Keycloak-x docker startup-scripts not being executed

Hello

I’m currently testing the keycloak-x application and i’m trying to run a bash script as soon as keycloak-x is started but with no luck and i’m wondering if anyone got it to work. Here’s my entire process.

1: Building the image with the following:

docker build . --tag keycloak_test_startup:latest

here’s my Dockerfile

FROM quay. io/keycloak/keycloak-x:latest
COPY providers /opt/jboss/keycloak/providers/
COPY startup-scripts /opt/jboss/startup-scripts/
WORKDIR /opt/jboss/keycloak

# Creating a self-signed for testing purposes
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname “CN=server” -alias server -ext “SAN:c=DNS:localhost,IP:127.0.0.1” -keystore conf/server.keystore

# Run the config command to install custom providers
RUN ./bin/kc.sh config

Here’s the content of startup-scripts:

cedric@cedric-work-pc:~/Documents/test$ ls -la ./startup-scripts/
total 96
drwxrwxrwx 2 cedric cedric 4096 Mar 19 14:56 .
drwxrwxr-x 5 cedric cedric 4096 Mar 30 07:46 …
-rwxrwxrwx 1 cedric cedric 85341 Mar 10 08:23 my_realm.json
-rwxrwxrwx 1 cedric cedric 386 Mar 19 13:22 testingfile.sh

testingfile.sh:

#!/bin/bash

echo “inside testingfile”;

for i in {1…10}; do
echo “test: $i”;
sleep 5s
done

echo “after loop”;

/opt/jboss/keycloak/bin/kcadm.sh config credentials --server "http://"localhost:8080/ --realm master --user admin --client admin-cli --password “PASSWORD”;
/opt/jboss/keycloak/bin/kcadm.sh create realms -s realm=demorealm -s enabled=true;
echo “after create realms”;

So far so good, the image get’s built correctly.

Starting up:

docker run --name keycloak_test_startup -p 8080:8080 --net keycloak-network -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=“PASSWORD” keycloak_test_startup:latest --auto-config --db=postgres -Dkc.db.url.host=“INTERNAL DB ADDRESS” --db-username=keycloak --db-password=“DB PASSWORD” --http-enabled=true

Here’s the output when starting up:

Updating the configuration and installing your custom providers, if any. Please wait.
Server configuration updated and persisted. Run the following command to review the configuration:

kc.sh show-config

2021-03-30 11:52:38,019 WARN [org.key.qua.KeycloakRecorder] (main) New property [kc.db.url.host] set with value [“INTERNAL DB ADDRESS”] in [SysPropConfigSource]. This property is not persisted into the server image.
2021-03-30 11:52:38,025 WARN [org.key.qua.KeycloakRecorder] (main) Please, run the ‘config’ command if you want to persist the new configuration into the server image:

kc.sh config --db=postgres --db-username=keycloak --db-password=“DB PASSWORD” --http-enabled=true --db-url-host=“INTERNAL DB ADDRESS”

