Feature/907 postgres flexible server #23

sambles · 2024-02-16T17:29:22Z

Needs PR OasisLMF/OasisPlatform#1040 to work

Tidy up and clean out comments
Update parameters.json with new options for flexi server
deploy.sh gets stuck on first try, works on 2nd run of ./deploy.sh base

Command ran in 1812.503 seconds (init: 0.089, invoke: 1812.414)
Generating user passwords...
Generating secret oasis-db-password...
Generating secret keycloak-db-password...
Generating secret celery-db-password...
ERROR: argument --value: expected one argument

Examples from AI knowledge base:
az keyvault secret set --name MySecret --value {value} --vault-name MyKeyVault
Create a secret (if one doesn't exist) or update a secret in a KeyVault. (autogenerated)

az keyvault secret set --description {description} --name MySecret --value {value} --vault-name MyKeyVault
Create a secret (if one doesn't exist) or update a secret in a KeyVault. (autogenerated)

https://docs.microsoft.com/en-US/cli/azure/keyvault/secret#az_keyvault_secret_set
Read more about the command in reference docs

sambles · 2024-02-19T11:41:33Z

https://stackoverflow.com/questions/75697268/keycloak-on-azure-to-postgresql-certificates-do-not-conform-to-algorithm-constr

It would seem that the Azure Database for Postgresql - Single Server, is using the SHA256 DigiCertGlobalRootG2, for anyone using Single Server would not have this problem.

But for Flexible server, is still using the old SHA1 Root Certificate, causing this error.

Container log:

2024-02-19 11:34:53,443 WARN  [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator] (JPA Startup Thread) HHH000342: Could not obtain connection to query metadata: java.lang.NullPointerException: Cannot invoke "org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(java.sql.SQLException, String)" because the return value of "org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.sqlExceptionHelper()" is null
	at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.doTheWork(JtaIsolationDelegate.java:186)
	at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.lambda$delegateWork$1(JtaIsolationDelegate.java:75)
	at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.doInSuspendedTransaction(JtaIsolationDelegate.java:107)
	at org.hibernate.resource.transaction.backend.jta.internal.JtaIsolationDelegate.delegateWork(JtaIsolationDelegate.java:72)
	at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.getJdbcEnvironmentUsingJdbcMetadata(JdbcEnvironmentInitiator.java:279)
	at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:193)
	at org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator.initiateService(JdbcEnvironmentInitiator.java:69)
	at org.hibernate.boot.registry.internal.StandardServiceRegistryImpl.initiateService(StandardServiceRegistryImpl.java:119)
	at org.hibernate.service.internal.AbstractServiceRegistryImpl.createService(AbstractServiceRegistryImpl.java:264)
	at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:239)
	at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:216)
	at org.hibernate.engine.jdbc.internal.JdbcServicesImpl.configure(JdbcServicesImpl.java:52)
	at org.hibernate.boot.registry.internal.StandardServiceRegistryImpl.configureService(StandardServiceRegistryImpl.java:125)
	at org.hibernate.service.internal.AbstractServiceRegistryImpl.initializeService(AbstractServiceRegistryImpl.java:248)
	at org.hibernate.service.internal.AbstractServiceRegistryImpl.getService(AbstractServiceRegistryImpl.java:216)
	at org.hibernate.boot.internal.SessionFactoryOptionsBuilder.<init>(SessionFactoryOptionsBuilder.java:273)
	at io.quarkus.hibernate.orm.runtime.recording.PrevalidatedQuarkusMetadata.buildSessionFactoryOptionsBuilder(PrevalidatedQuarkusMetadata.java:70)
	at io.quarkus.hibernate.orm.runtime.boot.FastBootEntityManagerFactoryBuilder.build(FastBootEntityManagerFactoryBuilder.java:81)
	at io.quarkus.hibernate.orm.runtime.FastBootHibernatePersistenceProvider.createEntityManagerFactory(FastBootHibernatePersistenceProvider.java:74)
	at jakarta.persistence.Persistence.createEntityManagerFactory(Persistence.java:80)
	at jakarta.persistence.Persistence.createEntityManagerFactory(Persistence.java:55)
	at io.quarkus.hibernate.orm.runtime.JPAConfig$LazyPersistenceUnit.get(JPAConfig.java:156)
	at io.quarkus.hibernate.orm.runtime.JPAConfig$1.run(JPAConfig.java:64)
	at java.base/java.lang.Thread.run(Thread.java:840)

