We Keep Coding

How do I get Keycloak to connect to MySQL DB?

I've been crawling a number of sites like this trying to get Keycloak working with a MySQL persistence layer. I am using docker, but I'm using my own images so it pulls passwords and other sensitive data from a secrets manager instead of environment variables or Docker secrets. The images are pretty close to stock besides that however.
Anyway, I have a MySQL 8 container up and running, and from within the Keycloak 12.0.3 container I can connect to the MySQL container fine:
# mysql -h mysql -u keycloak --password=somethingtochangelater -D keycloak -e "SHOW DATABASES;"
mysql: [Warning] Using a password on the command line interface can be insecure.
+--------------------+
| Database |
+--------------------+
| information_schema |
| keycloak |
+--------------------+
So there's no problems of connectivity between the instances, and that username/password has access to the keycloak database fine.
So then I ran several commands to configure the Keycloak instance (keycloak is installed at /opt/myco/bin/keycloak):
/opt/myco/bin/keycloak/bin/standalone.sh &
# Pausing for server startup
sleep 20
# Add mysql module - JDBC driver unpacked at /opt/myco/bin/keycloak-install/mysql-connector-java-8.0.23/mysql-connector-java-8.0.23.jar
/opt/myco/bin/keycloak/bin/jboss-cli.sh --connect --command="module add --name=com.mysql --dependencies=javax.api,javax.transaction.api --resources=/opt/myco/bin/keycloak-install/mysql-connector-java-8.0.23/mysql-connector-java-8.0.23.jar --module-root-dir=/opt/myco/bin/keycloak/modules/system/layers/keycloak/"
# Removing h2 datasource
/opt/myco/bin/keycloak/bin/jboss-cli.sh --connect --command="/subsystem=datasources/data-source=KeycloakDS:remove"
# Adding MySQL datasource
/opt/myco/bin/keycloak/bin/jboss-cli.sh --connect --command="/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-class-name=com.mysql.cj.jdbc.Driver)"
# TODO - add connection pooling options here...
# Configuring data source
/opt/myco/bin/keycloak/bin/jboss-cli.sh --connect --command="data-source add --name=KeycloakDS --jndi-name=java:jboss/datasources/KeycloakDS --enabled=true --password=somethingtochangelater --user-name=keycloak --driver-name=com.mysql --use-java-context=true --connection-url=jdbc:mysql://mysql:3306/keycloak?useSSL=false&characterEncoding=UTF-8"
# Testing connection
/opt/myco/bin/keycloak/bin/jboss-cli.sh --connect --command="/subsystem=datasources/data-source=KeycloakDS:test-connection-in-pool"
# Creating admin user
/opt/myco/bin/keycloak/bin/add-user-keycloak.sh -r master -u "admin" -p "somethingelse"
# Shutting down initial server
/opt/myco/bin/keycloak/bin/jboss-cli.sh --connect command=":shutdown"
This all appears to run fine. Note especially the test-connection-in-pool has no problems:
{
"outcome" => "success",
"result" => [true],
"response-headers" => {"process-state" => "reload-required"}
}
However, when I go to start the server back up again, it crashes with several exceptions, starting with:
22:31:52,484 FATAL [org.keycloak.services] (ServerService Thread Pool -- 56) Error during startup: java.lang.RuntimeException: Failed to connect to database
at org.keycloak.keycloak-model-jpa#12.0.3//org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.getConnection(DefaultJpaConnectionProviderFactory.java:377)
at org.keycloak.keycloak-model-jpa#12.0.3//org.keycloak.connections.jpa.updater.liquibase.lock.LiquibaseDBLockProvider.lazyInit(LiquibaseDBLockProvider.java:65)
...
it keeps going, though I suspect that Exception ultimately to be fatal, and it eventually dies with:
22:31:53,114 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 40) WFLYCTL0190: Step handler org.jboss.as.controller.AbstractAddStepHandler$1#33063168 for operation add at address [
("subsystem" => "jca"),
("workmanager" => "default"),
("short-running-threads" => "default")
] failed -- java.util.concurrent.RejectedExecutionException: java.util.concurrent.RejectedExecutionException
at org.jboss.threads#2.4.0.Final//org.jboss.threads.RejectingExecutor.execute(RejectingExecutor.java:37)
at org.jboss.threads#2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.rejectShutdown(EnhancedQueueExecutor.java:2029)
...
The module at /opt/myco/bin/keycloak/modules/system/layers/keycloak/com/mysql/main has the jar file and module.xml:
# ls
module.xml mysql-connector-java-8.0.23.jar
# cat module.xml
<?xml version='1.0' encoding='UTF-8'?>
<module xmlns="urn:jboss:module:1.1" name="com.mysql">
<resources>
<resource-root path="mysql-connector-java-8.0.23.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
The standalone.xml file looks reasonable to me:
...
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
<datasources>
...
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true">
<connection-url>jdbc:mysql://mysql:3306/keycloak?useSSL=false&characterEncoding=UTF-8</connection-url>
<driver>com.mysql</driver>
<security>
<user-name>keycloak</user-name>
<password>somethingtochangelater</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
<driver name="mysql" module="com.mysql">
<driver-class>com.mysql.cj.jdbc.Driver</driver-class>
</driver>
</drivers>
</datasources>
...
So.... anyone have any idea what's going on? What else do I need to do to get Keycloak talking properly to MySQL? Anything else I can do to debug what the issue is?

