keycloak:
image: Quay
container_name: keycloak
command: start --db=mariadb --import-realm --hostname ${FQDN}/keycloak/ --log=“console,file” --spi-events-listener-jboss-logging-success-level=info --spi-events-listener-jboss-logging-error-level=warn
environment:
KC_PROXY: edge
KC_HOSTNAME:${PETE_FQDN}/keycloak
KC_HOSTNAME_ADMIN_URL: ${PETE_FQDN}/keycloak/
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
<<: *keycloak_db
volumes:
- ./keycloak:/opt/keycloak/data/log
- ./kc:/opt/keycloak/data/import/
ports:
- “8080:8080”
restart: always
depends_on:
mariadb:
condition: service_healthy
networks:
- nextcloud-net
I’m having some trouble with keycloak logging. when I specify the start commands
–log=“console,file” --spi-events-listener-jboss-logging-success-level=info --spi-events-listener-jboss-logging-error-level=warn
it gives an error on startup
LogManager error of type OPEN_FAILURE: Failed to set log file
java.io.FileNotFoundException: /opt/keycloak/bin/…/data/log/keycloak.log (Permission denied)
It also says some of my commands will be ignored
[org.keycloak.quarkus.runtime.cli.Picocli] (main) The following run time options were found, but will be ignored during build time: kc.spi-events-listener-jboss-logging-success-level, kc.spi-hostname-v2-hostname, kc.spi-events-listener-jboss-logging-error-level
but they are not ignored as I can see in the console output
2024-10-08 19:35:50,753 INFO [org.keycloak.events] (executor-thread-5) type=“LOGIN”, realmId=“a61f52b5-db0c-49a1-9468-8da85d8f8e74”, realmName=“master”, clientId=“security-admin-console”, userId=“df8bff25-ce45-4079-a5f0-17dcfdffe073”, sessionId=“a50201b7-3f6d-49ab-b966-495b094934e8”, ipAddress=“192.168.21.7”, auth_method=“openid-connect”, auth_type=“code”, response_type=“code”, redirect_uri=“FQDN/keycloak/admin/master/console/”, consent=“no_consent_required”, code_id=“a50201b7-3f6d-49ab-b966-495b094934e8”, username=“admin”, response_mode=“query”, authSessionParentId=“a50201b7-3f6d-49ab-b966-495b094934e8”, authSessionTabId=“jRg-sm1viCA”
2024-10-08 19:35:51,313 INFO [org.keycloak.events] (executor-thread-5) type=“CODE_TO_TOKEN”, realmId=“a61f52b5-db0c-49a1-9468-8da85d8f8e74”, realmName=“master”, clientId=“security-admin-console”, userId=“df8bff25-ce45-4079-a5f0-17dcfdffe073”, sessionId=“a50201b7-3f6d-49ab-b966-495b094934e8”, ipAddress=“192.168.21.7”, token_id=“7a49626a-5ef3-4369-a407-8c4f328c36e9”, grant_type=“authorization_code”, refresh_token_type=“Refresh”, scope=“openid profile email”, refresh_token_id=“3905b30c-25d9-40e6-8aa5-d6e60d59eb6b”, code_id=“a50201b7-3f6d-49ab-b966-495b094934e8”, client_auth_method=“client-secret”
These are the logs I want, but in a text file on the host system, not in the console log of a docker container. When I attempt to map /opt/keycloak/data/logs which is where the ‘file’ variable defaults to per the docs; Configuring logging - Keycloak is gives a permission denied because it seems at startup the commands run as root but keycloak runs as the keycloak user and cannot write to the /opt/keycloak/data/logs folder because it is owned by the root user
bash-5.1$ cd /opt/keycloak/data/
bash-5.1$ ls -la
total 0
drwxrwxr-x 1 keycloak root 66 Oct 8 19:35 .
drwxr-xr-x 1 keycloak root 29 Oct 8 19:32 …
drwxrwxr-x 2 keycloak 1000 28 Oct 8 17:16 import
drwxr-xr-x 2 root root 6 Oct 8 19:31 log
Any ideas? Thanks