Keycloak and Docker
* Added Keycloak to the infrastructure yaml which uses a h2 not to complicate the installation. * Updated the docker-compose docs. * Move Cloud Flow image to the infrastructure yaml. Change-Id: I2a69ca91c1638e5fd070c77ca63c8d5586887231 Signed-off-by: Vitalii Solodilov <mcdkr@yandex.ru>
This commit is contained in:
parent
443cd6fc11
commit
214828ace2
@ -118,10 +118,49 @@ or PostgreSQL::
|
||||
-e RUN_TESTS=true mistral
|
||||
|
||||
|
||||
Keycloak integration
|
||||
--------------------
|
||||
|
||||
If you set AUTH_ENABLE to True value in the mistral.env file then Mistral will
|
||||
enable Keycloak integration by default. Keycloak will be deployed with
|
||||
mistral/mistral credentials. You should uncomment the volume line in the
|
||||
`infrastructure.yaml` for the CloudFlow.
|
||||
|
||||
Next step you login in the administrative console using the
|
||||
http://localhost:8080/auth/admin URL. Create a oauth client, you can
|
||||
specify only a name, for example mistral.
|
||||
|
||||
Specify valid redirect URL: http://localhost:8000/* and turn on the
|
||||
"Implicit Flow Enabled" in the your client page. Save your changes.
|
||||
|
||||
Add the following line to your /etc/hosts file::
|
||||
|
||||
127.0.0.1 keycloak
|
||||
|
||||
Export the following environments variable for mistral cli::
|
||||
|
||||
export MISTRAL_AUTH_TYPE=keycloak-oidc
|
||||
export OS_AUTH_URL=http://keycloak:8080/auth
|
||||
export OS_TENANT_NAME=master
|
||||
export OS_USERNAME=mistral
|
||||
export OS_PASSWORD=mistral
|
||||
export OS_MISTRAL_URL=http://localhost:8989/v2
|
||||
export OPENID_CLIENT_ID=mistral
|
||||
export OPENID_CLIENT_SECRET=
|
||||
export MISTRALCLIENT_INSECURE=True
|
||||
|
||||
Check your configuration::
|
||||
|
||||
mistral workflow-list
|
||||
|
||||
Or open a cloud flow page in a browser::
|
||||
|
||||
http://localhost:8000
|
||||
|
||||
|
||||
Using Mistral Client
|
||||
--------------------
|
||||
|
||||
The Mistral API will be accessible from the host machine on the default
|
||||
port 8989. Install `python-mistralclient` on the host machine to
|
||||
execute mistral commands.
|
||||
|
||||
execute mistral commands.
|
@ -36,7 +36,10 @@ ENV MISTRAL_DIR="/opt/stack/mistral" \
|
||||
RUN_TESTS="false" \
|
||||
DEBIAN_FRONTEND="noninteractive" \
|
||||
MISTRAL_SERVER="all" \
|
||||
LOG_DEBUG="false"
|
||||
LOG_DEBUG="false" \
|
||||
AUTH_URL="http://keycloak:8080/auth" \
|
||||
AUTH_ENABLE="false" \
|
||||
AUTH_TYPE="keycloak-oidc"
|
||||
|
||||
# We install dependencies separatly for a caching purpose
|
||||
COPY requirements.txt "${MISTRAL_DIR}/"
|
||||
|
8
tools/docker/docker-compose/auth.json
Normal file
8
tools/docker/docker-compose/auth.json
Normal file
@ -0,0 +1,8 @@
|
||||
{
|
||||
"_type": "openid-connect",
|
||||
"issuer": "http://keycloak:8080/auth/realms/master",
|
||||
"loginUrl": "http://keycloak:8080/auth/realms/master/protocol/openid-connect/auth",
|
||||
"logoutUrl": "http://keycloak:8080/auth/realms/master/protocol/openid-connect/logout",
|
||||
"requireHttps": false,
|
||||
"clientId": "mistral"
|
||||
}
|
@ -43,6 +43,30 @@ services:
|
||||
- MYSQL_USER=mistral
|
||||
- MYSQL_PASSWORD=mistral
|
||||
|
||||
keycloak:
|
||||
image: jboss/keycloak:4.1.0.Final
|
||||
ports:
|
||||
- "8080:8080"
|
||||
networks:
|
||||
- identity-provider
|
||||
environment:
|
||||
DB_VENDOR: h2
|
||||
KEYCLOAK_USER: mistral
|
||||
KEYCLOAK_PASSWORD: mistral
|
||||
|
||||
cloud-flow:
|
||||
image: mcdoker18/cloud-flow:0.5.0
|
||||
restart: always
|
||||
networks:
|
||||
- cloud-flow
|
||||
ports:
|
||||
- "8000:8000"
|