Not sure what is wrong with your particular case, but I used jboss/ keycloak image and it connects to MySQL just fine. Maybe you can derive your custom image from there. The full setup in my blog post https://link.medium.com/eK6IRducpeb

For standalone keycloak server you can try this command.
kc.bat start-dev --db postgres --db-url jdbc:postgresql://localhost:5432/keycloak-server --db-username postgres --db-password root

Connecting solr with aws RDS Mysql through data import handler

I recently started implementing solr-cloud on AWS EC2 for search applications. I have created 2 AWS Ec2 instances with the following configurations ---
EC2 Type - t2.medium
ram - 4GB
Disk Space - 8GB
OS - ubuntu 18.04
For the 2 EC2 instances, I have created a security group which allows all inbound traffic. NACL has default settings that allows all inbound traffic as well.
Steps Followed to install Apache Solr -
ssh into ec2 :
ssh -i "pem_file" ubuntu#ec2-public-ipv4-address
cd to /opt directory
run --> sudo apt-update
run --> sudo apt-get openjdk-11
Check java -version
run --> wget https://archive.apache.org/dist/lucene/solr/8.3.0/solr-8.3.0.tgz
run --> tar -xvzf solr-8.3.0.tgz
export SOLR_HOME=/opt/solr-8.3.0
Add /opt/solr-8.3.0 to Path environment variable
Update the sudo vim /etc/hosts file with the hosts --
a. public-ip-v4-address-of-ec2 solr-node-1
Started Solr using the following command -->
sudo bin/solr start -c -p 8983 -h solr-node-1 -force
Checked the opened ports using --> sudo lsof -i -P -n | grep LISTEN
Created collections, shards and replicas using --->
bin/solr create -c travasko -d sample_techproducts_configs -n travasko_configs -shards 2 -rf 2 -p 8983
I repeated the same process on the other EC2 machine and ran solr on it.
Now, to use the data import handler in solr, I edited the following files:
solrconfig.xml
<requestHandler name="/dataimport" class="org.apache.solr.handler.dataimport.DataImportHandler">
<lst name="defaults">
<str name="config">data-config.xml</str>
</lst>
</requestHandler>
data-config.xml
<dataConfig>
<dataSource type="JdbcDataSource"
driver="com.mysql.jdbc.Driver"
url="jdbc:mysql://examplerds.cuhj86yfdpid.us-east-1.rds.amazonaws.com:3306/TRAVASKODB1"
user="examplerds"
password="examplerds#123"/>
<document>
<entity name="MOMENTS"
pk="MOMENT_ID"
query="SELECT MOMENT_ID,MOMENT_TEXT FROM MOMENTS"
deltaImportQuery="SELECT MOMENT_ID,MOMENT_TEXT FROM MOMENTS WHERE MOMENT_ID='${dih.delta.MOMENT_ID}'"
deltaQuery="SELECT MOMENT_ID FROM MOMENTS WHERE LAST_MODIFIED > '${dih.last_index_time}'"
>
<field column="MOMENT_ID" name="MOMENT_ID"/>
<field column="MOMENT_TEXT" name="MOMENT_TEXT"/>
</entity>
</document>
</dataConfig>
managed_schema
<schema name="MOMENTS" version="1.5">
<field name="_version_" type="long" indexed="true" stored="true"/>
<field name="MOMENT_ID" type="integer" indexed="true" stored="true" required="true" multiValued="false" />
<field name="MOMENT_TEXT" type="string" indexed="true" stored="true" multiValued="false" />
</schema>
Downloaded mysql jdbc using the following command:
wget -q "http://search.maven.org/remotecontent?filepath=mysql/mysql-connector-java/5.1.32/mysql-connector-java-5.1.32.jar" -O mysql-connector-java.jar
Add to solrconfig.xml:
<lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-dataimporthandler-.*\.jar" />
<lib dir="${solr.install.dir:../../../..}/dist/" regex="mysql-connector-java.jar" />
After editing the files above, I uploaded them to the solr-cloud using the following zookeper command -->
bin/solr zk -n travasko_config -z solr-node-1:9983 cp /opt/solr-8.3.0/server/solr/configsets/_default/conf/managed-schema zk:/configs/travasko_config/managed-schema
I then checked all the above files in the solr-cloud and could notice the changes i added.
The current issue is that when I select the collection I created above, and click on Dataimport, It throws an error as below --->
The solrconfig.xml file for this index does not have an operational DataImportHandler defined!
Note: The AWS RDS and EC2 instances are in the same VPC sharing the same Security Group.
So why is solrconfig.xml file throwing an error during dataimport ? What am i missing here?

