从new-app命令在openshift中构建keycloak docker hub映像

时间:2017-12-13 15:03:18

标签: postgresql docker openshift keycloak

我正在尝试在openshift 3.6中部署Keycloak图像Keycloak HA Postgres。作为前提我不得不说我不能在本地机器上运行docker,所以我必须从oc new-app命令创建映像。

当我试着打电话时

 oc new-app jboss/keycloak-ha-postgres

然后下载图像但我在服务器启动时出错:

Cannot start embedded server: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE": java.lang.reflect.InvocationTargetException: /opt/jboss/keycloak/standalone/log/server.log (Permission denied)
Cannot start embedded server: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE": java.lang.reflect.InvocationTargetException: /opt/jboss/keycloak/standalone/log/server.log (Permission denied)

还有哪些环境变量(名称)我必须设置连接到我的postgres?

1 个答案:

答案 0 :(得分:0)

所以最后我可以弄清问题是什么。在命令的帮助下:

oc status -v

我看到以下错误/警告:

Current security policy prevents your containers from being run as the root user. Some images
may fail expecting to be able to change ownership or permissions on directories. Your admin
can grant you access to run containers that need to run as the root user with this command:

oadm policy add-scc-to-user anyuid -n keycloak-test -z keycloak

所以我添加了一个服务帐户用户:

oc create sa keycloak

并联系我的系统管理员,该管理员必须向keycloak serviceAccount用户授予权限。

至少我不得不在deploymentConfig中添加serviceAccount

spec:
   ....
   template:
   .....
   spec:
       containers:
       ......
       serviceAccount: keycloak
       serviceAccountName: keycloak

这就是全部。

我为他们添加了一些提示,必须在开头添加新的adminUser。 您必须添加两个环境变量 KEYCLOAK_USER KEYCLOAK_PASSWORD 。 我设置的其他env变量是: POSTGRES_PORT_5432_TCP_ADDR POSTGRES_PASSWORD POSTGRES_USER POSTGRES_DATABASE