[keycloak-user] How to set PostgreSQL schema for Keycloak when using the Docker Image?

Meissa M'baye Sakho msakho at redhat.com
Wed Mar 14 02:38:41 EDT 2018 

I will try it with the jgroups modules picked from rhsso.
I think that we could get them in the following link:
https://github.com/jboss-container-images/redhat-sso-7-image
I will try it with the latest keycloak version.

Did you need to pass the KUBE_PING environment variable?





On Wed, Mar 14, 2018 at 12:01 AM, Stephen Henrie <stephen at chassi.com> wrote:

> Thanks for the confirmation on the RHSSO 7.2.
>
> Regarding my clustering...
>
> Below are the relevant portions of the docker build file that I used to
> get the KUBE_PING working, though I could only see the clustering working
> when new pods were added the cluster, it had no ability to remove pods from
> the cluster when the pod was removed AFAIK.  That might still be the case
> with SSO as well.
>
> I have attached the relevant config file as well. You should be able to
> diff the *attached standalone-ha-postgres.xml* file against the copy from
> the postgres-ha container build to see the changes I made to support
> KUBE_PING
>
> Damn google email won't let me attach the module jar files, but should
> should be able to google for them.
>
> Regards,
>
> Stephen
>
> ====
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *FROM jboss/keycloak-ha-postgres:3.2.1.FinalMAINTAINER Stephen Henrie
> <stephen at chassi.com <stephen at chassi.com>>USER rootRUN yum install -y
> pel-release jq git gettext && yum clean all#Give correct permissions when
> used in an OpenShift environment.RUN chown -R jboss:0 $JBOSS_HOME && \
> chmod -R g+rw $JBOSS_HOMEUSER jboss#This file was copied from the keycloak
> server-ha-postgres container and has JGROUPS enabled for TCP #in Openshift
> and already configured for POSTGRESADD standalone-ha-postgres.xml
> $JBOSS_HOME/standalone/configuration/standalone-ha.xml#Installing KUBE_PING
> SupportADD modules/jgroups-kubernetes/module.xml
> $JBOSS_HOME/modules/system/layers/base/org/jgroups/kubernetes/kubernetes/main/module.xmlADD
> modules/jgroups-kubernetes/common-0.9.3.jar
> $JBOSS_HOME/modules/system/layers/base/org/jgroups/kubernetes/kubernetes/main/common-0.9.3.jarADD
> modules/jgroups-kubernetes/dns-0.9.3.jar
> $JBOSS_HOME/modules/system/layers/base/org/jgroups/kubernetes/kubernetes/main/dns-0.9.3.jarADD
> modules/jgroups-kubernetes/kubernetes-0.9.3.jar
> $JBOSS_HOME/modules/system/layers/base/org/jgroups/kubernetes/kubernetes/main/kubernetes-0.9.3.jarADD
> modules/jgroups-kubernetes/oauth-20090531.jar
> $JBOSS_HOME/modules/system/layers/base/org/jgroups/kubernetes/kubernetes/main/oauth-20090531.jarRUN
> sed -ie 's@\(</dependencies>\)@    <module
> name="org.jgroups.kubernetes.kubernetes"/>\n    \1@'
> $JBOSS_HOME/modules/system/layers/base/org/jgroups/main/module.xmlCMD
> ["-b", "0.0.0.0", "--server-config", "standalone-ha.xml"]*
>
>
>
> On Tue, Mar 13, 2018 at 2:48 PM, Meissa M'baye Sakho <msakho at redhat.com>
> wrote:
>
>> Stephen,
>> I can confirm you that the RHSS O7.2 has KUBE_PING enabled.
>> Can you share with me what you did in the keycloak postgres-ha image?
>> Meissa
>>
>>
>> On Tue, Mar 13, 2018 at 8:18 PM, Stephen Henrie <stephen at chassi.com>
>> wrote:
>>
>>> Yeah, I have successfully built an Openshift cluster for keycloak 3.2.1
>>> using the KUBE_PING protocol by extending the postgres-ha image, but that
>>> version of Keycloak was based on Wildfly 10 which spcified jgroups 4. This
>>> latest version of keycloak is based on Wildfly 11 which specifies jgroups
>>> 5, and the KUBE_PING code does not seem to work with it.
>>>
>>> I am going to look into the latest Redhat SSO 7.2 for Openshift which
