具有自定义用户联合 docker 部署的 Keycloak
Keycloak with custom user federation docker deployment
我正在尝试在 docker 上使用自定义用户联合提供程序部署 Keycloak。我想使用外部数据库作为用户身份验证的附加来源。我已经在我的主机上测试了配置(整个项目从 .tar.gz 中提取)并且它正在工作 - 我可以在管理面板中从外部数据库搜索用户或登录到 keycloak。
问题是,当我 运行 我的容器时,出现以下错误:
12:36:36,127 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "custom-user-storage-jpa.jar")]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.naming.context.java.jboss.datasources.ExternalPostgresDS"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.persistenceunit.\"custom-user-storage-jpa.jar#custom-user-storage-jpa\" is missing [jboss.naming.context.java.jboss.datasources.ExternalPostgresDS]",
"jboss.persistenceunit.\"custom-user-storage-jpa.jar#custom-user-storage-jpa\".__FIRST_PHASE__ is missing [jboss.naming.context.java.jboss.datasources.ExternalPostgresDS]"
]
所以我假设我的 jar 没有看到在 standalone.xml 中配置的数据源(名称为 ExternalPostgresDS)
我的自定义用户存储提供程序中有 persistance.xml,后来由 maven clean install 在 jar 中构建
<?xml version="1.0" encoding="UTF-8" ?>
<persistence version="2.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
<persistence-unit name="custom-user-storage-jpa">
<jta-data-source>java:jboss/datasources/ExternalPostgresDS</jta-data-source>
<properties>
<property name="hibernate.hbm2ddl.auto" value="none" />
<property name="hibernate.show_sql" value="false" />
<property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQL95Dialect" />
</properties>
</persistence-unit>
</persistence>
standalone.xml 中还有一个部分定义了数据源和驱动程序
<xa-datasource jndi-name="java:jboss/datasources/ExternalPostgresDS" pool-name="ExternalPostgresDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<xa-datasource-property name="ServerName">
address...
</xa-datasource-property>
<xa-datasource-property name="PortNumber">
5432
</xa-datasource-property>
<xa-datasource-property name="DatabaseName">
dbname...
</xa-datasource-property>
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
<driver>postgresql</driver>
<security>
<user-name>username...</user-name>
<password>password...</password>
</security>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"/>
</validation>
</xa-datasource>
<drivers>
<driver name="postgresql" module="org.postgresql">
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
</driver>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
最后有一个 Dockerfile,它应该根据我的需要自定义官方 keycloak 图像:
FROM jboss/keycloak:11.0.2
ENV DB_VENDOR postgres
ENV DB_ADDR addr..
ENV DB_DATABASE dbname...
ENV DB_USER user...
ENV DB_PASSWORD password...
ENV PROXY_ADDRESS_FORWARDING true
ENV KEYCLOAK_USER admin
ENV KEYCLOAK_PASSWORD password
COPY ./_resources/standalone.xml /opt/jboss/keycloak/standalone/configuration/standalone.xml
COPY ./_resources/custom-user-storage-jpa.jar /opt/jboss/keycloak/standalone/deployments/custom-user-storage-jpa.jar
COPY ./_resources/postgresql/main/module.xml /opt/jboss/keycloak/modules/system/layers/keycloak/org/postgresql/main/module.xml
COPY ./_resources/postgresql/main/postgresql-42.2.18.jar /opt/jboss/keycloak/modules/system/layers/keycloak/org/postgresql/main/postgresql-42.2.18.jar
ENV JAVA_OPTS -server -Xms2048m -Xmx6144m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
EXPOSE 8080
当然,我检查了复制的文件是否正确并位于 运行ning 容器中,启动后一切正常,但没有我的自定义用户存储部署。
我错过了什么?
您的 standalone.xml
文件似乎未被读取,jboss 尝试使用默认配置。
此处提到将默认文件名更新为 standalone-ha.xml
https://lists.jboss.org/pipermail/keycloak-dev/2018-October/011304.html.
