Hi,
Since the last few updates, Keycloak just decided to wiped all the data (realms, users, apps), everything but the master realm with the admin. Since I have Keycloak, I made several updates without issues, and now, it’s every update.
I give you my Docker Compose if I did something wrong, but everything is on persistent storage…
version: "3.9"
services:
keycloak:
image: quay.io/keycloak/keycloak:latest
container_name: keycloak
restart: unless-stopped
hostname: keycloak
command: start --optimized
dns:
- 192.168.16.1
networks:
- keycloak-network
environment:
DB_VENDOR: postgres
DB_ADDR: keycloak-db
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KC_HTTP_ENABLED: "true"
KC_HTTPS_CERTIFICATE_FILE: /etc/x509/https/cert.pem
KC_HTTPS_CERTIFICATE_KEY_FILE: /etc/x509/https/key.pem
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_HOSTNAME_URL: https://auth.domain.com
KC_HOSTNAME_ADMIN_URL: https://auth.domain.com
KC_PROXY: passthrough
ports:
- "54000:8080"
- "8443:8443"
volumes:
- "/mnt/docker/keycloak/data:/data:rw"
- "/mnt/docker/keycloak/providers:/opt/jboss/keycloak/providers:rw"
- "/mnt/docker/keycloak/standalone/configuration:/opt/jboss/keycloak/standalone/configuration:rw"
- "/mnt/docker/_certs/:/etc/x509/https:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.entrypoints=https"
- "traefik.http.routers.keycloak.rule=Host(`auth.domain.com`)"
- "traefik.http.routers.keycloak.tls=true"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.docker.network=keycloak-network"
depends_on:
db:
condition: service_healthy
db:
image: postgres:15
container_name: keycloak-db
restart: unless-stopped
networks:
- keycloak-network
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
volumes:
- "/mnt/docker/keycloak/db:/var/lib/postgresql/data:rw"
healthcheck:
test: ["CMD", "pg_isready", "-U", "keycloak", "-d", "keycloak", "-U", "keycloak"]
interval: 30s
timeout: 10s
retries: 5
networks:
keycloak-network:
external: true
I genuinely don’t understand where it messed up…
Maybe DB_ADDR
should be db
and not keycloak-db
.
Check the docker logs of the keycloak containe on startup, I’m pretty sur the database connection should fail.
Now, When not havinf a working database connection Keycloak in docker would still work on these versions, but simply with a fallback memory
database, loosing everything on restart.
that’s usefull for tests, but that’s quite annoying in fact, I would prefer also a nice crash than a sstill-working-but-no-db mode.
Thanks for your reply.
DB_ADDR
is definitely keycloak-db
as keycloak will try to get the magic DNS of the DB container, which is keycloak-db
. db
is only use inside the Docker Compose.
You may be right about the connection… I double-checked the password and for some reason, It was different between the DB and Keycloak… I had to change it when I wanted to do a test and forgot to reverse.
However, it doesn’t fix the fact, even after a restart, my non-master realm isn’t saved…
I don’t understand what changed between my old install and now.
I don’t know if It’s normal or not, but with all my tests, I always see lines that question me:
keycloak | 2024-01-15 21:22:23,891 INFO [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm
keycloak | 2024-01-15 21:22:25,353 INFO [io.quarkus] (main) Keycloak 23.0.1 on JVM (powered by Quarkus 3.2.9.Final) started in 12.327s. Listening on: http://0.0.0.0:8080 and https://0.0.0.0:8443
keycloak | 2024-01-15 21:22:25,353 INFO [io.quarkus] (main) Profile prod activated.
keycloak | 2024-01-15 21:22:25,353 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy-reactive, resteasy-reactive-jackson, smallrye-context-propagation, smallrye-health, vertx]
keycloak | 2024-01-15 21:22:25,635 INFO [org.keycloak.services] (main) KC-SERVICES0009: Added user 'admin' to realm 'master'
Like it forgets, the existing realms in database. While there’s no such errors related to database connection this time.
Several things…
Why do you use the DB_...
env vars?
They are not correct, please see Configuring the database - Keycloak
How do you build your Keycloak server?
While you are starting it with optimized´ option, it is assumed that you did a
build` step before with proper build-time properties set. See docs for details.
Why do you use the DB_...
env vars?
Because It was the way (likely changed during the 22.X to 23.X).
So, I fixed it thanks to your hints by:
- Changing the environment variables with the KC_…
- Removing --optimized
Topic solved.
Configuration changed with migration from Wildfly AS to Quarkus framework as the underlying architecture. Quarkus was introduced with 17 as default distribution, Wildfly was still available as legacy
distribution until 20.
Be sure to read the release notes for every (at least) major version!
1 Like