Keycloak startup-scripts in docker container

Configuring the server
1

Hello,

I’m currently trying to use startup-scripts with the official Keycloak docker container.
More specifically, I’m trying to run a wildfly .cli script that I copied into /opt/jboss/startup-scripts using my dockerfile while building my image.

I checked, upon starting, the script is correctly there.
What I’m trying to do, is running the admin console on a custom port.

I’m using a script that is copy-paste from here:
https://www.keycloak.org/docs/latest/server_admin/index.html#port-restriction

However, in the logs I see:
executing cli script: /opt/jboss/startup-scripts/restrict_admin.cli.
No connection to the controller.

Then the docker container restarts.
The funny thing is: I’ve tried to start my container without the startup scripts, then executed a bash shell in the running container and started the jboss-cli.
When I then copy paste the commands from my restrict_admin.cli one by one in the console, they all execute successfully.

So what is the issue here? This isn’t something that can be done using startup cli scripts?

Thanks for your help!

UPDATE: when I include as first command in the cli-script “connect”, you basically get this error message:

17:23:14,606 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
17:23:14,607 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 8.0.0 (WildFly Core 10.0.0.Final) started in 10700ms - Started 55 of 85 services (39 services are lazy, passive or on-demand)
The batch executed successfully
17:23:15,682 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0050: Keycloak 8.0.0 (WildFly Core 10.0.0.Final) stopped in 93ms
Creating HTTPS keystore via OpenShift’s service serving x509 certificate secrets…
HTTPS keystore successfully created at: /opt/jboss/keycloak/standalone/configuration/keystores/https-keystore.jks
Executing cli script: /opt/jboss/startup-scripts/restrict_admin_console.cli
The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: Connection refused

2

Nevermind, just figured it out.
Embed-server is the key :slight_smile:

3

hey, could you provide the final cli script ?

4

Here’s mine, but in all honesty doesn’t seem to do anything since I don’t see anything in zipkin.

embed-server --admin-only=true
/extension=org.wildfly.extension.microprofile.opentracing-smallrye:add()
/subsystem=microprofile-opentracing-smallrye:add()
/subsystem=microprofile-opentracing-smallrye/jaeger-tracer=my-tracer:add()
# /subsystem=microprofile-opentracing-smallrye/jaeger-tracer=my-tracer:write-attribute(name=sender-endpoint,value=http://tracing:9411/api/v1/spans)
/subsystem=microprofile-opentracing-smallrye/jaeger-tracer=my-tracer:write-attribute(name=sender-endpoint,value=http://tracing:9411)
/subsystem=microprofile-opentracing-smallrye/jaeger-tracer=my-tracer:write-attribute(name=propagation,value=[B3])
# /subsystem=microprofile-opentracing-smallrye/jaeger-tracer=my-tracer:write-attribute(name=tags,value=[keycloak])
/subsystem=microprofile-opentracing-smallrye/jaeger-tracer=my-tracer:write-attribute(name=reporter-log-spans,value=true)
/subsystem=microprofile-opentracing-smallrye:write-attribute(name=default-tracer,value=my-tracer)

stop-embedded-server