Info: Loading facts
Info: Caching catalog for 9fb17b6df4b3.test
Info: Applying configuration version '1585756962'
Notice: /Stage[main]/Apt/File[preferences]/ensure: created
Info: /Stage[main]/Apt/File[preferences]: Scheduling refresh of Class[Apt::Update]
Notice: /Stage[main]/Postgresql::Server::Install/Package[postgresql-server]/ensure: created
Notice: /Stage[main]/Java/Package[java-common]/ensure: created
Notice: /Stage[main]/Java/Package[java]/ensure: created
Notice: /Stage[main]/Java::Config/File_line[java-home-environment]/ensure: created
Notice: /Stage[main]/Keycloak::Install/Group[keycloak]/ensure: created
Notice: /Stage[main]/Keycloak::Install/User[keycloak]/ensure: created
Notice: /Stage[main]/Keycloak::Install/File[/opt/keycloak-8.0.1]/ensure: created
Notice: /Stage[main]/Keycloak::Install/Archive[keycloak-8.0.1.tar.gz]/ensure: download archive from https://downloads.jboss.org/keycloak/8.0.1/keycloak-8.0.1.tar.gz to /tmp/keycloak-8.0.1.tar.gz and extracted in /opt/keycloak-8.0.1 with cleanup
Notice: /Stage[main]/Postgresql::Lib::Java/Package[postgresql-jdbc]/ensure: created
Notice: /Stage[main]/Keycloak::Datasource::Postgresql/Exec[mkdir -p /opt/keycloak-8.0.1/modules/system/layers/keycloak/org/postgresql/main]/returns: executed successfully
Notice: /Stage[main]/Keycloak::Datasource::Postgresql/File[/opt/keycloak-8.0.1/modules/system/layers/keycloak/org/postgresql/main/postgresql-jdbc.jar]/ensure: defined content as '{md5}d3d4788154c67e62a2ea2db30ba57d87'
Notice: /Stage[main]/Keycloak::Datasource::Postgresql/File[/opt/keycloak-8.0.1/modules/system/layers/keycloak/org/postgresql/main/module.xml]/ensure: defined content as '{md5}f966e161532e879180c7d52b8061b75a'
Notice: /Stage[main]/Apt/Apt::Setting[conf-update-stamp]/File[/etc/apt/apt.conf.d/15update-stamp]/ensure: defined content as '{md5}0962d70c4ec78bbfa6f3544ae0c41974'
Info: /Stage[main]/Apt/Apt::Setting[conf-update-stamp]/File[/etc/apt/apt.conf.d/15update-stamp]: Scheduling refresh of Class[Apt::Update]
Notice: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/10/main/pg_hba.conf]/File[/etc/postgresql/10/main/pg_hba.conf]/content: 
--- /etc/postgresql/10/main/pg_hba.conf 2020-04-01 16:03:11.782776857 +0000
+++ /tmp/puppet-file20200401-35-10v8za2 2020-04-01 16:06:02.622632466 +0000
@@ -1,99 +1,31 @@
-# PostgreSQL Client Authentication Configuration File
-# ===================================================
-#
-# Refer to the "Client Authentication" section in the PostgreSQL
-# documentation for a complete description of this file.  A short
-# synopsis follows.
-#
-# This file controls: which hosts are allowed to connect, how clients
-# are authenticated, which PostgreSQL user names they can use, which
-# databases they can access.  Records take one of these forms:
-#
-# local      DATABASE  USER  METHOD  [OPTIONS]
-# host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
-# hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
-# hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
-#
-# (The uppercase items must be replaced by actual values.)
-#
-# The first field is the connection type: "local" is a Unix-domain
-# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
-# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
-# plain TCP/IP socket.
-#
-# DATABASE can be "all", "sameuser", "samerole", "replication", a
-# database name, or a comma-separated list thereof. The "all"
-# keyword does not match "replication". Access to replication
-# must be enabled in a separate record (see example below).
