--import-realm and its decision of which realm to import first
183 views
Skip to first unread message
Tschenkel
Jul 8, 2025, 5:44:58 AM7/8/25
to Keycloak User
Hello together,
I use the `--import-realm` parameter on `kc.sh` to import two realms: the master realm and a openshift realm.
This results in following error:
Appending additional Java properties to JAVA_OPTS
WARNING: Hostname v1 options [proxy] are still in use, please review your configuration
2025-07-08 08:34:25,437 INFO [org.keycloak.url.HostnameV2ProviderFactory] (main) If hostname is specified, hostname-strict is effectively ignored
2025-07-08 08:34:30,448 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) Starting Infinispan embedded cache manager
2025-07-08 08:34:30,820 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) JGroups Encryption enabled (mTLS).
2025-07-08 08:34:30,821 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) [PATCH] Patching kubernetes stack.
2025-07-08 08:34:31,132 INFO [org.keycloak.infinispan.module.certificates.CertificateReloadManager] (main) Starting JGroups certificate reload manager
2025-07-08 08:34:31,330 INFO [org.infinispan.CONTAINER] (main) ISPN000556: Starting user marshaller 'org.infinispan.commons.marshall.ImmutableProtoStreamMarshaller'
2025-07-08 08:34:31,631 INFO [org.infinispan.CLUSTER] (main) ISPN000078: Starting JGroups channel `ISPN` with stack `kubernetes-patched`
2025-07-08 08:34:31,632 INFO [org.jgroups.JChannel] (main) local_addr: 6f0abdc5-1f4c-45df-9cc2-4a805d655de3, name: keycloak-0-63803
2025-07-08 08:34:31,636 INFO [org.jgroups.protocols.FD_SOCK2] (main) server listening on *:57800
2025-07-08 08:34:33,638 INFO [org.jgroups.protocols.pbcast.GMS] (main) keycloak-0-63803: no members discovered after 2001 ms: creating cluster as coordinator
2025-07-08 08:34:33,649 INFO [org.infinispan.CLUSTER] (main) ISPN000094: Received new cluster view for channel ISPN: [keycloak-0-63803|0] (1) [keycloak-0-63803]
2025-07-08 08:34:33,650 INFO [org.keycloak.infinispan.module.certificates.CertificateReloadManager] (main) Reloading JGroups Certificate
2025-07-08 08:34:33,716 INFO [org.infinispan.CLUSTER] (main) ISPN000079: Channel `ISPN` local address is `keycloak-0-63803`, physical addresses are `[172.16.4.36:7800]`
2025-07-08 08:34:34,447 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: keycloak-0-63803, Site name: null
2025-07-08 08:34:34,732 INFO [org.keycloak.exportimport.dir.DirImportProvider] (main) Importing from directory /opt/keycloak/bin/../data/import
2025-07-08 08:34:35,635 INFO [org.keycloak.exportimport.singlefile.SingleFileImportProvider] (main) Full importing from file /opt/keycloak/bin/../data/import/openshift.json
2025-07-08 08:34:36,021 INFO [com.arjuna.ats.jbossatx] (main) ARJUNA032014: Stopping transaction recovery manager
2025-07-08 08:34:36,036 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
2025-07-08 08:34:36,036 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) Error details:: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.RealmModel.getClientByClientId(String)" because "adminRealm" is null
at org.keycloak.services.managers.RealmManager.setupMasterAdminManagement(RealmManager.java:332)
at org.keycloak.services.managers.RealmManager.importRealm(RealmManager.java:582)
at org.keycloak.exportimport.util.ImportUtils.importRealm(ImportUtils.java:113)
at org.keycloak.exportimport.util.ImportUtils.importRealms(ImportUtils.java:66)
at org.keycloak.exportimport.singlefile.SingleFileImportProvider$1.runExportImportTask(SingleFileImportProvider.java:65)
at org.keycloak.exportimport.util.ExportImportSessionTask.run(ExportImportSessionTask.java:36)
at org.keycloak.models.utils.KeycloakModelUtils.lambda$runJobInTransaction$1(KeycloakModelUtils.java:341)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransactionWithResult(KeycloakModelUtils.java:451)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:340)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:330)
