[keycloak-user] Keycloak-mysql Docker -- 2 issues

Alex Berg chexxor at gmail.com
Thu May 18 15:56:07 EDT 2017 

I *use* the docker images. I also wish there was a standard working way of
doing this. I don't know much about docker networking, so I hope you find
an expert in that area to help you.

I'm also using keycloak in a docker-compose file for local development.
I'll be deploying to a kubernetes cluster, and I found a PR on the docker
repo which demonstrates a way to do that, which is very awesome. It's still
pretty tricky, though, as the clustering supported by keycloak is w/e
wildfly has, and it seems that wildfly's clustering wasn't designed with
cloud OSes like kubernetes or docker swarm in mind.

On Tue, May 16, 2017 at 9:22 AM, Jonathan D'Andries <
jonathandandries at gmail.com> wrote:

> Does anyone here work on the Docker images, or is that another list?
>
> Sorry for reposting,
>
>
> Jonathan
>
> --
> Jonathan D'Andries
> http://www.linkedin.com/in/jonathandandries/
>
> On Fri, May 12, 2017 at 2:48 PM, Jonathan D'Andries <
> jonathandandries at gmail.com> wrote:
>
> > Two issues related to running keycloak-mysql:3.0.0.Final and mysql:5.7.18
> > in docker-compose, but that will likely have broader impact in certain
> > circumstances:
> >
> > Issue #1. JBoss doesn't wait for mysql to be available, and it fails to
> > create a connection if mysql hasn’t come up yet (no retry). This is
> > especially problematic if you are trying to use docker-compose since
> > everything likes to start around the same time:
> >
> > Error:
> >
> > 19:18:03,553 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool]
> (ServerService Thread Pool -- 50) IJ000604: Throwable while attempting to
> get a new connection: null: javax.resource.ResourceException: IJ031084:
> Unable to create connection
> >
> > Workaround:
> >
> >    - Need a custom Dockerfile to override the ENTRYPOINT definition to
> >    use a custom docker-entrypoint-waitforit.sh. And note that because we
> >    are changing ENTRYPOINT, we also need to redefine CMD.
> >
> > Gist of the Dockerfile:
> >
> > FROM jboss/keycloak-mysql:3.0.0.Final
> > COPY  docker-entrypoint-waitforit.sh wait-for-it.sh /
> > ENTRYPOINT ["/docker-entrypoint-waitforit.sh”]
> > CMD ["-b", "0.0.0.0"]
> >
> > Gist of docker-entrypoint-waitforit.sh:
> >
> > #!/bin/bash
> > /wait-for-it.sh mysql:3306 -t 60 -- /opt/jboss/docker-entrypoint.sh $@
> > exit $?
> >
> > For wait-for-it.sh, see: https://github.com/vishnubob/wait-for-it or
> see:
> > https://github.com/jwilder/dockerize
> >
> > Docker recommends this approach: https://docs.docker.
> > com/compose/startup-order/
> >
> > Issue #2. When running in docker-compose, JBoss cannot connect to mysql
> > without some extra work. This issue seems to be related to running on the
> > project-specific default network that is setup by docker-compose.
> >
> > Note that you don’t have this issue when running independent in docker:
> >
> > docker run --name mysql -e MYSQL_DATABASE=keycloak -e
> MYSQL_USER=keycloak -e MYSQL_PASSWORD=password -e MYSQL_ROOT_PASSWORD=root_password
> -d mysql:5.7.18
> > # wait 30 seconds
> > docker run --name keycloak-standalone-test --link mysql:mysql -e
> KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -e MYSQL_DATABASE=keycloak
> -e MYSQL_USERNAME=keycloak -e MYSQL_PASSWORD=password -p "8080:8080"
> jboss/keycloak-mysql:3.0.0.Final
> >
> > Error when running in docker-compose:
> >
> > 19:24:04,072 ERROR [org.jboss.as.controller.management-operation]
> (ServerService Thread Pool -- 27) WFLYCTL0013: Operation ("add") failed -
> address: ([
> >     ("subsystem" => "datasources"),
> >     ("data-source" => "KeycloakDS")
> > ]) - failure description: "WFLYCTL0211: Cannot resolve expression
> 'jdbc:mysql://${env.MYSQL_PORT_3306_TCP_ADDR}:${env.
> MYSQL_PORT_3306_TCP_PORT}/${env.MYSQL_DATABASE:keycloak}'”
> >
> > Workarounds:
> >
> >    1.
> >
> >    Option-1: In docker-compose.yml for the keycloak service, define these
> >    environment variables:
> >
> >    - MYSQL_PORT_3306_TCP_ADDR=mysql
> >    - MYSQL_PORT_3306_TCP_PORT=3306
> >
> >    2.
> >
> >    Option-2: run the keycloak and mysql services on the default “bridge”
> >    network:
> >    In the keycloak and mysql service definitions:
> >
> >    network_mode: bridge
> >
> >    Separately:
> >
> >    networks:
> >     default:
> >       external:
> >         name: bridge
> >
> >
> > Bottom line question:
> >
> >    - Why does JBoss behave differently when trying to connect to mysql on
> >    the global “bridge” network (works) vs the project-specific default
> network
> >    (fails)?
> >
> >
> > Jonathan
> >
> > --
> > Jonathan D'Andries
> > http://www.linkedin.com/in/jonathandandries/
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list