fusionauth / fusionauth-containers Goto Github PK
View Code? Open in Web Editor NEWContainer definitions for docker, kubernetes, helm, and whatever containers come next!
Home Page: https://fusionauth.io/
Container definitions for docker, kubernetes, helm, and whatever containers come next!
Home Page: https://fusionauth.io/
FusionAuth is currently using Oracle JRE8.
Oracle has moved away from the Oracle Binary License (BCL) which is the license had been operating under - to a license with even a more restrictive terms.
Oracle essentially has cut off all uses of Java in projects such s FusionAuth unless you purchase a license from Oracle. We have attempted to pursue a license with Oracle in the past, and the license costs are cost prohibitive - essentially being a percentage of our revenue.
For this and other reasons the next upgrade for FusionAuth will be to OpenJDK 12 or 13. We hope to make this transition in Q1 or Q2 of 2020.
BCL : https://www.oracle.com/downloads/licenses/binary-code-license.html
OTNL : https://www.oracle.com/downloads/licenses/javase-license1.html
From Oracle:
https://www.oracle.com/java/technologies/javase-jdk8-downloads.html
Important Oracle JDK License Update
The Oracle JDK License has changed for releases starting April 16, 2019.The new Oracle Technology Network License Agreement for Oracle Java SE is substantially different from prior Oracle JDK licenses. The new license permits certain uses, such as personal use and development use, at no cost -- but other uses authorized under prior Oracle JDK licenses may no longer be available. Please review the terms carefully before downloading and using this product. An FAQ is available here.
Commercial license and support is available with a low cost Java SE Subscription.
Oracle also provides the latest OpenJDK release under the open source GPL License at jdk.java.net.
Original title: Update JRE to 8u191
Original description:
Please upgrade the JRE to 8u191 so that we can use +UseContainerSupport for cgroup awareness.Additional benefits will be that we will be able to (subject to enhancements) specify FUSIONAUTH_MEMORY as a percentage of RAM available instead of a static value (using +XX:MaxRAMPercentage). This has huge advantages i.t.o config management when running in the cloud and compute resources scale vertically.
Right now, we need to pre-touch the JVM heap but this causes an OOM error because the JVM is not respecting cgroup limits.
Following the installation docs from https://fusionauth.io/docs/v1/tech/installation-guide/docker doesn't result in a working fusionauth docker setup.
DB container fusionauth-db-1
doesn't start due to version conflict.
fusionauth-db-1 |
fusionauth-db-1 | PostgreSQL Database directory appears to contain a database; Skipping initialization
fusionauth-db-1 |
fusionauth-db-1 | 2022-07-18 08:30:07.657 UTC [1] FATAL: database files are incompatible with server
fusionauth-db-1 | 2022-07-18 08:30:07.657 UTC [1] DETAIL: The data directory was initialized by PostgreSQL version 11, which is not compatible with this version 12.9 (Debian 12.9-1.pgdg110+1).
fusionauth-db-1 exited with code 1
fusionauth-db-1 |
fusionauth-db-1 | PostgreSQL Database directory appears to contain a database; Skipping initialization
fusionauth-db-1 |
fusionauth-db-1 | 2022-07-18 08:30:11.191 UTC [1] FATAL: database files are incompatible with server
fusionauth-db-1 | 2022-07-18 08:30:11.191 UTC [1] DETAIL: The data directory was initialized by PostgreSQL version 11, which is not compatible with this version 12.9 (Debian 12.9-1.pgdg110+1).
fusionauth-db-1 exited with code 1
I tried to add healthchecks to my docker-compose files and noticed that there is no curl installed.
Is there another way to test when the system is loaded and ready?
for context I tried:
healthcheck:
test: [ "CMD-SHELL", "curl", "--silent", "--fail", "http://localhost:9011/api/status || exit 1" ]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
looking at the logs I noticed the "curl command not found".
Thanks
I used the v3 docker-compose.yml as posted in this repo, only adding a db password.
