keycloak-containers
keycloak-containers copied to clipboard
Published
20 hours ago •
keycloak
keycloak
Permissions Error on exporting realm from docker container instance via standalone.sh
Describe the bug
I am trying to export a realm to a JSON file from the latest jboss/keycloak docker container but I am running into permissions errors. I suspect I am doing something wrong but I haven't been able to figure it out and I was hoping you might know or be able to redirect me
Version
jboss/keycloak:16.1.1
Expected behavior
I expected the export command to produce the json file in the bound directory with either an empty array of users or just the admin user
Actual behavior
I ran into a permissions error (see below)
INFO [org.keycloak.services] (ServerService Thread Pool -- 52) KC-SERVICES0034: Export of realm 'PORI' requested.
INFO [org.keycloak.exportimport.singlefile.SingleFileExportProvider] (ServerService Thread Pool -- 52) Exporting realm 'PORI' into file /tmp/realm_export_PORI.json
[0m[31m21:37:42,598 FATAL [org.keycloak.services] (ServerService Thread Pool -- 52) Error during startup: java.lang.RuntimeException: Error during export/import: /tmp/realm_export_PORI.json (Permission denied)
at [email protected]//org.keycloak.exportimport.util.ExportImportSessionTask.run(ExportImportSessionTask.java:37)
at [email protected]//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:239)
at [email protected]//org.keycloak.exportimport.singlefile.SingleFileExportProvider.exportRealm(SingleFileExportProvider.java:74)
at [email protected]//org.keycloak.exportimport.ExportImportManager.runExport(ExportImportManager.java:105)
at [email protected]//org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:144)
at [email protected]//org.keycloak.provider.wildfly.WildflyPlatform.onStartup(WildflyPlatform.java:36)
at [email protected]//org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:114)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at [email protected]//org.jboss.resteasy.core.ConstructorInjectorImpl.constructOutsideRequest(ConstructorInjectorImpl.java:225)
at [email protected]//org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:209)
at [email protected]//org.jboss.resteasy.core.providerfactory.Utils.createProviderInstance(Utils.java:102)
at [email protected]//org.jboss.resteasy.core.providerfactory.ResteasyProviderFactoryImpl.createProviderInstance(ResteasyProviderFactoryImpl.java:1385)
at [email protected]//org.jboss.resteasy.core.ResteasyDeploymentImpl.createApplication(ResteasyDeploymentImpl.java:418)
at [email protected]//org.jboss.resteasy.core.ResteasyDeploymentImpl.initializeObjects(ResteasyDeploymentImpl.java:265)
at [email protected]//org.jboss.resteasy.core.ResteasyDeploymentImpl.startInternal(ResteasyDeploymentImpl.java:137)
at [email protected]//org.jboss.resteasy.core.ResteasyDeploymentImpl.start(ResteasyDeploymentImpl.java:121)
at [email protected]//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:144)
at [email protected]//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:42)
at [email protected]//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.RunAsLifecycleInterceptor.doIt(RunAsLifecycleInterceptor.java:70)
at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:76)
at [email protected]//io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at [email protected]//io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:309)
at [email protected]//io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)
at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:588)
at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:559)
at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
at [email protected]//io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:601)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:106)
at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:87)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:829)
at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)
Caused by: java.io.FileNotFoundException: /tmp/realm_export_PORI.json (Permission denied)
at java.base/java.io.FileOutputStream.open0(Native Method)
at java.base/java.io.FileOutputStream.open(FileOutputStream.java:298)
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:237)
at java.base/java.io.FileOutputStream.<init>(FileOutputStream.java:187)
at [email protected]//org.keycloak.exportimport.singlefile.SingleFileExportProvider.writeToFile(SingleFileExportProvider.java:98)
at [email protected]//org.keycloak.exportimport.singlefile.SingleFileExportProvider.access$000(SingleFileExportProvider.java:41)
at [email protected]//org.keycloak.exportimport.singlefile.SingleFileExportProvider$2.runExportImportTask(SingleFileExportProvider.java:80)
at [email protected]//org.keycloak.exportimport.util.ExportImportSessionTask.run(ExportImportSessionTask.java:35)
... 45 more
INFO [org.jboss.as.server] (Thread-1) WFLYSRV0220: Server shutdown has been requested via an OS signal
How to Reproduce?
I started the container with the following command, importing a previous realm export (does not contain any users). That export file is here: https://github.com/bcgsc/pori/blob/master/demo/kc_realm_export.json
export KEYCLOAK_USER=admin
export KEYCLOAK_PASSWORD=admin
export KEYCLOAK_IMPORT=/realm_data/demo_export.json
CWD=$(pwd)
docker run \
-e KEYCLOAK_USER=$KEYCLOAK_USER \
-e KEYCLOAK_PASSWORD=$KEYCLOAK_PASSWORD \
-e KEYCLOAK_IMPORT=$KEYCLOAK_IMPORT \
--mount "type=bind,src=$CWD/tmp/container_output,dst=/tmp" \
-p 8443:8334 \
-p 8888:8080 \
--mount "type=bind,src=/path/to/demo/kc_realm_export.json,dst=${KEYCLOAK_IMPORT},readonly" \
-d \
jboss/keycloak:16.1.1
Then I ran the export command like so (using the CONTAINER_ID from the newly spun up jboss/keycloak image in the previous command)
REALM_NAME=PORI
REALM_FILE=/tmp/realm_export_${REALM_NAME}.json
docker exec -it CONTAINER_ID /opt/jboss/keycloak/bin/standalone.sh \
-Djboss.socket.binding.port-offset=100 \
-Dkeycloak.migration.action=export \
-Dkeycloak.migration.provider=singleFile \
-Dkeycloak.migration.realmName=$REALM_NAME \
-Dkeycloak.migration.usersExportStrategy=REALM_FILE \
-Dkeycloak.migration.file=$REALM_FILE
Anything else?
The reason I am trying to do this is so that I can have a realm import that includes some default users. This will be helpful when setting up keycloak as part of docker-compose on a development stack where you just need some users for testing
Docker version 18.09.6, build 481bc77156
