Import Keycloak relam

Hello,
I am trtying to import a realm exported from 6.0.1 to a container running 6.0.1.

When I run
docker run -e KEYCLOAK_USER=admincloak -p 8080:8080 -e KEYCLOAK_PASSWORD=123456 -e “KEYCLOAK_IMPORT=/tmp/keycloak_data.json -Dkeycloak.profile.feature.upload_scripts=enabled -Dkeycloak.migration.strategy=OVERWRITE_EXISTING” -v /tmp/keycloak_data.json:/tmp/keycloak_data.json jboss/keycloak:6.0.1

I get an error on startup of

WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException

I googled this and a few previous issues in the forum point to a database password issue (using a non H2 database admittadly). On a locally installed keycloak, I can stop keycloak and enter the H2 console with a password of “sa” - the default.

Is this the same password for the H2 database on the container version of keycloak.

But other posts suggest other causes. I have the log output from starting the container. Does this forum allow attachments?

Regards,
John

One question for you, did you export MULTIPLE realms, or just one?

i.e. when you exported, did you use -Dkeycloak.migration.realmName?

I remember having the issue you are having when I exported all my realms, included the master realm.

Try just exporting one of your non-master realms to a JSON, and set that JSON in your KEYCLOAK_IMPORT env var. If it gets exported correctly, then try to do the same but a JSON of only the master realm import.

I exported multiple realms into a single json file.
So I re-exported just a single realm (SpringBootKeycloak) to a json file.
Then on another machine I run

docker run -e KEYCLOAK_USER=admincloak -p 8080:8080 -e KEYCLOAK_PASSWORD=123456 -e "KEYCLOAK_IMPORT=/tmp/keycloak_data.json -Dkeycloak.profile.feature.upload_scripts=enabled -Dkeycloak.migration.strategy=OVERWRITE_EXISTING -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.realmName=SpringBootKeycloak" -v /tmp/SpringBootKeycloak_data.json:/tmp/SpringBootKeycloak_data.json jboss/keycloak:6.0.1

This resulted in two errors

07:57:42,831 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool – 71) MSC000001: Failed to start service jboss.deployment.unit.“keycloak-server.war”.undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit.“keycloak-server.war”.undertow-deployment: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)

07:57:43,268 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation (“add”) failed - address: ([(“subsystem” => “microprofile-metrics-smallrye”)]): java.lang.NullPointerException
at org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$2.execute(MicroProfileMetricsSubsystemAdd.java:86)

Does anyone have any ideas?

I don’t understand why you are jamming the java process -D properties in the KEYCLOAK_IMPORT environment variable, that’s not where they go. Also, you shouldn’t need them.

I have realm importing working without issues on my side. I’m using a more recent version than you are though, 9.0.3, so your mileage may vary.

Here’s a brief docker-compose.yml syntax of what I’m doing using your values.

---                                                                                                                                         
version: '3.7'

services:

  keycloak:
    image: quay.io/keycloak/keycloak:9.0.3
    container_name: keycloak
    restart: always
    ports:
      - target: 8080
        published: 8080
        protocol: tcp 
        mode: host
    environment:
      KEYCLOAK_USER: admincloak
      KEYCLOAK_PASSWORD: 123456
      KEYCLOAK_IMPORT: /tmp/keycloak_data.json
    volumes:
      - type: bind
        source: /tmp/SpringBootKeycloak_data.json
        target: /tmp/SpringBootKeycloak_data.json

By doing this, I see the realm get imported correctly if I start from scratch. If I don’t start from scratch and the realm already exists, it won’t get clobbered (which is what I want).

The reason that the docker call is overloaded is that was suggested in previous questions to the forum and various google results. But yes, it does not work.
I also tried dividing the import from starting the container as mentioned for export (though I have done it for import) on the keycloak docker hub page. So …

in terminal 1

docker run -e KEYCLOAK_USER=admincloak -p 8080:8080 -e KEYCLOAK_PASSWORD=123456 --name kc -v /tmp/SpringBootKeycloak_data.json:/tmp/SpringBootKeycloak_data.json jboss/keycloak:6.0.1

and in terminal 2
docker exec -it kc /opt/jboss/keycloak/bin/standalone.sh -Djboss.socket.binding.port-offset=100 -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.realmName=SpringBootKeycloak -Dkeycloak.migration.strategy=OVERWRITE_EXISTING -Dkeycloak.migration.file=/tmp/SpringBootKeycloak_data.json

And the result is the same. In terminal 2,
07:24:03,069 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool – 59) MSC000001: Failed to start service jboss.deployment.unit.“keycloak-server.war”.undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit.“keycloak-server.war”.undertow-deployment: java.lang.RuntimeException: RESTEASY003325: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)

07:11:13,578 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation (“add”) failed - address: ([(“subsystem” => “microprofile-metrics-smallrye”)]): java.lang.NullPointerException
at org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$2.execute(MicroProfileMetricsSubsystemAdd.java:86)

I have not been able to find any definitive information on microprofile-metrics-smallrye. It is mentioned in various cries for help but the answers are rare and do not apply to imports.

As you mention, using compose (or I guess K8s) gives you the right result. But for myself, I think the problem is something to do with my setup, which seems pretty vanilla. It is unfortunate that the error message is not particularly helpful.

Being unable to import an exported realm is a real problem in my setup for the use of keycloak which is a shame because there is a lot to like about it. I have no doubt I have done something dumb but have no idea what.