小贝子编程

将密钥斗篷连接到同一个pod上的数据库会出现权限问题



我有一个pod,里面有最新的keycloft和一个作为容器的数据库。我试过mysql和postgres。对于他们两个,我的密钥斗篷都试图以"sa"用户的身份连接到数据库,但无法做到这一点。我根本没有这样的用户,keycapture DB的定义用户是"keycapture"。我在centOs 8上作为无根用户,在GitLab中运行脚本。密钥斗篷的Dockerfile:

FROM quay.io/keycloak/keycloak-x:latest as builder
ENV KC_METRICS_ENABLED=true
ENV KC_DB=mysql
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak-x:latest
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
WORKDIR /opt/keycloak
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
ENV KC_DB_USERNAME=keycloak
ENV KC_DB_PASSWORD=testpassDbpass
ENV KEYCLOAK_ADMIN=admin
ENV KEYCLOAK_ADMIN_PASSWORD=changeme
ENV KC_DB_URL=jdbc:mysql://localhost:3306/keycloak
EXPOSE 8443
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--hostname=keycloak.sdxo.com", "--proxy=passthrough"]

yml:中的Mysql和其他脚本

stages:
- build
build_pod:
tags:
- auth-runner
stage: build
script:
- podman pod rm -i -f user-authentification
- podman pod create --name user-authentification -p 9175:8443/tcp
only:
- main
build_db:
image: mysql:8
tags:
- auth-runner
stage: build
script:
- echo "$KEYCLOAK_DB_USER"
- podman run -dt --name postgres --pod user-authentification -v ~/mysql_volume:/var/lib/mysql:z
--env MYSQL_DATABASE="$KEYCLOAK_DB_NAME"
--env MYSQL_USER=keycloak
--env MYSQL_ROOT_PASSWORD="$KEYCLOAK_DB_PASS" --expose=3306 mysql:8
only:
- main
build_keycloak:
tags:
- auth-runner
stage: build
script:
- podman build -t sdx-keycloak .
- podman run -dt --name=sdx-keycloak --pod user-authentification --expose=8443 sdx-keycloak
only:
- main

错误为:

Access denied for user 'sa'@'127.0.0.1' (using password: YES)
2022-02-28 12:04:39,210 WARN  [org.hib.eng.jdb.env.int.JdbcEnvironmentInitiator] (JPA Startup Thread: keycloak-default) HHH000342: Could not obtain connection to query metadata: java.sql.SQLException: Access denied for user 'sa'@'127.0.0.1' (using password: YES)

我的用户id:

uid=1000(sdxo) gid=1000(sdxo) groups=1000(semdatex),10(wheel),1001(gitlab-runner)
podman -v 3.4.2

已经完成podman unshare chonw 1000:1000 pathToVolume,如中所述https://www.redhat.com/sysadmin/rootless-podman-makes-sense

我不知道为什么key斗篷试图以sa的身份连接到数据库,或者这可能是key斗篷的无根问题,但我刚刚在"sa"中更改了数据库用户,所以现在可以工作了。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium