amore17 added the re-run Trigger a new run of PR-CI label Oct 24, 2024
@freeipa-pr-ci freeipa-pr-ci removed the re-run Trigger a new run of PR-CI label Oct 24, 2024
@flo-renaud
Copy link
Contributor

The test fails when it tries to authenticate to keycloak:

2024-10-24 06:06:36,971    DEBUG  [ipatests.pytest_ipa.integration.host.Host.replica0.IPAOpenSSHTransport] RUN ['/opt/keycloak/bin/kcadm.sh', 'config', 'credentials', '--server', 'https://replica0.ipa.test:8443/auth/', '--realm', 'master', '--user', 'admin', '--password', 'Secret.123']
2024-10-24 06:06:36,974    DEBUG  [ipatests.pytest_ipa.integration.host.Host.replica0.cmd90] RUN ['/opt/keycloak/bin/kcadm.sh', 'config', 'credentials', '--server', 'https://replica0.ipa.test:8443/auth/', '--realm', 'master', '--user', 'admin', '--password', 'Secret.123']
2024-10-24 06:06:40,042    DEBUG  [ipatests.pytest_ipa.integration.host.Host.replica0.cmd90] Logging into https://replica0.ipa.test:8443/auth/ as user admin of realm master
2024-10-24 06:06:40,747    DEBUG  [ipatests.pytest_ipa.integration.host.Host.replica0.cmd90] Failed to send request - Connect to replica0.ipa.test:8443 [replica0.ipa.test/192.168.121.103] failed: Connection refused
2024-10-24 06:06:40,767    DEBUG  [ipatests.pytest_ipa.integration.host.Host.replica0.cmd90] Exit code: 1

The journal on the replica shows that keycloak server is not running at that time:

Oct 24 06:06:38 replica0.ipa.test kc.sh[8579]: ERROR: Unexpected error when starting the server in (production) mode
Oct 24 06:06:38 replica0.ipa.test kc.sh[8579]: ERROR: Failed to start quarkus
Oct 24 06:06:38 replica0.ipa.test kc.sh[8579]: ERROR: Provided hostname is neither a plain hostname or a valid URL
Oct 24 06:06:38 replica0.ipa.test kc.sh[8579]: For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.

The output of kc.sh show-config is the following:

Current Mode: production
Current Configuration:
	kc.config.built =  true (SysPropConfigSource)
	kc.db =  dev-file (Persisted)
	kc.hostname =  replica0.ipa.test:8443 (ENV)
	kc.http-relative-path =  /auth (ENV)
	kc.http.relative.path =  /auth (ENV)
	kc.https-certificate-file =  /etc/pki/tls/certs/keycloak.crt (ENV)
	kc.https-certificate-key-file =  /etc/pki/tls/private/keycloak.key (ENV)
	kc.https-trust-store-file =  /etc/pki/tls/private/keycloak.store (ENV)
	kc.https-trust-store-password =  ******* (ENV)
	kc.https.certificate.file =  /etc/pki/tls/certs/keycloak.crt (ENV)
	kc.https.certificate.key.file =  /etc/pki/tls/private/keycloak.key (ENV)
	kc.https.trust.store.file =  /etc/pki/tls/private/keycloak.store (ENV)
	kc.https.trust.store.password =  Secret.123 (ENV)
	kc.log-console-output =  default (classpath keycloak.conf)
	kc.optimized =  true (Persisted)
	kc.spi-hostname-v2-hostname =  replica0.ipa.test:8443 (ENV)
	kc.version =  25.0.4 (SysPropConfigSource)

kc.hostname contains host:8443, maybe that's the issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
WIP Work in progress - not ready yet for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@amore17 @rcritten @flo-renaud @freeipa-pr-ci