Advantage
- Secrets and Passwords remains unchanged
- Good for testing different keycloak settings during the development process
Disadvantage
- Be careful your master realm gets overwriten and your admin password may change !
Docker Command to start Keycloak-X
- keycloak-X instance : quay.io/keycloak/keycloak-x:16.1.1
- http-relative-path=auth is used to get same baseUrl as we have used in our older JBOSS keycloak installation
# docker run --name keycloak -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -p 8280:8080 -p 8543:8443 \ -v "D:/dev/Quarkus/Keycloak/quarkus-keycloak-authorization-sample/imports:/tmp/imports" \ quay.io/keycloak/keycloak-x:16.1.1 start-dev --http-relative-path=auth
Run full Database Export
- First you may need to setup your keycloak-X instance with new realms, users, clients, roles, ..
- After that start a 2.nd keycloack session inside the keycloak container and run the export
Get Container ID # docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b431264a1fb8 quay.io/keycloak/keycloak-x:16.1.1 "/opt/keycloak/bin/k…" 46 hours ago Up 46 hours 0.0.0.0:8280->8080/tcp, 0.0.0.0:8543->8443/tcp keycloak Open a new bash # docker exec -it b431264a1fb8 bash Start the Export bash-4.4$ /opt/keycloak/bin/kc.sh export --file /tmp/imports/full-db-export-X.json 2022-03-06 08:59:57,930 INFO [org.key.qua.run.hos.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin: <request> 2022-03-06 08:59:58,538 WARN [org.inf.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal 2022-03-06 08:59:58,639 WARN [org.inf.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled 2022-03-06 08:59:58,657 INFO [org.inf.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller' 2022-03-06 08:59:58,884 INFO [org.inf.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.0.Final 2022-03-06 08:59:59,264 INFO [org.key.con.inf.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_700982, Site name: null 2022-03-06 08:59:59,884 INFO [org.key.services] (main) KC-SERVICES0033: Full model export requested 2022-03-06 08:59:59,884 INFO [org.key.exp.sin.SingleFileExportProvider] (main) Exporting model into file /tmp/imports/full-db-export-X.json 2022-03-06 09:00:01,539 INFO [org.key.services] (main) KC-SERVICES0035: Export finished successfully 2022-03-06 09:00:01,654 ERROR [org.key.services] (main) KC-SERVICES0010: Failed to add user 'admin' to realm 'master': user with username exists 2022-03-06 09:00:01,943 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server using profile (import_export) 2022-03-06 09:00:01,943 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start HTTP server 2022-03-06 09:00:01,944 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) ERROR: java.net.BindException: Address already in use 2022-03-06 09:00:01,944 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) ERROR: Address already in use 2022-03-06 09:00:01,944 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Validate Export File # ls -l /tmp/imports/full-db-export-X.json -rwxr-xr-x 1 keycloak root 228078 Mar 6 09:00 /tmp/imports/full-db-export-X.json bash-4.4$ grep -i testadmin /tmp/imports/full-db-export-X.json "username" : "testadmin", bash-4.4$ grep -i testuser /tmp/imports/full-db-export-X.json "username" : "testuser",
Ignore the Address already in use Error ( still need to find out how to fix this error message).
Run a full database import
Start a clean keycloak instance by mapping the shared volume
- Start a clean keycloak instance by mapping the shared volume
- see above Chapter: Docker Command to start Keycloak-X
- For import use flag -Dkeycloak.profile.feature.upload_scripts=enabled
Run the full database import
Get docker ID $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a85ae8284b58 quay.io/keycloak/keycloak-x:16.1.1 "/opt/keycloak/bin/k…" 27 seconds ago Up 26 seconds 0.0.0.0:8280->8080/tcp, 0.0.0.0:8543->8443/tcp keycloak Login into container $ docker exec -it a85ae8284b58 bash Validate that export file is available bash-4.4$ ls /tmp/imports/full-db-export-X.json /tmp/imports/full-db-export-X.json Run the full db import bash-4.4$ /opt/keycloak/bin/kc.sh import --file /tmp/imports/full-db-export.json -Dkeycloak.profile.feature.upload_scripts=enabled 2022-03-06 09:13:44,896 WARN [org.key.com.Profile] (main) Deprecated feature enabled: upload_scripts 2022-03-06 09:13:44,898 WARN [org.key.com.Profile] (main) Preview feature enabled: scripts 2022-03-06 09:13:44,975 INFO [org.key.qua.run.hos.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin: <request> 2022-03-06 09:13:45,549 WARN [org.inf.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal 2022-03-06 09:13:45,631 WARN [org.inf.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled 2022-03-06 09:13:45,669 INFO [org.inf.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller' 2022-03-06 09:13:45,909 INFO [org.inf.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.0.Final 2022-03-06 09:13:46,493 INFO [org.key.con.inf.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_988524, Site name: null 2022-03-06 09:13:47,048 INFO [org.key.services] (main) KC-SERVICES0030: Full model import requested. Strategy: OVERWRITE_EXISTING 2022-03-06 09:13:47,048 INFO [org.key.exp.sin.SingleFileImportProvider] (main) Full importing from file /tmp/imports/full-db-export.json 2022-03-06 09:13:47,055 INFO [org.key.exp.uti.ImportUtils] (main) Realm 'master' already exists. Removing it before import 2022-03-06 09:13:50,349 INFO [org.key.exp.uti.ImportUtils] (main) Realm 'master' imported 2022-03-06 09:13:52,142 INFO [org.key.exp.uti.ImportUtils] (main) Realm 'RBAC' imported 2022-03-06 09:13:54,010 INFO [org.key.exp.uti.ImportUtils] (main) Realm 'quarkus' imported 2022-03-06 09:13:54,174 INFO [org.key.services] (main) KC-SERVICES0032: Import finished successfully 2022-03-06 09:13:54,361 ERROR [org.key.services] (main) KC-SERVICES0010: Failed to add user 'admin' to realm 'master': user with username exists 2022-03-06 09:13:54,644 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server using profile (import_export) 2022-03-06 09:13:54,645 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start HTTP server 2022-03-06 09:13:54,645 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) ERROR: java.net.BindException: Address already in use 2022-03-06 09:13:54,645 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) ERROR: Address already in use 2022-03-06 09:13:54,646 ERROR [org.key.qua.run.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option.
Ignore the Address already in use Error ( still need to find out how to fix this error message).
Validate Import Log Files
2022-03-06 09:13:47,048 INFO [org.key.services] (main) KC-SERVICES0030: Full model import requested. Strategy: OVERWRITE_EXISTING 2022-03-06 09:13:47,048 INFO [org.key.exp.sin.SingleFileImportProvider] (main) Full importing from file /tmp/imports/full-db-export.json 2022-03-06 09:13:47,055 INFO [org.key.exp.uti.ImportUtils] (main) Realm 'master' already exists. Removing it before import 2022-03-06 09:13:50,349 INFO [org.key.exp.uti.ImportUtils] (main) Realm 'master' imported 2022-03-06 09:13:52,142 INFO [org.key.exp.uti.ImportUtils] (main) Realm 'RBAC' imported 2022-03-06 09:13:54,010 INFO [org.key.exp.uti.ImportUtils] (main) Realm 'quarkus' imported 2022-03-06 09:13:54,174 INFO [org.key.services] (main) KC-SERVICES0032: Import finished successfully
Be First to Comment