Keycloak-MySQL extends the keycloak docker image to use MySQL. Docker is becoming main streamline to package and deploy self sufficient application containers. It wrap up a piece of software in a complete file system that contains everything it needs to run: code, run-time, system tools, system libraries – anything you can install on a server. This guarantees that it will always run the same, regardless of the environment it is running in. The same Linux kernel and libraries can be shared between multiple containers running on the host.
Keycloak comes with its own embedded Java-based relational database called H2. This is the default database that Keycloak will use to persist data and really only exists so that you can run the authentication server out of the box. We highly recommend that you replace it with a more production ready external database. The H2 database is not very viable in high concurrency situations and should not be used in a cluster either. The purpose of this chapter is to show you how to connect Keycloak to a more mature database.
https://keycloak.gitbooks.io/documentation/server_installation/topics/database.html
Please visit my blog previous blog Install Docker to setup docker.
Let’s Started
Docker hub provides images for all the software and tools. let’s find out the keycloak-mysql docker image.
krishna@ubuntu:~$ docker search keycloak-mysql NAME DESCRIPTION STARS OFFICIAL AUTOMATED jboss/keycloak-mysql 7 [OK] solsson/keycloak-ha-mysql The missing HA alternative to https://hub.... 1 [OK] carljmosca/keycloak-mysql Keycloak MySQL with SSL 0 solsson/keycloak-mysql-https-themed Like keycloak-mysql-https but with a Yolea... 0 [OK] dmadk/keycloak-mysql-mc Keycloak instance for the Identity Broker ... 0 [OK] solsson/keycloak-mysql-https Enables https for the official keycloak-my... 0 [OK] alizarion/keycloak-mysql-db keycloak mysql preloaded database 0 [OK] openfact/keycloak-mysql Keycloa Mysql 0 [OK] solsson/keycloak-mysql-sslx2 Like solsson/keycloak-mysql-https but adds... 0 [OK] sistcoop/keycloak-mysql 0 [OK] euforia/keycloak-ha-mysql Keyclaok HA setup using MySQL and TCPPING ... 0 [OK] cycloneproject/keycloak-mysql 0 abacusresearch/keycloak-mysql-openshift KeyCloak for OpenShift with MySQL support:... 0 [OK] azaars/keycloak-mysql 0 gambol99/keycloak-mysql 0 akvo/keycloak-ha-mysql 0 dmadk/keycloak-mysql-mc-ha 0 ladynev/keycloak-mysql-realm-users Based on an official jboss/keycloak-mysql ... 0 pidah/keycloak-ha-mysql 0 tb690097/keycloak-mysql 0 uthark/keycloak-mysql-custom 0 lorissantamaria/jbpm jBPM Workbench with Keycloak and MySQL sup... 0 [OK] derekamz/keycloak keycloak behind nginx proxy and use mysql ... 0 [OK] ajeeth/keycloak Keycloak configured for reverse proxy with... 0 [OK] krishna@ubuntu:~$
There are many Keycloak-mysql Docker images available, but it is always better to go with the official release. As they are highly optimised, bug free and stable. You can download to your computer using pull command. After that we can list down the docker images. Let’s go with jboss/keycloak-mysql.
krishna@ubuntu:~$ docker pull jboss/keycloak-mysql Using default tag: latest latest: Pulling from jboss/keycloak-mysql 93857f76ae30: Pull complete cde6403934ad: Pull complete f847b784f425: Pull complete ab2339d8111f: Pull complete 57023440fdba: Pull complete f75489b3e958: Pull complete 1826b0198b70: Pull complete bcc3880ffce0: Pull complete eed70929465e: Pull complete 6db62036c8ff: Pull complete b6049a720fe0: Pull complete 48bf3f62fe16: Pull complete 115e2db4efda: Pull complete f29913c21d5f: Pull complete Digest: sha256:44baf2894938a6672dfc7a33dd28efbb36751098c1ded6452b811835471fd31b Status: Downloaded newer image for jboss/keycloak-mysql:latest krishna@ubuntu:~$ krishna@ubuntu:~$ docker pull mysql Using default tag: latest latest: Pulling from library/mysql 10a267c67f42: Pull complete c2dcc7bb2a88: Pull complete 17e7a0445698: Pull complete 9a61839a176f: Pull complete a1033d2f1825: Pull complete 0d6792140dcc: Pull complete cd3adf03d6e6: Pull complete d79d216fd92b: Pull complete b3c25bdeb4f4: Pull complete 02556e8f331f: Pull complete 4bed508a9e77: Pull complete Digest: sha256:2f4b1900c0ee53f344564db8d85733bd8d70b0a78cd00e6d92dc107224fc84a5 Status: Downloaded newer image for mysql:latest krishna@ubuntu:~$ krishna@ubuntu:~$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE mysql latest e799c7f9ae9c 12 days ago 407 MB jboss/keycloak-mysql latest e967dffec757 13 days ago 644 MB mongo latest 51f03b16565e 2 weeks ago 360 MB krishna@ubuntu:~$
Run Keycloak-mysql & MySQL Container
After an image has been downloaded, you may then run a container using the downloaded image with the run sub command. If an image has not been downloaded when docker is executed with the run sub command, the Docker client will first download the image, then run a container using it.
krishna@ubuntu:~$ docker run --name mysql -p 3306:3306 -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=password -e MYSQL_ROOT_PASSWORD=root_password -d mysql 58538351e9599263b3f0e1541f7141aa89db718245a24e439ed258abe9777858 krishna@ubuntu:~$ krishna@ubuntu:~$ docker run --name keycloak -p 8080:8080 --link mysql:mysql -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak -e MYSQL_PASSWORD=password -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -d jboss/keycloak-mysql a548d4de2c883f5d34dfe64039ced86e75f7158b5908c439aa0c1f64de9d4910 krishna@ubuntu:~$
Looks good. Our Keycloak-mysql and MySQL Container is running now. Now, Keycloak is using MySQL for scalability purpose.
