Closed SonQBChau closed 1 year ago
Thanks for this! Was helpful when I was reviewing #154 by installing on my M1
Update for the make init-authx
.
If you got this error:
Setting up Keycloak
Number of keycloak containers running: 1
Starting setup calls to keycloak
Getting keycloak token
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/opt/miniconda3/lib/python3.9/json/__init__.py", line 293, in load
return loads(fp.read(),
File "/opt/miniconda3/lib/python3.9/json/__init__.py", line 346, in loads
return _default_decoder.decode(s)
File "/opt/miniconda3/lib/python3.9/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/opt/miniconda3/lib/python3.9/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
make: *** [init-authx] Error 1
The old keycloak image katsu has right now (15.0.0) is not compatible with M1, so we need to upgrade it.
Go to lib/keycloak/docker-compose.yml
and replace the - BASE_IMAGE=candig/keycloak:${KEYCLOAK_VERSION}
with this:
- BASE_IMAGE=mihaibob/keycloak:18.0.2-legacy
(I found it on StackOverflow, and it worked, but @shaikh-rashid might want to look for an "official" one or build a candig version for us)
I also commented this out, not sure if it is needed:
# volumes:
# - keycloak-data:/opt/jboss/keycloak/standalone
In the .env, comment out all the WES_OPT+=…
.
make clean-authx
and make init-authx
. If you got this error:
22:45:15,749 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0006: Undertow HTTPS listener https listening on 0.0.0.0:8443
Keycloak container started.
Starting setup calls to keycloak
Getting keycloak token
Traceback (most recent call last):
File "<string>", line 1, in <module>
KeyError: 'access_token'
make: *** [init-authx] Error 1
Then try to replace all the keycloak passwords in tmp/secrets
folder (make docker-secrets
if you don't have it) with something simple like thisisasupersecretpassword
, basically no special chars.
make clean-authx
and make init-authx
again. If you got :
>> configuring jwt stuff
Error writing data to auth/jwt/config: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/auth/jwt/config
Code: 400. Errors:
* error checking oidc discovery URL: Get "http://docker.localhost:8080/auth/realms/candig/.well-known/openid-configuration": dial tcp 24.80.13.34:8080: i/o timeout
make: *** [init-authx] Error 2
Go to .env, look for # keycloak service
and change this line:
KEYCLOAK_PRIVATE_URL=${KEYCLOAK_PRIVATE_PROTO}://${CANDIG_AUTH_DOMAIN}:${KEYCLOAK_CONTAINER_PORT}
to this
KEYCLOAK_PRIVATE_URL=${KEYCLOAK_PRIVATE_PROTO}://host.docker.internal:${KEYCLOAK_CONTAINER_PORT}
Go to lib/opa/docker-compose.yml, change idp KEYCLOAK_PUBLIC_URL
to KEYCLOAK_PRIVATE_URL
so it looks like this:
idp: "${KEYCLOAK_PRIVATE_URL}/auth/realms/${KEYCLOAK_REALM}"
and
IDP: "${KEYCLOAK_PRIVATE_URL}/auth/realms/${KEYCLOAK_REALM}"
Finally, go to lib/vault/vault_setup.sh and do the same for KEYCLOAK_PUBLIC_URL
:
docker exec $vault sh -c "vault write auth/jwt/config oidc_discovery_url=\"${KEYCLOAK_PRIVATE_URL}/auth/realms/candig\" bound_issuer=\"${KEYCLOAK_PUBLIC_URL}/auth/realms/candig\" default_role=\"researcher\""
Try make clean-authx
and make init-authx
and it should worked 🎉
There are probably a few pieces in Tyk that require this same private url/public url fix (or maybe it won't work because of idp stuff), but I need to look into it.
@SonQBChau Does #161 fix this issue?
I haven't tested it yet, was working on other stuffs and my stack is running so I didn't want to break it
I don't know if there's any testing required; that pull request is your documentation update.
I've recently gone through the CanDIGv2 Install Guide on my Mac M1. I noted down some issues (and solutions) here:
1) Step1: Install OS Dependencies:
Mac users can get docker desktop and skip this part. I also installed rosetta and used Docker Compose V2 as suggested at the moment.
brew install md5sha1sum
)brew install postgresql
)Step 2: Initialize CanDIGv2 Repo
Edit the .env
VENV_OS=arm64mac
(this is Mac M1 naming)To activate conda env, do the following:
Note: The reason we cannot activate it automatically on Mac was described in this post. If
conda env
is not in the root folder, it won't have a name.Step 3: Initialize CanDIGv2 (Docker)
candig
virtual environment (activate it in previous step)Step 4: Deploy CanDIGv2 Services (Compose)
Step 5: Update hosts
Run this command in the terminal to get the local IP address (or google if it doesn't work for you) -
dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com
Add it to your system in
/etc/hosts
(not CanDIGv2's) by:Add it to the end of the file so it look like this:
After this, you should see the CanDIGv2 services running in Docker :tada: