'permission problems by connecting keycloak to the data base on the same pod
I have a pod and in it have keycloak latest and a data base as container. I have tried mysql and postgres both. For both of them my keycloak tries to connect to the data base as a 'sa' user and can not do that. I have not such a user at all and the defined user for keycloak DB is 'keycloak'. I am on a centOs 8 as rootless user, running the scripts in GitLab. Dockerfile for keycloak:
FROM quay.io/keycloak/keycloak-x:latest as builder
ENV KC_METRICS_ENABLED=true
ENV KC_DB=mysql
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak-x:latest
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
WORKDIR /opt/keycloak
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
ENV KC_DB_USERNAME=keycloak
ENV KC_DB_PASSWORD=testpassDbpass
ENV KEYCLOAK_ADMIN=admin
ENV KEYCLOAK_ADMIN_PASSWORD=changeme
ENV KC_DB_URL=jdbc:mysql://localhost:3306/keycloak
EXPOSE 8443
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--hostname=keycloak.sdxo.com", "--proxy=passthrough"]
Mysql and other scripts in yml:
stages:
- build
build_pod:
tags:
- auth-runner
stage: build
script:
- podman pod rm -i -f user-authentification
- podman pod create --name user-authentification -p 9175:8443/tcp
only:
- main
build_db:
image: mysql:8
tags:
- auth-runner
stage: build
script:
- echo "$KEYCLOAK_DB_USER"
- podman run -dt --name postgres --pod user-authentification -v ~/mysql_volume:/var/lib/mysql:z
--env MYSQL_DATABASE="$KEYCLOAK_DB_NAME"
--env MYSQL_USER=keycloak
--env MYSQL_ROOT_PASSWORD="$KEYCLOAK_DB_PASS" --expose=3306 mysql:8
only:
- main
build_keycloak:
tags:
- auth-runner
stage: build
script:
- podman build -t sdx-keycloak .
- podman run -dt --name=sdx-keycloak --pod user-authentification --expose=8443 sdx-keycloak
only:
- main
The error is:
Access denied for user 'sa'@'127.0.0.1' (using password: YES)
2022-02-28 12:04:39,210 WARN [org.hib.eng.jdb.env.int.JdbcEnvironmentInitiator] (JPA Startup Thread: keycloak-default) HHH000342: Could not obtain connection to query metadata: java.sql.SQLException: Access denied for user 'sa'@'127.0.0.1' (using password: YES)
My user id:
uid=1000(sdxo) gid=1000(sdxo) groups=1000(semdatex),10(wheel),1001(gitlab-runner)
podman -v 3.4.2
Have already done podman unshare chonw 1000:1000 pathToVolume as described in https://www.redhat.com/sysadmin/rootless-podman-makes-sense
Solution 1:[1]
I do not know why keycloak tries to connect to the DB as sa or maybe it is a rootless problem with keycloak, but I just changed the DB user in 'sa' so it works now.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Iman |