My issue is the "auto-encryption" of the karaf users.properties file done by jasypt. I am using docker to quickly deploy 3 karaf environments.
I am using the karaf-maven-plugin to build a simple karaf archetype, containing the basic features I need, and then I build a docker image and run it in Docker, externalizing some folders, which are environment-specific.
Here is an extract of my Dockerfile:
VOLUME ["/opt/karaf/deploy"]
VOLUME ["/opt/karaf/data"]
VOLUME ["/opt/karaf/etc/config-files"]
RUN rm /opt/karaf/etc/users.properties
RUN ln -s /opt/karaf/etc/config-files/users.properties /opt/karaf/etc/users.properties \
&& ln -s /opt/karaf/etc/config-files/log4j2.xml /opt/karaf/etc/log4j2.xml
And, here is the run command I am using:
docker run -it --rm -p 8181:8181 \
-v d:/amc_karaf/config-files:/opt/karaf/etc/config-files \
-v d:/amc_karaf/deploy:/opt/karaf/deploy \
-v d:/amc_karaf/data:/opt/karaf/data \
--name karaf-container karaf:test
As you can see the actual users.properties file is stored on my host and not my container, and it works (authentication using password stored on host works).
Now, here's what happens:
I suspect the issue might be related to Felix, which from my understanding watches the file for change, and the externalization using docker volume. I have however not been able to find a solution to that specific problem.
Do you have any ideas or suggestions on how to solve this?
(I also have the same issue with the deploy folder. When I add new bundles in the deploy folder, I need to restart karaf otherwise they will not be automatically started as I would normally expect them to. But I do see them when I use ls
on the folder.)
There are known (probably difficult to solve) issues related to sharing folders with docker containers.
I don't know the details but more often than not applications running inside containers have hard time tracking file changes or file additions if said changes have been made in the host machine.
When modifying config files for Karaf running inside docker I often have to resort to docker exec -it karaf /bin/bash
and use some touch
or cp
command trickery before karaf detects the new configurations. This is also the case when I am installing features that add configs from my local maven repository to karaf running.
Trickery:
These are not exclusive to docker and plague podman as well.
One way to get around these issues is to use karaf shell to add the user
jaas:realm-list
# Check the index of properties module (usually 1)
jaas:manage-realm --index <index>
jaas:user-add <username> <password>
jaas:group-add <username> <group>
jaas:update
# example create new user example-user and add it to admingroup
jaas:manage-realm --index 1
jaas:user-add example-user password
jaas:group-add example-user admingroup
jaas:update
Other alternatives would be to use some other logging module which could allow you to use something like active directory or database to authenticate users.