问题
I'm trying to deploy the Keycloak image Keycloak HA Postgres in openshift 3.6. As precondition I have to say I can't run docker on my local machine, so I have to create the image from oc new-app command.
When I try to call
oc new-app jboss/keycloak-ha-postgres
then the image is downloaded but I have errors when the server starts:
Cannot start embedded server: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE": java.lang.reflect.InvocationTargetException: /opt/jboss/keycloak/standalone/log/server.log (Permission denied)
Cannot start embedded server: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE": java.lang.reflect.InvocationTargetException: /opt/jboss/keycloak/standalone/log/server.log (Permission denied)
And also which environment variable (names) I have to set up for connecting to my postgres?
回答1:
So at the end I could figure out what the problem was. With the help of the command:
oc status -v
I saw the following error/warning:
Current security policy prevents your containers from being run as the root user. Some images
may fail expecting to be able to change ownership or permissions on directories. Your admin
can grant you access to run containers that need to run as the root user with this command:
oadm policy add-scc-to-user anyuid -n keycloak-test -z keycloak
So I added a service account user:
oc create sa keycloak
and contacted my System administrator that has to grant permissions to the keycloak serviceAccount user.
At least I had to to add to the deploymentConfig the serviceAccount
spec:
....
template:
.....
spec:
containers:
......
serviceAccount: keycloak
serviceAccountName: keycloak
So that's all.
I add a little hint for them that have to add the new adminUser at beginning. You have to add two environment variables KEYCLOAK_USER and KEYCLOAK_PASSWORD. The other env variables that I set were: POSTGRES_PORT_5432_TCP_ADDR, POSTGRES_PASSWORD, POSTGRES_USER and POSTGRES_DATABASE.
来源:https://stackoverflow.com/questions/47796208/build-keycloak-docker-hub-image-in-openshift-from-new-app-command