Merge "Keycloak and Docker"
This commit is contained in:
commit
0ec011a54f
@ -118,10 +118,49 @@ or PostgreSQL::
|
|||||||
-e RUN_TESTS=true mistral
|
-e RUN_TESTS=true mistral
|
||||||
|
|
||||||
|
|
||||||
|
Keycloak integration
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
If you set AUTH_ENABLE to True value in the mistral.env file then Mistral will
|
||||||
|
enable Keycloak integration by default. Keycloak will be deployed with
|
||||||
|
mistral/mistral credentials. You should uncomment the volume line in the
|
||||||
|
`infrastructure.yaml` for the CloudFlow.
|
||||||
|
|
||||||
|
Next step you login in the administrative console using the
|
||||||
|
http://localhost:8080/auth/admin URL. Create a oauth client, you can
|
||||||
|
specify only a name, for example mistral.
|
||||||
|
|
||||||
|
Specify valid redirect URL: http://localhost:8000/* and turn on the
|
||||||
|
"Implicit Flow Enabled" in the your client page. Save your changes.
|
||||||
|
|
||||||
|
Add the following line to your /etc/hosts file::
|
||||||
|
|
||||||
|
127.0.0.1 keycloak
|
||||||
|
|
||||||
|
Export the following environments variable for mistral cli::
|
||||||
|
|
||||||
|
export MISTRAL_AUTH_TYPE=keycloak-oidc
|
||||||
|
export OS_AUTH_URL=http://keycloak:8080/auth
|
||||||
|
export OS_TENANT_NAME=master
|
||||||
|
export OS_USERNAME=mistral
|
||||||
|
export OS_PASSWORD=mistral
|
||||||
|
export OS_MISTRAL_URL=http://localhost:8989/v2
|
||||||
|
export OPENID_CLIENT_ID=mistral
|
||||||
|
export OPENID_CLIENT_SECRET=
|
||||||
|
export MISTRALCLIENT_INSECURE=True
|
||||||
|
|
||||||
|
Check your configuration::
|
||||||
|
|
||||||
|
mistral workflow-list
|
||||||
|
|
||||||
|
Or open a cloud flow page in a browser::
|
||||||
|
|
||||||
|
http://localhost:8000
|
||||||
|
|
||||||
|
|
||||||
Using Mistral Client
|
Using Mistral Client
|
||||||
--------------------
|
--------------------
|
||||||
|
|
||||||
The Mistral API will be accessible from the host machine on the default
|
The Mistral API will be accessible from the host machine on the default
|
||||||
port 8989. Install `python-mistralclient` on the host machine to
|
port 8989. Install `python-mistralclient` on the host machine to
|
||||||
execute mistral commands.
|
execute mistral commands.
|
||||||
|
|
@ -36,7 +36,10 @@ ENV MISTRAL_DIR="/opt/stack/mistral" \
|
|||||||
RUN_TESTS="false" \
|
RUN_TESTS="false" \
|
||||||
DEBIAN_FRONTEND="noninteractive" \
|
DEBIAN_FRONTEND="noninteractive" \
|
||||||
MISTRAL_SERVER="all" \
|
MISTRAL_SERVER="all" \
|
||||||
LOG_DEBUG="false"
|
LOG_DEBUG="false" \
|
||||||
|
AUTH_URL="http://keycloak:8080/auth" \
|
||||||
|
AUTH_ENABLE="false" \
|
||||||
|
AUTH_TYPE="keycloak-oidc"
|
||||||
|
|
||||||
# We install dependencies separatly for a caching purpose
|
# We install dependencies separatly for a caching purpose
|
||||||
COPY requirements.txt "${MISTRAL_DIR}/"
|
COPY requirements.txt "${MISTRAL_DIR}/"
|
||||||
|
8
tools/docker/docker-compose/auth.json
Normal file
8
tools/docker/docker-compose/auth.json
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
