Buildx arm64 on amd64 platform fails running keycloak import

Hi

I’m trying to build a docker image starting from Quay, and importing a realm.json file. I do this on a MacBook amd64 with buildx to also provide a arm64 build for newer M1 macs. The amd64 is OK, as expected, but while importing the realm during the arm64 build, I get an error.

Any ideas what I am doing wrong?

Docker buildx:
docker buildx create --use --name mybuild
docker buildx build --platform linux/amd64,linux/arm64 .

Dockerfile:

FROM quay.io/keycloak/keycloak:17.0.1

ENV PROXY_ADDRESS_FORWARDING=true

ADD ./my-realm.json /tmp/my-realm.json

RUN ["/opt/keycloak/bin/kc.sh", "import", "--file","/tmp/my-realm.json"]

Error:

> [linux/arm64 3/3] RUN ["/opt/keycloak/bin/kc.sh", "import", "--file","/tmp/my-realm.json"]:                                                                                                                                                                              
#0 35.83 2022-04-04 06:02:31,287 INFO  [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin: <request>, Port: -1, Proxied: false             
#0 42.47 2022-04-04 06:02:37,947 INFO  [org.infinispan.server.core.transport.EPollAvailable] (keycloak-cache-init) ISPN005028: Native Epoll transport not available, using NIO instead: java.lang.UnsatisfiedLinkError: could not load a native library: netty_transport_native_epoll_aarch_64                                                                                                                                                                                                                                                              
#0 43.25 2022-04-04 06:02:38,731 WARN  [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal                                                                                                                 
#0 44.02 2022-04-04 06:02:39,497 WARN  [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
#0 44.50 2022-04-04 06:02:39,972 INFO  [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
#0 47.32 2022-04-04 06:02:42,795 INFO  [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.6.Final
#0 48.23 2022-04-04 06:02:43,719 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
#0 48.24 2022-04-04 06:02:43,723 INFO  [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
#0 48.97 2022-04-04 06:02:44,457 ERROR [org.jgroups.protocols.UDP] (keycloak-cache-init) failed setting interface to /172.17.0.2: java.net.SocketException: Protocol not available (Error setting socket option)
#0 48.98 2022-04-04 06:02:44,463 ERROR [org.jgroups.protocols.UDP] (keycloak-cache-init) failed setting interface to /172.17.0.2: java.net.SocketException: Protocol not available (Error setting socket option)
#0 50.69 2022-04-04 06:02:46,171 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (import_export) mode
#0 50.69 2022-04-04 06:02:46,176 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start caches
#0 50.69 2022-04-04 06:02:46,181 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: org.infinispan.manager.EmbeddedCacheManagerStartupException: org.infinispan.commons.CacheException: Unable to start JGroups Channel
#0 50.70 2022-04-04 06:02:46,182 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: org.infinispan.commons.CacheException: Unable to start JGroups Channel
#0 50.70 2022-04-04 06:02:46,185 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start JGroups Channel
#0 50.70 2022-04-04 06:02:46,187 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Protocol not available
#0 50.70 2022-04-04 06:02:46,189 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
------
WARNING: No output specified for docker-container driver. Build result will only remain in the build cache. To push result image into registry use --push or to load image into docker use --load
Dockerfile:7
--------------------
   5 |     ADD ./my-realm.json /tmp/my-realm.json
   6 |     
   7 | >>> RUN ["/opt/keycloak/bin/kc.sh", "import", "--file","/tmp/my-realm.json"]
   8 |     
--------------------
error: failed to solve: process "/opt/keycloak/bin/kc.sh import --file /tmp/my-realm.json" did not complete successfully: exit code: 1
1 Like

Hey I’m having the same issue, any luck in finding a solution?

Just run into exact same issue. Any ideas how to work around this? Moving the import at runtime is not an option, because if the realm already exists, it is skipped. Import before starting server during docker image build is the only option to import and override existing.

Same issue here, but it appears others are having success running on M1. Anyone have any luck on finding the cause?

I think anyone who has this issue should try to get help from the Keycloak community or provide more details, however @janhoskens started quite well.

To solve this issue probably requires a deeper understanding of Keycloak and its architecture support. When a build fails on a specific architecture without emulation, it is most likely because the application you try to build does not support the architecture properly. If emulate architectures as Docker Desktop does, then the failure can be caused by the emulation. Even in this case there is not much we can do. Emulation can help a lot, but it is not perfect. If anyone can do anything to solve it, they are the Keycloak developers.

If there is a workaround without changing the code of Keycloak, there is a chance we can find that out, if you can make an example which is reproducable, containing every line of code, every script of file required by the build. Then someone with enough time can try to run the build and play with the settings. Still, the best place to get help seems to be the a Keycloak forum.

For myself, this: softwareupdate --install-rosetta solved my issue.