at org.keycloak.exportimport.singlefile.SingleFileImportProvider.importModel(SingleFileImportProvider.java:61)
at org.keycloak.exportimport.ExportImportManager.lambda$runImport$1(ExportImportManager.java:104)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at org.keycloak.exportimport.ExportImportManager.runImport(ExportImportManager.java:102)
at org.keycloak.services.resources.KeycloakApplication$2.run(KeycloakApplication.java:162)
at org.keycloak.models.utils.KeycloakModelUtils.lambda$runJobInTransaction$1(KeycloakModelUtils.java:341)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransactionWithResult(KeycloakModelUtils.java:460)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:340)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:330)
at org.keycloak.services.resources.KeycloakApplication.bootstrap(KeycloakApplication.java:132)
at org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:102)
at org.keycloak.models.utils.KeycloakModelUtils.lambda$runJobInTransaction$1(KeycloakModelUtils.java:341)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransactionWithResult(KeycloakModelUtils.java:460)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:340)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:330)
at org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:94)
at org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication.onStartupEvent(QuarkusKeycloakApplication.java:52)
at org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication_Observer_onStartupEvent_GNZ8m5QenZ9h9VNelo7awjUZFDE.notify(Unknown Source)
at io.quarkus.arc.impl.EventImpl$Notifier.notifyObservers(EventImpl.java:365)
at io.quarkus.arc.impl.EventImpl$Notifier.notify(EventImpl.java:347)
at io.quarkus.arc.impl.EventImpl.fire(EventImpl.java:81)
at io.quarkus.arc.runtime.ArcRecorder.fireLifecycleEvent(ArcRecorder.java:163)
at io.quarkus.arc.runtime.ArcRecorder.handleLifecycleEvents(ArcRecorder.java:114)
at io.quarkus.runner.recorded.LifecycleEventsBuildStep$startupEvent1144526294.deploy_0(Unknown Source)
at io.quarkus.runner.recorded.LifecycleEventsBuildStep$startupEvent1144526294.deploy(Unknown Source)
at io.quarkus.runner.ApplicationImpl.doStart(Unknown Source)
at io.quarkus.runtime.Application.start(Application.java:101)
at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:121)
at io.quarkus.runtime.Quarkus.run(Quarkus.java:77)
at org.keycloak.quarkus.runtime.KeycloakMain.start(KeycloakMain.java:145)
at org.keycloak.quarkus.runtime.cli.Picocli.start(Picocli.java:1002)
at org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.run(AbstractStartCommand.java:49)
at picocli.CommandLine.executeUserObject(CommandLine.java:2030)
at picocli.CommandLine.access$1500(CommandLine.java:148)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2465)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2457)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2419)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2277)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2421)
at picocli.CommandLine.execute(CommandLine.java:2174)
at org.keycloak.quarkus.runtime.cli.Picocli.parseAndRun(Picocli.java:128)
at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:116)
at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:71)
at io.quarkus.bootstrap.runner.QuarkusEntryPoint.doRun(QuarkusEntryPoint.java:68)
at io.quarkus.bootstrap.runner.QuarkusEntryPoint.main(QuarkusEntryPoint.java:36)
WARNING: Hostname v1 options [proxy] are still in use, please review your configuration
2025-07-08 08:34:25,437 INFO [org.keycloak.url.HostnameV2ProviderFactory] (main) If hostname is specified, hostname-strict is effectively ignored
2025-07-08 08:34:30,448 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) Starting Infinispan embedded cache manager
2025-07-08 08:34:30,820 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) JGroups Encryption enabled (mTLS).
2025-07-08 08:34:30,821 INFO [org.keycloak.quarkus.runtime.storage.infinispan.CacheManagerFactory] (main) [PATCH] Patching kubernetes stack.