Using "docker-compose up" with the yml file, I get the initial setup wizard page, but after entering info, I see this in the log:
io.fusionauth.api.service.search.ElasticSearchClientProvider - Connecting to FusionAuth Search Engine at [http://localhost:9021]
And in the wizard, I see an error saying "The search engine appears to be down or failing to respond to the search query." I can see from netstat and from the yml file that elasticsearch is running in port 9200 and that fusionauth is directed to connect via port 9200, but still it's trying to connect to 9021.
If I modify the yml to expose elasticsearch container via port 9021 (9021:9200), I get this in the wizard:
"Silent Configuration Mode Failed"
And this in the logs:
search_1 | [2018-10-05T15:00:18,952][INFO ][o.e.g.GatewayService ] [9FG48XP] recovered [1] indices into cluster_state
search_1 | [2018-10-05T15:00:19,368][INFO ][o.e.c.r.a.AllocationService] [9FG48XP] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[fusionauth_user][0]] ...]).
fusionauth_1 | Oct 05, 2018 3:01:52.911 PM ERROR c.inversoft.maintenance.search.ElasticsearchSilentConfigurationWorkflowTask - Silent configuration was unable to complete search configuration. Entering maintenance mode. State [SERVER_DOWN]
Please advise...
I would like to define an initial configuration for using at the deployment time.
For instance, would be nice to have some pre-configured app/users/passwords/permissions (can be loaded via script)
just in case I need to throw all containers away and start clean but avoid to reconfigure the authentication when the focus would be developing an webapp.
It can be something only enabled in development mode.
Is there a way to do it?
The real issue is a malformed zip archive - i wasn't sure where to report that. In any case, this is failing:
RUN export FUSIONAUTH_VERSION=1.15.3 \
&& curl -Sk --progress-bar https://storage.googleapis.com/inversoft_products_j098230498/products/fusionauth/${FUSIONAUTH_VERSION}/fusionauth-app-${FUSIONAUTH_VERSION}.zip -o fusionauth-app.zip \
&& mkdir -p /usr/local/fusionauth/fusionauth-app \
&& unzip -nq fusionauth-app.zip -d /usr/local/fusionauth
Output:
[fusionauth-app.zip]
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitutes one disk of a multi-part archive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
unzip: cannot find zipfile directory in one of fusionauth-app.zip or
fusionauth-app.zip.zip, and cannot find fusionauth-app.zip.ZIP, period.
Sanity check (works for 1.15.2):
$ export FUSIONAUTH_VERSION=1.15.2
$ curl -Sk --progress-bar https://storage.googleapis.com/inversoft_products_j098230498/products/fusionauth/${FUSIONAUTH_VERSION}/fusionauth-app-${FUSIONAUTH_VERSION}.zip -o fusionauth-app.zip
##################################################################################################################################### 100.0%
$ unzip -nq fusionauth-app.zip
$
It seems that giantswarm/tiny-tools:3.10
is based on alpine which doesn't have /bin/bash
. Replacing with /bin/sh
worked!
Reverse proxying via caddy doesn't work. It gives 502
CaddyFile Content As below
# replace :80 with your domain name to get automatic https via LetsEncrypt
https://<your_domain> {
reverse_proxy fusionauth:9011
}
I am having difficulty creatine containers to run in Fargate with a custom configuration to our RDS. Please see https://stackoverflow.com/questions/59055078/creating-app-and-search-containers-to-run-in-aws-ecs-fargate
Hi everybody,
We have Fusionauth installed on EKS and we have an LB pointing towards CF.
We are experiencing time outs from time to time with the admin page.
I was wondering if this could be a tomcat problem since I noticed that this is its web-server.
Logs are telling us nothing.
This is the version that we use:
fusionauth/fusionauth-app:1.30.1
Looking forward your replies.
Following the guide here: https://fusionauth.io/docs/v1/tech/installation-guide/docker
When I do docker-compose up the credentials in the .env file don't work (not surprising since they haven't been created) so I point them to postgres/postgres.