{
|
||||||
|
"_type": "openid-connect",
|
||||||
|
"issuer": "http://keycloak:8080/auth/realms/master",
|
||||||
|
"loginUrl": "http://keycloak:8080/auth/realms/master/protocol/openid-connect/auth",
|
||||||
|
"logoutUrl": "http://keycloak:8080/auth/realms/master/protocol/openid-connect/logout",
|
||||||
|
"requireHttps": false,
|
||||||
|
"clientId": "mistral"
|
||||||
|
}
|
@ -43,6 +43,30 @@ services:
|
|||||||
- MYSQL_USER=mistral
|
- MYSQL_USER=mistral
|
||||||
- MYSQL_PASSWORD=mistral
|
- MYSQL_PASSWORD=mistral
|
||||||
|
|
||||||
|
keycloak:
|
||||||
|
image: jboss/keycloak:4.1.0.Final
|
||||||
|
ports:
|
||||||
|
- "8080:8080"
|
||||||
|
networks:
|
||||||
|
- identity-provider
|
||||||
|
environment:
|
||||||
|
DB_VENDOR: h2
|
||||||
|
KEYCLOAK_USER: mistral
|
||||||
|
KEYCLOAK_PASSWORD: mistral
|
||||||
|
|
||||||
|
cloud-flow:
|
||||||
|
image: mcdoker18/cloud-flow:0.5.0
|
||||||
|
restart: always
|
||||||
|
networks:
|
||||||
|
- cloud-flow
|
||||||
|
ports:
|
||||||
|
- "8000:8000"
|
||||||
|
# TODO: make a Keycloak environment variables for CloudFlow
|
||||||
|
# volumes:
|
||||||
|
# - "./auth.json:/opt/CloudFlow/dist/assets/auth.json"
|
||||||
|
environment:
|
||||||
|
- CF_MISTRAL_URL=http://mistral:8989
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
postgresql:
|
postgresql:
|
||||||
rabbitmq:
|
rabbitmq:
|
||||||
@ -50,4 +74,6 @@ volumes:
|
|||||||
|
|
||||||
networks:
|
networks:
|
||||||
database:
|
database:
|
||||||
message-broker:
|
message-broker:
|
||||||
|
identity-provider:
|
||||||
|
cloud-flow:
|
@ -10,9 +10,12 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "8989:8989"
|
- "8989:8989"
|
||||||
networks:
|
networks:
|
||||||
- database
|
database:
|
||||||
- message-broker
|
message-broker:
|
||||||
- mistral
|
identity-provider:
|
||||||
|
cloud-flow:
|
||||||
|
aliases:
|
||||||
|
- mistral
|
||||||
env_file:
|
env_file:
|
||||||
- mistral.env
|
- mistral.env
|
||||||
# volumes:
|
# volumes:
|
||||||
@ -30,6 +33,7 @@ services:
|
|||||||
restart: always
|
restart: always
|
||||||
networks:
|
networks:
|
||||||
- database
|
- database
|
||||||
|
- identity-provider
|
||||||
- message-broker
|
- message-broker
|
||||||
env_file:
|
env_file:
|
||||||
- mistral.env
|
- mistral.env
|
||||||
@ -47,6 +51,7 @@ services:
|
|||||||
restart: always
|
restart: always
|
||||||
networks:
|
networks:
|
||||||
- message-broker
|
- message-broker
|
||||||
|
- identity-provider
|
||||||
env_file:
|
env_file:
|
||||||
- mistral.env
|
- mistral.env
|
||||||
# volumes:
|
# volumes:
|
||||||
@ -64,6 +69,7 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- database
|
- database
|
||||||
- message-broker
|
- message-broker
|
||||||
|
- identity-provider
|
||||||
env_file:
|
env_file:
|
||||||
- mistral.env
|
- mistral.env
|
||||||
# volumes:
|
# volumes:
|
||||||
@ -81,26 +87,10 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- database
|
- database
|
||||||
- message-broker
|
- message-broker
|
||||||
|
- identity-provider
|
||||||
env_file:
|
env_file:
|
||||||
