Need help to start with Keycloak 19 andPostgres in docker-compose

GeofoxCoding · August 4, 2022, 9:07am

Hi,

I try to get Keycloak Quarkus running in a local docker-compose setup. I made a local project folder:

Folder keycloak_data contains *.pem files for local developer ssl certificate. I created them with mkcert as described here:
From Keycloak to Keycloak.X - codecentric AG Blog
Folder user_db is meant as mounted volume to persist postgres db over container lifetime.

My current environment-file:

KC_DB=postgres
KC_DB_USERNAME=keycloak
KC_DB_PASSWORD=keycloak
KC_DB_SCHEMA=public
# KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak?ssl=allow
KC_DB_URL_DATABASE=keycloak
KC_DB_URL_HOST=postgres
KC_DB_URL_PORT=5432
KC_DB_URL_PROPERTIES="verifyServerCertificate=false&ssl=allow"
KC_HOSTNAME=keycloak.local
KC_HOSTNAME_STRICT=false
KC_HTTPS_CLIENT_AUTH=request
KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/conf/server.crt.pem
KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/conf/server.key.pem
KC_HTTPS_PORT=8443
KC_HTTPS_PROTOCOLS=TLSv1.3,TLSv1.2
KC_HTTP_ENABLED="true"
KC_HTTP_PORT=8080
KC_METRICS_ENABLED=true
KC_PROXY=edge
KEYCLOAK_ADMIN=Admin
KEYCLOAK_ADMIN_PASSWORD=Admin
PROXY_ADDRESS_FORWARDING=true
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
PGDATA=/var/lib/postgresql/data/pgdata

My docker-compose yaml:

version: '3.8'
services:
  db:
    image: postgres:latest
    env_file:
      - ./keycloak-postgres.env
    container_name: keycloak-db
    restart: unless-stopped
    ports:
      - '5432:5432'
    volumes: 
      - C:/Users/Richard/Code/docker-compose-keycloak/user_db:/var/lib/postgresql/data
  keycloak:
    container_name: keycloak
    image: quay.io/keycloak/keycloak:19.0.1
    restart: unless-stopped
    env_file:
      - ./keycloak-postgres.env
    environment:
      KC_FEATURES:
        authorization
        token-exchange
        docker
        impersonation
        scripts
        upload-scripts
        web-authn
        client-policies
        dynamic-scopes
    entrypoint: /opt/keycloak/bin/kc.sh start --auto-build
    volumes:
      - ./keycloak_data/keycloak.local+1.pem:/opt/keycloak/conf/server.crt.pem
      - ./keycloak_data/keycloak.local+1-key.pem:/opt/keycloak/conf/server.key.pem
    ports:
      - 8080:8080
      - 8443:8443
    depends_on:
      - postgres

My error:
keycloak | 2022-08-04 09:04:55,092 WARN [io.agroal.pool] (agroal-11) Datasource ‘’: The connection attempt failed.
keycloak | 2022-08-04 09:04:55,094 WARN [org.hibernate.engine.jdbc.env.internal.JdbcEnvironmentInitiator] (JPA Startup Thread: keycloak-default) HHH000342: Could not obtain connection to query metadata: org.postgresql.util.PSQLException: The connection attempt failed.
keycloak | at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:331)
keycloak | at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
keycloak | at org.postgresql.jdbc.PgConnection.(PgConnection.java:223)
keycloak | at org.postgresql.Driver.makeConnection(Driver.java:400)
keycloak | at org.postgresql.Driver.connect(Driver.java:259)
keycloak | at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677)
keycloak | at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:228)
keycloak | at org.postgresql.ds.common.BaseDataSource.getConnection(BaseDataSource.java:103)
keycloak | at org.postgresql.xa.PGXADataSource.getXAConnection(PGXADataSource.java:49)
keycloak | at org.postgresql.xa.PGXADataSource.getXAConnection(PGXADataSource.java:35)
keycloak | at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:216)
keycloak | at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:513)
keycloak | at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:494)
keycloak | at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
keycloak | at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:75)
keycloak | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1126)
keycloak | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
keycloak | at java.base/java.lang.Thread.run(Thread.java:829)
keycloak | Caused by: java.net.UnknownHostException: postgres
keycloak | at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:229)
keycloak | at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
keycloak | at java.base/java.net.Socket.connect(Socket.java:609)
keycloak | at org.postgresql.core.PGStream.createSocket(PGStream.java:241)
keycloak | at org.postgresql.core.PGStream.(PGStream.java:98)
keycloak | at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:109)
keycloak | at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235)
keycloak | … 17 more
keycloak |

