Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Keycloak in docker container + MySQL on host gives [org.keycloak.services] (ServerService Thread Pool -- 62) Failed to connect to database

New to KeyCloak.

Trying to run KeyCloak in a container that would be accessing MySQL on host machine (currently Windows 10, production would be Linux)

Followed steps in enter link description here and when both KeyCloak and MySQL are in their own containers, it works according to the documentation there.

When trying to connect existing MySQL database on the host and run KeyCloak docker container like this:

> docker run --name keycloak --network="host" -e DB_VENDOR=mysql -e DB_ADDR=host.docker.internal -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=sqlpass -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

or even

docker run --name keycloak --network=host -e DB_VENDOR=MYSQL -e DB_ADDR=<actual ip address of host> -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=sqlpass -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

Getting following error:

WFLYCTL0186:   Services which failed to start:      service org.wildfly.clustering.jgroups.channel.ee: java.lang.IllegalStateException: java.net.BindException: [UDP] /172.18.0.1 is not a valid address on any local network interface

I think it's failing right after these messages...

19:33:30,381 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
19:33:30,522 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443

Searched internet for the so called 'production ready' scenario where MySQL database would be on host and KeyCloak could be in Docker container, didn't find much help.

What am I doing wrong? Any help / pointers appreciated. Thank you.

Update:

When tried removing network - got different error.

docker run --rm --name keycloak  -e DB_VENDOR=MYSQL  -e DB_ADDR=docker.host.internal -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=sqlpass -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

More specific about not able to connect to the database:

20:14:28,844 FATAL [org.keycloak.services] (ServerService Thread Pool -- 62) java.lang.RuntimeException: Failed to connect to database
like image 772
meDev Avatar asked May 30 '20 19:05

meDev


People also ask

How do I create a Keycloak using MySQL server?

Below we will see the steps for using MySQL Server: mysql> CREATE USER ‘keycloak’@’%’ IDENTIFIED BY ‘keycloak’; mysql> CREATE DATABASE keycloak CHARACTER SET utf8 COLLATE utf8_unicode_ci 3.mysql> GRANT ALL PRIVILEGES ON keycloak.* TO ‘keycloak’@’%’;a

Why can't I change the port on Keycloak?

This is probably not caused by not being able to change the port, but rather the fact that MySQL is not ready to retrieve requests when Keycloak is started. This is a known issue on Docker Compose and we're not quite sure how to fix it.

How to use Keycloak with embedded H2 database?

Keycloak works with embedded H2 database. This is the default database that Keycloak uses in the development environment. But for production, the proper thing to do is to connect with an external database like mysql, mongo db. Below we will see the steps for using MySQL Server: mysql> CREATE USER ‘keycloak’@’%’ IDENTIFIED BY ‘keycloak’;

What kind of database does Keycloak use?

Keycloak comes with its own embedded H2 database to persist data by default. H2 is a Java SQL relational database. Keycloak uses the H2 database so that it can run instantly. The H2 is an in-memory database and it is suitable only for use in a test environment.


2 Answers

Got it. Turns out I needed to allow 'keycloak' user in MySQL instance to logon remotely (meaning not just from localhost but any other hosts).

I used following script to give access privileges for 'keycloak' user:

USE keycloak;

CREATE USER 'keycloak'@'localhost' IDENTIFIED WITH caching_sha2_password  BY 'password';
CREATE USER 'keycloak'@'<ip address of container>' IDENTIFIED WITH caching_sha2_password  BY 'password';

GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';
GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'<ip address of container>';

Then use following command to run keycloak docker image as a daemon:

docker run --rm --name keycloak -d  -p 8080:8080 -e DB_VENDOR=MYSQL -e DB_ADDR=host.docker.internal -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak -e MYSQL_PASSWORD=password -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

Then go to http://localhost:8080/auth to access KeyCloak admin console and login using kc-admin user credentials defined previously.

To find out ip address of the container, used windows command line from this thread : How to get a Docker container's IP address from the host

like image 115
meDev Avatar answered Nov 15 '22 02:11

meDev


The accepted answer may be outdated.

-e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak

should be replaced with:

-e DB_USER=keycloak -e DB_PASSWORD=keycloak
like image 31
smileis2333 Avatar answered Nov 15 '22 02:11

smileis2333