Not able to export via bin/kc.sh #28384
Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
dist/quarkus
Describe the bug
Replica of this issue - I'm not able to export realms via kc.sh, on Keycloak 23.0.7 - error reports an inability to bind to a port (full Stack Trace in "Actual Behaviour").
Version
23.0.7
Regression
- The issue is a regression
Expected behavior
Realm information exported to output file
Actual behavior
Logs and stack trace as below:
Appending additional Java properties to JAVA_OPTS: -Djgroups.dns.query=keycloak-headless.keycloak.svc.cluster.local
2024-04-03 01:17:33,579 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: true
2024-04-03 01:17:35,397 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2024-04-03 01:17:36,268 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2024-04-03 01:17:36,408 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2024-04-03 01:17:36,733 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN` with stack `kubernetes`
2024-04-03 01:17:36,737 INFO [org.jgroups.JChannel] (keycloak-cache-init) local_addr: ae35db28-7f7a-424d-956d-84384f44bd85, name: keycloak-0-49417
2024-04-03 01:17:36,743 ERROR [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000660: DefaultCacheManager start failed, stopping any running components: org.infinispan.commons.CacheException: Unable to start JGroups Channel
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.startJGroupsChannelIfNeeded(JGroupsTransport.java:610)
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.start(JGroupsTransport.java:481)
at org.infinispan.remoting.transport.jgroups.CorePackageImpl$2.start(CorePackageImpl.java:63)
at org.infinispan.remoting.transport.jgroups.CorePackageImpl$2.start(CorePackageImpl.java:49)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.invokeStart(BasicComponentRegistryImpl.java:616)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:607)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:576)
at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:807)
at org.infinispan.metrics.impl.MetricsCollector.start(MetricsCollector.java:43)
at org.infinispan.metrics.impl.CorePackageImpl$3.start(CorePackageImpl.java:78)
at org.infinispan.metrics.impl.CorePackageImpl$3.start(CorePackageImpl.java:70)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.invokeStart(BasicComponentRegistryImpl.java:616)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:607)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:576)
at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:807)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:634)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:598)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:576)
at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:807)
at org.infinispan.factories.AbstractComponentRegistry.internalStart(AbstractComponentRegistry.java:379)
at org.infinispan.factories.AbstractComponentRegistry.start(AbstractComponentRegistry.java:252)
at org.infinispan.manager.DefaultCacheManager.internalStart(DefaultCacheManager.java:779)
at org.infinispan.manager.DefaultCacheManager.start(DefaultCacheManager.java:747)
at org.infinispan.manager.DefaultCacheManager.<init>(DefaultCacheManager.java:411)
at org.keycloak.quarkus.runtime.storage.legacy.infinispan.CacheManagerFactory.startCacheManager(CacheManagerFactory.java:96)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.net.BindException: No available port to bind to in range [7800 .. 7800]
at org.jgroups.util.Util.bind(Util.java:4095)
at org.jgroups.util.Util.createServerSocket(Util.java:4071)
at org.jgroups.blocks.cs.TcpServer.<init>(TcpServer.java:68)
at org.jgroups.blocks.cs.TcpServer.<init>(TcpServer.java:43)
at org.jgroups.protocols.TCP.start(TCP.java:111)
at org.jgroups.stack.ProtocolStack.startStack(ProtocolStack.java:905)
at org.jgroups.JChannel.startStack(JChannel.java:921)
at org.jgroups.JChannel._preConnect(JChannel.java:799)
at org.jgroups.JChannel.connect(JChannel.java:322)
at org.jgroups.JChannel.connect(JChannel.java:316)
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.startJGroupsChannelIfNeeded(JGroupsTransport.java:608)
... 28 more
2024-04-03 01:17:37,312 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2024-04-03 01:17:37,355 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (import_export) mode
2024-04-03 01:17:37,356 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start caches
2024-04-03 01:17:37,356 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: org.infinispan.manager.EmbeddedCacheManagerStartupException: Unable to start JGroups Channel
2024-04-03 01:17:37,356 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start JGroups Channel
2024-04-03 01:17:37,356 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start JGroups Channel
2024-04-03 01:17:37,356 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: No available port to bind to in range [7800 .. 7800]
2024-04-03 01:17:37,356 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
How to Reproduce?
Install Keycloak as an ArgoCD Application via a Helm chart:
project: default
source:
repoURL: 'https://charts.bitnami.com/bitnami'
targetRevision: 19.3.4
helm:
valuesObject:
ingress:
enabled: true
hostname: <myhostname>
chart: keycloak
destination:
server: 'https://kubernetes.default.svc'
namespace: keycloak
syncPolicy:
automated:
prune: true
syncOptions:
- CreateNamespace=true
Create a realm via the UI.
Open a shell on the container, and attempt to export:
$ kubectl -n keycloak exec -it statefulset.apps/keycloak bash
Defaulted container "keycloak" out of: keycloak, init-quarkus-directory (init)
keycloak@keycloak-0:/$ /opt/bitnami/keycloak/bin/kc.sh export --file /tmp/realm-export.json --realm <your-realm>
Anything else?
