使用 Docker 时 Keycloak SPI 提供程序和层未加载
Keycloak SPI Providers and layers not loading when using Docker
我正在尝试使用一些自定义的东西设置一个 docker 图像,例如 logback 扩展,所以我有一些 CLI 脚本,比如这个:
/subsystem=logging: remove()
/extension=org.jboss.as.logging: remove()
/extension=com.custom.logback: add()
/subsystem=com.custom.logback: add()
我还有 CLI 脚本来配置数据源池、主题、在 keycloak-server 子系统上添加一些 SPI 等。我将这些脚本放在 /opt/jboss/startup-scripts 目录中。但是,当我创建容器时,事情并不顺利。脚本未按预期加载,keycloak 启动时出现错误,未加载提供程序,例如领域使用的密码策略。
当我使用独立的 Keycloak 时,所有 SPI 提供程序都可以正常加载,如下所示:
2019-07-25 18:27:07.906 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-password-policy (com.custom.login.password.PasswordSecurityPolicyFactory) is implementing the internal SPI password-policy. This SPI is internal and may change without notice
2019-07-25 18:27:07.909 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-event (com.custom.event.KeycloakServerEventListenerProviderFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice
2019-07-25 18:27:08.026 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-mailer (com.custom.mail.MessageSenderProviderFactory) is implementing the internal SPI emailSender. This SPI is internal and may change without notice
2019-07-25 18:27:08.123 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-user-domain-verification (com.custom.login.domain.UserDomainVerificationFactory) is implementing the internal SPI authenticator. This SPI is internal and may change without notice
2019-07-25 18:27:08.123 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-recaptcha-username-password (com.custom.login.domain.RecaptchaAuthenticatorFactory) is implementing the internal SPI authenticator. This SPI is internal and may change without notice
如果我使用与 Docker 相同的包,使用 jboss/keycloak:6.0.1 作为图像基础,提供程序不会加载。我正在使用模块,添加到 $JBOSS_HOME/modules 文件夹并像下面的脚本一样配置:
/subsystem=keycloak-server/: write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*,module:com.custom.custom-keycloak-server])
/subsystem=keycloak-server/theme=defaults/: write-attribute(name=welcomeTheme,value=custom)
/subsystem=keycloak-server/theme=defaults/: write-attribute(name=modules,value=[com.custom.custom-keycloak-server])
/subsystem=keycloak-server/spi=emailSender/: add(default-provider=custom-mailer)
当我在容器内执行脚本时,一切正常。
我尝试过使用 volume 来映射 jar 包与提供者并在构建自定义图像时复制 jar,但是 none 这些方法都有效。
我正在使用 jboss:keycloak:6.0.1 docker 图像和 Keycloak 6.0.1 独立,层和模块放在相同的目录中。
我做错了什么?将 SPI 提供程序与 Docker 一起使用的技巧是什么,或者图像不是为生产或此类需求而设计的?
https://hub.docker.com/r/jboss/keycloak/:
To add a custom provider extend the Keycloak image and add the provider to the /opt/jboss/keycloak/standalone/deployments/ directory.
您是否为您的自定义提供商使用了 /opt/jboss/keycloak/standalone/deployments/ 的音量?
