在new-app命令的openshift中构buildkeycloak docker hub映像
我试图在openshift 3.6中部署Keycloak图像Keycloak HA Postgres 。 作为先决条件,我不得不说我不能在我的本地机器上运行docker,所以我必须从oc new-app命令创build映像。
当我尝试打电话
oc new-app jboss/keycloak-ha-postgres 然后图像下载,但我有服务器启动时出现错误:
Cannot start embedded server: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE": java.lang.reflect.InvocationTargetException: /opt/jboss/keycloak/standalone/log/server.log (Permission denied) Cannot start embedded server: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE": java.lang.reflect.InvocationTargetException: /opt/jboss/keycloak/standalone/log/server.log (Permission denied)
还有哪些环境variables(名称)我必须build立连接到我的postgres?
所以最后我可以找出问题所在。 在命令的帮助下:
oc status -v
我看到以下错误/警告:
Current security policy prevents your containers from being run as the root user. Some images may fail expecting to be able to change ownership or permissions on directories. Your admin can grant you access to run containers that need to run as the root user with this command: oadm policy add-scc-to-user anyuid -n keycloak-test -z keycloak
所以我添加了一个服务帐户用户:
oc create sa keycloak
并联系我的系统pipe理员,必须授予keycloak serviceAccount用户的权限。
至less我必须添加到deploymentConfig serviceAccount
spec: .... template: ..... spec: containers: ...... serviceAccount: keycloak serviceAccountName: keycloak
就这样。
我为他们添加了一些提示,在开始时必须添加新的adminUser。 您必须添加两个环境variablesKEYCLOAK_USER和KEYCLOAK_PASSWORD 。 我设置的其他envvariables是: POSTGRES_PORT_5432_TCP_ADDR , POSTGRES_PASSWORD , POSTGRES_USER和POSTGRES_DATABASE 。