I note from here that "as part of [import/export, Keycloak] spins up the http server, so when that port is blocked (e.g. keycloak runs or another app has a binding) this could cause the error you are observing" - that is, that you can't export from a pod with a running server. That's unexpected! (though, in fairness, documented here)
The workaround mentioned in that discussion (QUARKUS_HTTP_HOST_ENABLED=false ./bin/kc.sh ...) also failed with a similar-looking stack trace:
Appending additional Java properties to JAVA_OPTS: -Djgroups.dns.query=keycloak-headless.keycloak.svc.cluster.local
2024-04-03 01:02:20,935 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: true
2024-04-03 01:02:22,812 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2024-04-03 01:02:23,731 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2024-04-03 01:02:23,891 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2024-04-03 01:02:24,249 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN` with stack `kubernetes`
2024-04-03 01:02:24,251 INFO [org.jgroups.JChannel] (keycloak-cache-init) local_addr: 4b93e0e4-8192-48e3-9884-6c9c4627d29d, name: keycloak-0-39771
2024-04-03 01:02:24,256 ERROR [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000660: DefaultCacheManager start failed, stopping any running components: org.infinispan.commons.CacheException: Unable to start JGroups Channel
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.startJGroupsChannelIfNeeded(JGroupsTransport.java:610)
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.start(JGroupsTransport.java:481)
at org.infinispan.remoting.transport.jgroups.CorePackageImpl$2.start(CorePackageImpl.java:63)
at org.infinispan.remoting.transport.jgroups.CorePackageImpl$2.start(CorePackageImpl.java:49)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.invokeStart(BasicComponentRegistryImpl.java:616)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:607)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:576)
at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:807)
at org.infinispan.metrics.impl.MetricsCollector.start(MetricsCollector.java:43)
at org.infinispan.metrics.impl.CorePackageImpl$3.start(CorePackageImpl.java:78)
at org.infinispan.metrics.impl.CorePackageImpl$3.start(CorePackageImpl.java:70)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.invokeStart(BasicComponentRegistryImpl.java:616)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:607)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:576)
at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:807)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:634)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.doStartWrapper(BasicComponentRegistryImpl.java:598)
at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:576)
at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:807)
at org.infinispan.factories.AbstractComponentRegistry.internalStart(AbstractComponentRegistry.java:379)
at org.infinispan.factories.AbstractComponentRegistry.start(AbstractComponentRegistry.java:252)
at org.infinispan.manager.DefaultCacheManager.internalStart(DefaultCacheManager.java:779)
at org.infinispan.manager.DefaultCacheManager.start(DefaultCacheManager.java:747)
at org.infinispan.manager.DefaultCacheManager.<init>(DefaultCacheManager.java:411)
at org.keycloak.quarkus.runtime.storage.legacy.infinispan.CacheManagerFactory.startCacheManager(CacheManagerFactory.java:96)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.net.BindException: No available port to bind to in range [7800 .. 7800]
at org.jgroups.util.Util.bind(Util.java:4095)
at org.jgroups.util.Util.createServerSocket(Util.java:4071)
at org.jgroups.blocks.cs.TcpServer.<init>(TcpServer.java:68)
at org.jgroups.blocks.cs.TcpServer.<init>(TcpServer.java:43)
at org.jgroups.protocols.TCP.start(TCP.java:111)
at org.jgroups.stack.ProtocolStack.startStack(ProtocolStack.java:905)
at org.jgroups.JChannel.startStack(JChannel.java:921)
at org.jgroups.JChannel._preConnect(JChannel.java:799)
at org.jgroups.JChannel.connect(JChannel.java:322)
at org.jgroups.JChannel.connect(JChannel.java:316)
at org.infinispan.remoting.transport.jgroups.JGroupsTransport.startJGroupsChannelIfNeeded(JGroupsTransport.java:608)
... 28 more
2024-04-03 01:02:24,859 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2024-04-03 01:02:24,899 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (import_export) mode
2024-04-03 01:02:24,900 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start caches
2024-04-03 01:02:24,900 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: org.infinispan.manager.EmbeddedCacheManagerStartupException: Unable to start JGroups Channel
2024-04-03 01:02:24,900 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start JGroups Channel
2024-04-03 01:02:24,900 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start JGroups Channel
2024-04-03 01:02:24,900 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: No available port to bind to in range [7800 .. 7800]
2024-04-03 01:02:24,900 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
I also can't see any way of temporarily stopping the server - kill -9 <pid> does not seem to do anything, and ./kc.sh --help does not list a stop command.
It looks like the option introduced here is not in my version of kc.sh - I don't see such an option from ./kc.sh export --help. In case I was misunderstanding that file, I also tried prepending QUARKUS_HTTP_SERVER_ENABLED=false or HTTP_SERVER_ENABLED=false to the kc.sh command (i.e. QUARKUS_HTTP_SERVER_ENABLED=false /opt/bitnami/keycloak/bin/kc.sh ...), to no avail.
./kc.sh --version gives:
Appending additional Java properties to JAVA_OPTS: -Djgroups.dns.query=keycloak-headless.keycloak.svc.cluster.local
Keycloak 23.0.7
JVM: 17.0.10 (BellSoft OpenJDK 64-Bit Server VM 17.0.10+13-LTS)
OS: Linux 6.1.0-10-amd64 amd64