好的,我找到了为什么会这样
它来自opt/jboss/tools/docker-entrypoint.sh
#################
# Configuration #
#################
# If the server configuration parameter is not present, append the HA profile.
if echo "$@" | egrep -v -- '-c |-c=|--server-config |--server-config='; then
SYS_PROPS+=" -c=standalone-ha.xml"
fi
它将以集群方式启动 keycloak,因为我认为他们考虑了 standalone as not safe for production
Standalone operating mode is only useful when you want to run one, and
only one Keycloak server instance. It is not usable for clustered
deployments and all caches are non-distributed and local-only. It is
not recommended that you use standalone mode in production as you will
have a single point of failure. If your standalone mode server goes
down, users will not be able to log in. This mode is really only
useful to test drive and play with the features of Keycloak
Blockquote
要保留 'standalone mode',覆盖图像以添加 属性 -c standalone.xml 作为参数:
CMD ["-b", "0.0.0.0", "-c", "standalone.xml"]
我正在尝试使用一些自定义的东西设置一个 docker 图像,例如 logback 扩展,所以我有一些 CLI 脚本,比如这个:
/subsystem=logging: remove()
/extension=org.jboss.as.logging: remove()
/extension=com.custom.logback: add()
/subsystem=com.custom.logback: add()
我还有 CLI 脚本来配置数据源池、主题、在 keycloak-server 子系统上添加一些 SPI 等。我将这些脚本放在 /opt/jboss/startup-scripts 目录中。但是,当我创建容器时,事情并不顺利。脚本未按预期加载,keycloak 启动时出现错误,未加载提供程序,例如领域使用的密码策略。
当我使用独立的 Keycloak 时,所有 SPI 提供程序都可以正常加载,如下所示:
2019-07-25 18:27:07.906 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-password-policy (com.custom.login.password.PasswordSecurityPolicyFactory) is implementing the internal SPI password-policy. This SPI is internal and may change without notice
2019-07-25 18:27:07.909 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-event (com.custom.event.KeycloakServerEventListenerProviderFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice
2019-07-25 18:27:08.026 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-mailer (com.custom.mail.MessageSenderProviderFactory) is implementing the internal SPI emailSender. This SPI is internal and may change without notice
2019-07-25 18:27:08.123 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-user-domain-verification (com.custom.login.domain.UserDomainVerificationFactory) is implementing the internal SPI authenticator. This SPI is internal and may change without notice
2019-07-25 18:27:08.123 WARN [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-recaptcha-username-password (com.custom.login.domain.RecaptchaAuthenticatorFactory) is implementing the internal SPI authenticator. This SPI is internal and may change without notice
如果我使用与 Docker 相同的包,使用 jboss/keycloak:6.0.1 作为图像基础,提供程序不会加载。我正在使用模块,添加到 $JBOSS_HOME/modules 文件夹并像下面的脚本一样配置:
/subsystem=keycloak-server/: write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*,module:com.custom.custom-keycloak-server])
/subsystem=keycloak-server/theme=defaults/: write-attribute(name=welcomeTheme,value=custom)
/subsystem=keycloak-server/theme=defaults/: write-attribute(name=modules,value=[com.custom.custom-keycloak-server])
/subsystem=keycloak-server/spi=emailSender/: add(default-provider=custom-mailer)
当我在容器内执行脚本时,一切正常。
我尝试过使用 volume 来映射 jar 包与提供者并在构建自定义图像时复制 jar,但是 none 这些方法都有效。
我正在使用 jboss:keycloak:6.0.1 docker 图像和 Keycloak 6.0.1 独立,层和模块放在相同的目录中。
我做错了什么?将 SPI 提供程序与 Docker 一起使用的技巧是什么,或者图像不是为生产或此类需求而设计的?
https://hub.docker.com/r/jboss/keycloak/:
To add a custom provider extend the Keycloak image and add the provider to the /opt/jboss/keycloak/standalone/deployments/ directory.
您是否为您的自定义提供商使用了 /opt/jboss/keycloak/standalone/deployments/ 的音量?
好的,我找到了为什么会这样
它来自opt/jboss/tools/docker-entrypoint.sh
#################
# Configuration #
#################
# If the server configuration parameter is not present, append the HA profile.
if echo "$@" | egrep -v -- '-c |-c=|--server-config |--server-config='; then
SYS_PROPS+=" -c=standalone-ha.xml"
fi
它将以集群方式启动 keycloak,因为我认为他们考虑了 standalone as not safe for production
Standalone operating mode is only useful when you want to run one, and only one Keycloak server instance. It is not usable for clustered deployments and all caches are non-distributed and local-only. It is not recommended that you use standalone mode in production as you will have a single point of failure. If your standalone mode server goes down, users will not be able to log in. This mode is really only useful to test drive and play with the features of Keycloak Blockquote
要保留 'standalone mode',覆盖图像以添加 属性 -c standalone.xml 作为参数:
CMD ["-b", "0.0.0.0", "-c", "standalone.xml"]