The solution to the above issue was basically setting the java system property for solr versions greater than 8.2.0 as below:
-Denable.dih.dataConfigParam=true
This parameter can be set either in solr.in.cmd or solr.in.sh which can be found inside the directory below: ,
/opt/solr-8.3.0/bin
If, /opt/solr-8.3.0 is the installation directory of solr.
The other method was to pass this parameter as command line parameter while starting solr as below:
sudo bin/solr start -c -p 8983 -h solr-node-1 -Denable.dih.dataConfigParam=true -force
solr-node-1 is the public IPv4 address of the AWS Ec2 instance on which solr is configured.

Why virsh domxml-to-native changes PCI slot number

I have the following definition of network define virsh edit vm:
<controller type='pci' index='0' model='pci-root'/>
<interface type='bridge'>
<mac address='f2:ff:ff:ff:ff:07'/>
<source bridge='br0:'/>
<model type='e1000'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
i.e slot=3, but after running virsh domxml-to-native qemu-argv i'm getting -
qemu-system-x86_64 -name guest=vm07 -machine pc-i440fx-2.12,accel=kvm,usb=off,dump-guest-core=off -cpu SandyBridge-IBRS -m 4096
.... -netdev tap,fd=21,id=hostnet0
-device e1000,netdev=hostnet0,id=net0,mac=f2:ff:ff:ff:ff:07,bus=pci.0,addr=0x2
i.e slot=2, which change previous ens3 interface -> ens2 interface and failing getting IP by dhcp.
Any idea why it's happen and how to keep the slot number?
Thanks!

verified with libvirt user group as bug in version 4.5.0, fix is in the way.

How to connect to a database created in using ANT

I need to connect to "mydb" database created in MySQL 5.5.
I figured out from http://ant.apache.org/manual/Tasks/sql.html that following should do the job, but ti does not.
<sql
driver="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/broadleaf"
userid="root"
password="password">
</sql>
Then in the other post that following could be used to start and stop MySQL using ANT:
<target name="start-db">
<exec executable="C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" osfamily="windows">
</exec>
<exec executable="mysql.server" osfamily="unix">
<arg value="start"/>
</exec>
</target>
<target name="stop-db">
<exec executable="C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" osfamily="windows">
<arg value="-u"/>
<arg value="root"/>
<arg value="shutdown"/>
</exec>
<exec executable="mysql.server" osfamily="unix">
<arg value="stop"/>
</exec>
</target>
Could someone tell me how to glue both these scripts together to start MySQL database and then connect to a particular database (ex. mydb) using an ANT script? And similarly stop the database and disconnect from that database (mysql).
Thanks.

Are you asking how to tie everything together in a complete ANT script?
<project name="database-stuff" default="make-it-so">
<target name="make-it-so" depends="start-db,run-sql,stop-db"/>
<target name="start-db">
<exec executable="C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" osfamily="windows">
</exec>
<exec executable="mysql.server" osfamily="unix">
<arg value="start"/>
</exec>
</target>
<target name="stop-db">
<exec executable="C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" osfamily="windows">
<arg value="-u"/>
<arg value="root"/>
<arg value="shutdown"/>
</exec>
<exec executable="mysql.server" osfamily="unix">
<arg value="stop"/>
</exec>
</target>
<target name="run-sql">
<sql driver="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/broadleaf"
userid="root"
password="password">
-- SQL STATEMENTS GO HERE!!
</sql>
</target>
</project>
If not you'll have to provide more details of the kind of error you're experiencing.

