We Keep Coding

Keycloak Quarkus, I don't see the base or its tables

I'm using bitnami's Keycloak v.20.0.0 (Quarkus) image with docker-compose. Everything works fine and I have no problems with any configuration, however when I want to see the tables in the PostgreSQL database, I access without problems but I don't see anything! I don't see that any table or database exists.
I understand that I have to start Keycloak in dev mode which I configured but I still don't see anything.
What am I doing wrong?
this is my setup:
version: "3.7"
services:
keycloak:
image: bitnami/keycloak:20.0.1
container_name: keycloak_20
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
KEYCLOAK_ADMIN_USER: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KEYCLOAK_DATABASE_HOST: postgres
KEYCLOAK_DATABASE_PORT: 5432
KEYCLOAK_DATABASE_NAME: postgres
KEYCLOAK_DATABASE_USER: postgres
KEYCLOAK_DATABASE_PASSWORD: postgres
KEYCLOAK_DATABASE_SCHEMA: public
KEYCLOAK_EXTRA_ARGS: "-Dkeycloak.profile.feature.scripts=enabled"
KC_HOSTNAME: postgres
ENV KC_HOSTNAME_STRICT: false
ENV KC_HTTP_ENABLED: true
ports:
- 8080:8080
volumes:
- ./keycloak/export:/tmp/export
- ./rus-theme:/opt/bitnami/keycloak/themes/my-theme
- ./keycloak/configuration/standalone-ha.xml:/bitnami/keycloak/configuration/standalone-ha.xml:ro
command:
- /bin/bash
- -c
- |
/opt/bitnami/keycloak/bin/kc.sh start-dev
depends_on:
- postgres
postgres:
image: postgres:10
container_name: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
ports:
- "5432:5432"
mailhog:
# Conectarse al nombre del container para acceder
# Ejemplo: mailhog:1025
image: mailhog/mailhog
logging:
driver: 'none' # disable saving logs
container_name: mailhog
ports:
- 1025:1025 # smtp server
- 8025:8025 # web ui
volumes:
postgres_data:
driver: local

KEYCLOAK_DATABASE_* properties were used in the old versions of Keycloak (pre-Quarkus).
New properties are defined as KC_DB_* (see https://www.keycloak.org/server/all-config?q=db)

Keycloak Postgres docker connection failure

I am trying to get up the keycloak instance via using keycloak, and the compose file I used is below which I get it from
https://github.com/keycloak/keycloak-containers/blob/main/docker-compose-examples/keycloak-postgres.yml
# keycloak dependencies
postgres-keycloak:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:legacy
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8082:8082
depends_on:
- postgres-keycloak
volumes:
postgres_data:
driver: local
When I run the file I am getting connection errors as below :
backend_services-keycloak-1 | Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection
backend_services-keycloak-1 | Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "keycloak"
backend_services-keycloak-1 | 08:53:53,533 FATAL [org.keycloak.services] (ServerService Thread Pool -- 68) Error during startup: java.lang.RuntimeException: Failed to connect to database
backend_services-keycloak-1 | Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
backend_services-keycloak-1 | 08:53:54,449 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "metrics")]): java.lang.NullPointerException
backend_services-keycloak-1 | 08:53:54,460 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 45) WFLYSRV0022: Deploy of deployment "keycloak-server.war" was rolled back with no failure message

You can try this if you want, Application named test,
Database login are, keycloak:password
keycloak admin login is : root:root
this will be accessible with a web browser at localhost:8080
version: "3.8"
name: test
services:
keycloak:
image: jboss/keycloak:15.0.2
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: root
KEYCLOAK_PASSWORD: root
KEYCLOAK_HOSTNAME: keycloak
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8080:8080
depends_on:
- postgres
networks:
- test
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
networks:
- test
volumes:
postgres_data:
driver: local
networks:
test:
driver: bridge

This docker-compose.yml will be works.
You did a wrong two places (DB_ADDR and port forwarding)
version: '3'
services:
postgres-keycloak:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:legacy
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres-keycloak
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8082:8080
depends_on:
- postgres-keycloak
volumes:
postgres_data:
driver: local
And open URL
http://localhost:8082/auth/
Click here then credential admin/admin (id / password)

How does Postgresql inside Docker work? psql: FATAL: password authentication failed for user xy

I created my app with .yml
services:
db:
image: postgres:11-alpine
environment:
POSTGRES_DB: wiki
POSTGRES_PASSWORD: quantoxrocks
POSTGRES_USER: wikijs
logging:
driver: "none"
restart: unless-stopped
volumes:
- db-data:/var/lib/postgresql/data
wiki:
image: ghcr.io/requarks/wiki:2
depends_on:
- db
environment:
DB_TYPE: postgres
DB_HOST: db
DB_PORT: 5432
DB_USER: wikijs
DB_PASS: quantoxrocks
DB_NAME: wiki
restart: unless-stopped
ports:
- "3000:3000"
webserver:
image: nginx:alpine
restart: unless-stopped
tty: true
ports:
- "443:443"
- "80:80"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./ssl:/etc/nginx/ssl
volumes:
db-data:
I logged in my db container and want to create database. I have tried at least 10 times and I am sure that password is from the above docker-compose.yml file. It does not work.
docker exec -it wiki_db_1 sh
Next
psql -h wiki_db_1 -U wikijs
Password for user wikijs:
psql: FATAL: password authentication failed for user "wikijs"
Why? How can I check any further logs?

