I am trying to get up the keycloak instance via using keycloak, and the compose file I used is below which I get it from
https://github.com/keycloak/keycloak-containers/blob/main/docker-compose-examples/keycloak-postgres.yml
# keycloak dependencies
postgres-keycloak:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:legacy
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8082:8082
depends_on:
- postgres-keycloak
volumes:
postgres_data:
driver: local
When I run the file I am getting connection errors as below :
backend_services-keycloak-1 | Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection
backend_services-keycloak-1 | Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "keycloak"
backend_services-keycloak-1 | 08:53:53,533 FATAL [org.keycloak.services] (ServerService Thread Pool -- 68) Error during startup: java.lang.RuntimeException: Failed to connect to database
backend_services-keycloak-1 | Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
backend_services-keycloak-1 | 08:53:54,449 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "metrics")]): java.lang.NullPointerException
backend_services-keycloak-1 | 08:53:54,460 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0022: Deploy of deployment "keycloak-server.war" was rolled back with no failure message
You can try this if you want, Application named test,
Database login are, keycloak:password
keycloak admin login is : root:root
this will be accessible with a web browser at localhost:8080
version: "3.8"
name: test
services:
keycloak:
image: jboss/keycloak:15.0.2
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: root
KEYCLOAK_PASSWORD: root
KEYCLOAK_HOSTNAME: keycloak
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8080:8080
depends_on:
- postgres
networks:
- test
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
networks:
- test
volumes:
postgres_data:
driver: local
networks:
test:
driver: bridge
This docker-compose.yml will be works.
You did a wrong two places (DB_ADDR and port forwarding)
version: '3'
services:
postgres-keycloak:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:legacy
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres-keycloak
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8082:8080
depends_on:
- postgres-keycloak
volumes:
postgres_data:
driver: local
And open URL
http://localhost:8082/auth/
Click here then credential admin/admin (id / password)
Related
I'm using bitnami's Keycloak v.20.0.0 (Quarkus) image with docker-compose. Everything works fine and I have no problems with any configuration, however when I want to see the tables in the PostgreSQL database, I access without problems but I don't see anything! I don't see that any table or database exists.
I understand that I have to start Keycloak in dev mode which I configured but I still don't see anything.
What am I doing wrong?
this is my setup:
version: "3.7"
services:
keycloak:
image: bitnami/keycloak:20.0.1
container_name: keycloak_20
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
KEYCLOAK_ADMIN_USER: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KEYCLOAK_DATABASE_HOST: postgres
KEYCLOAK_DATABASE_PORT: 5432
KEYCLOAK_DATABASE_NAME: postgres
KEYCLOAK_DATABASE_USER: postgres
KEYCLOAK_DATABASE_PASSWORD: postgres
KEYCLOAK_DATABASE_SCHEMA: public
KEYCLOAK_EXTRA_ARGS: "-Dkeycloak.profile.feature.scripts=enabled"
KC_HOSTNAME: postgres
ENV KC_HOSTNAME_STRICT: false
ENV KC_HTTP_ENABLED: true
ports:
- 8080:8080
volumes:
- ./keycloak/export:/tmp/export
- ./rus-theme:/opt/bitnami/keycloak/themes/my-theme
- ./keycloak/configuration/standalone-ha.xml:/bitnami/keycloak/configuration/standalone-ha.xml:ro
command:
- /bin/bash
- -c
- |
/opt/bitnami/keycloak/bin/kc.sh start-dev
depends_on:
- postgres
postgres:
image: postgres:10
container_name: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
ports:
- "5432:5432"
mailhog:
# Conectarse al nombre del container para acceder
# Ejemplo: mailhog:1025
image: mailhog/mailhog
logging:
driver: 'none' # disable saving logs
container_name: mailhog
ports:
- 1025:1025 # smtp server
- 8025:8025 # web ui
volumes:
postgres_data:
driver: local
KEYCLOAK_DATABASE_* properties were used in the old versions of Keycloak (pre-Quarkus).
New properties are defined as KC_DB_* (see https://www.keycloak.org/server/all-config?q=db)
I need to setup the Keycloak docker server with the External postgres Database connection URL.
Here's my current yaml file content which is working with POstgres docker container image as mentioned
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres:11
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
ports:
- 5433:5432
keycloak:
image:jboss/keycloak:latest
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: password
KEYCLOAK_LOGLEVEL: DEBUG
ROOT_LOGLEVEL: DEBUG
ports:
- 8080:8080
- 8443:8443
depends_on:
- postgres
I checked the official documentation for passing external DB connection URL.
