Kecycloak cluster ha setup with docker and external mariadb server

Getting advice
1

Hi… I’m trying for a month now on configuring a HA cluster setup for docker and now finalize with a setup

  1. MariaDB Server:192.168.x.1
  2. Keycloak01 on docker: 192.168.x.2
  3. Keycloak02 on docker: 192.168.x.3

My configuration for keycloak as follows:

Dockerfile:
FROM Quay

RUN /opt/keycloak/bin/kc.sh build

ENTRYPOINT [“/opt/keycloak/bin/kc.sh”, “start”]


Keycloak01 (docker-compose.yml)

version: “3.2”

services:

keycloak-0:

build:
  dockerfile: "./Dockerfile"
environment:
  KC_HOSTNAME_STRICT: "false"
  KEYCLOAK_USER: keycloak
  KEYCLOAK_PASSWORD:password
  KEYCLOAK_LOGLEVEL: INFO
  ROOT_LOGLEVEL: INFO
  KEYCLOAK_STATISTICS: all
  DB_ADDR: 192.168.1.1
  DB_PORT: 3306
  DB_VENDOR: mariadb
  DB_DATABASE: KEYCLOAK01
  DB_USER: root
  DB_PASSWORD: password
  PROXY_ADDRESS_FORWARDING: true
  KEYCLOAK_CREATE_ADMIN_USER: "true"
  JGROUPS_DISCOVERY_PROTOCOL: TCPPING
  JGROUPS_DISCOVERY_EXTERNAL_IP: 192.168.1.2
  JGROUPS_DISCOVERY_PROPERTIES: initial_hosts="192.168.1.2[7600],192.168.1.3[7600]"
  KEYCLOAK_CACHE_OWNERS_COUNT: 2
  KEYCLOAK_AUTH_CACHE_OWNERS_COUNT: 2
ports:
  - "8080:8080"
  - "7600:7600"


Keycloak02 (docker-compose.yml)

version: “3.2”

services:

keycloak-1:

build:
  dockerfile: "./Dockerfile"
environment:
  KC_HOSTNAME_STRICT: "false"
  KEYCLOAK_USER: keycloak
  KEYCLOAK_PASSWORD: password
  KEYCLOAK_LOGLEVEL: INFO
  ROOT_LOGLEVEL: INFO
  KEYCLOAK_STATISTICS: all
  DB_ADDR: 192.168.1.1
  DB_PORT: 3306
  DB_VENDOR: mariadb
  DB_DATABASE: KEYCLOAK01
  DB_USER: root
  DB_PASSWORD: password
  PROXY_ADDRESS_FORWARDING: true
  KEYCLOAK_CREATE_ADMIN_USER: "true"
  JGROUPS_DISCOVERY_PROTOCOL: TCPPING
  JGROUPS_DISCOVERY_EXTERNAL_IP: 192.168.1.3
  JGROUPS_DISCOVERY_PROPERTIES: initial_hosts="192.168.1.2[7600],192.168.1.3[7600]"
  KEYCLOAK_CACHE_OWNERS_COUNT: 2
  KEYCLOAK_AUTH_CACHE_OWNERS_COUNT: 2
ports:
  - "8080:8080"
  - "7600:7600"


All i get is a failed image… running “docker ps” shows no image created and “netstat -tulnp” shows no port 8080 or 7600 is up

This is the result after running “docker-compose up -d && docker-compose logs -f” on keycloak01

image
image1601×846 122 KB

This is the same error in keycloak02. I really need a help because after some digging, all the tries is a failure. Thank you so much
Best regards,
Hakim.

2

You are using latest image from the Docker repo. That’s always the worst idea. Always use proper version tags!
Currently, latest yields to release 19.0.3 (as of yesterday) and you are using configuration variables from the legacy distribution. Default from 17+ is the Quarkus distribution and configuration has changed completely. Please consult official docs and guides for uptodate information!

3

Thank you for the tips!.. I finally got to build the cluster but there were some minor errors… I had my latest environment like in my repo GitHub - hakimnorizman-work/keycloak-jdbc-ivanfranchin

4

Are you sure that you want to use JDBC-Ping? I’d use TCP-Ping or UDP-Ping instead (UDP-Ping requires special settings on the host). JDBC-PING is kind of the last resort.

5

I’m not really sure. I was just searching for the best examples I can get and the most examples I found was using JDBC_PING.