2021-03-30 11:52:39,325 WARN [io.qua.run.ConfigChangeRecorder] (main) Build time property cannot be changed at runtime. quarkus.package.type was fast-jar at build time and is now mutable-jar
2021-03-30 11:52:40,287 INFO [org.key.url.DefaultHostnameProviderFactory] (main) Frontend: , Admin: , Backend:
2021-03-30 11:52:40,451 INFO [org.key.pro.qua.QuarkusCacheManagerProvider] (main) Loading cluster configuration from /opt/jboss/keycloak/bin/…/conf/cluster-default.xml
2021-03-30 11:52:40,898 INFO [org.inf.CONTAINER] (main) ISPN000128: Infinispan version: Infinispan ‘Corona Extra’ 11.0.4.Final
2021-03-30 11:52:41,043 INFO [org.inf.CLUSTER] (main) ISPN000078: Starting JGroups channel ISPN
2021-03-30 11:52:41,043 INFO [org.inf.CLUSTER] (main) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2021-03-30 11:52:41,133 WARN [org.jgr.pro.UDP] (main) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2021-03-30 11:52:41,133 WARN [org.jgr.pro.UDP] (main) JGRP000015: the receive buffer of socket MulticastSocket was set to 20.00MB, but the OS only allocated 212.99KB
2021-03-30 11:52:41,133 WARN [org.jgr.pro.UDP] (main) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2021-03-30 11:52:41,134 WARN [org.jgr.pro.UDP] (main) JGRP000015: the receive buffer of socket MulticastSocket was set to 25.00MB, but the OS only allocated 212.99KB
2021-03-30 11:52:43,144 INFO [org.jgr.pro.pbc.GMS] (main) af4fc943196a-6956: no members discovered after 2003 ms: creating cluster as coordinator
2021-03-30 11:52:43,183 INFO [org.inf.CLUSTER] (main) ISPN000094: Received new cluster view for channel ISPN: [af4fc943196a-6956|0] (1) [af4fc943196a-6956]
2021-03-30 11:52:43,201 INFO [org.inf.CLUSTER] (main) ISPN000079: Channel ISPN local address is af4fc943196a-6956, physical addresses are [172.18.0.3:48112]
2021-03-30 11:52:43,669 INFO [org.key.con.inf.DefaultInfinispanConnectionProviderFactory] (main) Node name: af4fc943196a-6956, Site name: null
2021-03-30 11:52:43,834 INFO [org.key.con.jpa.QuarkusJpaConnectionProviderFactory] (main) Database info: {databaseUrl=jdbc:postgresql://“INTERNAL DB ADDRESS”:5432/keycloak?allowEncodingChanges=false&ApplicationName=PostgreSQL+JDBC+Driver&autosave=never&binaryTransfer=true&binaryTransferDisable=&binaryTransferEnable=&cancelSignalTimeout=10&cleanupSavepoints=false&connectTimeout=10&databaseMetadataCacheFields=65536&databaseMetadataCacheFieldsMiB=5&defaultRowFetchSize=0&disableColumnSanitiser=false&escapeSyntaxCallMode=select&gssEncMode=allow&gsslib=auto&hideUnprivilegedObjects=false&hostRecheckSeconds=10&jaasLogin=true&loadBalanceHosts=false&loginTimeout=0&logServerErrorDetail=true&logUnclosedConnections=false&preferQueryMode=extended&preparedStatementCacheQueries=256&preparedStatementCacheSizeMiB=5&prepareThreshold=5&readOnly=false&readOnlyMode=transaction&receiveBufferSize=-1&reWriteBatchedInserts=false&sendBufferSize=-1&socketTimeout=0&sspiServiceClass=POSTGRES&targetServerType=any&tcpKeepAlive=false&unknownLength=2147483647&useSpnego=false&xmlFactoryFactory=, databaseUser=keycloak, databaseProduct=PostgreSQL 13.1 (Debian 13.1-1.pgdg100+1), databaseDriver=PostgreSQL JDBC Driver 42.2.18}
2021-03-30 11:52:44,660 ERROR [org.key.services] (main) KC-SERVICES0010: Failed to add user ‘admin’ to realm ‘master’: user with username exists
2021-03-30 11:52:45,216 INFO [io.quarkus] (main) Keycloak 12.0.4 on JVM (powered by Quarkus 1.10.0.CR1) started in 7.639s. Listening on: "http://"0.0.0.0:8080 and "https://"0.0.0.0:8443
2021-03-30 11:52:45,217 INFO [io.quarkus] (main) Profile prod activated.
2021-03-30 11:52:45,217 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mysql, jdbc-postgresql, keycloak, mutiny, narayana-jta, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vertx, vertx-web]

Sorry for the output mess but i’m not sure how i can make it better.

As it look like, the image started, connected to the DB, admin account was previously created when starting up before, nothing seem to be out of the ordinary at first glance.

I connected to the container to make sure the bash script was indeed in there:

bash-4.4$ ls -la
total 100
drwxr-xr-x 2 root root 4096 Mar 30 11:41 .
drwxrwxr-x 1 jboss root 4096 Mar 30 11:41 …
-rwxrwxrwx 1 root root 85341 Mar 10 13:23 my_realm.json
-rwxrwxrwx 1 root root 386 Mar 19 17:22 testingfile.sh
bash-4.4$ pwd
/opt/jboss/startup-scripts

It is present.

But the file is never executed, no echo in the logs and the realm does not get created, if i login the container and execute the script the realm gets created without any problem.

I’m not sure what i can try anymore, any help would be appreciated.

Thank you!

I did some more research and now i’m wondering if the startup-scripts method is even possible in keycloak-x.

Regular keycloak : docker-entrypoint.sh contains the /opt/jboss/tools/autorun.sh script, which by itself contains the script execution fro the startup-scripts path
Keycloak-x: The docker entrypoint has nothing about the startup-scripts (it’s also much simple if form of commands)

Anybody could confirm?

Here’s another update

I finally got the startup-scripts to load with keycloak-x.

But now it seems that the kcadm.sh script can’t connect to localhost, here’s the specific output when doing the docker run command:

Ignoring file in /opt/jboss/startup-scripts (not *.cli or executable): /opt/jboss/startup-scripts/my_realm.json
Executing: /opt/jboss/startup-scripts/testingfile.sh
inside testingfile
test: 1
test: 2
test: 3
test: 4
test: 5
after loop
Logging into "http://"localhost:8080/ as user admin of realm master
Failed to send request - Connect to localhost:8080 [localhost/127.0.0.1] failed: Connection refused (Connection refused)
after config credentials
No server specified. Use --server, or ‘kcadm.sh config credentials or connection’.
after create realms

I made some modification to the testfile.sh

  • It only loops 5 time instead of 10, but you can see the echo works.
  • There’s no " around the http://, that’s only to prevent the spam from this forum
  • The password is in single quote instead of double quote

I tried the container IP instead of localhost, same error.

Update

I finally figured it out, my script is now connecting to the keycloak-x service by simply adding the & so my script is executed in the background, and after the sleep time, the service is started and create realm works.

I was able to fix it.

This brings me to another point, keycloak-x should implement the startup-scripts method, my guess once keycloak-x gets to an official build this feature will be added. Something to add to the feature list.

1 Like