From f9cf0c50eb3ead78ee79d0a9e86cfb7ec257edac Mon Sep 17 00:00:00 2001 From: Francisco Trivino Date: Tue, 18 Oct 2022 16:16:22 +0200 Subject: [PATCH 1/2] Add docker compose CI --- .env | 4 + .github/workflows/docker-compose.yml | 25 +++++ data/configs/dnsmasq.conf | 27 +++++ data/configs/nm_enable_dnsmasq.conf | 2 + data/configs/nm_zone_test.conf | 6 ++ data/configs/openssl_ca.cfg | 16 +++ data/configs/openssl_sign_ca.ext | 4 + data/configs/openssl_sign_service.ext | 4 + docker-compose.yml | 141 ++++++++++++++++++++++++++ env.containers | 2 + env.example | 4 + 11 files changed, 235 insertions(+) create mode 100644 .env create mode 100644 .github/workflows/docker-compose.yml create mode 100644 data/configs/dnsmasq.conf create mode 100644 data/configs/nm_enable_dnsmasq.conf create mode 100644 data/configs/nm_zone_test.conf create mode 100644 data/configs/openssl_ca.cfg create mode 100644 data/configs/openssl_sign_ca.ext create mode 100644 data/configs/openssl_sign_service.ext create mode 100644 docker-compose.yml create mode 100644 env.containers create mode 100644 env.example diff --git a/.env b/.env new file mode 100644 index 00000000..803b0a30 --- /dev/null +++ b/.env @@ -0,0 +1,4 @@ +# This is the docker-compose environment file. +# Copy it to .env or use --env-file=env.example on docker-compose command. +REGISTRY=quay.io/ftrivino +TAG=latest diff --git a/.github/workflows/docker-compose.yml b/.github/workflows/docker-compose.yml new file mode 100644 index 00000000..146ad467 --- /dev/null +++ b/.github/workflows/docker-compose.yml @@ -0,0 +1,25 @@ +name: docker-compose-integration-tests +on: + pull_request: + push: + branches: [main] + +jobs: + docker: + timeout-minutes: 10 + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v1 + + - name: Start containers + run: docker-compose -f "docker-compose.yml" up -d --build + + - name: Install dependencies + run: | + pip install -r src/install/requirements.txt + + - name: Stop containers + if: always() + run: docker-compose -f "docker-compose.yml" down diff --git a/data/configs/dnsmasq.conf b/data/configs/dnsmasq.conf new file mode 100644 index 00000000..477f3e34 --- /dev/null +++ b/data/configs/dnsmasq.conf @@ -0,0 +1,27 @@ +# dnsmasq configuration for sssd containers +# +# This makes sure that all machines are accessible through DNS including +# SRV and PTR records. + +log-queries +log-facility=- +local=/test/ + +# These zones have their own DNS server +server=/ipa.test/172.16.100.10 +server=/samba.test/172.16.100.30 +server=/ad.test/172.16.200.10 + +# Add A records for LDAP and client machines +address=/master.ldap.test/172.16.100.20 +address=/client.test/172.16.100.40 + +# Add SRV record for LDAP +srv-host=_ldap._tcp.ldap.test,master.ldap.test,389 + +# Add PTR records for all machines +ptr-record=10.100.16.172.in-addr.arpa,master.ipa.test +ptr-record=20.100.16.172.in-addr.arpa,master.ldap.test +ptr-record=30.100.16.172.in-addr.arpa,dc.samba.test +ptr-record=40.100.16.172.in-addr.arpa,client.test +ptr-record=10.200.16.172.in-addr.arpa,dc.ad.test diff --git a/data/configs/nm_enable_dnsmasq.conf b/data/configs/nm_enable_dnsmasq.conf new file mode 100644 index 00000000..53a8b172 --- /dev/null +++ b/data/configs/nm_enable_dnsmasq.conf @@ -0,0 +1,2 @@ +[main] +dns=dnsmasq diff --git a/data/configs/nm_zone_test.conf b/data/configs/nm_zone_test.conf new file mode 100644 index 00000000..10374418 --- /dev/null +++ b/data/configs/nm_zone_test.conf @@ -0,0 +1,6 @@ +# dnsmasq configuration for sssd-ci +# +# This makes sure that all machines are accessible through DNS including +# SRV and PTR records. + +server=/test/172.16.100.2 diff --git a/data/configs/openssl_ca.cfg b/data/configs/openssl_ca.cfg new file mode 100644 index 00000000..38c867ce --- /dev/null +++ b/data/configs/openssl_ca.cfg @@ -0,0 +1,16 @@ +[req] +default_bits = 4096 +default_md = sha256 +encrypt_key = no +prompt = no +utf8 = yes +distinguished_name = distinguished_name +x509_extensions = ca_extensions + +[ distinguished_name ] + +[ ca_extensions ] +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:TRUE +keyUsage = keyCertSign,cRLSign +subjectKeyIdentifier=hash diff --git a/data/configs/openssl_sign_ca.ext b/data/configs/openssl_sign_ca.ext new file mode 100644 index 00000000..b1b4d7de --- /dev/null +++ b/data/configs/openssl_sign_ca.ext @@ -0,0 +1,4 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:TRUE +keyUsage = keyCertSign,cRLSign +subjectKeyIdentifier=hash diff --git a/data/configs/openssl_sign_service.ext b/data/configs/openssl_sign_service.ext new file mode 100644 index 00000000..c0de9089 --- /dev/null +++ b/data/configs/openssl_sign_service.ext @@ -0,0 +1,4 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectKeyIdentifier=hash diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..401b7c30 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,141 @@ +services: + dns: + restart: always + image: ${REGISTRY}/ci-dns:latest + container_name: dns + env_file: ./env.containers + volumes: + - ./data/configs/dnsmasq.conf:/etc/dnsmasq.conf + cap_add: + - NET_RAW + - NET_ADMIN + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.2 + + ipa: + image: ${REGISTRY}/ci-ipa:${TAG} + container_name: ipa + hostname: master.ipa.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.10 + + keycloak: + image: ${REGISTRY}/keycloak:${TAG} + container_name: keycloak + hostname: master.keycloak.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.11 + nextcloud: + image: ${REGISTRY}/nextcloud:${TAG} + container_name: nextcloud + hostname: master.nextcloud.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.12 + mariadb: + image: ${REGISTRY}/mariadb:${TAG} + container_name: mariadb + hostname: master.mariadb.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.13 + ldap: + image: ${REGISTRY}/ci-ldap:${TAG} + container_name: ldap + hostname: master.ldap.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.20 + client: + image: ${REGISTRY}/ci-client:${TAG} + container_name: client + hostname: client.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.40 +networks: + sssd: + name: sssd-ci + driver: bridge + ipam: + config: + - subnet: 172.16.100.0/24 + gateway: 172.16.100.1 diff --git a/env.containers b/env.containers new file mode 100644 index 00000000..87a732e7 --- /dev/null +++ b/env.containers @@ -0,0 +1,2 @@ +# Environment variables set in all started containers +CONTAINER=yes diff --git a/env.example b/env.example new file mode 100644 index 00000000..803b0a30 --- /dev/null +++ b/env.example @@ -0,0 +1,4 @@ +# This is the docker-compose environment file. +# Copy it to .env or use --env-file=env.example on docker-compose command. +REGISTRY=quay.io/ftrivino +TAG=latest From fa185cf9753871b3106420172a80ebef4169b91a Mon Sep 17 00:00:00 2001 From: Scott Poore Date: Mon, 19 Dec 2022 17:52:00 -0600 Subject: [PATCH 2/2] docker-compose: updates for ipa-tuura + keycloak Test containers and Makefiles to build test environment included. 1. Docker Compose Makefile -- defines test env setup steps in make form .env -- Variables for Makefile and docker-compose env.containers -- env vars for containers. mostly used by keycloak docker-compose.gating.yml -- defines minimal containerized test env for gating data/configs/dnsmasq.conf -- config for dns container data/configs/nm_zone_test.conf -- config for dns container 2. README.md update to show how to start the container test environment 3. .gitignore updates to ignore new files/dirs Signed-off-by: Scott Poore --- .env | 12 +++- .gitignore | 6 ++ Makefile | 40 +++++++++++++ README.md | 94 +++++++++++++++++++++++++++++ data/configs/dnsmasq.conf | 10 +++- docker-compose.gating.yaml | 118 +++++++++++++++++++++++++++++++++++++ docker-compose.yml | 86 +++++++++++++++++---------- env.containers | 11 ++++ 8 files changed, 343 insertions(+), 34 deletions(-) create mode 100644 Makefile create mode 100644 docker-compose.gating.yaml diff --git a/.env b/.env index 