-#
-# USER can be "all", a user name, a group name prefixed with "+", or a
-# comma-separated list thereof.  In both the DATABASE and USER fields
-# you can also write a file name prefixed with "@" to include names
-# from a separate file.
-#
-# ADDRESS specifies the set of hosts the record matches.  It can be a
-# host name, or it is made up of an IP address and a CIDR mask that is
-# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
-# specifies the number of significant bits in the mask.  A host name
-# that starts with a dot (.) matches a suffix of the actual host name.
-# Alternatively, you can write an IP address and netmask in separate
-# columns to specify the set of hosts.  Instead of a CIDR-address, you
-# can write "samehost" to match any of the server's own IP addresses,
-# or "samenet" to match any address in any subnet that the server is
-# directly connected to.
-#
-# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
-# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
-# Note that "password" sends passwords in clear text; "md5" or
-# "scram-sha-256" are preferred since they send encrypted passwords.
-#
-# OPTIONS are a set of options for the authentication in the format
-# NAME=VALUE.  The available options depend on the different
-# authentication methods -- refer to the "Client Authentication"
-# section in the documentation for a list of which options are
-# available for which authentication methods.
-#
-# Database and user names containing spaces, commas, quotes and other
-# special characters must be quoted.  Quoting one of the keywords
-# "all", "sameuser", "samerole" or "replication" makes the name lose
-# its special character, and just match a database or username with
-# that name.
-#
-# This file is read on server startup and when the server receives a
-# SIGHUP signal.  If you edit the file on a running system, you have to
-# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
-# or execute "SELECT pg_reload_conf()".
-#
-# Put your actual configuration here
-# ----------------------------------
-#
-# If you want to allow non-local connections, you need to add more
-# "host" records.  In that case you will also need to make PostgreSQL
-# listen on a non-local interface via the listen_addresses
-# configuration parameter, or via the -i or -h command line switches.
-
-
-
-
-# DO NOT DISABLE!
-# If you change this first entry you will need to make sure that the
-# database superuser can access the database using some other method.
-# Noninteractive access to all databases is required during automatic
-# maintenance (custom daily cronjobs, replication, and similar tasks).
-#
-# Database administrative login by Unix domain socket
-local   all             postgres                                peer
-
-# TYPE  DATABASE        USER            ADDRESS                 METHOD
-
-# "local" is for Unix domain socket connections only
-local   all             all                                     peer
-# IPv4 local connections:
-host    all             all             127.0.0.1/32            md5
-# IPv6 local connections:
-host    all             all             ::1/128                 md5
-# Allow replication connections from localhost, by a user with the
-# replication privilege.
-local   replication     all                                     peer
-host    replication     all             127.0.0.1/32            md5
-host    replication     all             ::1/128                 md5
+# This file is managed by Puppet. DO NOT EDIT.
+
+# Rule Name: local access as postgres user
+# Description: none
+# Order: 1
+local  all     postgres                ident
+
+# Rule Name: local access to database with same name
+# Description: none
+# Order: 2
+local  all     all             ident
+
+# Rule Name: allow localhost TCP access to postgresql user
+# Description: none
+# Order: 3
+host   all     postgres        127.0.0.1/32    md5
+
+# Rule Name: deny access to postgresql user
+# Description: none
+# Order: 4
+host   all     postgres        0.0.0.0/0       reject
+
+# Rule Name: allow access to all users
+# Description: none
+# Order: 100
+host   all     all     127.0.0.1/32    md5
+
+# Rule Name: allow access to ipv6 localhost
+# Description: none
+# Order: 101
+host   all     all     ::1/128 md5

Info: Computing checksum on file /etc/postgresql/10/main/pg_hba.conf
Info: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/10/main/pg_hba.conf]/File[/etc/postgresql/10/main/pg_hba.conf]: Filebucketed /etc/postgresql/10/main/pg_hba.conf to puppet with sum 81569154287d27391779c82d1fb32b89
Notice: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/10/main/pg_hba.conf]/File[/etc/postgresql/10/main/pg_hba.conf]/content: content changed '{md5}81569154287d27391779c82d1fb32b89' to '{md5}85cf7197535eff9999ba5de8665bb53e'
Info: Concat[/etc/postgresql/10/main/pg_hba.conf]: Scheduling refresh of Class[Postgresql::Server::Reload]
Notice: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/10/main/pg_ident.conf]/File[/etc/postgresql/10/main/pg_ident.conf]/content: 
--- /etc/postgresql/10/main/pg_ident.conf       2020-04-01 16:03:11.774776863 +0000
+++ /tmp/puppet-file20200401-35-13ejj70 2020-04-01 16:06:02.786632327 +0000
@@ -1,42 +1 @@
-# PostgreSQL User Name Maps
-# =========================
-#
-# Refer to the PostgreSQL documentation, chapter "Client
-# Authentication" for a complete description.  A short synopsis
-# follows.
