Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Export of a realm from a running keycloak docker container fails

Tags:

docker

keycloak

I am running keycloak v8.0.0 using docker compose file. I am persisting the data into a MySQL database which I am running locally.

  version: '3'
  services:
   keycloak:
    image: jboss/keycloak:8.0.0
    ports:
      - "9999:8080"
    environment:
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: <ADMIN_PASSWORD>
      DB_VENDOR: mysql
      DB_ADDR: <HOST>
      DB_PORT: <PORT>
      DB_USER: <USER>
      DB_PASSWORD: <PASSWORD>
      JDBC_PARAMS: "useSSL=false"
    volumes:
      - "./realms:/tmp"

I tried exporting a realm from the running docker container by using following command.

docker exec -it kc /opt/jboss/keycloak/bin/standalone.sh \
-Djboss.socket.binding.port-offset=100 -Dkeycloak.migration.action=export \
-Dkeycloak.migration.provider=singleFile \
-Dkeycloak.migration.realmName=my_realm\
-Dkeycloak.migration.usersExportStrategy=REALM_FILE \
-Dkeycloak.migration.file=/tmp/my_realm-realm.json

Below is the stack trace of the error i am getting when I run the above command. When I am running the above command keycloak is not able to connect to database server i.e. MySQL in this case. How to specify database connection configuration in this scenario?

16:30:04,000 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 65) MSC000001: Failed to start service jboss.deployment.unit."keycloak-server.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."keycloak-server.war".undertow-deployment: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication()
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
        at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
        at java.base/java.lang.Thread.run(Thread.java:834)
        at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:485)
Caused by: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication()
        at [email protected]//org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:164)
        at [email protected]//org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2784)
        at [email protected]//org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:364)
        at [email protected]//org.jboss.resteasy.spi.ResteasyDeployment.startInternal(ResteasyDeployment.java:277)
        at [email protected]//org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:89)
        at [email protected]//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:119)
        at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
        at [email protected]//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
        at [email protected]//org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
        at [email protected]//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
        at [email protected]//io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)
        at [email protected]//io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)
        at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:585)
        at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:556)
        at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
        at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
        at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:598)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)
        at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
        ... 8 more
Caused by: java.lang.RuntimeException: Failed to connect to database
        at [email protected]//org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:372)
        at [email protected]//org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lazyInit(LiquibaseDBLockProvider.java:65)
        at [email protected]//org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lambda$waitForLock$2(LiquibaseDBLockProvider.java:96)
        at [email protected]//org.keycloak.models.utils.KeycloakModelUtils.suspendJtaTransaction(KeycloakModelUtils.java:682)
        at [email protected]//org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.waitForLock(LiquibaseDBLockProvider.java:94)
        at [email protected]//org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:178)
        at [email protected]//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:227)
        at [email protected]//org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:171)
        at [email protected]//org.keycloak.services.resources.KeycloakApplication.init(KeycloakApplication.java:162)
        at [email protected]//org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:143)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at [email protected]//org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:152)
        ... 31 more
Caused by: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
        at [email protected]//org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:159)
        at [email protected]//org.jboss.as.connector.subsystems.datasources.WildFlyDataSource.getConnection(WildFlyDataSource.java:64)
        at [email protected]//org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:366)
        ... 45 more
Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS
        at [email protected]//org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:690)
        at [email protected]//org.jboss.jca.core.connectionmanager.tx.TxConnectionManagerImpl.getManagedConnection(TxConnectionManagerImpl.java:440)
        at [email protected]//org.jboss.jca.core.connectionmanager.AbstractConnectionManager.allocateConnection(AbstractConnectionManager.java:789)
        at [email protected]//org.jboss.jca.adapters.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:151)
        ... 47 more
Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection
        at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:345)
        at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:352)
        at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:287)
        at [email protected]//org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1328)
        at [email protected]//org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:499)
        at [email protected]//org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:632)
        at [email protected]//org.jboss.jca.core.connectionmanager.pool.AbstractPool.getConnection(AbstractPool.java:604)
        at [email protected]//org.jboss.jca.core.connectionmanager.AbstractConnectionManager.getManagedConnection(AbstractConnectionManager.java:624)
        ... 50 more
Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