更新映像构建命令为
COPY ./_resources/standalone.xml /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml
应该有帮助
我正在尝试在 docker 上使用自定义用户联合提供程序部署 Keycloak。我想使用外部数据库作为用户身份验证的附加来源。我已经在我的主机上测试了配置(整个项目从 .tar.gz 中提取)并且它正在工作 - 我可以在管理面板中从外部数据库搜索用户或登录到 keycloak。
问题是,当我 运行 我的容器时,出现以下错误:
12:36:36,127 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "custom-user-storage-jpa.jar")]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.naming.context.java.jboss.datasources.ExternalPostgresDS"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.persistenceunit.\"custom-user-storage-jpa.jar#custom-user-storage-jpa\" is missing [jboss.naming.context.java.jboss.datasources.ExternalPostgresDS]",
"jboss.persistenceunit.\"custom-user-storage-jpa.jar#custom-user-storage-jpa\".__FIRST_PHASE__ is missing [jboss.naming.context.java.jboss.datasources.ExternalPostgresDS]"
]
所以我假设我的 jar 没有看到在 standalone.xml 中配置的数据源(名称为 ExternalPostgresDS)
我的自定义用户存储提供程序中有 persistance.xml,后来由 maven clean install 在 jar 中构建
<?xml version="1.0" encoding="UTF-8" ?>
<persistence version="2.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
<persistence-unit name="custom-user-storage-jpa">
<jta-data-source>java:jboss/datasources/ExternalPostgresDS</jta-data-source>
<properties>
<property name="hibernate.hbm2ddl.auto" value="none" />
<property name="hibernate.show_sql" value="false" />
<property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQL95Dialect" />
</properties>
</persistence-unit>
</persistence>
standalone.xml 中还有一个部分定义了数据源和驱动程序
<xa-datasource jndi-name="java:jboss/datasources/ExternalPostgresDS" pool-name="ExternalPostgresDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<xa-datasource-property name="ServerName">
address...
</xa-datasource-property>
<xa-datasource-property name="PortNumber">
5432
</xa-datasource-property>
<xa-datasource-property name="DatabaseName">
dbname...
</xa-datasource-property>
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
<driver>postgresql</driver>
<security>
<user-name>username...</user-name>
<password>password...</password>
</security>
<validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"/>
<exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"/>
</validation>
</xa-datasource>
<drivers>
<driver name="postgresql" module="org.postgresql">
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
</driver>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
最后有一个 Dockerfile,它应该根据我的需要自定义官方 keycloak 图像:
FROM jboss/keycloak:11.0.2
ENV DB_VENDOR postgres
ENV DB_ADDR addr..
ENV DB_DATABASE dbname...
ENV DB_USER user...
ENV DB_PASSWORD password...
ENV PROXY_ADDRESS_FORWARDING true
ENV KEYCLOAK_USER admin
ENV KEYCLOAK_PASSWORD password
COPY ./_resources/standalone.xml /opt/jboss/keycloak/standalone/configuration/standalone.xml
COPY ./_resources/custom-user-storage-jpa.jar /opt/jboss/keycloak/standalone/deployments/custom-user-storage-jpa.jar
COPY ./_resources/postgresql/main/module.xml /opt/jboss/keycloak/modules/system/layers/keycloak/org/postgresql/main/module.xml
COPY ./_resources/postgresql/main/postgresql-42.2.18.jar /opt/jboss/keycloak/modules/system/layers/keycloak/org/postgresql/main/postgresql-42.2.18.jar
ENV JAVA_OPTS -server -Xms2048m -Xmx6144m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
EXPOSE 8080
当然,我检查了复制的文件是否正确并位于 运行ning 容器中,启动后一切正常,但没有我的自定义用户存储部署。
我错过了什么?
您的 standalone.xml
文件似乎未被读取,jboss 尝试使用默认配置。
此处提到将默认文件名更新为 standalone-ha.xml
https://lists.jboss.org/pipermail/keycloak-dev/2018-October/011304.html.
更新映像构建命令为
COPY ./_resources/standalone.xml /opt/jboss/keycloak/standalone/configuration/standalone-ha.xml
应该有帮助