[keycloak-user] Keycloak-mysql Docker -- 2 issues

Jonathan D'Andries jonathandandries at gmail.com
Tue May 16 10:22:41 EDT 2017 

Does anyone here work on the Docker images, or is that another list?

Sorry for reposting,


Jonathan

--
Jonathan D'Andries
http://www.linkedin.com/in/jonathandandries/

On Fri, May 12, 2017 at 2:48 PM, Jonathan D'Andries <
jonathandandries at gmail.com> wrote:

> Two issues related to running keycloak-mysql:3.0.0.Final and mysql:5.7.18
> in docker-compose, but that will likely have broader impact in certain
> circumstances:
>
> Issue #1. JBoss doesn't wait for mysql to be available, and it fails to
> create a connection if mysql hasn’t come up yet (no retry). This is
> especially problematic if you are trying to use docker-compose since
> everything likes to start around the same time:
>
> Error:
>
> 19:18:03,553 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService Thread Pool -- 50) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
>
> Workaround:
>
>    - Need a custom Dockerfile to override the ENTRYPOINT definition to
>    use a custom docker-entrypoint-waitforit.sh. And note that because we
>    are changing ENTRYPOINT, we also need to redefine CMD.
>
> Gist of the Dockerfile:
>
> FROM jboss/keycloak-mysql:3.0.0.Final
> COPY  docker-entrypoint-waitforit.sh wait-for-it.sh /
> ENTRYPOINT ["/docker-entrypoint-waitforit.sh”]
> CMD ["-b", "0.0.0.0"]
>
> Gist of docker-entrypoint-waitforit.sh:
>
> #!/bin/bash
> /wait-for-it.sh mysql:3306 -t 60 -- /opt/jboss/docker-entrypoint.sh $@
> exit $?
>
> For wait-for-it.sh, see: https://github.com/vishnubob/wait-for-it or see:
> https://github.com/jwilder/dockerize
>
> Docker recommends this approach: https://docs.docker.
> com/compose/startup-order/
>
> Issue #2. When running in docker-compose, JBoss cannot connect to mysql
> without some extra work. This issue seems to be related to running on the
> project-specific default network that is setup by docker-compose.
>
> Note that you don’t have this issue when running independent in docker:
>
> docker run --name mysql -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=password -e MYSQL_ROOT_PASSWORD=root_password -d mysql:5.7.18
> # wait 30 seconds
> docker run --name keycloak-standalone-test --link mysql:mysql -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak -e MYSQL_PASSWORD=password -p "8080:8080" jboss/keycloak-mysql:3.0.0.Final
>
> Error when running in docker-compose:
>
> 19:24:04,072 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 27) WFLYCTL0013: Operation ("add") failed - address: ([
>     ("subsystem" => "datasources"),
>     ("data-source" => "KeycloakDS")
> ]) - failure description: "WFLYCTL0211: Cannot resolve expression 'jdbc:mysql://${env.MYSQL_PORT_3306_TCP_ADDR}:${env.MYSQL_PORT_3306_TCP_PORT}/${env.MYSQL_DATABASE:keycloak}'”
>
> Workarounds:
>
>    1.
>
>    Option-1: In docker-compose.yml for the keycloak service, define these
>    environment variables:
>
>    - MYSQL_PORT_3306_TCP_ADDR=mysql
>    - MYSQL_PORT_3306_TCP_PORT=3306
>
>    2.
>
>    Option-2: run the keycloak and mysql services on the default “bridge”
>    network:
>    In the keycloak and mysql service definitions:
>
>    network_mode: bridge
>
>    Separately:
>
>    networks:
>     default:
>       external:
>         name: bridge
>
>
> Bottom line question:
>
>    - Why does JBoss behave differently when trying to connect to mysql on
>    the global “bridge” network (works) vs the project-specific default network
>    (fails)?
>
>
> Jonathan
>
> --
> Jonathan D'Andries
> http://www.linkedin.com/in/jonathandandries/
>

More information about the keycloak-user mailing list