Let’s verify the status of the container.
krishna@ubuntu:~$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a548d4de2c88 jboss/keycloak-mysql "/opt/jboss/docker..." 2 minutes ago Up 2 minutes 0.0.0.0:8080->8080/tcp keycloak 58538351e959 mysql "docker-entrypoint..." 18 minutes ago Up 18 minutes 0.0.0.0:3306->3306/tcp mysql krishna@ubuntu:~$
Keycloak container is now running and accessible on port 8080 of that container. MySQL on port 3306. Use the following command to see what happened during the container startup:
krishna@ubuntu:~$ docker logs keycloak
krishna@ubuntu:~$ docker logs mysql
Connecting to Container
Next, we can get detailed info about the Keycloak container named keycloak and mysql. Run the inspect command:
krishna@ubuntu:~$ docker inspect keycloak
krishna@ubuntu:~$ docker inspect mysql
Now Keycloak is using MySQL
Your command prompt should change to reflect the fact that you’re now working inside the container and should take this form
krishna@ubuntu:~$ docker exec -it mysql bash root@58538351e959:/# mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 13 Server version: 5.7.18 MySQL Community Server (GPL) Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | keycloak | | mysql | | performance_schema | | sys | +--------------------+ 5 rows in set (0.00 sec) mysql> use keycloak Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +-------------------------------+ | Tables_in_keycloak | +-------------------------------+ | ADMIN_EVENT_ENTITY | | ASSOCIATED_POLICY | | AUTHENTICATION_EXECUTION | | AUTHENTICATION_FLOW | | AUTHENTICATOR_CONFIG | | AUTHENTICATOR_CONFIG_ENTRY | | BROKER_LINK | | CLIENT | | CLIENT_ATTRIBUTES | | CLIENT_DEFAULT_ROLES | | CLIENT_IDENTITY_PROV_MAPPING | | CLIENT_NODE_REGISTRATIONS | | CLIENT_SESSION | | CLIENT_SESSION_AUTH_STATUS | | CLIENT_SESSION_NOTE | | CLIENT_SESSION_PROT_MAPPER | | CLIENT_SESSION_ROLE | | CLIENT_TEMPLATE | | CLIENT_TEMPLATE_ATTRIBUTES | | CLIENT_USER_SESSION_NOTE | | COMPONENT | | COMPONENT_CONFIG | | COMPOSITE_ROLE | | CREDENTIAL | | CREDENTIAL_ATTRIBUTE | | DATABASECHANGELOG | | DATABASECHANGELOGLOCK | | EVENT_ENTITY | | FEDERATED_IDENTITY | | FEDERATED_USER | | FED_CREDENTIAL_ATTRIBUTE | | FED_USER_ATTRIBUTE | | FED_USER_CONSENT | | FED_USER_CONSENT_PROT_MAPPER | | FED_USER_CONSENT_ROLE | | FED_USER_CREDENTIAL | | FED_USER_GROUP_MEMBERSHIP | | FED_USER_REQUIRED_ACTION | | FED_USER_ROLE_MAPPING | | GROUP_ATTRIBUTE | | GROUP_ROLE_MAPPING | | IDENTITY_PROVIDER | | IDENTITY_PROVIDER_CONFIG | | IDENTITY_PROVIDER_MAPPER | | IDP_MAPPER_CONFIG | | KEYCLOAK_GROUP | | KEYCLOAK_ROLE | | MIGRATION_MODEL | | OFFLINE_CLIENT_SESSION | | OFFLINE_USER_SESSION | | POLICY_CONFIG | | PROTOCOL_MAPPER | | PROTOCOL_MAPPER_CONFIG | | REALM | | REALM_ATTRIBUTE | | REALM_DEFAULT_GROUPS | | REALM_DEFAULT_ROLES | | REALM_ENABLED_EVENT_TYPES | | REALM_EVENTS_LISTENERS | | REALM_REQUIRED_CREDENTIAL | | REALM_SMTP_CONFIG | | REALM_SUPPORTED_LOCALES | | REDIRECT_URIS | | REQUIRED_ACTION_CONFIG | | REQUIRED_ACTION_PROVIDER | | RESOURCE_POLICY | | RESOURCE_SCOPE | | RESOURCE_SERVER | | RESOURCE_SERVER_POLICY | | RESOURCE_SERVER_RESOURCE | | RESOURCE_SERVER_SCOPE | | SCOPE_MAPPING | | SCOPE_POLICY | | TEMPLATE_SCOPE_MAPPING | | USERNAME_LOGIN_FAILURE | | USER_ATTRIBUTE | | USER_CONSENT | | USER_CONSENT_PROT_MAPPER | | USER_CONSENT_ROLE | | USER_ENTITY | | USER_FEDERATION_CONFIG | | USER_FEDERATION_MAPPER | | USER_FEDERATION_MAPPER_CONFIG | | USER_FEDERATION_PROVIDER | | USER_GROUP_MEMBERSHIP | | USER_REQUIRED_ACTION | | USER_ROLE_MAPPING | | USER_SESSION | | USER_SESSION_NOTE | | WEB_ORIGINS | +-------------------------------+ 90 rows in set (0.00 sec) mysql>
Conclusion
VOWW…. We now have a Keyclaok-mysql & MySQL instance running in a container.
Docker allocates a dynamic IP address on every running container. Whenever a container is restarted, you will get a new IP address. You can get the IP address range from the Docker network interface in the Linux box. To sort this issue there is an option called –link