- mistral.env
|
- mistral.env
|
||||||
# volumes:
|
# volumes:
|
||||||
# - "/path/to/mistral.conf:/etc/mistral/mistral.conf"
|
# - "/path/to/mistral.conf:/etc/mistral/mistral.conf"
|
||||||
environment:
|
environment:
|
||||||
- MISTRAL_SERVER=notifier
|
- MISTRAL_SERVER=notifier
|
||||||
|
|
||||||
cloud-flow:
|
|
||||||
image: mcdoker18/cloud-flow:0.5.0
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
- mistral
|
|
||||||
ports:
|
|
||||||
- "8000:8000"
|
|
||||||
networks:
|
|
||||||
- mistral
|
|
||||||
environment:
|
|
||||||
- CF_MISTRAL_URL=http://mistral-api:8989
|
|
||||||
|
|
||||||
networks:
|
|
||||||
database:
|
|
||||||
message-broker:
|
|
||||||
mistral:
|
|
@ -12,28 +12,11 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- database
|
- database
|
||||||
- message-broker
|
- message-broker
|
||||||
- mistral
|
- identity-provider
|
||||||
|
- cloud-flow
|
||||||
env_file:
|
env_file:
|
||||||
- mistral.env
|
- mistral.env
|
||||||
# volumes:
|
# volumes:
|
||||||
# - "/path/to/mistral.conf:/etc/mistral/mistral.conf"
|
# - "/path/to/mistral.conf:/etc/mistral/mistral.conf"
|
||||||
environment:
|
environment:
|
||||||
- UPGRADE_DB=true
|
- UPGRADE_DB=true
|
||||||
|
|
||||||
cloud-flow:
|
|
||||||
image: mcdoker18/cloud-flow:0.5.0
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
- mistral
|
|
||||||
ports:
|
|
||||||
- "8000:8000"
|
|
||||||
networks:
|
|
||||||
- mistral
|
|
||||||
environment:
|
|
||||||
- CF_MISTRAL_URL=http://mistral:8989
|
|
||||||
|
|
||||||
|
|
||||||
networks:
|
|
||||||
database:
|
|
||||||
message-broker:
|
|
||||||
mistral:
|
|
@ -1,3 +1,4 @@
|
|||||||
MESSAGE_BROKER_URL=rabbit://mistral:mistral@rabbitmq:5672/mistral
|
MESSAGE_BROKER_URL=rabbit://mistral:mistral@rabbitmq:5672/mistral
|
||||||
#DATABASE_URL=postgresql+psycopg2://mistral:mistral@postgresql:5432/mistral
|
#DATABASE_URL=postgresql+psycopg2://mistral:mistral@postgresql:5432/mistral
|
||||||
DATABASE_URL=mysql+pymysql://mistral:mistral@mysql:3306/mistral
|
DATABASE_URL=mysql+pymysql://mistral:mistral@mysql:3306/mistral
|
||||||
|
AUTH_ENABLE=false
|
@ -10,7 +10,12 @@ if [ ! -f ${CONFIG_FILE} ]; then
|
|||||||
|
|
||||||
${INI_SET} DEFAULT js_implementation py_mini_racer
|
${INI_SET} DEFAULT js_implementation py_mini_racer
|
||||||
${INI_SET} oslo_policy policy_file "${MISTRAL_DIR}/etc/policy.json"
|
${INI_SET} oslo_policy policy_file "${MISTRAL_DIR}/etc/policy.json"
|
||||||
${INI_SET} pecan auth_enable false
|
|
||||||
|
${INI_SET} DEFAULT auth_type ${AUTH_TYPE}
|
||||||
|
${INI_SET} pecan auth_enable ${AUTH_ENABLE}
|
||||||
|
${INI_SET} keycloak_oidc auth_url ${AUTH_URL}
|
||||||
|
${INI_SET} keycloak_oidc insecure true
|
||||||
|
|
||||||
${INI_SET} DEFAULT transport_url "${MESSAGE_BROKER_URL}"
|
${INI_SET} DEFAULT transport_url "${MESSAGE_BROKER_URL}"
|
||||||
${INI_SET} database connection "${DATABASE_URL}"
|
${INI_SET} database connection "${DATABASE_URL}"
|
||||||
${INI_SET} DEFAULT debug "${LOG_DEBUG}"
|
${INI_SET} DEFAULT debug "${LOG_DEBUG}"
|
||||||
|
Loading…
Reference in New Issue
Block a user