803b0a30..7babbdb4 100644 --- a/.env +++ b/.env @@ -1,4 +1,14 @@ # This is the docker-compose environment file. # Copy it to .env or use --env-file=env.example on docker-compose command. -REGISTRY=quay.io/ftrivino +# REGISTRY=quay.io/ftrivino +# REGISTRY=localhost/sssd +REGISTRY=quay.io/sssd TAG=latest + +#PLUGIN_ARCHIVE=archive/refs/heads +#PLUGIN_TAG=http_https +PLUGIN_ARCHIVE=archive/refs/tags +PLUGIN_TAG=kc19_intg +PLUGIN_VER=0.0.1 +PLUGIN_DIR=scim-keycloak-user-storage-spi-${PLUGIN_TAG} +PLUGIN_JAR=scim-user-spi-0.0.1-SNAPSHOT.jar diff --git a/.gitignore b/.gitignore index 2148630a..a4ad989c 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,9 @@ src/ipa-tuura/scimv2bridge/migrations/ # In-tree build files *~ + +# env files with secrets +env.secrets + +# keycloak container plugin files +data/keycloak diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..ac1e0352 --- /dev/null +++ b/Makefile @@ -0,0 +1,40 @@ +include .env + +up: datadir plugin + docker-compose up --detach --no-recreate + +up-gating: + docker-compose -f docker-compose.gating.yaml up --no-recreate --detach + +stop: + docker-compose stop + +down: stop + docker-compose -f docker-compose.gating.yaml \ + -f docker-compose.yml down + +datadir: +ifeq (,$(wildcard data/keycloak)) + mkdir -p data/keycloak +endif + +container: + $(MAKE) -C src + +plugin: datadir +ifeq (,$(wildcard data/keycloak/$(PLUGIN_JAR))) + cd data/keycloak && \ + wget https://github.com/justin-stephenson/scim-keycloak-user-storage-spi/${PLUGIN_ARCHIVE}/$(PLUGIN_TAG).tar.gz && \ + tar zxvf $(PLUGIN_TAG).tar.gz && \ + pushd $(PLUGIN_DIR) && \ + mvn clean package && \ + mv target/$(PLUGIN_JAR) ../ && \ + chown 994:994 ../${PLUGIN_JAR} +endif + +bridge: + source ./env.containers && \ + bash -c "src/install/setup_bridge.sh" + +clean: + rm -rf data/keycloak/* diff --git a/README.md b/README.md index 7038cb61..bbc1cc55 100644 --- a/README.md +++ b/README.md @@ -100,3 +100,97 @@ make html ``` The generated documentation will be available at `$IPA_TUURA/doc/_build/html/` folder. + + +### Testing + +Provided is a docker-compose.yml container based test environment. Running this +environment on a system will provide the containers needed for testing some of the +basic features of ipa-tuura: + +* ipa-tuura running SCIMv2 Bridge +* Keycloak running with the SCIMv2 User Storage plugin +* FreeIPA to provide IPA service +* LDAP container to provide LDAP service +* DNS container to provide static DNS for the test environment +* Nextcloud to provide End to End application authentication testing + + +First Install required packages needed to run container test environment: + +```bash +sudo dnf -y install podman docker-compose podman-docker \ + java-17-openjdk-headless maven dnsmasq +``` + +Start podman service: + +```bash +sudo systemctl start podman +``` + +Clone this repository: + +```bash +git clone https://github.com/freeipa/ipa-tuura +cd ipa-tuura +``` + +Set SELinux boolean: + +```bash +sudo setsebool -P container_manage_cgroup true +``` + +OPTIONAL: Note if you want to setup your local DNS to resolve the container +hostnames, you can follow these steps: + +```bash +sudo cp data/configs/nm_enable_dnsmasq.conf /etc/NetworkManager/conf.d/ +sudo cp data/configs/nm_zone_test.conf /etc/NetworkManager/dnsmasq.d/ +sudo systemctl disable --now systemd-resolved +sudo mv /etc/resolv.conf /etc/resolv.conf.ipa-tuura-backup +sudo systemctl reload NetworkManager +``` + +Start containers: + +```bash +sudo make up +sudo make bridge +``` + +Note that `make bridge` runs `src/install/setup_bridge.sh` which allows you to +override the keycloak and/or ipa-tuura hostnames if you wish to use this elsewhere. +To do this, just set variables before manually running the script: + +```bash +export KC_HOSTNAME= +export TUURA_HOSTNAME= +bash src/install/setup_bridge.sh +``` + +Note that the container names all start with "kite-" which stands for Keycloak +Integration Test Environment. Each container is