Can't get external MySQL server to work with Java web application + Hibernate. (Unable to build EntityManagerFactory)

I have two Virtual machines on an external server. VM1 is the Tomcat server and VM2 is the MySQL server. I have a web application on the tomcat server which I can access by typing the ip in my browser at my home computer, so that works as it should.
For example if the IP to VM1 is 111.22.33.44, then I can type this from anywhere and be able to access the homepage: http://111.22.33.44:8080/WebApplication1
But after that, as I try to login in my web application, I get an exception:
javax.persistence.PersistenceException: [PersistenceUnit: WebApplication1PU] Unable to build EntityManagerFactory
I can only assume that this has something to do with my external database server.
persistence.xml (x.x.x.x being the ip of VM2):
<?xml version="1.0" encoding="UTF-8"?>
<persistence version="1.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd">
<persistence-unit name="WebApplication1PU" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>bo.User</class>
<class>bo.LogMessage</class>
<class>bo.PrivateMessage</class>
<exclude-unlisted-classes>false</exclude-unlisted-classes>
<properties>
<property name="hibernate.connection.username" value="root"/>
<property name="hibernate.connection.driver_class" value="com.mysql.jdbc.Driver"/>
<property name="hibernate.connection.password" value="root"/>
<property name="hibernate.connection.url" value="jdbc:mysql://x.x.x.x:3306/community"/>
<property name="hibernate.cache.provider_class" value="org.hibernate.cache.NoCacheProvider"/>
</properties>
</persistence-unit>
</persistence>
What I have tried to do to fix it:
Grant privileges on the mysql server for VM1 ip+username.
Hmm, that's all I can remember at the moment, I'll edit this.
I can edit in the stack trace as well, if that would help.
Also: The two VMs have completely different ip addresses. I read something about changing RESOURCE_LOCAL to JTA, could that fix anything?
EDIT 1
traceroute gave 2 rows (hops?)
I commented the bind 127.0.0.1 row in the my.conf file. Still doesn't work.
Exception when trying to login at the home page of the web application.
(Stack Trace):
javax.faces.el.EvaluationException: javax.persistence.PersistenceException: [PersistenceUnit: WebApplication1PU] Unable to build EntityManagerFactory
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at javax.faces.component.UICommand.broadcast(UICommand.java:315)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:794)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1259)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:409)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:185)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:269)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:679)
Caused by: javax.persistence.PersistenceException: [PersistenceUnit: WebApplication1PU] Unable to build EntityManagerFactory
at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:677)
at org.hibernate.ejb.HibernatePersistence.createEntityManagerFactory(HibernatePersistence.java:126)
at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:51)
at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:33)
at db.UserDB.getUserByUsername(UserDB.java:49)
at bo.UserHandler.UserLogin(UserHandler.java:30)
at ui.UserBean.login(UserBean.java:56)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.el.parser.AstValue.invoke(AstValue.java:262)
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:278)
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
... 24 more
Caused by: org.hibernate.HibernateException: Hibernate Dialect must be explicitly set
at org.hibernate.dialect.DialectFactory.determineDialect(DialectFactory.java:57)
at org.hibernate.dialect.DialectFactory.buildDialect(DialectFactory.java:39)
at org.hibernate.cfg.SettingsFactory.determineDialect(SettingsFactory.java:426)
at org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:128)
at org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2009)
at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1292)
at org.hibernate.cfg.AnnotationConfiguration.buildSessionFactory(AnnotationConfiguration.java:859)
at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:669)
... 38 more
EDIT 2
netstat -anltp | grep "LISTEN" on VM2 (mysql server)
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
EDIT 3
netstat -anltp | grep "LISTEN" on VM2 (mysql server)
NOW LISTENING TO EXTERNAL CONNECTIONS TO MYSQL (to do this see step 4 of this guide: link
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -

I have made it work now, I basically followed steps 4-5 in this tutorial: Link: allowing external connections to mysql server
So basically add a user with privileges of your choice using mysql commands CREATE USER and GRANT.
you can view the mysql user table to see what users exist (this shows only some columns though):
select host,user,password from mysql.user;
One host in that table should be the IP of the tomcat server.
As you can see in the tutorial you also have to edit the mysql config file, if ubuntu complains about rights, the sudo command might come in handy. just type sudo followed by a regular command. Keep in mind that I'm really new to Ubuntu so there might be an easier way to do all this. gedit can be used to edit files.