我正在尝试在OpenShift 3.6中部署KeyCloak Image KeyCloak Ha Postgres。作为前提条件,我必须说我不能在本地计算机上运行Docker,因此我必须从OC New-App命令创建图像。
当我尝试致电
时 oc new-app jboss/keycloak-ha-postgres
然后下载了图像,但是当服务器启动时我会出现错误:
Cannot start embedded server: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE": java.lang.reflect.InvocationTargetException: /opt/jboss/keycloak/standalone/log/server.log (Permission denied)
Cannot start embedded server: Failed to instantiate class "org.jboss.logmanager.handlers.PeriodicRotatingFileHandler" for handler "FILE": java.lang.reflect.InvocationTargetException: /opt/jboss/keycloak/standalone/log/server.log (Permission denied)
以及我必须设置哪个环境变量(名称)才能连接到邮政局?
,所以最后我可以弄清楚问题是什么。在命令的帮助下:
oc status -v
我看到以下错误/警告:
Current security policy prevents your containers from being run as the root user. Some images
may fail expecting to be able to change ownership or permissions on directories. Your admin
can grant you access to run containers that need to run as the root user with this command:
oadm policy add-scc-to-user anyuid -n keycloak-test -z keycloak
所以我添加了一个服务帐户用户:
oc create sa keycloak
并联系了我的系统管理员,该管理员必须向KeyCloak ServiceAccount用户授予权限。
至少我必须添加到deploymentConfig serviceaccount
spec:
....
template:
.....
spec:
containers:
......
serviceAccount: keycloak
serviceAccountName: keycloak
就是这样。
我为他们添加了一些提示,这些提示必须在开始时添加新的管理员。您必须添加两个环境变量 keycloak_user 和 keycloak_password 。我设置的其他ENV变量是: POSTGRES_PORT_5432_TCP_ADDR , Postgres_pass_password , Postgres_user and Postgres_database
/div>