2025-07-08 08:34:31,132 INFO [org.keycloak.infinispan.module.certificates.CertificateReloadManager] (main) Starting JGroups certificate reload manager
2025-07-08 08:34:31,330 INFO [org.infinispan.CONTAINER] (main) ISPN000556: Starting user marshaller 'org.infinispan.commons.marshall.ImmutableProtoStreamMarshaller'
2025-07-08 08:34:31,631 INFO [org.infinispan.CLUSTER] (main) ISPN000078: Starting JGroups channel `ISPN` with stack `kubernetes-patched`
2025-07-08 08:34:31,632 INFO [org.jgroups.JChannel] (main) local_addr: 6f0abdc5-1f4c-45df-9cc2-4a805d655de3, name: keycloak-0-63803
2025-07-08 08:34:31,636 INFO [org.jgroups.protocols.FD_SOCK2] (main) server listening on *:57800
2025-07-08 08:34:33,638 INFO [org.jgroups.protocols.pbcast.GMS] (main) keycloak-0-63803: no members discovered after 2001 ms: creating cluster as coordinator
2025-07-08 08:34:33,649 INFO [org.infinispan.CLUSTER] (main) ISPN000094: Received new cluster view for channel ISPN: [keycloak-0-63803|0] (1) [keycloak-0-63803]
2025-07-08 08:34:33,650 INFO [org.keycloak.infinispan.module.certificates.CertificateReloadManager] (main) Reloading JGroups Certificate
2025-07-08 08:34:33,716 INFO [org.infinispan.CLUSTER] (main) ISPN000079: Channel `ISPN` local address is `keycloak-0-63803`, physical addresses are `[172.16.4.36:7800]`
2025-07-08 08:34:34,447 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: keycloak-0-63803, Site name: null
2025-07-08 08:34:34,732 INFO [org.keycloak.exportimport.dir.DirImportProvider] (main) Importing from directory /opt/keycloak/bin/../data/import
2025-07-08 08:34:35,635 INFO [org.keycloak.exportimport.singlefile.SingleFileImportProvider] (main) Full importing from file /opt/keycloak/bin/../data/import/openshift.json
2025-07-08 08:34:36,021 INFO [com.arjuna.ats.jbossatx] (main) ARJUNA032014: Stopping transaction recovery manager
2025-07-08 08:34:36,036 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (production) mode
2025-07-08 08:34:36,036 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) Error details:: java.lang.NullPointerException: Cannot invoke "org.keycloak.models.RealmModel.getClientByClientId(String)" because "adminRealm" is null
at org.keycloak.services.managers.RealmManager.setupMasterAdminManagement(RealmManager.java:332)
at org.keycloak.services.managers.RealmManager.importRealm(RealmManager.java:582)
at org.keycloak.exportimport.util.ImportUtils.importRealm(ImportUtils.java:113)
at org.keycloak.exportimport.util.ImportUtils.importRealms(ImportUtils.java:66)
at org.keycloak.exportimport.singlefile.SingleFileImportProvider$1.runExportImportTask(SingleFileImportProvider.java:65)
at org.keycloak.exportimport.util.ExportImportSessionTask.run(ExportImportSessionTask.java:36)
at org.keycloak.models.utils.KeycloakModelUtils.lambda$runJobInTransaction$1(KeycloakModelUtils.java:341)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransactionWithResult(KeycloakModelUtils.java:451)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:340)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:330)
at org.keycloak.exportimport.singlefile.SingleFileImportProvider.importModel(SingleFileImportProvider.java:61)
at org.keycloak.exportimport.ExportImportManager.lambda$runImport$1(ExportImportManager.java:104)
at java.base/java.lang.Iterable.forEach(Iterable.java:75)
at org.keycloak.exportimport.ExportImportManager.runImport(ExportImportManager.java:102)
at org.keycloak.services.resources.KeycloakApplication$2.run(KeycloakApplication.java:162)
at org.keycloak.models.utils.KeycloakModelUtils.lambda$runJobInTransaction$1(KeycloakModelUtils.java:341)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransactionWithResult(KeycloakModelUtils.java:460)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:340)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:330)
at org.keycloak.services.resources.KeycloakApplication.bootstrap(KeycloakApplication.java:132)
at org.keycloak.services.resources.KeycloakApplication$1.run(KeycloakApplication.java:102)