I recognize the message “java.net.UnknownHostException: postgres” so am I missing some concept of container networking and communication? Does my keycloak don’t have access to postgres container or is it because I try to run keycloak with self signed ssl?

kr1111 · August 4, 2022, 11:41pm

Shouldn’t it say “postgres” instead of db in line 3?

GeofoxCoding · August 8, 2022, 3:22pm

Hi @kr1111 ,

thank you for your answer. I found the problem myself. The service name was not relevant in my case but you’re close. For me it was a mismatch between yaml (container_name: keycloak-db) and environment variables (KC_DB_URL_HOST=postgres) it has to be KC_DB_URL_HOST=keycloak-db.

Here are the *.env file and yaml I ended with:

KC_DB=postgres
KC_DB_USERNAME=keycloak
KC_DB_PASSWORD=kcpasswd
KC_DB_SCHEMA=public
# KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak?ssl=allow
KC_DB_URL_DATABASE=keycloak
KC_DB_URL_HOST=keycloak-db
KC_DB_URL_PORT=5432
#KC_DB_URL_PROPERTIES="verifyServerCertificate=false&ssl=allow"
KC_HOSTNAME=keycloak.local:8443
KC_HOSTNAME_STRICT=false
KC_HTTPS_CLIENT_AUTH=request
KC_HTTPS_CERTIFICATE_FILE=/opt/keycloak/conf/server.crt.pem
KC_HTTPS_CERTIFICATE_KEY_FILE=/opt/keycloak/conf/server.key.pem
KC_HTTPS_PORT=8443
KC_HTTPS_PROTOCOLS=TLSv1.3,TLSv1.2
KC_HTTP_ENABLED="true"
KC_HTTP_PORT=8080
KC_METRICS_ENABLED=true
KC_PROXY=edge
KEYCLOAK_ADMIN=Admin
KEYCLOAK_ADMIN_PASSWORD=Admin
PROXY_ADDRESS_FORWARDING=true
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
PGDATA=/var/lib/postgresql/data/pgdata

version: '3.8'
services:
  db:
    image: postgres:latest
    env_file:
      - ./keycloak-postgres.env
    container_name: keycloak-db
    restart: unless-stopped
    ports:
      - '5432:5432'
    volumes: 
      - C:/Users/Richard/Code/docker-compose-keycloak/user_db:/var/lib/postgresql/data
    networks:
      - keycloak-network
  keycloak:
    container_name: keycloak
    image: quay.io/keycloak/keycloak:19.0.1
    restart: unless-stopped
    env_file:
      - ./keycloak-postgres.env
    environment:
      KC_FEATURES:
        authorization
        token-exchange
        docker
        impersonation
        scripts
        upload-scripts
        web-authn
        client-policies
        dynamic-scopes
    entrypoint: /opt/keycloak/bin/kc.sh start --auto-build
    volumes:
      - ./keycloak_data/keycloak.local+1.pem:/opt/keycloak/conf/server.crt.pem
      - ./keycloak_data/keycloak.local+1-key.pem:/opt/keycloak/conf/server.key.pem
    ports:
      - 8080:8080
      - 8443:8443
    networks:
      - keycloak-network
    depends_on:
      - postgres
networks:
  keycloak-network:
    driver: bridge