Enable fine grained on keycloak with docker - docker

I have set up keycloak using docker, my problem is that I need to do some modifications on the clients that need the fine grained to be enabled. I have read the documentation and i know I should use the parameter -Dkeycloak.profile=preview or -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled. My problem is that I tried to use that on my docker execution command, but with no luck
docker run --rm \
--name keycloak \
-p 80:8080 \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=[adminPass] \
-e PROXY_ADDRESS_FORWARDING=true \
-e DB_VENDOR=MYSQL \
-e DB_ADDR=[SQL_Server] \
-e DB_DATABASE=keycloak \
-e DB_USER=[DBUSER] \
-e DB_PASSWORD=[DB_PASS] \
-e JDBC_PARAMS=useSSL=false \
-e -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled \
jboss/keycloak
any help?

It is documented in the Docker image readme https://hub.docker.com/r/jboss/keycloak
Additional server startup options (extension of JAVA_OPTS) can be configured using the JAVA_OPTS_APPEND environment variable.
So in your case:
-e JAVA_OPTS_APPEND="-Dkeycloak.profile=preview"

Guess you might need to pass the environment variables to the JVM when starting the Wildfly containing the Keycloak WAR. There is a runner shell script that starts when launching the container. You need to add your environment variables to that call.

Related

How to configure the env vars , net name, exposed port and volumns when running a docker container in go sdk

I'm trying to use the go SDK to run a docker container. In CLI, the docker can be run by
docker run -d \
-e myvar1=myval1 \
-e myvar2=myval2 \
--name=myname \
--hostname=myhost \
--net=mynet \
-p 12345:12345 -p 8080:8080 \
-v "my/path/to/data1" \
-v "my/second-path/to/data2" \
mydocker/image_name:latest command1 \
command2 \
command3
I wonder how to find the go SDK equivalent for this cli command. I referred to this post but I'm still confused about the setting for env vars, network, columns and also multiple exposed ports.
You have a more complete example with interiorem/stout/isolate/docker/container.go##newContainer() which does set env map[string]string in the old docker/engine-api container.Config structure.
These days, you would use moby/moby/api/types/container/config.go.
But in both cases (old and new dependencies), you set environment variables by initializing a Config struct with a map of "environment name"/"environment value" in the Env field.

How to deploy neoload in docker

Please does anyone know how to deploy neoload on Docker. I have looked at the neoload package on docker hub but it doesn't seem to make much sense. I want to use it for performance testing. the link is https://hub.docker.com/r/neotys/neoload-controller/
As explained in the documentation, there are 2 ways to deploy your neoload controller on docker:
Managed: this mode only works with a neoload web.
Standalone: basically when you run your neoload container, you give it some parameters like the neoload project, the number of virtual users etc... The test is launched at the start of the container.
From the docker hub documentation:
docker run -d --rm \
-e PROJECT_NAME={project-name} \
-e SCENARIO={scenario} \
-e NTS_URL={nts-url} \
-e NTS_LOGIN={login:password} \
-e COLLAB_URL={collab-url} \
-e LICENSE_ID={license-id} \
-e VU_MAX={vu-max} \
-e DURATION_MAX={duration-max} \
-e NEOLOADWEB_URL={nlweb-onpremise-apiurl:port} \
-e NEOLOADWEB_TOKEN={nlweb-token} \
-e PUBLISH_RESULT={publish-result} \
neotys/neoload-controller
You either have to pull the license from a Neoload Web or a NTS server.
I will need more informations about your problem to help you.
Regards

Azure DevOps agent in Docker: add custom capabilities

I run Azure DevOps agents in Docker as per guide on DockerHub:
docker run -d -e VSTS_ACCOUNT='kagarlickij' \
-e VSTS_POOL='Self-Hosted-Containers' \
-e VSTS_TOKEN='a***q' \
mcr.microsoft.com/azure-pipelines/vsts-agent:ubuntu-16.04-docker-18.06.1-ce
I'd like to automatically add custom capabilities to agent, how is it possible?
When you create an agent, add the capability in the command. For example: docker run -d -e VSTS_ACCOUNT={account} -e VSTS_POOL={pool} -e VSTS_AGENT={agent} -e VSTS_TOKEN={token} -e myvar=test -it mcr.microsoft.com/azure-pipelines/vsts-agent:ubuntu-16.04-docker-18.06.1-ce. I've tested on my side, I can see myvar shows in the capabilities.

