Running Keycloak with docker image
docker run --name keycloak -d -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak: latest start-dev
docker stop keycloak
docker rm keycloak
Again run the above docker run command and see users created already exist or not. so, definitely we will not see as those details are not saving. so, now check how to persist the data with mysql.
so, try to configure mysql
Step1
create network so that keycloak can talk to Mysql
docker network create keycloak-network
docker network inspect keycloak-network
Step2
start Mysql
docker run -p 3306:3306 --name mysql -d --net keycloak-network -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=keycloak -e MYSQL_ROOT_PASSWORD=keycloak mysql
Step3
Run keycloak under the same network with addition environment variables
docker run -p 8080:8080 --name keycloak -d --net keycloak-network -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -e KC_DB=mysql -e KC_DB_URL=jdbc:mysql://mysql:3306/keycloak -e KC_DB_USERNAME=keycloak -e KC_DB_PASSWORD=keycloak quay.io/keycloak/keycloak:latest start-dev
once install mysql workbench tool need to install in local to see the table structure and other details
https://dev.mysql.com/downloads/workbench/
docker run -p 8080:8080 --name keycloak --net keycloak-network -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -e KC_DB=mysql -e KC_DB_URL=jdbc:mysql://mysql:3306/keycloak -e KC_DB_USERNAME=keycloak -e KC_DB_PASSWORD=keycloak quay.io/keycloak/keycloak:latest start-dev
docker stop keycloak
docker rm keycloak
Again run the above keycloak and see whether data is retained or not
when you stop mysql container and see the keycloak it will in loop can see with logs of docker image like
docker logs keycloak
again when you run mysql it wont display the tables because we need again to run keycloak to configure data tables
to resolve this
and to get persistent volume from the running container
docker run -v D:/GitSourceCode/Docker/Volume:/var/lib/mysql -p 3306:3306 --name mysql -d --net keycloak-network -e MYSQL_DATABASE=keycloak -e MYSQL_USER=keycloak -e MYSQL_PASSWORD=keycloak -e MYSQL_ROOT_PASSWORD=keycloak mysql
now you stop and start keycloak and add the stuff of clients/users
you can see all the data available in mysql
also, we can create another instance of keycloak i.e keycloak1 which will gain connect to same mysql...so we can implement load balancer for the scenario
lets try
docker run -p 8081:8080 --name keycloak1 --net keycloak-network -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -e KC_DB=mysql -e KC_DB_URL=jdbc:mysql://mysql:3306/keycloak -e KC_DB_USERNAME=keycloak -e KC_DB_PASSWORD=keycloak quay.io/keycloak/keycloak:latest start-dev
now go and see the URL http://localhost:8081/admin/master/console
so, all users and clients data displayed but only redirect URLs can display with 8081
==lets start load balancing like nginx
What is production mode?
docker run -v D:/keycloak:/opt/keycloak/conf -p 8443:8443 --net keycloak-network -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -e KC_DB=mysql -e KC_DB_URL=jdbc:mysql://mysql:3306/keycloak?useSSL=false -e KC_DB_USERNAME=keycloak -e KC_DB_PASSWORD=keycloak -e KC_HOSTNAME=localhost quay.io/keycloak/keycloak:latest start --auto-build --db=mysql
generating certificate using keytool command
keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore server.keystore
after generating certificate then stop all the containers above and run docker command for production
docker run -v D:/keycloak:/opt/keycloak/conf -p 8443:8443 --net keycloak-network -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -e KC_DB=mysql -e KC_DB_URL=jdbc:mysql://mysql:3306/keycloak?useSSL=false -e KC_DB_USERNAME=keycloak -e KC_DB_PASSWORD=keycloak -e KC_HOSTNAME=localhost quay.io/keycloak/keycloak:latest start --auto-build --db=mysql
then browse with https:localhost:8443
Comments
Post a Comment