Configuring dockerized Keycloak by CLI commands

Asked 21/10, 2020 at 10:20 Answered 1/6, 2024 at 8:21

I'm trying to configure a dockerized Keycloak server like creating a realm from CLI command in the Dockerfile:

FROM quay.io/keycloak/keycloak:11.0.0

# Create realm "realm_borrar" on keycloak
RUN /opt/jboss/keycloak/bin/kcadm.sh create realms -s realm=my_new_realm -s enabled=true -o --server http://localhost:8080/auth --realm master --user admin --password admin

The result of docker build -f ... is:

Logging into http://localhost:8080/auth as user admin of realm master
Failed to send request - Connect to localhost:8080 [localhost/127.0.0.1] failed: Connection refused (Connection refused)

If I run the container (created with the same Dockerfile but removing the RUN sentence) and I execute the same CLI command (kcadm.sh ....) it works.

What should be the proper way to config Keycloak in the Dockerfile?

Thanks.

Damning answered 21/10, 2020 at 10:20 Comment(0)

Here is an example on how to do it for ubuntu...

At a terminal, run Keycloak as a dockerfile, e.g.:

docker run --name keycloak -p 8484:8080 -e DB_VENDOR=h2 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak:11.0.0

At another terminal, run the CLI commands you need as exec commands for the container, e.g. for kcadm.sh get realms do:

docker exec -it keycloak /opt/jboss/keycloak/bin/kcadm.sh get realms --server http://localhost:8080/auth --realm master --user admin --password admin

If you want to run everything on the same terminal, use -d (detach) on the first docker command.

For create realms using a file, map the directory of the file inside keycloack when running (mapping files directly should also work in theory) e.g.:

    docker run --name keycloak -p 8484:8080 -d -e DB_VENDOR=h2 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -v host_abs_path:/cfg jboss/keycloak:11.0.0 
    #wait for keycloak to start...
    sleep 10
    docker exec -it keycloak /opt/jboss/keycloak/bin/kcadm.sh create realms --server http://localhost:8080/auth --realm master --user admin --password admin -f /cfg/my_realms.json

Sykes answered 19/5, 2021 at 11:33 Comment(1)

for latest KC v24 path to CLI is slightly different inside Docker container.

/opt/keycloak/bin/kcadm.sh get realms --no-config --server http://localhost:8080 --realm master --user admin --password admin

– Gunplay 16/5, 2024 at 19:23

Obviously, Keycloak must be running and it must be connected to the DB, when you want to add realm. And that's not a case when you are building Docker image. It can be done only when container is running, so use startup scripts.

https://hub.docker.com/r/jboss/keycloak/

A custom script can be added by creating your own Dockerfile:

FROM keycloak COPY custom-scripts/ /opt/jboss/startup-scripts/

Saintsimon answered 22/10, 2020 at 19:53 Comment(4)

I guess that startup scripts will be executed any time the container is initialized so restarting it the configuration would be repeated, i. e. if the script creates a realm and I stop and restart the container the realm would be created again (suposing that keycloak allows the same realm). – Damning 23/10, 2020 at 5:24

@PacoAbato so why you don't include also business logic into the script: create realm only if realm doesn't exist – Saintsimon 23/10, 2020 at 5:28

I have just read that containers should not be stoped and resumed but destroyed and again created for new https://mcmap.net/q/1167388/-keycloak-docker-container-fails-to-start-after-restarting-the-container I will try your solution in a while, thanks. – Damning 23/10, 2020 at 5:33

I managed to execute startup scripts but commands like /opt/jboss/keycloak/bin/kcadm.sh create realms keep on failing. I guess I must use embedded commands like /subsystem=keycloak-server/:write-attribute(name=web-context,value=myContext) but can't find which attributes would do the work for adding a realm for example. – Damning 23/10, 2020 at 12:25

docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:24.0.4 start-dev

Pithecanthropus answered 1/6, 2024 at 8:21 Comment(1)

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. – Dogleg 2/6, 2024 at 17:15

Recommended topics

Hot tags