keycloakinfinispan

Infinispan String Property Replacer Error In Keycloak 26.0.2


when starting a KC 26.0.2 instance, I keep getting these errors:

WARN  [org.infinispan.commons.util.StringPropertyReplacer] (Thread-6) ISPN000901: Property jgroups.s3.bucket_name could not be replaced as intended!
 ERROR [org.infinispan.CONFIG] (Thread-6) ISPN000660: DefaultCacheManager start failed, stopping any running components: org.infinispan.commons.CacheConfigurationException: ISPN000541: Error while trying to create a channel using the specified configuration '[TCP(bundler.max_size=64000, sock_conn_timeout=300, linger=-1, thread_pool.keep_alive_time=60000, diag.enabled=false, bind_port=7800, thread_naming_pattern=pl, non_blocking_sends=false, thread_pool.thread_dumps_threshold=10000, send_buf_size=640k, thread_pool.max_threads=200, use_virtual_threads=false, bundler_type=transfer-queue, bind_addr=SITE_LOCAL, thread_pool.min_threads=0), RED(), aws.S3_PING(num_discovery_runs=3), MERGE3(max_interval=30000, min_interval=10000), FD_SOCK2(offset=50000), FD_ALL3(), VERIFY_SUSPECT2(timeout=1000), pbcast.NAKACK2(xmit_table_num_rows=50, use_mcast_xmit=false, xmit_table_msgs_per_row=1024, xmit_table_max_compaction_time=30000, xmit_interval=200, resend_last_seqno=true), UNICAST3(conn_close_timeout=5000, xmit_interval=200, xmit_table_num_rows=50, xmit_table_msgs_per_row=1024, xmit_table_max_compaction_time=30000), pbcast.STABLE(desired_avg_gossip=5000, max_bytes=1M), pbcast.GMS(join_timeout=2000, print_local_addr=false), UFC(min_threshold=0.40, max_credits=4m), MFC(min_threshold=0.40, max_credits=4m), FRAG4(frag_size=60000)]'

I have tried these two keycloak.conf setups:


# Database configuration
db=postgres
db-url=jdbc:postgresql://boxview-test-keycloak.cluster-cx048rd0lgej.us-east-1.rds.amazonaws.com:5432/keycloak
db-username=postgres
db-password=blahblahblah

# Optional: Configure read replica (for read-only queries)
db-url-replica=jdbc:postgresql://boxview-test-keycloak.cluster-ro-cx048rd0lgej.us-east-1.rds.amazonaws.com:5432/keycloak

# Cache and clustering configuration
cache=ispn
cache-stack=ec2
cluster-stack=ec2

# JGroups config
JAVA_OPTS_APPEND=-Djgroups.s3.bucket_name=boxview-keycloak -Djgroups.s3.region_name=us-east-1 -Djgroups.s3.access_key=blahblahkey -Djgroups.s3.secret_access_key=blahblahsecret

# Observability

# If the server should expose healthcheck endpoints.
#health-enabled=true

# If the server should expose metrics endpoints.
#metrics-enabled=true

# HTTP

# The file path to a server certificate or certificate chain in PEM format.
https-certificate-file=${kc.home.dir}/keycloak.crt.pem

# The file path to a private key in PEM format.
https-certificate-key-file=${kc.home.dir}/keycloak.key.pem

# The proxy address forwarding mode if the server is behind a reverse proxy.
#proxy=reencrypt

# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
#spi-sticky-session-encoder-infinispan-should-attach-route=false

# Hostname for the Keycloak server.
hostname-strict=false

AND


# Database configuration
db=postgres
db-url=jdbc:postgresql://boxview-test-keycloak.cluster-cx048rd0lgej.us-east-1.rds.amazonaws.com:5432/postgres
db-username=postgres
db-password=blahblahblah

# Optional: Configure read replica (for read-only queries)
db-url-replica=jdbc:postgresql://boxview-test-keycloak.cluster-ro-cx048rd0lgej.us-east-1.rds.amazonaws.com:5432/postgres

# Cache and clustering configuration
cache=ispn
cache-stack=ec2
cluster-stack=ec2

# JGroups config
jgroups.s3.bucket_name=boxview-keycloak
jgroups.s3.region_name=us-east-1
jgroups.s3.access_key=blahblahkey
jgroups.s3.secret_access_key=blahblahsecret


# Observability

# If the server should expose healthcheck endpoints.
#health-enabled=true

# If the server should expose metrics endpoints.
#metrics-enabled=true

# HTTP

# The file path to a server certificate or certificate chain in PEM format.
https-certificate-file=${kc.home.dir}conf/keycloak.crt.pem

# The file path to a private key in PEM format.
https-certificate-key-file=${kc.home.dir}conf/keycloak.key.pem

# The proxy address forwarding mode if the server is behind a reverse proxy.
#proxy=reencrypt

# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
#spi-sticky-session-encoder-infinispan-should-attach-route=false

# Hostname for the Keycloak server.
hostname-strict=false

Can someone help me get this config file right so I can resolve these errors? Nothing I read online seems to get me past this. This happens both in dev and prod modes, and I can't move forward because without the replacements, a KC instance won't start. Any advice is appreciated.


Solution

  • keycloak.conf is for Keycloak CLI options and not system properties. Try adding them to the command line as follows:

    kc.sh start -Djgroups.s3.bucket_name=boxview-keycloak -Djgroups.s3.region_name=us-east-1 -Djgroups.s3.access_key=blahblahkey -Djgroups.s3.secret_access_key=blahblahsecret