Keycloak in docker container + MySQL on host gives [org.keycloak.services] (ServerService Thread Pool -- 62) Failed to connect to database

Question

New to KeyCloak.

Trying to run KeyCloak in a container that would be accessing MySQL on host machine (currently Windows 10, production would be Linux)

Followed steps in enter link description here and when both KeyCloak and MySQL are in their own containers, it works according to the documentation there.

When trying to connect existing MySQL database on the host and run KeyCloak docker container like this:

> docker run --name keycloak --network="host" -e DB_VENDOR=mysql -e DB_ADDR=host.docker.internal -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=sqlpass -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

or even

docker run --name keycloak --network=host -e DB_VENDOR=MYSQL -e DB_ADDR=<actual ip address of host> -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=sqlpass -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

Getting following error:

WFLYCTL0186:   Services which failed to start:      service org.wildfly.clustering.jgroups.channel.ee: java.lang.IllegalStateException: java.net.BindException: [UDP] /172.18.0.1 is not a valid address on any local network interface

I think it's failing right after these messages...

19:33:30,381 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
19:33:30,522 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443

Searched internet for the so called 'production ready' scenario where MySQL database would be on host and KeyCloak could be in Docker container, didn't find much help.

What am I doing wrong? Any help / pointers appreciated. Thank you.

Update:

When tried removing network - got different error.

docker run --rm --name keycloak  -e DB_VENDOR=MYSQL  -e DB_ADDR=docker.host.internal -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=sqlpass -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

More specific about not able to connect to the database:

20:14:28,844 FATAL [org.keycloak.services] (ServerService Thread Pool -- 62) java.lang.RuntimeException: Failed to connect to database

Answer 1

Got it. Turns out I needed to allow 'keycloak' user in MySQL instance to logon remotely (meaning not just from localhost but any other hosts).

I used following script to give access privileges for 'keycloak' user:

USE keycloak;

CREATE USER 'keycloak'@'localhost' IDENTIFIED WITH caching_sha2_password  BY 'password';
CREATE USER 'keycloak'@'<ip address of container>' IDENTIFIED WITH caching_sha2_password  BY 'password';

GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';
GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'<ip address of container>';

Then use following command to run keycloak docker image as a daemon:

docker run --rm --name keycloak -d  -p 8080:8080 -e DB_VENDOR=MYSQL -e DB_ADDR=host.docker.internal -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak -e MYSQL_PASSWORD=password -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

Then go to http://localhost:8080/auth to access KeyCloak admin console and login using kc-admin user credentials defined previously.

To find out ip address of the container, used windows command line from this thread : How to get a Docker container's IP address from the host

Answer 2

The accepted answer may be outdated.

-e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak

should be replaced with:

-e DB_USER=keycloak -e DB_PASSWORD=keycloak