But exactly didn't get what changes will be needed in YAML file
ref: https://hub.docker.com/r/jboss/keycloak/
I tried removing the Postgres and depends_on section from services and passed the Database connection details in Kecyloak environment section in yaml but it did not worked for me
Can anyone suggest the correct YAML file changes to use PostgresDB connection URL
Thank You.
Docker containers can see each other by their service name, so here service name postgres is actually the connection url for keycloak container.
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres: # Service name
image: postgres:11
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
ports:
- 5433:5432
keycloak:
image: jboss/keycloak:latest
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres # <<< This is the address, change it to your external db ip/domain
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: password
KEYCLOAK_LOGLEVEL: DEBUG
ROOT_LOGLEVEL: DEBUG
ports:
- 8080:8080
- 8443:8443
depends_on:
- postgres
I am trying to create a persistent docker-compose deployment. Previously I have done so by simply mounting a local directory to a docker container. It worked fine. However, when I tried adding keycloak to the mix it generates errors.
Working compose file:
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
- ./init:/docker-entrypoint-initdb.d/
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
ports:
- 5432:5432
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
ports:
- 8080:8080
depends_on:
- postgres
Non-working compose file:
version: '3'
services:
postgres:
image: postgres
volumes:
- ./postgres_data:/var/lib/postgresql/data
- ./init:/docker-entrypoint-initdb.d/
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
ports:
- 5432:5432
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
ports:
- 8080:8080
depends_on:
- postgres
Example of error it generates:
keycloak_1 | 19:18:17,191 FATAL [org.keycloak.services] (ServerService Thread Pool -- 61) Error during startup: java.lang.RuntimeException: Failed to connect to database
keycloak_1 | 19:18:17,631 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException
keycloak_1 | 19:18:17,639 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0022: Deploy of deployment "keycloak-server.war" was rolled back with no failure message
From the error message, it seems like the database isn't generated 1st even though the keyword "depends" is used.
The question is how to fix it/work around it.
Since no one answered my question properly, here is the solution I found working using dependencies.
To the postgresql manifest following lines are added:
healthcheck:
test: ["CMD-SHELL", "pg_isready -U keycloak"]
interval: 10s
timeout: 5s
retries: 5
and to the keycloak:
depends_on:
postgres-database:
condition: service_healthy
I am working with docker-compose and I am trying to deploy it on a VPS Centos 8 but keycloak can't access to the postgres database.
However I can connect to the database with pgAdmin.
I have those following errors :
Caused by: java.net.NoRouteToHostException: No route to host (Host unreachable)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:609)
at org.postgresql.jdbc#42.2.5//org.postgresql.core.PGStream.<init>(PGStream.java:70)
at org.postgresql.jdbc#42.2.5//org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:91)
at org.postgresql.jdbc#42.2.5//org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
... 62 more
13:34:55,281 FATAL [org.keycloak.services] (ServerService Thread Pool -- 65) java.lang.RuntimeException: Failed to connect to database
and
13:34:56,307 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsyste m" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException
at org.wildfly.extension.microprofile.metrics-smallrye#19.1.0.Final//org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$ 2.execute(MicroProfileMetricsSubsystemAdd.java:86)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1413)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:527)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)
at org.jboss.as.server#11.1.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:448)
at org.jboss.as.server#11.1.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:401)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
at java.base/java.lang.Thread.run(Thread.java:834)
This is my docker-compose.yml :
version: "3.7"
services:
keycloak:
container_name: app-keycloak
depends_on:
- postgres
environment:
# Admin account
KEYCLOAK_USER: foo
KEYCLOAK_PASSWORD: foo
#KEYCLOAK_IMPORT: /tmp/realm-export.json
# PostgreSQL DB settings
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_PORT: 5432
DB_DATABASE: foo
DB_SCHEMA: public
DB_USER: foo
DB_PASSWORD: foo
image: "jboss/keycloak:10.0.2"
ports:
- "9999:8080"
restart: always
networks:
- auth-network
postgres:
container_name: app-postgres
environment:
POSTGRES_DB: foo
POSTGRES_PASSWORD: foo
POSTGRES_USER: foo
image: "postgres:13-alpine"
ports:
- "5432:5432"
restart: always
volumes:
- "./volumes/postgres-data:/var/lib/postgresql/data"
networks:
- auth-network
networks: auth-network:
driver: bridge
Do you have any ideas of how I can resolve this ?
