docker - 使用 Docker 时未加载 Keycloak SPI 提供程序和层

Question

我正在尝试使用一些自定义内容(例如 logback 扩展)设置 docker 镜像，因此我有一些 CLI 脚本，例如:

/subsystem=logging: remove()
/extension=org.jboss.as.logging: remove()

/extension=com.custom.logback: add()
/subsystem=com.custom.logback: add()

我还有 CLI 脚本来配置数据源池、主题、在 keycloak-server 上添加一些 SPI子系统等。我把这些脚本放在 /opt/jboss/startup-scripts目录。但是，当我创建容器时，事情并不顺利。脚本未按预期加载，keycloak 以错误开始，未加载领域使用的密码策略等提供程序。

当我使用独立的 Keycloak 时，所有 SPI 提供程序都可以正常加载，如下所示:

2019-07-25 18:27:07.906 WARN  [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-password-policy (com.custom.login.password.PasswordSecurityPolicyFactory) is implementing the internal SPI password-policy. This SPI is internal and may change without notice
2019-07-25 18:27:07.909 WARN  [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-event (com.custom.event.KeycloakServerEventListenerProviderFactory) is implementing the internal SPI eventsListener. This SPI is internal and may change without notice
2019-07-25 18:27:08.026 WARN  [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-mailer (com.custom.mail.MessageSenderProviderFactory) is implementing the internal SPI emailSender. This SPI is internal and may change without notice
2019-07-25 18:27:08.123 WARN  [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-user-domain-verification (com.custom.login.domain.UserDomainVerificationFactory) is implementing the internal SPI authenticator. This SPI is internal and may change without notice
2019-07-25 18:27:08.123 WARN  [org.keycloak.services] (ServerService Thread Pool -- 65) KC-SERVICES0047: custom-recaptcha-username-password (com.custom.login.domain.RecaptchaAuthenticatorFactory) is implementing the internal SPI authenticator. This SPI is internal and may change without notice

如果我使用与 Docker 相同的包，使用 jboss/keycloak:6.0.1作为图像库，提供程序不会加载。我作为模块使用，添加到 $JBOSS_HOME/modules文件夹并像下面的脚本一样配置:

/subsystem=keycloak-server/: write-attribute(name=providers,value=[classpath:${jboss.home.dir}/providers/*,module:com.custom.custom-keycloak-server])

/subsystem=keycloak-server/theme=defaults/: write-attribute(name=welcomeTheme,value=custom)
/subsystem=keycloak-server/theme=defaults/: write-attribute(name=modules,value=[com.custom.custom-keycloak-server])

/subsystem=keycloak-server/spi=emailSender/: add(default-provider=custom-mailer)

当我在容器内执行脚本时，一切正常。

我尝试在构建自定义图像时使用卷来映射 jar 包和提供程序并复制 jar，但这些方法都不起作用。

我正在使用 jboss:keycloak:6.0.1 docker image 和 Keycloak 6.0.1 独立，层和模块放在相同的目录中。

我做错了什么？将 SPI 提供程序与 Docker 一起使用有什么技巧，或者该镜像不是用于生产或此类需求的？

Answer 1

好的，我找到了发生这种情况的原因

它来自opt/jboss/tools/docker-entrypoint.sh

#################
# Configuration #
#################

# If the server configuration parameter is not present, append the HA profile.
if echo "$@" | egrep -v -- '-c |-c=|--server-config |--server-config='; then
    SYS_PROPS+=" -c=standalone-ha.xml"
fi

它将以集群方式启动 keycloak，因为我认为他们认为 standalone as not safe for production

Standalone operating mode is only useful when you want to run one, and only one Keycloak server instance. It is not usable for clustered deployments and all caches are non-distributed and local-only. It is not recommended that you use standalone mode in production as you will have a single point of failure. If your standalone mode server goes down, users will not be able to log in. This mode is really only useful to test drive and play with the features of Keycloak Blockquote

要保持“独立模式”，请覆盖图像以添加属性 -c standalone.xml作为参数:

CMD ["-b", "0.0.0.0", "-c", "standalone.xml"]