Am Samstag hab ich die letzten/aktuellsten Pakete via update Eingespielt.
Soweit so gut, aber grommunio-auth repektive Grommunio-keycloak mag nicht mehr, und User die über web sich einloggen wollen bekommen:
Error 502 - Bad Gateway

The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request.

/opt/grommunio-keycloak/bin # systemctl status grommunio-keycloak.service
× grommunio-keycloak.service - grommunio Keycloak
Loaded: loaded (/usr/lib/systemd/system/grommunio-keycloak.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Sun 2025-01-19 15:39:58 UTC; 1s ago
Duration: 1.097s
Docs: http://www.keycloak.org/documentation.html
Process: 11529 ExecStart=/opt/grommunio-keycloak/bin/kc.sh --config-file /etc/grommunio-keycloak/keycloak.conf start (code=exited, status=2)
Main PID: 11529 (code=exited, status=2)
CPU: 2.859s

Jan 19 15:39:57 mail systemd[1]: Started grommunio Keycloak.
Jan 19 15:39:58 mail kc.sh[11529]: Key material not provided to setup HTTPS. Please configure your keys/certificates, or if HTTPS access is not needed see the http-enabled option. If you meant to>
Jan 19 15:39:58 mail systemd[1]: grommunio-keycloak.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jan 19 15:39:58 mail systemd[1]: grommunio-keycloak.service: Failed with result 'exit-code'.
Jan 19 15:39:58 mail systemd[1]: grommunio-keycloak.service: Consumed 2.859s CPU time.

journalctl bringt hier auch keine neue erkenntnis:

Jan 19 15:39:58 mail kc.sh[11529]: Key material not provided to setup HTTPS. Please configure your keys/certificates, or if HTTPS access is not needed see the http-enabled option. If you meant to start the server in development mode, see the start-dev command.
Jan 19 15:39:58 mail systemd[1]: grommunio-keycloak.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jan 19 15:39:58 mail systemd[1]: grommunio-keycloak.service: Failed with result 'exit-code'.
Jan 19 15:39:58 mail systemd[1]: grommunio-keycloak.service: Consumed 2.859s CPU time.

ein start auf der connadlin brachte folgendes:

./kc.sh -cf /etc/grommunio-keycloak/keycloak.conf start
Changes detected in configuration. Updating the server image.
Updating the configuration and installing your custom providers, if any. Please wait.
2025-01-19 15:36:13,337 WARN [io.qua.config] (build-21) Unrecognized configuration key "quarkus.smallrye-health.extensions.enabled" was provided; it will be ignored; verify that the dependency extension for this configuration is set or that you did not make a typo
2025-01-19 15:36:13,973 INFO [io.qua.hib.orm.dep.HibernateOrmProcessor] (build-29) A legacy persistence.xml file is present in the classpath. This file will be used to configure JPA/Hibernate ORM persistence units, and any configuration of the Hibernate ORM extension will be ignored. To ignore persistence.xml files instead, set the configuration property 'quarkus.hibernate-orm.persistence-xml.ignore' to 'true'.
2025-01-19 15:36:15,533 INFO [io.qua.dep.QuarkusAugmentor] (main) Quarkus augmentation completed in 2839ms
Server configuration updated and persisted. Run the following command to review the configuration:

    kc.sh show-config

Next time you run the server, just run:

    kc.sh -cf=/etc/grommunio-keycloak/keycloak.conf start --optimized

Key material not provided to setup HTTPS. Please configure your keys/certificates, or if HTTPS access is not needed see the http-enabled option. If you meant to start the server in development mode, see the start-dev command.

irgendwie hänge ich hier gerade, vielleicht hat noch jemand eine Idee oder ist beim update was geschossen worden?

Gruss
Matthias

da keine Web Anmeldung geht für user geht auch der admin zugriff auf keycloak auch nicht!
hier noch die aktuelle Paketversion
rpm -q grommunio-keycloak --info
Name : grommunio-keycloak
Version : 26.1.0
Release : lp156.2.1
Architecture: noarch
Install Date: Sat Jan 18 13:08:17 2025
Group : Unspecified
Size : 156422506
License : Apache-2.0
Signature : RSA/SHA512, Sat Jan 18 07:36:41 2025, Key ID f448de9b1be231d9
Source RPM : grommunio-keycloak-26.1.0-lp156.2.1.src.rpm
Build Date : Fri Jan 17 08:39:30 2025
Build Host : srv-build-01
Relocations : (not relocatable)
Vendor : grommunio GmbH
URL : https://www.keycloak.org/
Summary : Keycloak is an open source identity and access management solution.
Description :
Keycloak is an open source Identity and Access Management solution aimed at
modern applications and services. It makes it easy to secure applications and
services with little to no code.
Distribution: grommunio:community / openSUSE_Leap_15.6

Nabend :-)

Nur das ist mir direkt ins Auge gesprungen:

Jan 19 15:39:58 mail kc.sh[11529]: Key material not provided to setup HTTPS. Please configure your keys/certificates, or if HTTPS access is not needed see the http-enabled option. If you meant to>

Der Fehler Key material not provided to setup HTTPS deutet darauf hin, dass der Keycloak-Server ohne gültige SSL-Zertifikate gestartet werden möchte, aber keine vorhanden sind.