With my my Windows 10 PC, that solution work but I still have thoses errors on my VPS
Centos 8. Do you have others ideas ?
firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client https ssh
ports: 8077/tcp 27017/tcp 8081/tcp 9999/tcp 5432/tcp 8443/tcp 8080/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Working example for me
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8080:8080
depends_on:
- postgres
I am trying to run keycloak in docker and to save its data in PostgreSQl.
But nothing is being saved.
this is the docker-compose.yml file:
version: '2'
services:
db:
build: "./Main Database Backup"
environment:
POSTGRES_DB: ${DB_POSTGRES_APP_DATABASE}
POSTGRES_USER: ${DB_POSTGRES_APP_USER}
POSTGRES_PASSWORD: ${DB_POSTGRES_APP_PASSW}
PGDATA: /var/lib/postgresql/data/pgdata
ports:
- "5432:5432"
restart: unless-stopped
keycloak-postgres:
image: postgres:10-alpine
environment:
POSTGRES_DB: ${KEYCLOAK_DATABASE}
POSTGRES_PASSWORD: ${KEYCLOAK_DATABASE_PASSW}
POSTGRES_USER: ${KEYCLOAK_DATABASE_USER}
PGDATA: /var/lib/postgresql/data/pgdata
restart: unless-stopped
keycloak:
build: "./Keycloak Realm Export"
depends_on:
- keycloak-postgres
environment:
KEYCLOAK_USER: ${KEYCLOAK_USER}
KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD}
POSTGRES_USER: ${KEYCLOAK_DATABASE_USER}
POSTGRES_PASSWORD: ${KEYCLOAK_DATABASE_PASSW}
POSTGRES_PORT_5432_TCP_ADDR: keycloak-postgres
ports:
- "8080:8080"
Dockerfile in for keycloak
FROM jboss/keycloak:3.4.3.Final
WORKDIR /opt/jboss/keycloak
COPY realm-export.json initial_data.json
# RUN ./bin/standalone.sh -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=initial_data.json -Dkeycloak.migration.strategy=OVERWRITE_EXISTING
RUN ./bin/add-user-keycloak.sh -r master -u admin -p password
ENTRYPOINT [ "/opt/jboss/docker-entrypoint.sh" ]
CMD ["-b", "0.0.0.0", "-Dkeycloak.import=/opt/jboss/keycloak/initial_data.json"]
That db is the main database which is for my API and its working correctly.
While the keycloak-postgres is the database for keycloak and its not saving any data.
Also I have created a database in that server with the same name as ${KEYCLOAK_DATABASE} and I have created a user and gave all privileges to that server, so it wont be a permission error.
And I have provided all the environment variables correctly.
Also regarding to commented code in keycloak Dockerfile, I'm trying to import a realm which is not working.
When I'm commenting that POSTGRES_PORT_5432_TCP_ADDR in docker-compose.yml its throwing this error:
2018-08-31T08:22:05.251344638Z 08:22:05,250 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
2018-08-31T08:22:05.251375320Z ("subsystem" => "datasources"),
2018-08-31T08:22:05.251383320Z ("data-source" => "KeycloakDS")
2018-08-31T08:22:05.251402169Z ]) - failure description: "WFLYCTL0211: Cannot resolve expression 'jdbc:postgresql://${env.POSTGRES_PORT_5432_TCP_ADDR}:${env.POSTGRES_PORT_5432_TCP_PORT:5432}/${env.POSTGRES_DATABASE:keycloak}'"
This isn't Keycloak related, it's more Docker container related (and postgres). Each time you stop a container you going to loose your data.
What you need to use is Volumes ... meaning. Map a driver on your PC to the docker container. Such that each time the container starts again it uses this drive therefore able to retain data. You need something along the lines of:
version: '2'
volumes:
postgres_data:
driver: local
services:
db:
build: "./Main Database Backup"
environment:
POSTGRES_DB: ${DB_POSTGRES_APP_DATABASE}
POSTGRES_USER: ${DB_POSTGRES_APP_USER}
POSTGRES_PASSWORD: ${DB_POSTGRES_APP_PASSW}
PGDATA: /var/lib/postgresql/data/pgdata
volumes:
- postgres_data:/var/lib/postgresql/data
- ./data:/docker-entrypoint-initdb.d
ports:
- "5432:5432"
restart: unless-stopped