Unable to migrate existing data to the quay.io/keycloak/keycloak:24.0.2

1

I recently transitioned from using jboss/keycloak to bitnami/keycloak and successfully migrated all my data, including users and tokens. However, upon migrating to Quay, I’m facing difficulties in retaining my data.

Here’s an overview of my setup:

I’m using a Docker Compose configuration where adi-auth service runs Keycloak (Quay image), and I’ve specified environment variables for PostgreSQL database connection and admin credentials. Additionally, I’m attempting to import data from a JSON file during startup.

version: '2.4'
services:
  adi-auth:
    image: quay.io/keycloak/keycloak
    ports:
      - '8080:8080'
      - '6379:6379'
    depends_on:
      adi-auth-db:
        condition: service_healthy
    environment:
      - KC_DB_VENDOR=postgres
      - KC_DB_ADDR=adi-auth-db
      - KC_DB_DATABASE=auth-db
      - KC_DB_USER=postgres
      - KC_DB_SCHEMA=public
      - KC_DB_PASSWORD=####
      - KEYCLOAK_ADMIN=admin
      - KEYCLOAK_ADMIN_PASSWORD=admin
      - 'JAVA_OPTS_APPEND=-Dkeycloak.profile.feature.upload_scripts=enabled -Dkeycloak.profile.feature.token_exchange=enabled -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled'
    healthcheck:
      test: ['CMD', 'curl', '-f', 'http://localhost:9990']
      interval: 30s
      timeout: 10s
      retries: 3
    volumes:
      - ./keycloak/realm-configs/realm.json:/opt/keycloak/data/import/realm.json
    command: ['start-dev', '--import-realm']
  adi-auth-db:
    image: postgres:13.1-alpine
    environment:
      - POSTGRES_PASSWORD=#######
      - POSTGRES_DB=auth-db
      - PGDATA=/var/lib/postgresql/data/pgdata
    volumes:
      - ./postgres-auth-data:/var/lib/postgresql/data/pgdata
    ports:
      - '8000:5432'
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U postgres']
      interval: 10s
      timeout: 5s
      retries: 5
  adi-backend-db:
    image: postgres:13.1-alpine
    environment:
      - POSTGRES_PASSWORD=##########
      - POSTGRES_DB=adi-backend-db
      - PGDATA=/var/lib/postgresql/data/pgdata
    # command: ["postgres", "-c", "log_statement=all"]
    volumes:
      - ./postgres-api-data:/var/lib/postgresql/data/pgdata
    ports:
      - '8001:5432'
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U postgres']
      interval: 10s
      timeout: 5s
      retries: 5
  # Mail trap
  mail:
    image: mailhog/mailhog
    ports:
      - 8025:8025
      - 1025:1025strong text
issue I'm encountering is that although the setup seems correct, I'm unable to see the data that was previously available in bitnami/keycloak. Specifically, I'm missing user accounts, tokens, and other related data.

Could someone guide me on how to properly migrate data from bitnami/keycloak to quay.io/keycloak/keycloak? Additionally, are there any specific steps or considerations I should be aware of during this migration process?

Your insights and assistance would be greatly appreciated. Thank you!
2

The database environment variables do not exist (and i don’t think ever existed in the quarkus distribution).

The options are documented here All configuration - Keycloak
(evironment variables can be derived by prefixing it with KC, all uppercase and -are replaced by _).

So you’d probably look for

KC_DB=postgres
KC_DB_URL=postgresql://adi-auth-db/auth-db
KC_DB_USERNAME=postgres
KC_DB_PASSWORD=####

instead of specifying the url directly you can also set KC_DB_URL_HOST and KC_DB_URL_DATABASE

