Generator-jhipster: On restarting Keycloak users registered/created are lost

Created on 22 Feb 2018  路  8Comments  路  Source: jhipster/generator-jhipster
Overview of the issue

I have created Jhipster app with Keycloak support. On keycloak, I have enabled user registration. Now I am registering a user. But on restarting Keycloak, all the users I created disappears, intact any changes I did in Keycloak configurations are lost.

JHipster Version(s)

4.14.0

JHipster configuration

{
"generator-jhipster": {
"promptValues": {
"packageName": "com.test"
},
"jhipsterVersion": "4.14.0",
"baseName": "test",
"packageName": "com.test",
"packageFolder": "com/test",
"serverPort": "8080",
"authenticationType": "oauth2",
"cacheProvider": "ehcache",
"enableHibernateCache": true,
"websocket": "spring-websocket",
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "mysql",
"searchEngine": false,
"messageBroker": false,
"serviceDiscoveryType": false,
"buildTool": "maven",
"enableSocialSignIn": false,
"enableSwaggerCodegen": false,
"clientFramework": "angularX",
"useSass": false,
"clientPackageManager": "yarn",
"applicationType": "monolith",
"testFrameworks": [],
"jhiPrefix": "jhi",
"enableTranslation": false
}
}

Browsers and Operating System

Safari, Mac

  • [x] Checking this box is mandatory (this is just to show you read everything)
picture caffeinecoders
👍2

Most helpful comment

This is because Keycloak uses an embedded H2 database by default, you should use an external database in production.

You can prevent the users from being cleared by updating the keycloak.yml docker-compose file:

  • Add a volume ./keycloak-db:/opt/jboss/keycloak/standalone/data
  • Change the migration strategy from OVERWRITE_EXISTING, to IGNORE_EXISTING (in the command section)

We should document this at a minimum.

http://www.keycloak.org/docs/2.5/server_installation/topics/database.html
https://hub.docker.com/r/jboss/keycloak/

picture ruddell on 22 Feb 2018
👍11

All 8 comments

This is because Keycloak uses an embedded H2 database by default, you should use an external database in production.

You can prevent the users from being cleared by updating the keycloak.yml docker-compose file:

  • Add a volume ./keycloak-db:/opt/jboss/keycloak/standalone/data
  • Change the migration strategy from OVERWRITE_EXISTING, to IGNORE_EXISTING (in the command section)

We should document this at a minimum.

http://www.keycloak.org/docs/2.5/server_installation/topics/database.html
https://hub.docker.com/r/jboss/keycloak/

ruddell picture ruddell on 22 Feb 2018
👍11

Hi,
I have a problem with persistent keycloack. I folllow @ruddell advice with the following keycloack.yml
services: keycloak: image: jboss/keycloak:8.0.1 command: ["-b", "0.0.0.0", "-Dkeycloak.migration.action=import", "-Dkeycloak.migration.provider=dir", "-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config", "-Dkeycloak.migration.strategy=IGNORE_EXISTING", "-Djboss.socket.binding.port-offset=1000"] volumes: - ./realm-config:/opt/jboss/keycloak/realm-config - ./keycloak-db:/opt/jboss/keycloak/standalone/data environment: - KEYCLOAK_USER=admin - KEYCLOAK_PASSWORD=admin - DB_VENDOR=h2 ports: - 9080:9080 - 9443:9443 - 10990:10990
I start my docker image with