named after the service it +provides to make access easier. + +Now you can access the containers with either: + +```bash +sudo podman exec -it kite- bash +``` + +Or for some containers, you can access with ssh. To do so, lookup IP from +docker-compose.yml file. + +```bash +ssh root@ +``` + +To run Keycloak or IPA commands, you can alias the commands like this: + +```bash +alias kcadm='sudo podman exec -it kite-keycloak /opt/keycloak/bin/kcadm.sh' +alias ipa='sudo podman exec -it kite-ipa ipa' +``` + diff --git a/data/configs/dnsmasq.conf b/data/configs/dnsmasq.conf index 477f3e34..1edf4506 100644 --- a/data/configs/dnsmasq.conf +++ b/data/configs/dnsmasq.conf @@ -9,19 +9,25 @@ local=/test/ # These zones have their own DNS server server=/ipa.test/172.16.100.10 -server=/samba.test/172.16.100.30 server=/ad.test/172.16.200.10 # Add A records for LDAP and client machines address=/master.ldap.test/172.16.100.20 address=/client.test/172.16.100.40 +address=/master.keycloak.test/172.16.100.70 +address=/master.nextcloud.test/172.16.100.12 +address=/master.mariadb.test/172.16.100.13 +address=/bridge.ipa.test/172.16.100.100 # Add SRV record for LDAP srv-host=_ldap._tcp.ldap.test,master.ldap.test,389 # Add PTR records for all machines ptr-record=10.100.16.172.in-addr.arpa,master.ipa.test +ptr-record=12.100.16.172.in-addr.arpa,master.nextcloud.test +ptr-record=13.100.16.172.in-addr.arpa,master.mariadb.test ptr-record=20.100.16.172.in-addr.arpa,master.ldap.test -ptr-record=30.100.16.172.in-addr.arpa,dc.samba.test ptr-record=40.100.16.172.in-addr.arpa,client.test +ptr-record=70.100.16.172.in-addr.arpa,master.keycloak.test +ptr-record=100.100.16.172.in-addr.arpa,bridge.ipa.test ptr-record=10.200.16.172.in-addr.arpa,dc.ad.test diff --git a/docker-compose.gating.yaml b/docker-compose.gating.yaml new file mode 100644 index 00000000..b7d13e10 --- /dev/null +++ b/docker-compose.gating.yaml @@ -0,0 +1,118 @@ +services: + dns: + restart: always + image: ${REGISTRY}/ci-dns:${TAG} + container_name: dns + env_file: ./env.containers + volumes: + - ./data/configs/dnsmasq.conf:/etc/dnsmasq.conf + cap_add: + - NET_RAW + - NET_ADMIN + - SYS_CHROOT + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.2 + ipa: + image: ${REGISTRY}/ci-ipa:${TAG} + container_name: ipa + hostname: master.ipa.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - AUDIT_WRITE + - AUDIT_CONTROL + - SYS_CHROOT + - NET_ADMIN + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + sssd: + ipv4_address: 172.16.100.10 + + bridge: + #image: localhost/ipa-tuura/base:latest + #image: quay.io/ftrivino/bridge-prod + image: quay.io/ftrivino/bridge-devel + container_name: bridge + hostname: bridge.ipa.test + dns: 172.16.100.2 + #command: /usr/sbin/httpd -DFOREGROUND + command: python3 manage.py runserver 0.0.0.0:8000 + env_file: + - ./env.containers + - ./env.secrets + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - SYS_CHROOT + - AUDIT_WRITE + - AUDIT_CONTROL + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + ports: + - 8005:8000 + - 3501:3500 + - 4701:81 + - 4430:443 + networks: + sssd: + ipv4_address: 172.16.100.100 + + keycloak: + image: ${REGISTRY}/ci-keycloak:${TAG} + container_name: keycloak + hostname: master.keycloak.test + dns: 172.16.100.2 + env_file: + - ./env.containers + - ./env.secrets + volumes: + - ./data/keycloak/scim-user-spi-${PLUGIN_VER}-SNAPSHOT.jar:/opt/keycloak/providers/scim.jar + #- ./data/keycloak/rootCA.crt:/etc/pki/ca-trust/source/anchors/rootCA.crt + #- ./data/keycloak/server.crt:/data/certs/master.keycloak.test.crt + #- ./data/keycloak/server.key:/data/certs/master.keycloak.test.key + #- ./data/keycloak/server.keystore:/data/certs/master.keycloak.test.keystore + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN + - AUDIT_WRITE + - AUDIT_CONTROL + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + ports: + - 8080:8080 + - 8443:8443 + - 9090:9090 + networks: + sssd: + ipv4_address: 172.16.100.70 + +networks: + sssd: + name: sssd-ci + driver: bridge + ipam: + config: + - subnet: 172.16.100.0/24 + gateway: 172.16.100.1 + options: + driver: host-local diff --git a/docker-compose.yml b/docker-compose.yml index 401b7c30..7ea294f8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ services: dns: restart: always - image: ${REGISTRY}/ci-dns:latest + image: ${REGISTRY}/ci-dns:${TAG} container_name: dns env_file: ./env.containers volumes: @@ -14,7 +14,7 @@ services: - label=disable - seccomp=unconfined networks: - sssd: + ipa-tuura: ipv4_address: 172.16.100.2 ipa: @@ -29,33 +29,65 @@ services: - SYS_ADMIN - SYS_PTRACE - AUDIT_WRITE + - AUDIT_CONTROL + - SYS_CHROOT + - NET_ADMIN security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: + ipa-tuura: ipv4_address: 172.16.100.10 + ipa-tuura: + #image: quay.io/idmops/bridge:latest + image: localhost/ipa-tuura/base:latest + container_name: ipa-tuura + hostname: ipa-tuura.bridge.test + dns: 172.16.100.2 + env_file: ./env.containers + volumes: + - ./shared:/shared:rw + cap_add: + - SYS_ADMIN + - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN + - AUDIT_WRITE + - AUDIT_CONTROL + security_opt: + - apparmor=unconfined + - label=disable + - seccomp=unconfined + networks: + ipa-tuura: + ipv4_address: 172.16.100.14 + keycloak: - image: ${REGISTRY}/keycloak:${TAG} + image: ${REGISTRY}/ci-keycloak:${TAG} + #image: quay.io/keycloak/keycloak:${KC_TAG} container_name: keycloak hostname: master.keycloak.test dns: 172.16.100.2 env_file: ./env.containers volumes: - - ./shared:/shared:rw + - ./data/keycloak/scim-user-spi-${PLUGIN_VER}-SNAPSHOT.jar:/opt/keycloak/providers/scim.jar cap_add: - SYS_ADMIN - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN - AUDIT_WRITE + - AUDIT_CONTROL security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: - ipv4_address: 172.16.100.11 + ipa-tuura: + ipv4_address: 172.16.100.70 + nextcloud: image: ${REGISTRY}/nextcloud:${TAG} container_name: nextcloud @@ -68,13 +100,15 @@ services: - SYS_ADMIN - SYS_PTRACE - AUDIT_WRITE + - AUDIT_CONTROL security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: + ipa-tuura: ipv4_address: 172.16.100.12 + mariadb: image: ${REGISTRY}/mariadb:${TAG} container_name: mariadb @@ -87,13 +121,15 @@ services: - SYS_ADMIN - SYS_PTRACE - AUDIT_WRITE + - AUDIT_CONTROL security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: + ipa-tuura: ipv4_address: 172.16.100.13 + ldap: image: ${REGISTRY}/ci-ldap:${TAG} container_name: ldap @@ -103,39 +139,27 @@ services: volumes: - ./shared:/shared:rw cap_add: - - SYS_PTRACE - - AUDIT_WRITE - security_opt: - - apparmor=unconfined - - label=disable - - seccomp=unconfined - networks: - sssd: - ipv4_address: 172.16.100.20 - client: - image: ${REGISTRY}/ci-client:${TAG} - container_name: client - hostname: client.test - dns: 172.16.100.2 - env_file: ./env.containers - volumes: - - ./shared:/shared:rw - cap_add: - SYS_ADMIN - SYS_PTRACE + - SYS_CHROOT + - NET_ADMIN - AUDIT_WRITE + - AUDIT_CONTROL security_opt: - apparmor=unconfined - label=disable - seccomp=unconfined networks: - sssd: - ipv4_address: 172.16.100.40 + ipa-tuura: + ipv4_address: 172.16.100.20 + networks: - sssd: - name: sssd-ci + ipa-tuura: + name: ipa-tuura-ci driver: bridge ipam: config: - subnet: 172.16.100.0/24 gateway: 172.16.100.1 + options: + driver: host-local diff --git a/env.containers b/env.containers index 87a732e7..9a43eaa3 100644 --- a/env.containers +++ b/env.containers @@ -1,2 +1,13 @@ # Environment variables set in all started containers CONTAINER=yes +KEYCLOAK_ADMIN=admin +KEYCLOAK_ADMIN_PASSWORD=Secret123 +KC_LOG_LEVEL=TRACE,org.apache.http.wire:debug +#KC_LOG_LEVEL=DEBUG +KC_HOSTNAME=master.keycloak.test +KC_HOSTNAME_PORT=8443 +KC_HTTPS_CERTIFICATE_FILE=/data/certs/master.keycloak.test.crt +KC_HTTPS_CERTIFICATE_KEY_FILE=/data/certs/master.keycloak.test.key +KC_HTTPS_TRUST_STORE_FILE=/data/certs/master.keycloak.test.keystore +KC_HTTPS_TRUST_STORE_PASSWORD=Secret123 +KC_HTTP_RELATIVE_PATH=/auth