2 Likes
4

i have modified the code in this way and when i try to run localhost:8080 on browser i see loading admin ui and its been like that for 5 min and its still stuck
version: ‘2.4’
services:
adi-auth:
image: keycloak/keycloak:24.0.2
ports:
- ‘8080:8080’
- ‘6379:6379’
depends_on:
adi-auth-db:
condition: service_healthy
environment:
- KC_METRICS_ENABLED=true
- KC_HEALTH_ENABLED=true
- KC_PROXY=edge
- KC_HTTP_ENABLED=true
- KC_HOSTNAME_STRICT_HTTPS=false
- KC_DB=postgres
- KC_DB_PASSWORD=####
- KC_DB_URL=jdbc:postgresql://adi-auth-db/auth-db
- KC_DB_USERNAME=postgres
- KC_HOSTNAME=localhost
- KEYCLOAK_ADMIN=keycloak-user
- KEYCLOAK_ADMIN_PASSWORD=keycloak-pass
- KC_FEATURES=token-exchange,scripts,admin-fine-grained-authz
healthcheck:
test: [‘CMD’, ‘curl’, ‘-f’, ‘http://localhost:8443’]
interval: 30s
timeout: 10s
retries: 3
command: [‘start-dev’, ‘–import-realm’]
volumes:
- ./keycloak/realm-configs/realm.json:/opt/keycloak/data/import/realm.json
adi-auth-db:
image: postgres:13.1-alpine
environment:
- POSTGRES_PASSWORD=####
- POSTGRES_DB=auth-db
- PGDATA=/var/lib/postgresql/data/pgdata
volumes:
- ./postgres-auth-data:/var/lib/postgresql/data/pgdata
ports:
- ‘8000:5432’
healthcheck:
test: [‘CMD-SHELL’, ‘pg_isready -U postgres’]
interval: 10s
timeout: 5s
retries: 5
adi-backend-db:
image: postgres:13.1-alpine
environment:
- POSTGRES_PASSWORD=backend-pass
- POSTGRES_DB=adi-backend-db
- PGDATA=/var/lib/postgresql/data/pgdata
# command: [“postgres”, “-c”, “log_statement=all”]
volumes:
- ./postgres-api-data:/var/lib/postgresql/data/pgdata
ports:
- ‘8001:5432’
healthcheck:
test: [‘CMD-SHELL’, ‘pg_isready -U postgres’]
interval: 10s
timeout: 5s
retries: 5

Mail trap

mail:
image: mailhog/mailhog
ports:
- 8025:8025
- 1025:1025

please help me out to solve this

5

It is very hard (almost impossible) to offer help for a problem which is not clearly stated. Asking why does this not works and pasting a bunch of configs will not help you get help faster or anyone who actually want to help.

In order to get help you must first identify and describe the problem. It is much easier to get help when you clearly say: “on version X the import of this particular piece of data throws this exception” instead of: “this is my setup, does not work, help me fix it”.

Really do not want to be condescending, I want to offer useful feedback to allow you to solve your problem faster by teaching you how to get help. After all, if you are a proffesional developer paid by someone to take care of Keycloak, in the end is your responsibility to solve such issues, that is why you get money for that work. Of course is great to be part of a helpful community as everyone has something to gain from.

But in the end it is always your responsibility and duty to learn how to analyse a problem like this and isolate the specific way in which it manifest, then to come back to the community to get the help for it once it is defined in a very specific and reproducible way. So please do not hesitate to reach out to the community, but once you have something concrete that does not work as expected or fails with a specific error. Just doesn’t work it is very unproductive for everyone involved

2 Likes
7

Hi ThoreKr
do you know what is the health check config for quay.io/keycloak/keycloak:24.0.2?

i have set it in this way
environment:
- KC_METRICS_ENABLED:true
- KC_HEALTH_ENABLED:true
- KC_PROXY:edge
- KC_HTTP_ENABLED:true
- KC_HOSTNAME_STRICT_HTTPS:false
- KC_DB=postgres
- KC_DB_URL=jdbc:postgresql://adi-auth-db/auth-db
- KC_DB_USERNAME=xxx
- KC_DB_PASSWORD=xxx
- KEYCLOAK_ADMIN=keycloak-xxx
- KEYCLOAK_ADMIN_PASSWORD=xxxxx
- KC_FEATURES=token-exchange,scripts,admin-fine-grained-authz
healthcheck:
test: [“CMD”, “curl”, “-f”, “http://adi-auth:8080/health/live”]
interval: 30s
timeout: 10s
retries: 3
command: [‘start-dev’]

the container is running when i check docker desktop but when i run cypress test it says container is unhealthy and the test stops

If you have any additional insights or suggestions based on your experience, I would greatly appreciate them.