Develop Reference

How to enable features, like token-exchange, in keycloak from command line

I tried to implement user impersonation with Keycloak but I got this error
"error": "Feature not enabled"
This image shows what I ran in Postman and the error:
To start keycloak I ran Docker, on Windows 10 and then this command:
docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e DB_VENDOR=H2 jboss/keycloak
so I use jBoss docker image, from RedHat.
So I wanted to enable that missing feature in keycloak, but from keycloak documentation I can't understand where to run this specific command:
For example, to enable docker and token-exchange, enter this command:
bin/kc.[sh|bat] build --features=docker,token-exchange
to have, for example, this token-exchange feature available in keycloak.
I tried to find into jBoss this kc file to run that command but I didn't find it. I found first the jBoss image:
docker exec 42f1c5c8bf55 it bash
then I enter on jboss
sh-4.4$ cd /opt/jboss
sh-4.4$ find . -name "kc.sh"
find: ‘./proc/tty/driver’: Permission denied
find: ‘./var/cache/ldconfig’: Permission denied
find: ‘./lost+found’: Permission denied
sh-4.4$ find . -name "kc.*"
find: ‘./proc/tty/driver’: Permission denied
find: ‘./var/cache/ldconfig’: Permission denied
find: ‘./lost+found’: Permission denied
I searched a lot and I tried different solutions, but non of them worked.
Anyone please give me a little help or at least an ideea how to implement a new feature, like token-exchange or access_token, inside keycloak.

You can use the KC_ prefixed environment variables in your Docker container. For example, to enable features:
docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e KC_FEATURES=token-exchange -e DB_VENDOR=H2 jboss/keycloak
Note that the jboss/keycloak image is not the current official Keycloak image anymore. You probably want to migrate to the quay.io/keycloak/keycloak images (see the Keycloak Docker docs).

You can enable features using env var JAVA_OPTS_APPEND environment variable
for example to enable Ability for admins to impersonate users just start the container like this:
docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e DB_VENDOR=H2 -e JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.impersonation=enabled" jboss/keycloak

How to set "xpack.security.enrollment.enabled" to "true for elasticsearch in Docker

This is how I start elasticsearch with Kibana in "Docker for Windows":
docker network create --driver bridge elastic
docker run -p 127.0.0.1:9200:9200 -p 127.0.0.1:9300:9300 --name elasticsearch -v elasticsearch-data:/usr/share/elasticsearch/data -e "discovery.type=single-node" -e ELASTIC_USER=Andreas -e ELASTIC_PASSWORD=Hirsebrei docker.elastic.co/elasticsearch/elasticsearch:8.5.2
docker run --name kib-01 -p 5601:5601 docker.elastic.co/kibana/kibana:8.5.3
This all runs fine and I can open the Kibana pagein the browser which requests an enrollment token.
I use the following from a command line to generate the enrollment token:
docker exec -it elasticsearch /bin/sh
then in the shell I do this:
cd /usr/share/elasticsearch/bin/
./elasticsearch-create-enrollment-token --scope kibana
which results in the following error message:
ERROR: [xpack.security.enrollment.enabled] must be set to `true` to create an enrollment token
Now I am lost.
Can someone please help me out and explain to me how to set [xpack.security.enrollment.enabled] to true?

Why can't my my modified copy of the docker elasticsearch be accessed from a browser?

I am attempting to run a customized image based on the official Elasticsearch image from Docker. However, when I try to access it through localhost:9200, it does not work.
I created a custom-elasticsearch.yml file with host set to 127.0.0.1 (localhost), then build an elasticsearch-custom image and ran it. Steps can be found in the link below.
https://www.elastic.co/guide/en/elasticsearch/reference/6.4/docker.html
When I try to access the elasticsearch through a browser at localhost:9200, it fails to connect. How do I repair this?
Code in Dockerfile for elasticsearch-custom
FROM docker.elastic.co/elasticsearch/elasticsearch:6.4.3
COPY --chown=elasticsearch:elasticsearch elasticsearch.yml /usr/share/elasticsearch/config/
Building the custom docker
docker build --tag=elasticsearch-custom .
Method to run elasticsearch-custom
docker run -d -ti -v /usr/share/elasticsearch/data -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch-custom
When I type localhost:9200 into the browser, I expect it to return the data from the elasticsearch.
But instead the browser says it is unable to connect.

You need to add the following parameter to Docker run command, so your container and the host os will share the same network interface. Then you should be able to access Docker container with localhost:9200
--network=host
The final run command should be like this;
docker run -d -ti -v /usr/share/elasticsearch/data --network=host -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch-custom

ElasticSearch with Docker - Enable Anonymous Access

For local development, I want to run an ElasticSearch (5.5.2) container using Docker, but I don't want to have to deal with authentication.
I have read https://www.elastic.co/guide/en/x-pack/5.5/anonymous-access.html, and it seems that the container comes with X-Pack which adds security (requiring a username and password).
Previously I have been running:
docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" --name es docker.elastic.co/elasticsearch/elasticsearch:5.5.
How can I allow anonymous access?

Add the environmental variable xpack.security.enabled=false to the docker run command.
Complete command:
docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e "xpack.security.enabled=false" --name es docker.elastic.co/elasticsearch/elasticsearch:5.5.2
Reference: https://discuss.elastic.co/t/how-do-i-disable-x-pack-security-on-the-elasticsearch-5-2-2-docker-image/78183/4

pact-broker docker image is not running after restarting docker machine

I am using Postgres image and past broker image in my docker machine for setting up pact broker.
here are 4 steps that have mentioned :
1.$ docker run --name pactbroker-db -e POSTGRES_PASSWORD=ThePostgresPassword -e POSTGRES_USER=admin -e PGDATA=/var/lib/postgresql/data/pgdata -v /var/lib/postgresql/data:/var/lib/postgresql/data -d postgres
2.$ docker run -it --link pactbroker-db:postgres --rm postgres sh -c 'exec psql -h "$POSTGRES_PORT_5432_TCP_ADDR" -p "$POSTGRES_PORT_5432_TCP_PORT" -U admin'
3.
CREATE USER pactbrokeruser WITH PASSWORD 'TheUserPassword';
CREATE DATABASE pactbroker WITH OWNER pactbrokeruser;
GRANT ALL PRIVILEGES ON DATABASE pactbroker TO pactbrokeruser;
4. docker run --name pactbroker --link pactbroker-db:postgres -e PACT_BROKER_DATABASE_USERNAME=pactbrokeruser -e PACT_BROKER_DATABASE_PASSWORD=TheUserPassword -e PACT_BROKER_DATABASE_HOST=postgres -e PACT_BROKER_DATABASE_NAME=pactbroker -d -p 80:80 dius/pact_broker
after running this 4 command when I am opening Hal browser in my local system it is working pretty fine. Now I am stopping 2 docker containers pactbroker-db and pactbroker and stopping docker machine.
After sometime I am restarting docker machine and starting the containers by
$docker start pactbroker-db and $docker start pactbroker .
containers are getting started but when opening HAL browser I am getting the error "We're sorry, but something went wrong." screenshot attached.
Is there something wrong when I am starting the docker 2nd time?enter image description here

This has been resolved by using container given in https://github.com/DiUS/pact_broker-docker and using proper environment variables in docker-compose.yml of this project.