Home > Blockchain >  Communication between JHipster Registry and Keyloak from different containers
Communication between JHipster Registry and Keyloak from different containers

Time:04-15

I am trying to implement a simple microservice infrastructure Jhipster. When I create microservice and and gateway I selected Oauth2 as security. The projects are created. I started Keyclok using following keycloak.yml. It seems it is started successfully. Realms, clients and users are created

docker-compose -f src/main/docker/keycloak.yml up

 This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
  keycloak:
    image: jboss/keycloak:16.1.0
    command:
      [
        '-b',
        '0.0.0.0',
        '-Dkeycloak.migration.action=import',
        '-Dkeycloak.migration.provider=dir',
        '-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config',
        '-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
        '-Djboss.socket.binding.port-offset=1000',
        '-Dkeycloak.profile.feature.upload_scripts=enabled',
      ]
    volumes:
      - ./realm-config:/opt/jboss/keycloak/realm-config
    environment:
      - KEYCLOAK_USER=admin
      - KEYCLOAK_PASSWORD=admin
      - DB_VENDOR=h2
    # If you want to expose these ports outside your dev PC,
    # remove the "127.0.0.1:" prefix
    ports:
      - 127.0.0.1:9080:9080
      - 127.0.0.1:9443:9443
      - 127.0.0.1:10990:10990

Then I tried to run jhipster registry with following command.

docker-compose -f src/main/docker/jhipster-registry.yml up

jhipster-registry.yml

# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
  jhipster-registry:
    image: jhipster/jhipster-registry:v7.3.0
    volumes:
      - ./central-server-config:/central-config
    # When run with the "dev" Spring profile, the JHipster Registry will
    # read the config from the local filesystem (central-server-config directory)
    # When run with the "prod" Spring profile, it will read the configuration from a Git repository
    # See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config
    environment:
      - _JAVA_OPTIONS=-Xmx512m -Xms256m
      - SPRING_PROFILES_ACTIVE=dev,api-docs,oauth2
      - SPRING_SECURITY_USER_PASSWORD=admin
      - JHIPSTER_REGISTRY_PASSWORD=admin
      - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native
      - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS=file:./central-config/localhost-config/
      # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git
      # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI=https://github.com/jhipster/jhipster-registry/
      # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS=central-config
      # For keycloak to work, you need to add '127.0.0.1 keycloak' to your hosts file
      - SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=http://keycloak:9080/auth/realms/jhipster
      - SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID=jhipster-registry
      - SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET=jhipster-registry
    # If you want to expose these ports outside your dev PC,
    # remove the "127.0.0.1:" prefix
    ports:
      - 127.0.0.1:8761:8761

I added following lines to etc/hosts

127.0.0.1 keycloak

127.0.0.1 jhipster-registry

When I check jhipster registry log, there are some exceptions regarding to euroka.

 INFO 1 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient    : DiscoveryClient_JHIPSTER-REGISTRY/jhipsterReg
istry:8e0fa8188498e671983ba4002054c82d: registering service...
0416b4df1858_docker_jhipster-registry_1 | 2022-04-14 20:06:33.350  INFO 1 --- [nfoReplicator-0] c.n.d.s.t.d.RedirectingEurekaHttpClient  : Request execution error. endpoint=DefaultEndp
oint{ serviceUrl='http://admin:admin@localhost:8761/eureka/}, exception=java.net.ConnectException: Connection refused (Connection refused) stacktrace=com.sun.jersey.api.client.ClientHa
ndlerException: java.net.ConnectException: Connection refused (Connection refused)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:187)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.EurekaIdentityHeaderFilter.handle(EurekaIdentityHeaderFilter.java:27)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.Client.handle(Client.java:652)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.jersey.AbstractJerseyEurekaHttpClient.register(AbstractJerseyEurekaHttpClient.java:57)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.MetricsCollectingEurekaHttpClient.execute(MetricsCollectingEurekaHttpClient.java:73)

0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.executeOnNewServer(RedirectingEurekaHttpClient.java:121)

0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.execute(RedirectingEurekaHttpClient.java:80)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:120)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.SessionedEurekaHttpClient.execute(SessionedEurekaHttpClient.java:77)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.DiscoveryClient.register(DiscoveryClient.java:876)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.InstanceInfoReplicator.run(InstanceInfoReplicator.java:121)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.InstanceInfoReplicator$1.run(InstanceInfoReplicator.java:101)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.lang.Thread.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | Caused by: java.net.ConnectException: Connection refused (Connection refused)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.SocksSocketImpl.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.Socket.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:118)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:173)
0416b4df1858_docker_jhipster-registry_1 |       ... 29 more
0416b4df1858_docker_jhipster-registry_1 |

If I try to access jhipster registry console with 127.0.0.1:8761 I get exception regarding to authorization

0416b4df1858_docker_jhipster-registry_1 | 2022-04-14 20:10:08.796  WARN 1 --- [  XNIO-1 task-2] o.z.problem.spring.common.AdviceTraits   : Unauthorized: Full authentication is required
 to access this resource

enter image description here

Can you help to realize problem. I think there are 2 problems. One of them is related to connecting Euroka. But I did not get reason. Jhipster Registry already contains Euroka. Other problem is related to communication between keycloak and jhipster registry

CodePudding user response:

127.0.0.1 is localhost, but each container is running in own network namespace, so each container has own 127.0.0.1/localhost your OS has also own 127.0.0.1/localhost.

Your setup will be "sharing" one OS's 127.0.0.1/localhost with containers if you use host network for your container = set the network_mode key to host: https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode

CodePudding user response:

If you combine both docker compose files, JHipster will be able to communicate with Keycloak on host keyckoak. This has an additional benefit. You will only need to run a single command to start both services. You will also be able to stop them with a single command.

You will still need to keep your /etc/hosts entry for keycloak so that you can access keycloak login page in your browser.

  • Related