keycloak-containers icon indicating copy to clipboard operation
keycloak-containers copied to clipboard

Published 20 hours ago verified publisher icon keycloak

Restarting Keycloak-Container after DB is available again

Open ch-lepp opened this issue 3 years ago • 3 comments

Describe the bug

This git issue more or less mirrors the redhat issue KEYCLOAK-16747

Our dev environment is undergoing a restart every weekend. For our docker containers this means docker restart is executed. The Keycloak container can't handle this very well. It crashes with the following error

User with username 'admin' already added to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'

We subsequently have to redeploy the Keycloak container.

Apparently, this behaviour is connected to the keycloak database not being available right away due to restarting also. This means that the keycloak-add-user.json created by add-user-keycloak.sh (or subsequently by AddUser.java) will not be removed.

Upon restart the user is already written into the keycloak-add-user.json which then results in the mentioned exception.

Version

15.0.2

Expected behavior

The Keycloak docker container can restart, as soon as the database is available.

Actual behavior

The database not being available once prevents the keycloak container from restarting, since an unused keycloak-add-user.json floats around, resulting in the error

User with username 'admin' already added to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'

How to Reproduce?

Copied directly from the redhat issue:

  • Create a database for keycloak
  • Stop the database
  • Start a Keycloak container in podman with the correct DB_USER, DB_PASSWORD, DB_VENDOR, DB_DATABASE, DB_ADDR, KEYCLOAK_USER, KEYCLOAK_PASSWORD environment variables
  • (Keycloak will not start since it cannot connect to its database)
  • Start the database
  • Restart the Keycloak container

ch-lepp avatar Dec 15 '21 15:12 ch-lepp

I would suggest simply removing the keycloak-add-user.json upon container restart. But I'm not quite sure where the best place for this removal command would be, since I can't properly foresee the side effects.

I think it might be a good idea changing line 35 of the docker-entrypoint.sh to rm /opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json

ch-lepp avatar Dec 16 '21 08:12 ch-lepp

I just created a corresponding pull-request

ch-lepp avatar Dec 16 '21 09:12 ch-lepp

Had the same problem. Going to comment on the PR as it has more eyes...

minusdavid avatar Jun 28 '22 06:06 minusdavid

With Keycloak 20 the WildFly based distribution is no longer supported. For the newer Quarkus distribution of Keycloak, check out the new documentation, or the updated container sources.

stianst avatar Oct 24 '22 07:10 stianst