Hast Du das mal geprüt?

Inhalt der Konfigurationsdatei (/etc/grommunio-keycloak/keycloak.conf) und stelle sicher, dass dort entweder die Pfade zu den SSL-Zertifikaten und privaten Schlüsseln korrekt angegeben sind.

Wäre das einizige was mir da so spontan in den Sinn kommt.

Gruß
Maridor

  • auh

    • Post #4
    • Edited

    Habe eben (20.01.2025 10:11) auch mal ein update gemacht, bekommen dann auch ein Error 502 - Bad Gateway.

    # journalctl -a -f -u grommunio-auth -u grommunio-keycloak
    Jan 20 10:09:36 mx kc.sh[28117]: 2025-01-20 10:09:34,936 WARN [io.qua.config] (build-31) Unrecognized configuration key "quarkus.smallrye-health.extensions.enabled" was provided; it will be ignored; verify that the dependency extension for this configuration is set or that you did not make a typo
    Jan 20 10:09:36 mx kc.sh[28117]: 2025-01-20 10:09:36,777 INFO [io.qua.hib.orm.dep.HibernateOrmProcessor] (build-41) A legacy persistence.xml file is present in the classpath. This file will be used to configure JPA/Hibernate ORM persistence units, and any configuration of the Hibernate ORM extension will be ignored. To ignore persistence.xml files instead, set the configuration property 'quarkus.hibernate-orm.persistence-xml.ignore' to 'true'.
    Jan 20 10:09:40 mx kc.sh[28117]: 2025-01-20 10:09:40,909 INFO [io.qua.dep.QuarkusAugmentor] (main) Quarkus augmentation completed in 8309ms
    Jan 20 10:09:40 mx kc.sh[28117]: Server configuration updated and persisted. Run the following command to review the configuration:
    Jan 20 10:09:40 mx kc.sh[28117]: kc.sh show-config
    Jan 20 10:09:40 mx kc.sh[28117]: Next time you run the server, just run:
    Jan 20 10:09:40 mx kc.sh[28117]: kc.sh --config-file /etc/grommunio-keycloak/keycloak.conf start --optimized
    Jan 20 10:09:41 mx kc.sh[28042]: Key material not provided to setup HTTPS. Please configure your keys/certificates, or if HTTPS access is not needed see the    http-enabledoption. If you meant to start the server in development mode, see thestart-devcommand.
    Jan 20 10:09:41 mx systemd[1]: grommunio-keycloak.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
    Jan 20 10:09:41 mx systemd[1]: grommunio-keycloak.service: Failed with result 'exit-code'.

    • auh replied to this.

      • auh

        • Post #5
        • Edited

        auh

        ich bin erstmal wieder auf das alte grommunio-keycloak gegangen !

        zypper install --oldpackage grommunio-keycloak-24.0.5-lp155.1.1

        damit geht dann der Login wieder ;-)

          @auh Danke für den Hinweis.

          @Maridor ich vermute das sich zwichen V24.0.5 und V26.1.0 von keycloak was "grundlegend" geändert hat.
          siehe:
          Jan 20 10:09:36 mx kc.sh[28117]: 2025-01-20 10:09:34,936 WARN [io.qua.config] (build-31) Unrecognized configuration key "quarkus.smallrye-health.extensions.enabled" was provided; it will be ignored; verify that the dependency extension for this configuration is set or that you did not make a typo
          Jan 20 10:09:36 mx kc.sh[28117]: 2025-01-20 10:09:36,777 INFO [io.qua.hib.orm.dep.HibernateOrmProcessor] (build-41) A legacy persistence.xml file is present in the classpath. This file will be used to configure JPA/Hibernate ORM persistence units, and any configuration of the Hibernate ORM extension will be ignored. To ignore persistence.xml files instead, set the configuration property 'quarkus.hibernate-orm.persistence-xml.ignore' to 'true'.

          und bei einer Verwaltung die Sicherheitsrelevant ist möchte ich ungern Produktiv nur mit http arbeiten

          mal schauen, vielleicht hab ich am Wochenende Zeit mir das mal genauer anzuschauen.

            WomIT_KHE

            grommunio-keycloak-26.1.0-lp15X.3
            grommunio-auth-0.2.20.003c4e7-lp15X.37

            http-enabled=true ist ein festes requirement in neueren versionen, allerdings nicht sicherheitstechnisch relevant, da ohnehin durch nginx TLS-terminiert.

              © 2020-2024 grommunio GmbH. All rights reserved. | https://grommunio.com | Data Protection | Legal notice