Communication between JHipster Registry and Keyloak from different containers-CodePudding

I am trying to implement a simple microservice infrastructure Jhipster. When I create microservice and and gateway I selected Oauth2 as security. The projects are created. I started Keyclok using following keycloak.yml. It seems it is started successfully. Realms, clients and users are created

docker-compose -f src/main/docker/keycloak.yml up

 This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
  keycloak:
    image: jboss/keycloak:16.1.0
    command:
      [
        '-b',
        '0.0.0.0',
        '-Dkeycloak.migration.action=import',
        '-Dkeycloak.migration.provider=dir',
        '-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config',
        '-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
        '-Djboss.socket.binding.port-offset=1000',
        '-Dkeycloak.profile.feature.upload_scripts=enabled',
      ]
    volumes:
      - ./realm-config:/opt/jboss/keycloak/realm-config
    environment:
      - KEYCLOAK_USER=admin
      - KEYCLOAK_PASSWORD=admin
      - DB_VENDOR=h2
    # If you want to expose these ports outside your dev PC,
    # remove the "127.0.0.1:" prefix
    ports:
      - 127.0.0.1:9080:9080
      - 127.0.0.1:9443:9443
      - 127.0.0.1:10990:10990

Then I tried to run jhipster registry with following command.

docker-compose -f src/main/docker/jhipster-registry.yml up

jhipster-registry.yml

# This configuration is intended for development purpose, it's **your** responsibility to harden it for production
version: '3.8'
services:
  jhipster-registry:
    image: jhipster/jhipster-registry:v7.3.0
    volumes:
      - ./central-server-config:/central-config
    # When run with the "dev" Spring profile, the JHipster Registry will
    # read the config from the local filesystem (central-server-config directory)
    # When run with the "prod" Spring profile, it will read the configuration from a Git repository
    # See https://www.jhipster.tech/jhipster-registry/#spring-cloud-config
    environment:
      - _JAVA_OPTIONS=-Xmx512m -Xms256m
      - SPRING_PROFILES_ACTIVE=dev,api-docs,oauth2
      - SPRING_SECURITY_USER_PASSWORD=admin
      - JHIPSTER_REGISTRY_PASSWORD=admin
      - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=native
      - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_LOCATIONS=file:./central-config/localhost-config/
      # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_TYPE=git
      # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_URI=https://github.com/jhipster/jhipster-registry/
      # - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_0_SEARCH_PATHS=central-config
      # For keycloak to work, you need to add '127.0.0.1 keycloak' to your hosts file
      - SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI=http://keycloak:9080/auth/realms/jhipster
      - SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID=jhipster-registry
      - SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET=jhipster-registry
    # If you want to expose these ports outside your dev PC,
    # remove the "127.0.0.1:" prefix
    ports:
      - 127.0.0.1:8761:8761

I added following lines to etc/hosts

127.0.0.1 keycloak

127.0.0.1 jhipster-registry

When I check jhipster registry log, there are some exceptions regarding to euroka.

 INFO 1 --- [nfoReplicator-0] com.netflix.discovery.DiscoveryClient    : DiscoveryClient_JHIPSTER-REGISTRY/jhipsterReg
istry:8e0fa8188498e671983ba4002054c82d: registering service...
0416b4df1858_docker_jhipster-registry_1 | 2022-04-14 20:06:33.350  INFO 1 --- [nfoReplicator-0] c.n.d.s.t.d.RedirectingEurekaHttpClient  : Request execution error. endpoint=DefaultEndp
oint{ serviceUrl='http://admin:admin@localhost:8761/eureka/}, exception=java.net.ConnectException: Connection refused (Connection refused) stacktrace=com.sun.jersey.api.client.ClientHa
ndlerException: java.net.ConnectException: Connection refused (Connection refused)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:187)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.filter.GZIPContentEncodingFilter.handle(GZIPContentEncodingFilter.java:123)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.EurekaIdentityHeaderFilter.handle(EurekaIdentityHeaderFilter.java:27)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.Client.handle(Client.java:652)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.jersey.AbstractJerseyEurekaHttpClient.register(AbstractJerseyEurekaHttpClient.java:57)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.MetricsCollectingEurekaHttpClient.execute(MetricsCollectingEurekaHttpClient.java:73)

0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.executeOnNewServer(RedirectingEurekaHttpClient.java:121)

0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.RedirectingEurekaHttpClient.execute(RedirectingEurekaHttpClient.java:80)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.RetryableEurekaHttpClient.execute(RetryableEurekaHttpClient.java:120)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator$1.execute(EurekaHttpClientDecorator.java:59)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.SessionedEurekaHttpClient.execute(SessionedEurekaHttpClient.java:77)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.shared.transport.decorator.EurekaHttpClientDecorator.register(EurekaHttpClientDecorator.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.DiscoveryClient.register(DiscoveryClient.java:876)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.InstanceInfoReplicator.run(InstanceInfoReplicator.java:121)
0416b4df1858_docker_jhipster-registry_1 |       at com.netflix.discovery.InstanceInfoReplicator$1.run(InstanceInfoReplicator.java:101)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.lang.Thread.run(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 | Caused by: java.net.ConnectException: Connection refused (Connection refused)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.SocksSocketImpl.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at java.base/java.net.Socket.connect(Unknown Source)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.conn.scheme.PlainSocketFactory.connectSocket(PlainSocketFactory.java:121)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:134)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:605)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:440)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:118)
0416b4df1858_docker_jhipster-registry_1 |       at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
0416b4df1858_docker_jhipster-registry_1 |       at com.sun.jersey.client.apache4.ApacheHttpClient4Handler.handle(ApacheHttpClient4Handler.java:173)
0416b4df1858_docker_jhipster-registry_1 |       ... 29 more
0416b4df1858_docker_jhipster-registry_1 |

If I try to access jhipster registry console with 127.0.0.1:8761 I get exception regarding to authorization

0416b4df1858_docker_jhipster-registry_1 | 2022-04-14 20:10:08.796  WARN 1 --- [  XNIO-1 task-2] o.z.problem.spring.common.AdviceTraits   : Unauthorized: Full authentication is required
 to access this resource

Can you help to realize problem. I think there are 2 problems. One of them is related to connecting Euroka. But I did not get reason. Jhipster Registry already contains Euroka. Other problem is related to communication between keycloak and jhipster registry

CodePudding user response：

127.0.0.1 is localhost, but each container is running in own network namespace, so each container has own 127.0.0.1/localhost your OS has also own 127.0.0.1/localhost.

Your setup will be "sharing" one OS's 127.0.0.1/localhost with containers if you use host network for your container = set the network_mode key to host: https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode

CodePudding user response：

If you combine both docker compose files, JHipster will be able to communicate with Keycloak on host keyckoak. This has an additional benefit. You will only need to run a single command to start both services. You will also be able to stop them with a single command.

You will still need to keep your /etc/hosts entry for keycloak so that you can access keycloak login page in your browser.