The last packet successfully received from the server was 97 milliseconds ago.  The last packet sent successfully to the server was 91 milliseconds ago.
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at [email protected]//com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
        at [email protected]//com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:990)
        at [email protected]//com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:201)
        at [email protected]//com.mysql.jdbc.MysqlIO.negotiateSSLConnection(MysqlIO.java:4912)
        at [email protected]//com.mysql.jdbc.MysqlIO.proceedHandshakeWithPluggableAuthentication(MysqlIO.java:1663)
        at [email protected]//com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1224)
        at [email protected]//com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2190)
        at [email protected]//com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2221)
        at [email protected]//com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2016)
        at [email protected]//com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:776)
        at [email protected]//com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:47)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at [email protected]//com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
        at [email protected]//com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:386)
        at [email protected]//com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:330)
        at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:321)
        ... 57 more
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
        at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:169)
        at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
        at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:216)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:395)
        at [email protected]//com.mysql.jdbc.ExportControlled.transformSocketToSSLSocket(ExportControlled.java:186)
        ... 73 more
like image 421
jaikishan_gurav Avatar asked May 11 '20 16:05

jaikishan_gurav

People also ask

How do I export a Keycloak realm?

To export a realm, you can use the export command. Your Keycloak server instance must not be started when invoking this command. To export a realm to a directory, you can use the --dir <dir> option. When exporting realms to a directory, the server is going to create separate files for each realm being exported.

2 Answers

I got the same error today,and found is the JDBC_PARAMS format error;

so you can exec in the container,

docker exec -it kc bash

and modify the JDBC_PARAMS

# Append '?' in the beggining of the string if JDBC_PARAMS value isn't empty
export JDBC_PARAMS=$(echo ${JDBC_PARAMS} | sed '/^$/! s/^/?/')

Or redefine JDBC_PARAMS env

export JDBC_PARAMS='?connectTimeout=30&useSSL=false&allowPublicKeyRetrieval=true&characterEncoding=UTF-8'

the key is prefix ? char

then exec

/opt/jboss/keycloak/bin/standalone.sh \
-Djboss.socket.binding.port-offset=100 -Dkeycloak.migration.action=export \
-Dkeycloak.migration.provider=singleFile \
-Dkeycloak.migration.realmName=my_realm\
-Dkeycloak.migration.usersExportStrategy=REALM_FILE \
-Dkeycloak.migration.file=/tmp/my_realm-realm.json

everything is OK!

like image 58
austindev Avatar answered Oct 24 '22 09:10

austindev

The first solution did not work for me, so I had to investigate further. In my case, the reason was, that the DB_PORT environment variable was not added to the connection string, so keycloak tried to connect to the postgres DB under the dafault port 5432, as seen in this log:

11:29:10,185 ERROR [stderr] (ServerService Thread Pool -- 68) FINE: Connecting with URL: jdbc:postgresql://156149bb-0045-4086-b11a-1b55458b2a5f.blrv234f085n1l00bhrg.private.databases.appdomain.cloud/ibmclouddb?connectTimeout=30&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory&loggerLevel=DEBUG
[...]
11:29:10,194 ERROR [stderr] (ServerService Thread Pool -- 68) FINE: Trying to establish a protocol version 3 connection to 156149bb-0045-4086-b11a-1b55458b2a5f.blrv234f085n1l00bhrg.private.databases.appdomain.cloud:5432

So I added the Port to the DB_ADDR variable and everything worked fine.

like image 24
tigu Avatar answered Oct 24 '22 10:10

tigu
Sign in to Comment

Related questions

Why elastic-search container memory usage keeps increasing with little use?
Create new django project in pycharm: "Remote path not provided"
How to start CosmosDB emulator with docker-compose?
Understanding Docker user/uid creation
How to configure proxy for NuGet while using Docker?
Persiste apache nifi flow.xml.gz file in docker volume
How does "latest" tag work in an ECS task definition and container instances pulling from ECR?
ERR_CONNECTION_REFUSED with Django and Vue.js bundle files
Docker local environment custom local domains (hosts file?)
microk8s pulling image, stuck in ContainerCreating state
kubernetes failed to start pod due to ContainerCannotRun
How to CMD Powershell script in Dockerfile
400 bad request when logging/pushing npm package to nexus?
How to set ALLOWED_HOSTS Django setting in production when using Docker?
Airflow stack webserver failing to resolve postgres related attribute, fails to start
VS Code not hitting breakpoints for Node app running in Docker Container
How do I set docker-credential-ecr-login in my PATH before anything else in GitLab CI
How to install powershell modules within a docker container off the mcr.microsoft.com/powershell image?
Monitor JVM in AWS Fargate
How much headroom to leave between Java Xmx and Docker container RAM size?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!