The environment variables for Postgres are only used if there is no database present already when the container starts.
You have a volume mapping of /var/lib/postgresql/data and it's likely that you already have a database there, which was created with different values from the environment variable values.
If you don't have any important data in the existing database, you can delete the volume and Postgres will create a new database with the correct username/password.

docker-compose with keycloak & postgres

I am working with docker-compose and I am trying to deploy it on a VPS Centos 8 but keycloak can't access to the postgres database.
However I can connect to the database with pgAdmin.
I have those following errors :
Caused by: java.net.NoRouteToHostException: No route to host (Host unreachable)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:609)
at org.postgresql.jdbc#42.2.5//org.postgresql.core.PGStream.<init>(PGStream.java:70)
at org.postgresql.jdbc#42.2.5//org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:91)
at org.postgresql.jdbc#42.2.5//org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
... 62 more
13:34:55,281 FATAL [org.keycloak.services] (ServerService Thread Pool -- 65) java.lang.RuntimeException: Failed to connect to database
and
13:34:56,307 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsyste m" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException
at org.wildfly.extension.microprofile.metrics-smallrye#19.1.0.Final//org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$ 2.execute(MicroProfileMetricsSubsystemAdd.java:86)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1413)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:527)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:515)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:477)
at org.jboss.as.server#11.1.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:448)
at org.jboss.as.server#11.1.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:401)
at org.jboss.as.controller#11.1.1.Final//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416)
at java.base/java.lang.Thread.run(Thread.java:834)
This is my docker-compose.yml :
version: "3.7"
services:
keycloak:
container_name: app-keycloak
depends_on:
- postgres
environment:
# Admin account
KEYCLOAK_USER: foo
KEYCLOAK_PASSWORD: foo
#KEYCLOAK_IMPORT: /tmp/realm-export.json
# PostgreSQL DB settings
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_PORT: 5432
DB_DATABASE: foo
DB_SCHEMA: public
DB_USER: foo
DB_PASSWORD: foo
image: "jboss/keycloak:10.0.2"
ports:
- "9999:8080"
restart: always
networks:
- auth-network
postgres:
container_name: app-postgres
environment:
POSTGRES_DB: foo
POSTGRES_PASSWORD: foo
POSTGRES_USER: foo
image: "postgres:13-alpine"
ports:
- "5432:5432"
restart: always
volumes:
- "./volumes/postgres-data:/var/lib/postgresql/data"
networks:
- auth-network
networks: auth-network:
driver: bridge
Do you have any ideas of how I can resolve this ?

With my my Windows 10 PC, that solution work but I still have thoses errors on my VPS
Centos 8. Do you have others ideas ?
firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client https ssh
ports: 8077/tcp 27017/tcp 8081/tcp 9999/tcp 5432/tcp 8443/tcp 8080/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Working example for me
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
ports:
- 8080:8080
depends_on:
- postgres

Keycloak in docker-compose network

I want to setup a Docker network that contains a keycloak, postgres, and webapp instances.
Is there a way to have network communications between containers but also understand oidc client redirects as well? I am having an issue where containers can talk to each other just fine if i setup OIDC with container names for the docker network, but then I run into issues with the client that cannot connect to the those same URLs outside of the docker network on the host machine.
Can anyone point me to the right docker documentation to look at for possible solutions with DNS or host to container communication?
---- EDIT ----
To clarify. The containers can talk to each other just fine under their container names, but the client (i.e., Chrome) has to use localhost to talk to everything. In my setup for my OIDC connection in the ui web application I have to use container names or localhost. How do I get my client to understand container names in order to make the right request?
version: '2'
services:
ui:
container_name: 'ui'
image: 'bdparrish/ui:0.1'
build:
context: .
dockerfile: ./ui/Dockerfile
ports:
- "8085:80"
depends_on:
- "postgres"
- "keycloak"
networks:
- auth-network
environment:
- ASPNETCORE_ENVIRONMENT=Docker
postgres:
container_name: postgres
image: 'postgres'
environment:
POSTGRES_PASSWORD: password
ports:
- "5432:5432"
networks:
- auth-network
keycloak:
container_name: keycloak
image: jboss/keycloak
ports:
- "8080:8080"
depends_on:
- postgres
environment:
DB_VENDOR: "POSTGRES"
DB_ADDR: postgres
DB_PORT: 5432
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: password
restart: always
networks:
- auth-network
networks:
auth-network:
driver: bridge

You don't have to modify the etc/hosts file.
There is an environment variable for keycloak named KEYCLOAK_FRONTEND_URL especial for this purpose.
Edit your docker compose file to look like this:
version: '2'
services:
ui:
container_name: 'ui'
image: 'bdparrish/ui:0.1'
build:
context: .
dockerfile: ./ui/Dockerfile
ports:
- "8085:80"
depends_on:
- "postgres"
- "keycloak"
networks:
- auth-network
environment:
- ASPNETCORE_ENVIRONMENT=Docker
postgres:
container_name: postgres
image: 'postgres'
environment:
POSTGRES_PASSWORD: password
ports:
- "5432:5432"
networks:
- auth-network
keycloak:
container_name: keycloak
image: jboss/keycloak
ports:
- "8080:8080"
depends_on:
- postgres
environment:
DB_VENDOR: "POSTGRES"
DB_ADDR: postgres
DB_PORT: 5432
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: password
KEYCLOAK_FRONTEND_URL: http://localhost:8080/auth
restart: always
networks:
- auth-network
networks:
auth-network:
driver: bridge
Then the login should be redirected to that url.

All you need to do is add an entry to your hosts file:
Windows: C:\Windows\System32\drivers\etc\hosts
Linux: /etc/hosts
Append this to the end of the file:
127.0.0.1 keycloak
Then use keycloak:8080 from your UI to talk to your keycloak server instead of localhost:8080. You can still use localhost:8580 to visit the UI in the browser.