Apicurio-studio: [Question]Should the keycloak server use 7.0.1 even in Distro Docker-compose environment?

Created on 4 Nov 2019 · 23Comments · Source: Apicurio/apicurio-studio

I'm trying to install KeycloakServer and Apicurio with Docker-compose.
Is it better not to use Keycloak Server 7?

Dockerfile

FROM jboss/keycloak:4.8.3.Final
ADD apicurio /opt/jboss/keycloak/themes/apicurio

https://github.com/Apicurio/apicurio-studio/blob/master/distro/docker-compose/keycloak/Dockerfile

4.3.0
Upgrade to Keycloak 7 (#950)
https://github.com/Apicurio/apicurio-studio/commit/fe1d4d3a946e94b0becacb2a3aea18a0c3b7888f

question

Source

Yuutakasan

Most helpful comment

Tried it again and it worked. Possible race condition, or possible messup on my part. Either way, the switch from 7.0.1 to 7.0.0 is necessary. So I'm going to commit that change and close this issue. :)

EricWittmann on 25 Nov 2019

🎉2

All 23 comments

Yes we should use Keycloak 7 - I forgot to update the docker compose configuration. I'll give that a test tomorrow and push an update.

EricWittmann on 4 Nov 2019

understood. Thank you for your replay.
I wait for your test and upgrade my environment to keycloak7.

Yuutakasan on 4 Nov 2019

@EricWittmann
I ’ve created rough setup documentationn for Apicurio ( Docker ) . FYI.
Forgive me for machine translation because I made it in Japanese.

Yuutakasan on 5 Nov 2019

Thanks @Yuutakasan I'd love to see it!

@chriske Would it be possible for you to have a look at the docker-compose config? I've updated keycloak to 7.0.1 but when I tested it I got a weird communications link error between Keycloak and Mysql.

EricWittmann on 5 Nov 2019

@EricWittmann
Thank you Eric for maintaining a very useful software. Thank you as always!
Nginx was added to perform SSL communication, and this method was reached through trial and error, so I do not know if this is the correct setup method, but I will share it as it may be helpful.

Apicurio docker setup document English ( google transrater )
https://drive.google.com/open?id=1TugdgjqGHwHFcBN8-b3Ov-7eHIMdoT3DUDVjwbyB2NE
Apicurio docker setup document japanese
https://drive.google.com/open?id=1zYkkpRm5a0OD1dQkTelUeud5vqVzYGoYaPMNENEQmGk

Yuutakasan on 6 Nov 2019

@EricWittmann
I forgot my GoogleDrive sharing settings. I granted access to everyone.

Yuutakasan on 6 Nov 2019

👍1

This is pretty great! I'll try to spend some time going through it more thoroughly when I can. Thank you.

EricWittmann on 6 Nov 2019

👍1

Hi!

@EricWittmann I'll try to check it at the weekend! I hope it is some minor issue.

chriske on 7 Nov 2019

❤1 👍1

@Yuutakasan, thanks for your work! I just read it, and I have a question: you added fix IP addresses to the nginx config. How can you make sure, that the containers will get those addresses? I think you should use the container names as hostnames in that config. Or I just missed something important in your doc?

chriske on 7 Nov 2019

@chriske Thank you for reading my document. I corrected it now because there was a little mistake when I read it again. Since communication to the container is done by port fording, the container does not need to know the IP address. Is the answer you need now?

Yuutakasan on 7 Nov 2019

@chriske
I put {IP_OF_YOUR_HOST} in this chapter into the Nginx configuration.
https://github.com/Apicurio/apicurio-studio/blob/master/distro/docker-compose/Readme.md#script-based-setup

Yuutakasan on 11 Nov 2019

Hey @chriske did you ever get a chance to look at and/or test the latest Apicurio docker compose? I'm wondering if you get the same error in KC that I get, and what you might be able to make of it.

EricWittmann on 21 Nov 2019

Hey @EricWittmann , sorry for the delay!

I just checked it out, and found a handshake issue between MySQL and KeyCloak in the logs.

jboss-keycloak-mysql_1  | 2019-11-23T07:26:15.557157Z 2 [Note] Bad handshake
jboss-keycloak_1        | 07:26:15,566 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService Thread Pool -- 65) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
jboss-keycloak_1        |       at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:345)
jboss-keycloak_1        |       at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:352)
jboss-keycloak_1        |       at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:287)
jboss-keycloak_1        |       at [email protected]//org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.createConnectionEventListener(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:1325)
jboss-keycloak_1        |       at [email protected]//org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreConcurrentLinkedDequeManagedConnectionPool.getConnection(SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:499)

I'll go and search for a proper docker config for KeyCloak 7, and try our configuration with it.

chriske on 23 Nov 2019

After some googling, I found this issue:
https://developer.jboss.org/thread/280802?_sscc=t

First of all, I tried to upgrade MySQL to 8.0.12. But I had to experience, KeyCloak don't work with 8.x at all, based on this issue:

https://issues.jboss.org/browse/KEYCLOAK-7655?attachmentOrder=desc

So, I went back to the first issue, and they suggested to move back to keycloak 7.0.0
I tried it, and it works like a charm. Can you test it @EricWittmann yourself too please?

chriske on 23 Nov 2019

👍2

I'll give that a try. Thanks for doing the sleuthing.

EricWittmann on 25 Nov 2019

@chriske OK I gave it a try (just updated the keycloak Dockerfile to use 7.0.0 instead of 7.0.1). But I got a Keycloak startup error connecting to mysql still (different though):

https://gist.github.com/EricWittmann/81e4ad8eff5eb4cb05d34b066e7e0db7

EricWittmann on 25 Nov 2019

@EricWittmann It's really strange :( I tried it again, and it works.

jboss-keycloak_1        | 15:35:19,604 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
jboss-keycloak_1        | 15:35:19,606 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
jboss-keycloak_1        | 15:35:19,606 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990
jboss-keycloak_1        | 15:35:19,606 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 7.0.0 (WildFly Core 9.0.2.Final) started in 62711ms - Started 683 of 988 services (701 services are lazy, passive or on-demand)

What I did:

docker system prune --volumes
./reset_env.sh
changed KeyCloak version in the DockerFile to 7.0.0
docker run -v $(pwd):/apicurio chriske/apicurio-setup-image:latest bash /apicurio/setup.sh 10.16.0.54 mysql
./start-mysql-environment.sh

chriske on 25 Nov 2019

OK I'll try again - but that's what I did too. :) Just with a different IP address.

EricWittmann on 25 Nov 2019

🎉2

Thanks! :)

chriske on 25 Nov 2019

Thank you for figuring everything out.

EricWittmann on 25 Nov 2019

Fixed in: https://github.com/Apicurio/apicurio-studio/commit/eaf49cce205fe3ae991be0aa8877b7f7dd55ada3

And before that: https://github.com/Apicurio/apicurio-studio/commit/f42e72e0f20bd8206de5f1d0627ae65059a6d226#diff-dbfd402024fb442e45cde2cdaf95a006

EricWittmann on 25 Nov 2019

You're welcome! :)