>>> finally seems to have caught up to the latest version of Keycloak, so I am
>>> going to see if they have the clustering figured out already or not.
>>>
>>> It's always something...
>>>
>>> Stephen
>>>
>>> On Tue, Mar 13, 2018 at 4:15 AM, Meissa M'baye Sakho <msakho at redhat.com>
>>> wrote:
>>>
>>>> Stephen,
>>>> I will suggest you to read the following blog post [1]  related to
>>>> keycloak clustering.
>>>> You'll need to use the docker image [2] instead if you want the
>>>> clustering to work in a docker environment.
>>>>
>>>> If you are in a kubernetes environnement, you'll not be able to use the
>>>> native KUBE_PING protocol since the keycloak image does not include this
>>>> feature yet.
>>>> Unles you try to build the following [3]
>>>> <https://github.com/jboss-dockerfiles/keycloak/pull/96> pull request
>>>>
>>>>
>>>> [1]=http://blog.keycloak.org/2015/04/running-keycloak-cluste
>>>> r-with-docker.html
>>>> [2]=https://github.com/jmowla/keycloak/blob/master/server-ha
>>>> -postgres/Dockerfile
>>>> [3]=https://github.com/jboss-dockerfiles/keycloak/pull/96
>>>> <https://github.com/jboss-dockerfiles/keycloak/pull/96>
>>>>
>>>> Meissa
>>>>
>>>> On Mon, Mar 12, 2018 at 5:15 PM, Stephen Henrie <stephen at chassi.com>
>>>> wrote:
>>>>
>>>>> Meissa,
>>>>>
>>>>> Thanks for the heads up on the deprecation. Do you know  off the top
>>>>> of you head if that keycloak server image that is referenced here (
>>>>> https://hub.docker.com/r/jboss/keycloak-postgres/) supports an HA
>>>>> deployment as well?
>>>>>
>>>>> Thanks
>>>>> Stephen
>>>>>
>>>>> On Mon, Mar 12, 2018 at 12:41 AM, Meissa M'baye Sakho <
>>>>> msakho at redhat.com> wrote:
>>>>>
>>>>>> Stephen, the postgress-ha docker image is deprecated. It's clearly
>>>>>> stated in the following:
>>>>>> https://hub.docker.com/r/jboss/keycloak-postgres/
>>>>>> @Marco, I undestand your point.
>>>>>> Maybe do you need to extend the keyclaok image.
>>>>>> Meissa
>>>>>>
>>>>>> On Mon, Mar 12, 2018 at 5:53 AM, Stephen Henrie <stephen at chassi.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Actually, the postgres-ha docker image that is tagged for
>>>>>>> 3.4.3.Final installs version 3.4.2. I had to rebuild that image myself and
>>>>>>> replace the "latest" tag with a "3.4.3.Final" tag in order to have the
>>>>>>> correct version.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Stephen
>>>>>>>
>>>>>>> On Sun, Mar 11, 2018 at 1:49 PM, Meissa M'baye Sakho <
>>>>>>> msakho at redhat.com> wrote:
>>>>>>>
>>>>>>>> Marco,
>>>>>>>> which docker image are you using?
>>>>>>>> The latest docker image the rely on Keycloak 3.4.3 has been updated
>>>>>>>> to
>>>>>>>> handle either postgresql or mysql.
>>>>>>>> You'll find information you're looking for in the following link at
>>>>>>>> the
>>>>>>>> PostgreSQL section.
>>>>>>>> https://hub.docker.com/r/jboss/keycloak/
>>>>>>>> thanks,
>>>>>>>> Meissa
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sun, Mar 11, 2018 at 8:04 PM, Marco Pas <marco.pasopas at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> > Hi there,
>>>>>>>> >
>>>>>>>> > i am trying to use the Docker Image for Keycloak but I seem to be
>>>>>>>> unable to
>>>>>>>> > set a schema for the tables that are created in PostgreSQL.
>>>>>>>> Currently all
>>>>>>>> > tables end up in the public schema.
>>>>>>>> > Is there a way that i can instruct Keycloak to create the tables
>>>>>>>> inside a
>>>>>>>> > schema?
>>>>>>>> >
>>>>>>>> > Kind regards,
>>>>>>>> > Marco Pas
>>>>>>>> > _______________________________________________
>>>>>>>> > keycloak-user mailing list
>>>>>>>> > keycloak-user at lists.jboss.org
>>>>>>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>> >
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

More information about the keycloak-user mailing list