docker-compose -f src/main/docker/keycloak.yml up

Here are the log
(ServerService Thread Pool -- 64) WFLYCLINF0003: Stopped authorization cache from keycloak container keycloak_1 | 14:46:43,960 INFO [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0008: Undertow HTTP listener default suspending keycloak_1 | 14:46:43,963 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 65) WFLYCLINF0003: Stopped keys cache from keycloak container keycloak_1 | 14:46:43,981 INFO [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0007: Undertow HTTP listener default stopped, was bound to 0.0.0.0:9080 keycloak_1 | 14:46:43,984 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0004: Undertow 2.0.27.Final stopping keycloak_1 | 14:46:43,988 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 71) WFLYCLINF0003: Stopped realms cache from keycloak container keycloak_1 | 14:46:43,996 INFO [org.jboss.as.server.deployment] (MSC service thread 1-8) WFLYSRV0028: Stopped deployment keycloak-server.war (runtime-name: keycloak-server.war) in 112ms keycloak_1 | 14:46:43,999 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 75) WFLYCLINF0003: Stopped users cache from keycloak container keycloak_1 | 14:46:44,003 INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-6) WFLYJCA0019: Stopped Driver service with driver-name = h2 keycloak_1 | 14:46:44,033 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 66) WFLYCLINF0003: Stopped offlineSessions cache from keycloak container keycloak_1 | 14:46:44,036 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 69) WFLYCLINF0003: Stopped sessions cache from keycloak container keycloak_1 | 14:46:44,042 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 68) WFLYCLINF0003: Stopped clientSessions cache from keycloak container keycloak_1 | 14:46:44,043 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 61) WFLYCLINF0003: Stopped authenticationSessions cache from keycloak container keycloak_1 | 14:46:44,050 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 60) WFLYCLINF0003: Stopped work cache from keycloak container keycloak_1 | 14:46:44,053 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 74) WFLYCLINF0003: Stopped actionTokens cache from keycloak container keycloak_1 | 14:46:44,055 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 62) WFLYCLINF0003: Stopped client-mappings cache from ejb container keycloak_1 | 14:46:44,051 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 70) WFLYCLINF0003: Stopped offlineClientSessions cache from keycloak container keycloak_1 | 14:46:44,054 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 67) WFLYCLINF0003: Stopped loginFailures cache from keycloak container keycloak_1 | 14:46:44,064 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-2) ISPN000080: Disconnecting JGroups channel ejb keycloak_1 | 14:46:44,086 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-8) ISPN000080: Disconnecting JGroups channel ejb keycloak_1 | 14:46:44,115 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "microprofile-metrics-smallrye")]): java.lang.NullPointerException keycloak_1 | at [email protected]//org.wildfly.extension.microprofile.metrics.MicroProfileMetricsSubsystemAdd$2.execute(MicroProfileMetricsSubsystemAdd.java:86) keycloak_1 | at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999) keycloak_1 | at [email protected]//org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743) keycloak_1 | at [email protected]//org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467) keycloak_1 | at [email protected]//org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1413) keycloak_1 | at [email protected]//org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:521) keycloak_1 | at [email protected]//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:472) keycloak_1 | at [email protected]//org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:434) keycloak_1 | at [email protected]//org.jboss.as.server.ServerService.boot(ServerService.java:435) keycloak_1 | at [email protected]//org.jboss.as.server.ServerService.boot(ServerService.java:394) keycloak_1 | at [email protected]//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:374) keycloak_1 | at java.base/java.lang.Thread.run(Thread.java:834) keycloak_1 | keycloak_1 | docker_keycloak_1 exited with code 1

How do I have to modify my keycloack.yml ? Thank you

sbonaime picture sbonaime on 21 Jan 2020

Hello,
regarding this issue, I would like to report an error that occurred on linux, after following the official documentation.

Idk if it's something related to my local environment or not. Anyway maybe this informations can help somebody:

First I enabled the volume by adding
./keycloak-db:/opt/jboss/keycloak/standalone/data

Then I've launched docker-compose, and in fact it created a keycloak-db folder, in the same directory of the docker-compose config file. That wasn't obvious to me as I am a newbie of docker.

Anyway, there comes the strange part: the keycloak-db folder was owned by root. Launching docker-compose with this permissions, leaded to an error, so the container stopped.

Doing a chown ${USER}:${USER} keyclocak-db fixed the permissions problem, but at this point launching the container with migration strategy set to IGNORE_EXISTING leaded to another error (admin user already existing).

To fix that, I've launched the keycloak image with the previous migration strategy OVERWRITE_EXISING just one time in order to wipe the erroneous data.
Finally I've swapped it to IGNORE_EXISTING again, which worked this time.

EDIT: doing any change from the keycloak ui, then saving, leads to an error on next boot.

User with username 'admin' already added to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json'

funder7 picture funder7 on 24 Feb 2020

@fadafez, @sbonaime:

Please don't comment on an old issue. If you think this issue still applies, please create a new ticket with proper details.

If you have a question please use Stack Overflow, and tag the question with jhipster. This helps the project to keep the issue tracker clean. Also, Stack Overflow will give your question a larger audience:

  • This will increase your chances to get an answer
  • Answers will be of higher quality, as there is a voting system
  • This will also help other users who might have the same issue, as questions are tagged and easily searchable

Finally, you can also use our chat room on gitter.

SudharakaP picture SudharakaP on 24 Feb 2020

Hello @SudharakaP, actually I've fixed the issue, if it's better to open a new thread I will do that, I supposed that was more appropriate to add the information here, as it's the place where the official documentation comes from.

funder7 picture funder7 on 24 Feb 2020

@fadafez : As indicated above this issue is closed as per document change; https://github.com/jhipster/jhipster.github.io/commit/8eff4be3ef83d8b48a784636b6903bed204dd464. If you have a different approach to fix this, I suggest opening up a new issue with your suggestion and discussing it first and then submit a PR if all is in agreement. 馃槃

SudharakaP picture SudharakaP on 25 Feb 2020
👍1

@SudharakaP actually, @funder7 's comments were really helpful here for me since this is the first result on Google about lack-of keycloak h2 database persistence.

Thanks @funder7 !

kallisti5 picture kallisti5 on 7 Sep 2020
1

I'm using Keycloak on Openshift and need to store the H2 Database in a different directory.
How to do that?
In an older version, I was using the property DIR_H2_DS, but it seems not working now.

BraianNunes picture BraianNunes on 11 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

frantzynicolas picture frantzynicolas  路  3Comments
dronavallisaikrishna picture dronavallisaikrishna  路  3Comments
chegola picture chegola  路  4Comments
lsadehaan picture lsadehaan  路  3Comments
trajakovic picture trajakovic  路  4Comments