Public | Automated Build

Last pushed: 12 days ago
Short Description
Short description is empty for this repo.
Full Description

Keycloak MySQL

Extends the Keycloak docker image to use MySQL

Usage

Start a MySQL instance

First start a MySQL instance using the MySQL docker image:

docker run --name mysql -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=password -e MYSQL_ROOT_PASSWORD=root_password -d mysql

Start a Keycloak instance

Start a Keycloak instance and connect to the MySQL instance:

docker run --name keycloak --link mysql:mysql jboss/keycloak-mysql

Environment variables

When starting the Keycloak instance you can pass a number of environment variables to configure how it connects to MySQL. For example:

docker run --name keycloak --link mysql:mysql -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak -e MYSQL_PASSWORD=password jboss/keycloak-mysql

MYSQL_DATABASE

Specify name of MySQL database (optional, default is keycloak).

MYSQL_USER

Specify user for MySQL database (optional, default is keycloak).

MYSQL_PASSWORD

Specify password for MySQL database (optional, default is password).

Docker Pull Command
Owner
jboss
Source Repository

Comments (9)
sachinkgaikwad
a month ago

Why Mysql HA is not supported by Keycloak official ?

azaars
2 months ago

I use the same standalone-ha.xml running 2 replicas of version 3.1 and then I upgrade to 3.2. In 3.1 it started without any flaws. But in version 3.2 it started with error:

10:06:42,057 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "keycloak-server.war")]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.deployment.unit.\"keycloak-server.war\".ejb3.client-context.registration-service is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.naming.context.java.module.auth.auth.InstanceName is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.deployment.unit.\"keycloak-server.war\".INSTALL is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.naming.context.java.module.auth.auth.Validator is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.naming.context.java.app.auth.AppName is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.naming.context.java.app.auth is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.naming.context.java.module.auth.auth.InAppClientContainer is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.naming.context.java.module.auth.auth.ValidatorFactory is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.concurrent.ee.context.config.auth.auth is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.naming.context.java.module.auth.auth.ModuleName is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.deployment.unit.\"keycloak-server.war\".jca.cachedConnectionManagerSetupProcessor is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]",
"jboss.naming.context.java.module.auth.auth is missing [jboss.infinispan.keycloak.actionTokens, jboss.infinispan.keycloak.authenticationSessions]"
]}

marcincyniu
3 months ago

Please you please suggest me why i gett 404 from url http://172.18.0.60:8080/auth/ after run container. I can see tables in my mysql database.

Docker run command:

docker run --name keycloak \
--net dev-net \
--ip 172.18.0.60 \
--publish 8080:80 \
--link mysql-database \
--env MYSQL_DATABASE=keycloak \
--env MYSQL_USERNAME=root \
--env MYSQL_PASSWORD=root \
--env MYSQL_PORT_3306_TCP_ADDR=mysql-database \
--env MYSQL_PORT_3306_TCP_PORT=3306 \
--env KEYCLOAK_USER=admin \
--env KEYCLOAK_PASSWORD=admin1234 \
jboss/keycloak-mysql

jonathandandries
5 months ago

Two issues related to running keycloak-mysql:3.0.0.Final and mysql:5.7.18 in docker-compose, but that will likely have broader impact in certain circumstances:

Issue #1. JBoss doesn't wait for mysql to be available, and it fails to create a connection if mysql hasn’t come up yet (no retry). This is especially problematic if you are trying to use docker-compose since everything likes to start around the same time:

Error:

19:18:03,553 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService Thread Pool -- 50) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection

Workaround:

  • Need a custom Dockerfile to override the ENTRYPOINT definition to use a custom docker-entrypoint-waitforit.sh. And note that because we are changing ENTRYPOINT, we also need to redefine CMD.

