Does anyone here work on the Docker images, or is that another list? Sorry for reposting, Jonathan -- Jonathan D'Andries http://www.linkedin.com/in/jonathandandries/ On Fri, May 12, 2017 at 2:48 PM, Jonathan D'Andries < jonathandandries(a)gmail.com&gt; wrote: > Two issues related to running keycloak-mysql:3.0.0.Final and mysql:5.7.18 > in docker-compose, but that will likely have broader impact in certain > circumstances: > > Issue #1. JBoss doesn't wait for mysql to be available, and it fails to > create a connection if mysql hasn’t come up yet (no retry). This is > especially problematic if you are trying to use docker-compose since > everything likes to start around the same time: > > Error: > > 19:18:03,553 WARN [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService Thread Pool -- 50) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection > > Workaround: > > - Need a custom Dockerfile to override the ENTRYPOINT definition to > use a custom docker-entrypoint-waitforit.sh. And note that because we > are changing ENTRYPOINT, we also need to redefine CMD. > > Gist of the Dockerfile: > > FROM jboss/keycloak-mysql:3.0.0.Final > COPY docker-entrypoint-waitforit.sh wait-for-it.sh / > ENTRYPOINT ["/docker-entrypoint-waitforit.sh”] > CMD ["-b", "0.0.0.0"] > > Gist of docker-entrypoint-waitforit.sh: > > #!/bin/bash > /wait-for-it.sh mysql:3306 -t 60 -- /opt/jboss/docker-entrypoint.sh $@ > exit $? > > For wait-for-it.sh, see: https://github.com/vishnubob/wait-for-it or see: > https://github.com/jwilder/dockerize > > Docker recommends this approach: https://docs.docker. > com/compose/startup-order/ > > Issue #2. When running in docker-compose, JBoss cannot connect to mysql > without some extra work. This issue seems to be related to running on the > project-specific default network that is setup by docker-compose. > > Note that you don’t have this issue when running independent in docker: > > docker run --name mysql -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=password -e MYSQL_ROOT_PASSWORD=root_password -d mysql:5.7.18 > # wait 30 seconds > docker run --name keycloak-standalone-test --link mysql:mysql -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak -e MYSQL_PASSWORD=password -p "8080:8080" jboss/keycloak-mysql:3.0.0.Final > > Error when running in docker-compose: > > 19:24:04,072 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 27) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "datasources"), > ("data-source" => "KeycloakDS") > ]) - failure description: "WFLYCTL0211: Cannot resolve expression 'jdbc:mysql://${env.MYSQL_PORT_3306_TCP_ADDR}:${env. MYSQL_PORT_3306_TCP_PORT}/${env.MYSQL_DATABASE:keycloak}'” > > Workarounds: > > 1. > > Option-1: In docker-compose.yml for the keycloak service, define these > environment variables: > > - MYSQL_PORT_3306_TCP_ADDR=mysql > - MYSQL_PORT_3306_TCP_PORT=3306 > > 2. > > Option-2: run the keycloak and mysql services on the default “bridge” > network: > In the keycloak and mysql service definitions: > > network_mode: bridge > > Separately: > > networks: > default: > external: > name: bridge > > > Bottom line question: > > - Why does JBoss behave differently when trying to connect to mysql on > the global “bridge” network (works) vs the project-specific default network > (fails)? > > > Jonathan > > -- > Jonathan D'Andries > http://www.linkedin.com/in/jonathandandries/ > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user