at org.keycloak.models.utils.KeycloakModelUtils.lambda$runJobInTransaction$1(KeycloakModelUtils.java:341)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransactionWithResult(KeycloakModelUtils.java:460)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:340)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:330)
at org.keycloak.services.resources.KeycloakApplication.startup(KeycloakApplication.java:94)
at org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication.onStartupEvent(QuarkusKeycloakApplication.java:52)
at org.keycloak.quarkus.runtime.integration.jaxrs.QuarkusKeycloakApplication_Observer_onStartupEvent_GNZ8m5QenZ9h9VNelo7awjUZFDE.notify(Unknown Source)
at io.quarkus.arc.impl.EventImpl$Notifier.notifyObservers(EventImpl.java:365)
at io.quarkus.arc.impl.EventImpl$Notifier.notify(EventImpl.java:347)
at io.quarkus.arc.impl.EventImpl.fire(EventImpl.java:81)
at io.quarkus.arc.runtime.ArcRecorder.fireLifecycleEvent(ArcRecorder.java:163)
at io.quarkus.arc.runtime.ArcRecorder.handleLifecycleEvents(ArcRecorder.java:114)
at io.quarkus.runner.recorded.LifecycleEventsBuildStep$startupEvent1144526294.deploy_0(Unknown Source)
at io.quarkus.runner.recorded.LifecycleEventsBuildStep$startupEvent1144526294.deploy(Unknown Source)
at io.quarkus.runner.ApplicationImpl.doStart(Unknown Source)
at io.quarkus.runtime.Application.start(Application.java:101)
at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:121)
at io.quarkus.runtime.Quarkus.run(Quarkus.java:77)
at org.keycloak.quarkus.runtime.KeycloakMain.start(KeycloakMain.java:145)
at org.keycloak.quarkus.runtime.cli.Picocli.start(Picocli.java:1002)
at org.keycloak.quarkus.runtime.cli.command.AbstractStartCommand.run(AbstractStartCommand.java:49)
at picocli.CommandLine.executeUserObject(CommandLine.java:2030)
at picocli.CommandLine.access$1500(CommandLine.java:148)
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2465)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2457)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2419)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2277)
at picocli.CommandLine$RunLast.execute(CommandLine.java:2421)
at picocli.CommandLine.execute(CommandLine.java:2174)
at org.keycloak.quarkus.runtime.cli.Picocli.parseAndRun(Picocli.java:128)
at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:116)
at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:71)
at io.quarkus.bootstrap.runner.QuarkusEntryPoint.doRun(QuarkusEntryPoint.java:68)
at io.quarkus.bootstrap.runner.QuarkusEntryPoint.main(QuarkusEntryPoint.java:36)
Its a completly fresh deployment. Postgres db doesnt contain any data.
I already know that he starts the importing with `openshift.json`. I think everything would be alright if he instead would start with `master.json`. My question is how keycloak decides with which file it starts? I renamed `openshift.json` to `1openshift.json` -> same behavior. So filename doesnt seem to be the factor.
I think I narrowed down that the iteration trough the files (aka the importProviders) happens here. But this doenst help me to understand how the sequence comes about.
Any help would be much appreciated!
(Keycloak Statefulset.yaml attached)
Alexander Schwartz
Jul 8, 2025, 6:49:45 AM7/8/25
to Tschenkel, Keycloak User
The sorting of realms should be the same as on the file system, which I assume is alphabetically. See https://github.com/keycloak/keycloak/blob/f52cc73548255bac301d9af9586384ac30eb414e/services/src/main/java/org/keycloak/exportimport/ExportImportManager.java#L129 for the code.
Best,
Alexander
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/keycloak-user/62a2b4c0-50a0-4c94-86f2-3df928d9025dn%40googlegroups.com.
Alexander Schwartz, RHCE
He/Him
Principal Software Engineer, Keycloak Maintainer
Red Hat - Germany remote
 |
Red Hat GmbH, Registered seat: Werner von Siemens Ring 12, D-85630 Grasbrunn, Germany
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross
Reply all
Reply to author
Forward
0 new messages