我正在尝试使用 docker-compose 配置 Keycloak 以使用 postgres。
Docker 撰写文件供引用:
version: "3.9"
services:
keycloak-postgres:
image: postgres:latest
restart: unless-stopped
ports:
- 5432:5432
environment:
POSTGRES_DB: ${POSTGRESQL_DB}
POSTGRES_USER: ${POSTGRESQL_USER}
POSTGRES_PASSWORD: ${POSTGRESQL_PASS}
volumes:
- postgres_data:/var/lib/postgresql/data
keycloak:
depends_on:
- keycloak-postgres
image: quay.io/keycloak/keycloak
container_name: keycloak
ports:
- 8030:8080
environment:
KC_DB: postgres
KC_DB_URL_HOST: keycloak-postgres
KC_DB_URL_DATABASE: ${POSTGRESQL_DB}
KC_DB_USERNAME: ${POSTGRESQL_USER}
KC_DB_PASSWORD: ${POSTGRESQL_PASS}
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
KC_PROXY: edge
KC_HTTP_ENABLED: true
restart: unless-stopped
command:
- start --optimized
volumes:
postgres_data:
driver: local
我发现,如果我在没有优化标志的情况下运行启动,keycloak 启动时不会出现任何问题,但也不使用 postgres 数据库 - 因为当我连接到数据库时,Keycloak 没有创建任何表或任何内容。
当我使用优化标志运行时,出现以下错误:
URL格式错误;必须是“jdbc:h2:{ {.|mem:}[名称] | [文件:]文件名 | {tcp|ssl}:[//]服务器[:端口][,服务器2[:端口]]/名称 } [;key=value...]”但是是“jdbc:postgresql://keycloak-postgres:5432/keycloak”[90046-214]
据我所知,Keycloak 生成的 postgres 连接字符串是正确的。然而它正在尝试连接到 h2 数据库,这显然是不正确的。
我已经查看了所有配置选项,但不明白为什么:
a) Keycloak 在启动模式下不会在 postgres 中存储任何数据。
b) Keycloak 正在尝试以 --optimized 模式访问 H2 数据库。
更新
遵循 sonOfRa 的建议并尝试简化问题,我现在尝试了以下方法:
- 将 postgres 作为单独的 Docker 运行。
- 根据文档创建了以下 Dockerfile(还尝试使用 sonOfRa 的精简版 Dockerfile):
FROM quay.io/keycloak/keycloak:latest as builder
# Enable health and metrics support
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
# Configure a database vendor
ENV KC_DB=postgres
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
ENV KC_DB_URL_HOST=192.168.1.25
ENV KC_DB_USERNAME=keycloak
ENV KC_DB_PASSWORD=keycloak_db_password
ENV KC_HOSTNAME=localhost
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
- 运行以下命令来构建新的 Dockerfile:
docker 构建。 -t mykeycloak
- 运行以下命令启动 Keycloak:
docker run --name mykeycloak \
-p 8030:8080 \
-e KEYCLOAK_ADMIN=admin \
-e KEYCLOAK_ADMIN_PASSWORD=change_me \
-e KC_HOSTNAME=auth.url.com \
-e KC_PROXY=edge \
-e KC_HTTP_ENABLED=true \
mykeycloak start
控制台输出:
2023-01-11 14:06:19,961 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: auth.url.com, Strict HTTPS: true, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: true
2023-01-11 14:06:25,844 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2023-01-11 14:06:28,797 INFO [org.infinispan.server.core.transport.EPollAvailable] (keycloak-cache-init) ISPN005028: Native Epoll transport not available, using NIO instead: java.lang.UnsatisfiedLinkError: could not load a native library: netty_transport_native_epoll_aarch_64
2023-01-11 14:06:29,311 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2023-01-11 14:06:29,436 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2023-01-11 14:06:29,541 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2023-01-11 14:06:29,581 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2023-01-11 14:06:30,440 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.10.Final
2023-01-11 14:06:30,819 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
2023-01-11 14:06:30,820 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2023-01-11 14:06:31,143 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2023-01-11 14:06:31,144 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 20.00MB, but the OS only allocated 212.99KB
2023-01-11 14:06:31,146 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2023-01-11 14:06:31,147 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 25.00MB, but the OS only allocated 212.99KB
2023-01-11 14:06:33,179 INFO [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) cb354516ab9d-30183: no members discovered after 2009 ms: creating cluster as coordinator
2023-01-11 14:06:33,213 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [cb354516ab9d-30183|0] (1) [cb354516ab9d-30183]
2023-01-11 14:06:33,228 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `cb354516ab9d-30183`, physical addresses are `[172.17.0.2:52593]`
2023-01-11 14:06:35,021 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: cb354516ab9d-30183, Site name: null
2023-01-11 14:06:41,372 INFO [org.keycloak.quarkus.runtime.storage.legacy.liquibase.QuarkusJpaUpdaterProvider] (main) Initializing database schema. Using changelog META-INF/jpa-changelog-master.xml
2023-01-11 14:06:53,286 INFO [org.keycloak.services] (main) KC-SERVICES0050: Initializing master realm
2023-01-11 14:07:00,559 INFO [io.quarkus] (main) Keycloak 20.0.2 on JVM (powered by Quarkus 2.13.3.Final) started in 45.755s. Listening on: http://0.0.0.0:8080
2023-01-11 14:07:00,561 INFO [io.quarkus] (main) Profile prod activated.
2023-01-11 14:07:00,562 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vault, vertx]
2023-01-11 14:07:02,212 INFO [org.keycloak.services] (main) KC-SERVICES0009: Added user 'admin' to realm 'master'
不幸的是,结果是一样的。
我可以从设置的 URL 访问 keycloak 并使用运行时创建的管理员用户登录。一切看起来都在 UI 上运行,除了它不在 postgres 数据库中存储任何数据。
最佳答案
这是由于您使用了 --optimized 参数造成的。如果您使用它,则假定您已经运行了“build”,但您并未执行此操作。建议创建您自己的 docker 镜像,该镜像使用上游 docker 镜像作为基础。文档here对此进行了描述。 .
本质上,您需要使用 --db=postgres(或 KC_DB=postgres 环境变量)运行构建命令,以便告诉 Quarkus 构建稍后将使用 postgres 的优化镜像。然后可以使用 --optimized 启动该镜像,它将正确使用 postgres 而不是 H2。
第 1 步是创建一个 Dockerfile(不是 docker-compose.yml!)
FROM quay.io/keycloak/keycloak
# Configure a database vendor
ENV KC_DB=postgres
WORKDIR /opt/keycloak
RUN /opt/keycloak/bin/kc.sh build
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
此时您还可以添加其他内容,例如自定义提供程序,但这是使其正常工作所需的最少数据。
现在您有 2 个选择:您可以使用 docker build 构建此镜像,并使用 docker Push 将其推送到您自己的 docker 注册表,或者您可以直接使用它您的 docker-compose.yaml。如果您构建并推送,请将 image: quay.io/keycloak/keycloak
行替换为 image: your.registry/wherever/you/pushed
。如果您想直接在您的撰写文件中使用它,您可以完全删除 image:
行,并将其替换为
build: .
执行此操作时,必须确保 Dockerfile
与 docker-compose.yaml
位于同一目录
关于postgresql - Keycloak不使用postgres数据库并尝试连接h2数据库,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/75082054/