2024-02-19 11:34:53,570 WARN  [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2024-02-19 11:34:53,797 INFO  [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2024-02-19 11:34:54,088 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2024-02-19 11:34:54,333 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
2024-02-19 11:34:54,344 INFO  [org.jgroups.JChannel] (keycloak-cache-init) local_addr: 2b0a28bf-95c0-4f43-a137-83fd2402431e, name: keycloak-7f748d5b84-p4v9v-45573
2024-02-19 11:34:54,358 WARN  [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2024-02-19 11:34:54,359 WARN  [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 20MB, but the OS only allocated 212.99KB
2024-02-19 11:34:54,359 WARN  [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1MB, but the OS only allocated 212.99KB
2024-02-19 11:34:54,359 WARN  [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 25MB, but the OS only allocated 212.99KB
2024-02-19 11:34:54,388 INFO  [org.jgroups.protocols.FD_SOCK2] (keycloak-cache-init) server listening on *.31468
2024-02-19 11:34:54,878 WARN  [io.quarkus.vertx.http.runtime.VertxHttpRecorder] (main) The X-Forwarded-* and Forwarded headers will be considered when determining the proxy address. This configuration can cause a security issue as clients can forge requests and send a forwarded header that is not overwritten by the proxy. Please consider use one of these headers just to forward the proxy address in requests.
2024-02-19 11:34:54,934 WARN  [io.agroal.pool] (agroal-11) Datasource '<default>': SSL error: Certificates do not conform to algorithm constraints
2024-02-19 11:34:56,455 INFO  [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) keycloak-7f748d5b84-p4v9v-45573: no members discovered after 2017 ms: creating cluster as coordinator
2024-02-19 11:34:56,465 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [keycloak-7f748d5b84-p4v9v-45573|0] (1) [keycloak-7f748d5b84-p4v9v-45573]
2024-02-19 11:34:56,485 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `keycloak-7f748d5b84-p4v9v-45573`, physical addresses are `[10.240.0.30:47004]`
2024-02-19 11:34:56,496 WARN  [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2024-02-19 11:34:57,395 INFO  [org.infinispan.CLUSTER] (main) ISPN000080: Disconnecting JGroups channel `ISPN`
2024-02-19 11:34:57,450 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
2024-02-19 11:34:57,451 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to obtain JDBC connection
2024-02-19 11:34:57,451 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: SSL error: Certificates do not conform to algorithm constraints
2024-02-19 11:34:57,452 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Certificates do not conform to algorithm constraints
2024-02-19 11:34:57,453 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Certificates do not conform to algorithm constraints
2024-02-19 11:34:57,455 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Algorithm constraints check failed on signature algorithm: SHA1withRSA
2024-02-19 11:34:57,456 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.

sambles · 2024-02-20T11:17:05Z

Working ~ but the cert used is causing problems with the ingress

Rodney Effah and others added 27 commits November 14, 2023 10:42

updated flexible server

c49472c

updated postresql file

a383b5a

updated postres file

d329f89

add example files from portal deploy

2abb619

working flex postgre server

d3b2c67

updated main.bicep with some known errors

0158ea0

test two vnets - deploycheck

0cd18c2

Fix params

ab628ee

Comment out admin set on postgres

8d1cfda

add missing DB's

94f2af1

wip

6e70178

Inject DB flexi into existing vnet

2ebe4ec

Add missing subnet delegation

0c7778a

delagate to another subnet range?

cba03f1

Fix subnet error

b8b99b0

Tidy up

9b0b3da

Wipe out portal example

a4cc348

reset settings

558916e

reset params

c70135b

Fix

61a4f3e

Testing - private-link preview

52f7cce

postgresDB - user auth - WIP

57200a6

fix

184faf3

updated version 1.27.7

fd35364

tidy params

dfb85f5

Fix DB-init

13a2d6c

Fix subnet redeploy error

a84c454

sambles changed the base branch from master to develop February 16, 2024 17:29

sambles mentioned this pull request Feb 16, 2024

Feature/907 postgres flexible server #18

Closed

5 tasks

fix usernames

08fde66

sambles linked an issue Feb 20, 2024 that may be closed by this pull request

Platform 2 - Azure PostgreSQL Flexible server #19

Closed

Base automatically changed from develop to master March 25, 2024 11:48

benhayes21 self-requested a review April 2, 2024 13:21

benhayes21 assigned slashme101 Apr 2, 2024

benhayes21 requested review from slashme101 and removed request for benhayes21 April 2, 2024 13:22

sambles force-pushed the feature/907-postgres-flexible-server__password-auth branch from 22edf41 to 08fde66 Compare April 16, 2024 13:16

sambles added 3 commits May 16, 2024 09:53

Download MS cert and push to valut

7c4e0a4

Increase AKS node limit

fff6a0a

Fix order of cert install

8cb5ab6

sambles assigned sambles and unassigned slashme101 May 16, 2024

sambles removed the request for review from slashme101 June 19, 2024 11:26

sambles added 3 commits June 19, 2024 12:44

clear out dead comments

34b51a3

Tidy up params for Postgres

8975880

Add new postgres params to main.bicep

a633e2c

sambles merged commit 00269bc into master Jun 20, 2024

sambles deleted the feature/907-postgres-flexible-server__password-auth branch June 20, 2024 10:22

sambles mentioned this pull request Jun 20, 2024

Fix keycloak when running with Postgres Flexible server OasisLMF/OasisPlatform#1066

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature/907 postgres flexible server #23

Feature/907 postgres flexible server #23

sambles commented Feb 16, 2024 •

edited

Loading

sambles commented Feb 19, 2024

sambles commented Feb 20, 2024

Feature/907 postgres flexible server #23

Feature/907 postgres flexible server #23

Conversation

sambles commented Feb 16, 2024 • edited Loading

sambles commented Feb 19, 2024

sambles commented Feb 20, 2024

sambles commented Feb 16, 2024 •

edited

Loading