Menu
Well, as the title suggests, this is more of an issue record. I was trying to follow the instructions on this README file of Keycloak docker server images, but encountered a few blockers.
After pulling the image, below command to start a standalone instance failed.
docker run jboss/keycloak
The error stack trace:
-b 0.0.0.0
=========================================================================
Using PostgreSQL database
=========================================================================
...
04:45:06,084 INFO [io.smallrye.metrics] (MSC service thread 1-5) Converted [2] config entries and added [4] replacements
04:45:06,096 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 33) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "datasources"),
("data-source" => "KeycloakDS")
]) - failure description: "WFLYCTL0113: '' is an invalid value for parameter user-name. Values must have a minimum length of 1 characters"
...
Caused by: java.lang.RuntimeException: Failed to connect to database
at org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:382)
...
Caused by: javax.naming.NameNotFoundException: datasources/KeycloakDS -- service jboss.naming.context.java.jboss.datasources.KeycloakDS
at org.jboss.as.naming.ServiceBasedNamingStore.lookup(ServiceBasedNamingStore.java:106)
...
I was wondering how it uses a PostgreSQL database, and assumed it might spin up its own instance. But the error looks like it has a problem connecting to the database.
Changing to the embedded H2 DB made it work.
docker run -e DB_VENDOR="h2" --name docker-keycloak-h2 jboss/keycloak
The docker-entrypoint.sh file shows that it uses below logic to determine what DB to use.
if (getent hosts postgres &>/dev/null); then
export DB_VENDOR="postgres"
...
And further down the flow, this change-database.cli file indicates that it's actually expecting a running PostgreSQL instance to use.
connection-url=jdbc:postgresql://${env.DB_ADDR:postgres}:${env.DB_PORT:5432}/${env.DB_DATABASE:keycloak}${env.JDBC_PARAMS:}
So I began wondering how PostgreSQL was chosen as a default initially. Executing below commands in a running Keycloak docker container revealed some interesting things.
[root@71961b81189c bin]# getent hosts postgres
69.172.201.153 postgres.mbox.com
[root@71961b81189c bin]# echo $?
0
Not sure what this postgres.mbox.com is but apparently it's not an expected PostgreSQL server to be resolved by getent. Not sure whether this is a recent linux issue either. The hosts entry in the Name Service Switch Configuration file /etc/nsswitch.conf looks like below inside the container.
hosts: files dns myhostname
It is the dns data source that resolved postgres to postgres.mbox.com.
This is why the DB vendor determination logic failed which eventually caused the container failing to start. The instructions on this README file do not work as of the day this post is published.
Below are the working commands to start a Keycloak server in docker properly with PostgreSQL as the database.
docker network create keycloak-network
docker run -d --name postgres --net keycloak-network -e POSTGRES_DB=keycloak -e POSTGRES_USER=keycloak -e POSTGRES_PASSWORD=password postgres
docker run --name docker-keycloak-postgres --net keycloak-network -e DB_USER=keycloak -e DB_PASSWORD=password jboss/keycloak
387
This is common in a deployment. Usually the Keycloak server is notified about the failed operation and will retry it, so from the user’s point of view, there is usually not any issue. If there are exceptions during startup of Keycloak server, like this:
Firstly, it is worth mentioning that you can use either the docker command or podman to achieve the same results. We will use docker in this section. To pull the latest Docker Image of Keycloak you can run from the Command Line: On the other hand, you can pull and start Keycloak with a single command. Here is how to start it in development mode:
Any changes you make to this file while the server is running will not take effect and may even be overwritten by the server. Instead use the command line scripting or the web console of WildFly. See the WildFly 23 Documentation for more information. Standalone clustered operation mode is for when you want to run Keycloak within a cluster.
In the standalone operation mode, this file lives in …/standalone/configuration/standalone.xml. This file is also used to configure non-infrastructure level things that are specific to Keycloak components. Any changes you make to this file while the server is running will not take effect and may even be overwritten by the server.
The problem no longer occurs now. I am voting to close the question.
142
I ran into the same issue. As it turned out, the key to the solution was the missing parameter "DB_USER=keycloak".
The Application tried to authenticate against the database using the username ''. This was indicated by the first error message.
WFLYCTL0113: '' is an invalid value for parameter user-name
Possibly the 4.x and 5.0.0 versions set the default user name to "keycloak" which was no longer the case in 6.0.0.
After adding the parameter DB_USER=keycloak to the list of environment variables, keycloak started up without any problems.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