-#
-# This file controls PostgreSQL user name mapping.  It maps external
-# user names to their corresponding PostgreSQL user names.  Records
-# are of the form:
-#
-# MAPNAME  SYSTEM-USERNAME  PG-USERNAME
-#
-# (The uppercase quantities must be replaced by actual values.)
-#
-# MAPNAME is the (otherwise freely chosen) map name that was used in
-# pg_hba.conf.  SYSTEM-USERNAME is the detected user name of the
-# client.  PG-USERNAME is the requested PostgreSQL user name.  The
-# existence of a record specifies that SYSTEM-USERNAME may connect as
-# PG-USERNAME.
-#
-# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
-# regular expression.  Optionally this can contain a capture (a
-# parenthesized subexpression).  The substring matching the capture
-# will be substituted for \1 (backslash-one) if present in
-# PG-USERNAME.
-#
-# Multiple maps may be specified in this file and used by pg_hba.conf.
-#
-# No map names are defined in the default configuration.  If all
-# system user names and PostgreSQL user names are the same, you don't
-# need anything in this file.
-#
-# This file is read on server startup and when the postmaster receives
-# a SIGHUP signal.  If you edit the file on a running system, you have
-# to SIGHUP the postmaster for the changes to take effect.  You can
-# use "pg_ctl reload" to do that.
-
-# Put your actual configuration here
-# ----------------------------------
-
-# MAPNAME       SYSTEM-USERNAME         PG-USERNAME
+# This file is managed by Puppet. DO NOT EDIT.

Info: Computing checksum on file /etc/postgresql/10/main/pg_ident.conf
Info: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/10/main/pg_ident.conf]/File[/etc/postgresql/10/main/pg_ident.conf]: Filebucketed /etc/postgresql/10/main/pg_ident.conf to puppet with sum f11c8332d3f444148c0b8ee83ec5fc6d
Notice: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/10/main/pg_ident.conf]/File[/etc/postgresql/10/main/pg_ident.conf]/content: content changed '{md5}f11c8332d3f444148c0b8ee83ec5fc6d' to '{md5}9300ac105fe777787ac9e793b8df8d25'
Info: Concat[/etc/postgresql/10/main/pg_ident.conf]: Scheduling refresh of Class[Postgresql::Server::Reload]
Info: Class[Postgresql::Server::Reload]: Scheduling refresh of Exec[postgresql_reload]
Notice: /Stage[main]/Main/Node[default]/Apt::Source[pgdg]/Apt::Key[Add key: B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8 from Apt::Source pgdg]/Apt_key[Add key: B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8 from Apt::Source pgdg]/ensure: created
Notice: /Stage[main]/Main/Node[default]/Apt::Source[pgdg]/Apt::Setting[list-pgdg]/File[/etc/apt/sources.list.d/pgdg.list]/ensure: defined content as '{md5}4f0bd3fa31c3241c5a6a9eda61caf6ce'
Info: /Stage[main]/Main/Node[default]/Apt::Source[pgdg]/Apt::Setting[list-pgdg]/File[/etc/apt/sources.list.d/pgdg.list]: Scheduling refresh of Class[Apt::Update]
Info: Class[Apt::Update]: Scheduling refresh of Exec[apt_update]
Notice: /Stage[main]/Apt::Update/Exec[apt_update]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Postgresql::Server::Service/Service[postgresqld]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Postgresql::Server::Service/Service[postgresqld]: Unscheduling refresh on Service[postgresqld]