||||
# TODO: make a Keycloak environment variables for CloudFlow
|
||||
# volumes:
|
||||
# - "./auth.json:/opt/CloudFlow/dist/assets/auth.json"
|
||||
environment:
|
||||
- CF_MISTRAL_URL=http://mistral:8989
|
||||
|
||||
volumes:
|
||||
postgresql:
|
||||
rabbitmq:
|
||||
@ -50,4 +74,6 @@ volumes:
|
||||
|
||||
networks:
|
||||
database:
|
||||
message-broker:
|
||||
message-broker:
|
||||
identity-provider:
|
||||
cloud-flow:
|
@ -10,9 +10,12 @@ services:
|
||||
ports:
|
||||
- "8989:8989"
|
||||
networks:
|
||||
- database
|
||||
- message-broker
|
||||
- mistral
|
||||
database:
|
||||
message-broker:
|
||||
identity-provider:
|
||||
cloud-flow:
|
||||
aliases:
|
||||
- mistral
|
||||
env_file:
|
||||
- mistral.env
|
||||
# volumes:
|
||||
@ -30,6 +33,7 @@ services:
|
||||
restart: always
|
||||
networks:
|
||||
- database
|
||||
- identity-provider
|
||||
- message-broker
|
||||
env_file:
|
||||
- mistral.env
|
||||
@ -47,6 +51,7 @@ services:
|
||||
restart: always
|
||||
networks:
|
||||
- message-broker
|
||||
- identity-provider
|
||||
env_file:
|
||||
- mistral.env
|
||||
# volumes:
|
||||
@ -64,6 +69,7 @@ services:
|
||||
networks:
|
||||
- database
|
||||
- message-broker
|
||||
- identity-provider
|
||||
env_file:
|
||||
- mistral.env
|
||||
# volumes:
|
||||
@ -81,26 +87,10 @@ services:
|
||||
networks:
|
||||
- database
|
||||
- message-broker
|
||||
- identity-provider
|
||||
env_file:
|
||||
- mistral.env
|
||||
# volumes:
|
||||
# - "/path/to/mistral.conf:/etc/mistral/mistral.conf"
|
||||
environment:
|
||||
- MISTRAL_SERVER=notifier
|
||||
|
||||
cloud-flow:
|
||||
image: mcdoker18/cloud-flow:0.5.0
|
||||
restart: always
|
||||
networks:
|
||||
- mistral
|
||||
ports:
|
||||
- "8000:8000"
|
||||
networks:
|
||||
- mistral
|
||||
environment:
|
||||
- CF_MISTRAL_URL=http://mistral-api:8989
|
||||
|
||||
networks:
|
||||
database:
|
||||
message-broker:
|
||||
mistral:
|
@ -12,28 +12,11 @@ services:
|
||||
networks:
|
||||
- database
|
||||
- message-broker
|
||||
- mistral
|
||||
- identity-provider
|
||||
- cloud-flow
|
||||
env_file:
|
||||
- mistral.env
|
||||
# volumes:
|
||||
# - "/path/to/mistral.conf:/etc/mistral/mistral.conf"
|
||||
environment:
|
||||
- UPGRADE_DB=true
|
||||
|
||||
cloud-flow:
|
||||
image: mcdoker18/cloud-flow:0.5.0
|
||||
restart: always
|
||||
networks:
|
||||
- mistral
|
||||
ports:
|
||||
- "8000:8000"
|
||||
networks:
|
||||
- mistral
|
||||
environment:
|
||||
- CF_MISTRAL_URL=http://mistral:8989
|
||||
|
||||
|
||||
networks:
|
||||
database:
|
||||
message-broker:
|
||||
mistral:
|
||||
- UPGRADE_DB=true
|
@ -1,3 +1,4 @@
|
||||
MESSAGE_BROKER_URL=rabbit://mistral:mistral@rabbitmq:5672/mistral
|
||||
#DATABASE_URL=postgresql+psycopg2://mistral:mistral@postgresql:5432/mistral
|
||||
DATABASE_URL=mysql+pymysql://mistral:mistral@mysql:3306/mistral
|
||||
DATABASE_URL=mysql+pymysql://mistral:mistral@mysql:3306/mistral
|
||||
AUTH_ENABLE=false
|
@ -10,7 +10,12 @@ if [ ! -f ${CONFIG_FILE} ]; then
|
||||
|
||||
${INI_SET} DEFAULT js_implementation py_mini_racer
|
||||
${INI_SET} oslo_policy policy_file "${MISTRAL_DIR}/etc/policy.json"
|
||||
${INI_SET} pecan auth_enable false
|
||||
|
||||
${INI_SET} DEFAULT auth_type ${AUTH_TYPE}
|
||||
${INI_SET} pecan auth_enable ${AUTH_ENABLE}
|
||||
${INI_SET} keycloak_oidc auth_url ${AUTH_URL}
|
||||
${INI_SET} keycloak_oidc insecure true
|
||||
|
||||
${INI_SET} DEFAULT transport_url "${MESSAGE_BROKER_URL}"
|
||||
${INI_SET} database connection "${DATABASE_URL}"
|
||||
${INI_SET} DEFAULT debug "${LOG_DEBUG}"
|
||||
|
Loading…
Reference in New Issue
Block a user