How to start a custom RQ worker within a Docker Container (Python, Flask and Redis)

I followed the excellent Flask Mega Tutorial by Miguel Grinberg and have successfully setup a Flask web app with a Redis task queue and RQ workers, all in Docker containers.
To improve task queue performance, I now need to use my own custom worker, rather than the default RQ worker.
Unfortunately, I'm struggling to understand how I start a custom worker within docker.
To start a default RQ worker, the Flask Mega Tutorial uses the method of overriding the Docker entrypoint with "venv/bin/rq" and then supplying the argument "worker -u redis://redis-server:6379/0 microblog-tasks".
The executable name is supplied with the --entrypoint flag, whilst the command arguments are passed at the very end, after the name of the container image.
Here is the full command - only the last two lines are relevant to this question.
$ docker run --name rq-worker -d --rm -e SECRET_KEY=my-secret-key \
-e MAIL_SERVER=smtp.googlemail.com -e MAIL_PORT=587 -e MAIL_USE_TLS=true \
-e MAIL_USERNAME=<your-gmail-username> -e MAIL_PASSWORD=<your-gmail-password> \
--link mysql:dbserver --link redis:redis-server \
-e DATABASE_URL=mysql+pymysql://microblog:<database-password>#dbserver/microblog \
-e REDIS_URL=redis://redis-server:6379/0 \
--entrypoint venv/bin/rq \
microblog:latest worker -u redis://redis-server:6379/0 microblog-tasks
I have my own custom worker with the following code, taken directly from the RQ documentation:
#!/usr/bin/env python
import sys
from rq import Connection, Worker
# Preload libraries
import library_that_you_want_preloaded
# Provide queue names to listen to as arguments to this script,
# similar to rq worker
with Connection():
qs = sys.argv[1:] or ['default']
w = Worker(qs)
w.work()
Given that my custom worker is located within the Docker container at "home/dashboard/app/custom_worker.py", which commands do I need to supply upon starting the Docker container to create an RQ worker using my customised worker script? So far I have tried the following:
$ docker run --name rq-worker -d --rm -e SECRET_KEY=my-secret-key \
-e MAIL_SERVER=smtp.googlemail.com -e MAIL_PORT=587 -e MAIL_USE_TLS=true \
-e MAIL_USERNAME=<your-gmail-username> -e MAIL_PASSWORD=<your-gmail-password> \
--link mysql:dbserver --link redis:redis-server \
-e DATABASE_URL=mysql+pymysql://microblog:<database-password>#dbserver/microblog \
-e REDIS_URL=redis://redis-server:6379/0 \
--entrypoint venv/bin/rq \
microblog:latest /home/dashboard/app/custom_worker.py -u redis://redis-server:6379/0 microblog-tasks
and also...
$ docker run --name rq-worker -d --rm -e SECRET_KEY=my-secret-key \
-e MAIL_SERVER=smtp.googlemail.com -e MAIL_PORT=587 -e MAIL_USE_TLS=true \
-e MAIL_USERNAME=<your-gmail-username> -e MAIL_PASSWORD=<your-gmail-password> \
--link mysql:dbserver --link redis:redis-server \
-e DATABASE_URL=mysql+pymysql://microblog:<database-password>#dbserver/microblog \
-e REDIS_URL=redis://redis-server:6379/0 \
--entrypoint /home/dashboard/app \
microblog:latest custom_worker -u redis://redis-server:6379/0 microblog-tasks
Any help would be greatly appreciated. There are a lot of posts online about creating a custom RQ worker, but I've not found much detail on how you practically use your custom worker in deployment.
Thank you kindly,
Robin
In the docs its possible with below command:
/usr/local/bin/rq worker -w custom_worker.py --path path/to/sourcecode
See more options with /usr/local/bin/rq worker --help
Docs:
https://python-rq.org/docs/workers/#custom-worker-classes

Launching a InfluxDB container in docker with a default database name

I'm running the following command to launch a InfluxDB container. This should create a new databse with the name defaultdb.
docker run -p 8086:8086 \
-e INFLUXDB_DB=defaultdb -e INFLUXDB_ADMIN_ENABLED=true \
-e INFLUXDB_ADMIN_USER=admin -e INFLUXDB_ADMIN_PASSWORD=adminpass \
-e INFLUXDB_USER=user -e INFLUXDB_USER_PASSWORD=userpass \
-v influxdb:/var/lib/influxdb \
influxdb:latest
But it doesnt create the default databse defaultdb. It creates the databse db0 instead of defaultdb. What I'm doing wrong?
https://hub.docker.com/_/influxdb/
Thanks in advance.
The problem is probably comming from the volume.
-v influxdb:/var/lib/influxdb
In particular, if you have previously created a database using the same command but without specifying the INFLUXDB_DB=defaultdb, this old database is overriding the container data via the old volume.
To solve the issue, remove the old volume and rerun the command:
docker volume rm influxdb
The issue was due to the INFLUXDB_ADMIN_ENABLED=true line.
The documentation states:
The administrator interface is deprecated as of 1.1.0 and will be
removed in 1.3.0.
I was using the latest version which is (currently) the 1.4 so it seems that there was a problem with that deprecated INFLUXDB_ADMIN_ENABLED variable.
Removing that line, everything worked perfectly.
docker run -p 8086:8086 \
-e INFLUXDB_DB=defaultdb \
-e INFLUXDB_ADMIN_USER=admin \
-e INFLUXDB_ADMIN_PASSWORD=adminpass \
-e INFLUXDB_USER=user \
-e INFLUXDB_USER_PASSWORD=userpass \
-v influxdb:/var/lib/influxdb \
influxdb:latest

Resources