Notice: /Stage[main]/Postgresql::Server::Reload/Exec[postgresql_reload]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Keycloak::Datasource::Postgresql/Postgresql::Server::Db[keycloak]/Postgresql::Server::Role[keycloak]/Postgresql_psql[CREATE ROLE keycloak ENCRYPTED PASSWORD ****]/command: command changed 'notrun' to 'CREATE ROLE "keycloak" ENCRYPTED PASSWORD \'$NEWPGPASSWD\' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER  CONNECTION LIMIT -1'
Notice: /Stage[main]/Keycloak::Datasource::Postgresql/Postgresql::Server::Db[keycloak]/Postgresql::Server::Database[keycloak]/Postgresql_psql[CREATE DATABASE "keycloak"]/command: command changed 'notrun' to 'CREATE DATABASE "keycloak" WITH TEMPLATE = "template0"   '
Info: /Stage[main]/Keycloak::Datasource::Postgresql/Postgresql::Server::Db[keycloak]/Postgresql::Server::Database[keycloak]/Postgresql_psql[CREATE DATABASE "keycloak"]: Scheduling refresh of Postgresql_psql[REVOKE CONNECT ON DATABASE "keycloak" FROM public]
Notice: /Stage[main]/Keycloak::Datasource::Postgresql/Postgresql::Server::Db[keycloak]/Postgresql::Server::Database[keycloak]/Postgresql_psql[REVOKE CONNECT ON DATABASE "keycloak" FROM public]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Keycloak::Datasource::Postgresql/Postgresql::Server::Db[keycloak]/Postgresql::Server::Database_grant[GRANT keycloak - ALL - keycloak]/Postgresql::Server::Grant[database:GRANT keycloak - ALL - keycloak]/Postgresql_psql[grant:database:GRANT keycloak - ALL - keycloak]/command: command changed 'notrun' to 'GRANT ALL ON DATABASE "keycloak" TO "keycloak"'
Info: Class[Keycloak::Datasource::Postgresql]: Scheduling refresh of Class[Keycloak::Service]
Notice: /Stage[main]/Keycloak::Config/File[/opt/keycloak]/ensure: created
Notice: /Stage[main]/Keycloak::Config/File[kcadm-wrapper.sh]/ensure: defined content as '{md5}c1251d017287467d83313034140b51b2'
Notice: /Stage[main]/Keycloak::Config/Exec[create-keycloak-admin]/returns: executed successfully
Info: /Stage[main]/Keycloak::Config/Exec[create-keycloak-admin]: Scheduling refresh of Class[Keycloak::Service]
Notice: /Stage[main]/Keycloak::Config/File[/opt/keycloak-8.0.1/tmp]/ensure: created
Notice: /Stage[main]/Keycloak::Config/File[/opt/keycloak-8.0.1/standalone/configuration]/mode: mode changed '0755' to '0750'
Notice: /Stage[main]/Keycloak::Config/File[/opt/keycloak-8.0.1/standalone/configuration/profile.properties]/ensure: defined content as '{md5}38bb14d86cafa01b0a6ccc0d97e1899a'
Info: /Stage[main]/Keycloak::Config/File[/opt/keycloak-8.0.1/standalone/configuration/profile.properties]: Scheduling refresh of Class[Keycloak::Service]
Notice: /Stage[main]/Keycloak::Config/File[/opt/keycloak-8.0.1/config.cli]/ensure: defined content as '{md5}c1618a8b32d4b1a3707994b28e5bd345'
Info: /Stage[main]/Keycloak::Config/File[/opt/keycloak-8.0.1/config.cli]: Scheduling refresh of Exec[jboss-cli.sh --file=config.cli]
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]/returns: {"outcome" => "success"}
Notice: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]: Triggered 'refresh' from 1 event
