keycloak - 开发环境的配置持久化
前情提要: Keycloak - docker 运行 & 前端集成
本来是想顺便试一下 Okta 集成的,但是发现 Okta 没有本地的 docker 镜像,他们毕竟是做 Identity as a service……算了……
更新后的 docker compose 如下:
version: "3.8"
services:
keycloak:
container_name: keycloak
image: quay.io/keycloak/keycloak:21.1.1
command: start-dev --import-realm
volumes:
- ./realm-config/export:/opt/keycloak/data/import
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=pass
- DB_VENDOR=h2
ports:
- 9090:8080
主要的区别就是添加了一些指令、镜像源换成官方镜像,随后更新了一下 volume 和环境名,其他和前文基本都一样
持久过程
其实主要就是跑两个 docker 指令,一个是执行 /opt/keycloak/bin/kc.sh 的脚本去导出当前有的配置,另一个就是使用 docker cp 将 docker 中的配置保存到本地:
❯ docker exec -it keycloak /opt/keycloak/bin/kc.sh export --dir /opt/keycloak/data/export
2025-02-22 23:26:32,032 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: false
2025-02-22 23:26:33,181 WARN [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.transaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly
2025-02-22 23:26:33,747 INFO [org.infinispan.SERVER] (keycloak-cache-init) ISPN005054: Native IOUring transport not available, using NIO instead: io.netty.incubator.channel.uring.IOUring
2025-02-22 23:26:33,772 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2025-02-22 23:26:33,891 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2025-02-22 23:26:33,922 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2025-02-22 23:26:34,428 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_276608, Site name: null
2025-02-22 23:26:34,667 INFO [org.keycloak.broker.provider.AbstractIdentityProviderMapper] (main) Registering class org.keycloak.broker.provider.mappersync.ConfigSyncEventListener
2025-02-22 23:26:35,273 INFO [org.keycloak.services] (main) KC-SERVICES0033: Full model export requested
2025-02-22 23:26:35,886 INFO [org.keycloak.exportimport.dir.DirExportProvider] (main) Exporting into directory /opt/keycloak/data/export
2025-02-22 23:26:35,953 INFO [org.keycloak.exportimport.dir.DirExportProvider] (main) Realm 'master' - data exported
2025-02-22 23:26:36,154 INFO [org.keycloak.exportimport.dir.DirExportProvider] (main) Users 0-0 exported
2025-02-22 23:26:36,479 INFO [org.keycloak.exportimport.dir.DirExportProvider] (main) Realm 'okta' - data exported
2025-02-22 23:26:36,490 INFO [org.keycloak.services] (main) KC-SERVICES0035: Export finished successfully
2025-02-22 23:26:36,530 INFO [io.quarkus] (main) Keycloak 21.1.1 on JVM (powered by Quarkus 2.13.7.Final) started in 5.605s.
2025-02-22 23:26:36,531 INFO [io.quarkus] (main) Profile import_export activated.
2025-02-22 23:26:36,531 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, micrometer, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, vertx]
2025-02-22 23:26:36,739 INFO [io.quarkus] (main) Keycloak stopped in 0.203s
What's next:
Try Docker Debug for seamless, persistent debugging tools in any container or image → docker debug keycloak
Learn more at https://docs.docker.com/go/debug-cli/
❯ docker cp keycloak:/opt/keycloak/data/export ./realm-config
Successfully copied 145kB to /Users/luhan/study/docker/keycloak/realm-config
❯ tree .
.
├── docker-compose.yaml
└── realm-config
└── export
├── master-realm.json
├── master-users-0.json
└── okta-realm.json
3 directories, 4 files
因为有 --import-realm 这个指令,所以 docker 之后会完成导入指定文件夹下的配置。这样每次做完了修改,跑一下上面的指令,就可以导出到本地了
![BUUCTF--[极客大挑战 2019]RCE ME](https://i-blog.csdnimg.cn/direct/6174113250184faebf12b55afb746cc3.png)