Gist of the Dockerfile:

FROM jboss/keycloak-mysql:3.0.0.Final
COPY  docker-entrypoint-waitforit.sh wait-for-it.sh /
ENTRYPOINT ["/docker-entrypoint-waitforit.sh”]
CMD ["-b", "0.0.0.0"]

Gist of docker-entrypoint-waitforit.sh:

#!/bin/bash
/wait-for-it.sh mysql:3306 -t 60 -- /opt/jboss/docker-entrypoint.sh $@
exit $?

For wait-for-it.sh, see: https://github.com/vishnubob/wait-for-it or see: https://github.com/jwilder/dockerize

Docker recommends this approach: https://docs.docker.com/compose/startup-order/

Issue #2. When running in docker-compose, JBoss cannot connect to mysql without some extra work. This issue seems to be related to running on the project-specific default network that is setup by docker-compose.

Note that you don’t have this issue when running independent in docker:

docker run --name mysql -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=password -e MYSQL_ROOT_PASSWORD=root_password -d mysql:5.7.18
# wait 30 seconds
docker run --name keycloak-standalone-test --link mysql:mysql -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak -e MYSQL_PASSWORD=password -p "8080:8080" jboss/keycloak-mysql:3.0.0.Final

Error when running in docker-compose:

19:24:04,072 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 27) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "datasources"),
    ("data-source" => "KeycloakDS")
]) - failure description: "WFLYCTL0211: Cannot resolve expression 'jdbc:mysql://${env.MYSQL_PORT_3306_TCP_ADDR}:${env.MYSQL_PORT_3306_TCP_PORT}/${env.MYSQL_DATABASE:keycloak}'”

Workarounds:

  1. Option-1: In docker-compose.yml for the keycloak service, define these environment variables:

    - MYSQL_PORT_3306_TCP_ADDR=mysql
    - MYSQL_PORT_3306_TCP_PORT=3306
    
  2. Option-2: run the keycloak and mysql services on the default “bridge” network:
    In the keycloak and mysql service definitions:

    network_mode: bridge
    

    Separately:

    networks:
     default:
       external:
         name: bridge
    

Bottom line question:

  • Why does JBoss behave differently when trying to connect to mysql on the global “bridge” network (works) vs the project-specific default network (fails)?
dalu
7 months ago

plain docker 2.5.4

20:50:25,846 INFO [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server shutdown has been requested.
20:50:25,849 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 49) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:85)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:162)
at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209)
at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299)
at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231)
at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132)
at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
... 6 more
Caused by: java.lang.RuntimeException: Failed to connect to database
at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:373)
at org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lazyInit(LiquibaseDBLockProvider.java:65)
at org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lambda$waitForLock$0(LiquibaseDBLockProvider.java:97)
at org.keycloak.models.utils.KeycloakModelUtils.suspendJtaTransaction(KeycloakModelUtils.java:544)
at org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.waitForLock(LiquibaseDBLockProvider.java:95)
at org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:136)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:228)
at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:129)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
... 19 more
Caused by: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:146)
at org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:66)
at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:367)
... 31 more
Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:656)
at org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:429)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:747)
at org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:138)
... 33 more
Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:343)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:350)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:285)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1319)
at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:496)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:626)
at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:598)
at org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:590)
... 36 more
Caused by: java.sql.SQLException: Access denied for user 'keycloak'@'172.17.0.3' (using password: YES)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1073)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3609)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3541)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:943)
at com.mysql.jdbc.MysqlIO.secureAuth411(MysqlIO.java:4113)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1308)
at com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2336)
at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2369)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2153)
at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:792)
at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:411)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:381)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:305)
at org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:319)
... 43 more

aritz86
a year ago

I had to add the MYSQL_PORT_3306_TCP_ADDR=mysql and MYSQL_PORT_3306_TCP_PORT=3306 environment variables (in addition to the linking). The server was complaining about unparseable database address.

carljmosca
a year ago

I went to 1.7.0.Final, was able to do the initial login with admin/admin, then moved to back to 1.9.4.Final to get things going.

carljmosca
a year ago

This version seems to have an issue with the initial admin/admin username/password combination.

jcercurati
a year ago

MYSQL_USER should be replaced by MYSQL_USERNAME. please fix in above description.