Info: /Stage[main]/Keycloak::Config/Exec[jboss-cli.sh --file=config.cli]: Scheduling refresh of Class[Keycloak::Service]
Info: Class[Keycloak::Service]: Scheduling refresh of Systemd::Unit_file[keycloak.service]
Info: Class[Keycloak::Service]: Scheduling refresh of Service[keycloak]
Notice: /Stage[main]/Keycloak::Service/Systemd::Unit_file[keycloak.service]/File[/etc/systemd/system/keycloak.service]/ensure: defined content as '{md5}37f42232f1114c978599218b21ae2a34'
Info: /Stage[main]/Keycloak::Service/Systemd::Unit_file[keycloak.service]/File[/etc/systemd/system/keycloak.service]: Scheduling refresh of Class[Systemd::Systemctl::Daemon_reload]
Info: Systemd::Unit_file[keycloak.service]: Scheduling refresh of Service[keycloak]
Info: Class[Systemd::Systemctl::Daemon_reload]: Scheduling refresh of Exec[systemctl-daemon-reload]
Notice: /Stage[main]/Systemd::Systemctl::Daemon_reload/Exec[systemctl-daemon-reload]: Triggered 'refresh' from 1 event
Notice: /Stage[main]/Keycloak::Service/Service[keycloak]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Keycloak::Service/Service[keycloak]: Unscheduling refresh on Service[keycloak]
Notice: Unable to connect to keycloak server (http://localhost:8080): Failed to open TCP connection to localhost:8080 (Cannot assign requested address - connect(2) for "localhost" port 8080)
Notice: Failed to connect to keycloak; sleeping 2 seconds before retry
Notice: Unable to connect to keycloak server (http://localhost:8080): Failed to open TCP connection to localhost:8080 (Cannot assign requested address - connect(2) for "localhost" port 8080)
Notice: Failed to connect to keycloak; sleeping 2 seconds before retry
Notice: Unable to connect to keycloak server (http://localhost:8080): Failed to open TCP connection to localhost:8080 (Cannot assign requested address - connect(2) for "localhost" port 8080)
Notice: Failed to connect to keycloak; sleeping 2 seconds before retry
Notice: /Stage[main]/Profile::Keycloak::Resources/Keycloak_realm[SoftwareHeritage]/ensure: created
Notice: /Stage[main]/Profile::Keycloak::Resources/Keycloak_client[swh-web on SoftwareHeritage]/ensure: created
Notice: /Stage[main]/Profile::Keycloak::Resources/Keycloak_client_protocol_mapper[audience for 2ae76714-3f08-5a70-af28-472ddd0ad36b on SoftwareHeritage]/ensure: created
Notice: /Stage[main]/Profile::Keycloak::Resources/Keycloak_client_protocol_mapper[user groups for 2ae76714-3f08-5a70-af28-472ddd0ad36b on SoftwareHeritage]/ensure: created
Notice: /Stage[main]/Profile::Keycloak::Resources/Keycloak_realm[SoftwareHeritageStaging]/ensure: created
Notice: /Stage[main]/Profile::Keycloak::Resources/Keycloak_client[swh-web on SoftwareHeritageStaging]/ensure: created
Notice: /Stage[main]/Profile::Keycloak::Resources/Keycloak_client_protocol_mapper[audience for c0d0fca0-7d28-5d3f-9d71-3f998de90ca2 on SoftwareHeritageStaging]/ensure: created
Notice: /Stage[main]/Profile::Keycloak::Resources/Keycloak_client_protocol_mapper[user groups for c0d0fca0-7d28-5d3f-9d71-3f998de90ca2 on SoftwareHeritageStaging]/ensure: created
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 276.71 seconds