Keycloak in docker container + MySQL on host gives [org.keycloak.services] (ServerService Thread Pool -- 62) Failed to connect to database

Question

New to KeyCloak.

Trying to run KeyCloak in a container that would be accessing MySQL on host machine (currently Windows 10, production would be Linux)

Followed steps in enter link description here and when both KeyCloak and MySQL are in their own containers, it works according to the documentation there.

When trying to connect existing MySQL database on the host and run KeyCloak docker container like this:

> docker run --name keycloak --network="host" -e DB_VENDOR=mysql -e DB_ADDR=host.docker.internal -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=sqlpass -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

or even

docker run --name keycloak --network=host -e DB_VENDOR=MYSQL -e DB_ADDR=<actual ip address of host> -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=sqlpass -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

Getting following error:

WFLYCTL0186:   Services which failed to start:      service org.wildfly.clustering.jgroups.channel.ee: java.lang.IllegalStateException: java.net.BindException: [UDP] /172.18.0.1 is not a valid address on any local network interface

I think it's failing right after these messages...

19:33:30,381 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0027: Starting deployment of "keycloak-server.war" (runtime-name: "keycloak-server.war")
19:33:30,522 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443

Searched internet for the so called 'production ready' scenario where MySQL database would be on host and KeyCloak could be in Docker container, didn't find much help.

What am I doing wrong? Any help / pointers appreciated. Thank you.

Update:

When tried removing network - got different error.

docker run --rm --name keycloak  -e DB_VENDOR=MYSQL  -e DB_ADDR=docker.host.internal -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=root -e MYSQL_PASSWORD=sqlpass -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

More specific about not able to connect to the database:

20:14:28,844 FATAL [org.keycloak.services] (ServerService Thread Pool -- 62) java.lang.RuntimeException: Failed to connect to database

meDev · Accepted Answer · 2020-05-30T22:09:59.227

Got it. Turns out I needed to allow 'keycloak' user in MySQL instance to logon remotely (meaning not just from localhost but any other hosts).

I used following script to give access privileges for 'keycloak' user:

USE keycloak;

CREATE USER 'keycloak'@'localhost' IDENTIFIED WITH caching_sha2_password  BY 'password';
CREATE USER 'keycloak'@'<ip address of container>' IDENTIFIED WITH caching_sha2_password  BY 'password';

GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'localhost';
GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'<ip address of container>';

Then use following command to run keycloak docker image as a daemon:

docker run --rm --name keycloak -d  -p 8080:8080 -e DB_VENDOR=MYSQL -e DB_ADDR=host.docker.internal -e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak -e MYSQL_PASSWORD=password -e KEYCLOAK_USER=kc-admin -e KEYCLOAK_PASSWORD=password jboss/keycloak

Then go to http://localhost:8080/auth to access KeyCloak admin console and login using kc-admin user credentials defined previously.

To find out ip address of the container, used windows command line from this thread : How to get a Docker container's IP address from the host

Hi, did you meant that we need to find out IP address of the Keycloak container? How should I get the IP address of Keycloak container before create the container first? I use docker-compose to create the Keycloak container. — Haizad Annuar, Jan 14 '21 at 10:20
just run in detached mode (-d) and quickly copy container id and in separate terminal run current command: "docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name_or_id". In next containers it won't be changed. — Vahan Yeghyan, Apr 06 '21 at 08:38
the answer is outdated. do not use MYSQL_DATABASE etc... DB_DATABASE is the right answer now — pbuzulan, Aug 25 '21 at 07:42

score 1 · Answer 2 · edited Apr 12 '21 at 15:50

1

The accepted answer may be outdated.

-e MYSQL_DATABASE=keycloak -e MYSQL_USERNAME=keycloak

should be replaced with:

-e DB_USER=keycloak -e DB_PASSWORD=keycloak

edited Apr 12 '21 at 15:50

Paul Roub

36,322
27
84
93

answered Apr 12 '21 at 15:43

smileis2333

103
7

score 0 · Answer 3 · answered Feb 21 '21 at 13:03

Here is an answer for anybody using Plesk with the keycloak docker. This is how i did it on my server to get everything running:

As for my Docker Environment Variables:

DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD:my_password
DB_VENDOR:mariadb
DB_ADDR:172.17.0.1

For the Database user i've set the remote access to a certain ip-range:

172.17.0.%

so i wont need to know the specific docker ip

You also need to set the database collation, you've created for keycloak, to latin2_general_ci

Last step, that did the whole trick for me is setting the database server to listen to all network interfaces (Plesk Obsidian): Tools & Settings -> Database Servers -> click on Local MySQL Settings Link -> Check the box for "Allow local MySQL Server to accept external connections -> Hit Ok

if you've got any security tips on this setup, please let me know.

here are some references that helped me:

Keycloak in docker container + MySQL on host gives [org.keycloak.services] (ServerService Thread Pool -- 62) Failed to connect to database

3 Answers3