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
DATABASE_USER=postgres
DATABASE_PASSWORD=postgres
After that step, try to run docker-compose up again but still not working. Database wasn't created. I uncomment out the port mapping in the docker-compose.yml and create the fusionauth database
fusionauth_1 | May 20, 2020 1:30:52.734 AM INFO io.fusionauth.app.maintenance.FusionAuthMaintenanceModeWorkflow - Determine database status : ORDINARY_USER_CANNOT_CONNECT [FATAL: database "fusionauth" does not exist]
fusionauth_1 | May 20, 2020 1:30:52.737 AM INFO org.primeframework.mvc.servlet.PrimeServletContextListener - Initializing Prime
fusionauth_1 | May 20, 2020 1:30:52.739 AM INFO io.fusionauth.app.maintenance.guice.FusionAuthMaintenanceModeModule -
fusionauth_1 |
fusionauth_1 | ---------------------------------------------------------------------------------------------------------
fusionauth_1 | --------------------------------------- Entering Maintenance Mode ---------------------------------------
fusionauth_1 | ---------------------------------------------------------------------------------------------------------
fusionauth_1 |
I think it used to create the database before, but no matter. Create the database manually and docker-compose down/up
Looks like the schema doesn't get generated either:
fusionauth_1 | May 20, 2020 1:38:27.202 AM INFO io.fusionauth.app.maintenance.FusionAuthMaintenanceModeWorkflow - Determine database status : NO_SCHEMA
fusionauth_1 | May 20, 2020 1:38:27.204 AM INFO org.primeframework.mvc.servlet.PrimeServletContextListener - Initializing Prime
fusionauth_1 | May 20, 2020 1:38:27.206 AM INFO io.fusionauth.app.maintenance.guice.FusionAuthMaintenanceModeModule -
fusionauth_1 |
fusionauth_1 | ---------------------------------------------------------------------------------------------------------
fusionauth_1 | --------------------------------------- Entering Maintenance Mode ---------------------------------------
fusionauth_1 | --
db_1 | LOG: incomplete startup packet
db_1 | ERROR: relation "version" does not exist at character 21
db_1 | STATEMENT: select version from version
When I navigate to localhost:9011 I get the maintenance mode screen which I can put in the db user and password to go forward but I think the intention is for this to run out of the box. Forgive me and feel free to promptly close if that is not the intention and I should just use the maintenance mode screen to set up the database.
Hey just FYI this URL is not working if pinned to 1.10.2 (probably because its not live yet) but it does work for 1.10.1
Having a permissions issue when running a fusionauth-app
container. Same results for 1.15.2 all the way down to 1.13. For example:
$ docker run -it fusionauth/fusionauth-app:1.15.2
mkdir: cannot create directory '/usr/local/fusionauth/fusionauth-app/apache-tomcat/../../logs': Permission denied
Using CATALINA_BASE: /usr/local/fusionauth/fusionauth-app/apache-tomcat
Using CATALINA_HOME: /usr/local/fusionauth/fusionauth-app/apache-tomcat
Using CATALINA_TMPDIR: /usr/local/fusionauth/fusionauth-app/apache-tomcat/temp
Using JRE_HOME: /usr/local/fusionauth/fusionauth-app/apache-tomcat/../../java/current
Using CLASSPATH: /usr/local/fusionauth/fusionauth-app/apache-tomcat/bin/bootstrap.jar:/usr/local/fusionauth/fusionauth-app/apache-tomcat/bin/tomcat-juli.jar
Feb 20, 2020 5:28:25 PM org.apache.catalina.startup.Catalina load
WARNING: Unable to load server configuration from [/usr/local/fusionauth/fusionauth-app/apache-tomcat/conf/server.xml]
Feb 20, 2020 5:28:25 PM org.apache.catalina.startup.Catalina start
SEVERE: Cannot start server. Server instance is not configured.
Seems it's trying to create /usr/local/fusionauth/logs
but unable due to permissions.
Using a dockerfile based on https://github.com/FusionAuth/fusionauth-containers/blob/1.15.2/docker/fusionauth/fusionauth-app/Dockerfile but using bash
as the entrypoint, i'm seeing these permissions:
$ cd /usr/local/fusionauth/fusionauth-app/
$ ls -al
total 24
drwxr-sr-x 6 root fusionauth 4096 Feb 20 20:30 .
drwxr-sr-x 1 root fusionauth 4096 Feb 20 20:30 ..
drwxrwsr-x 8 root fusionauth 4096 Feb 19 11:58 3rd-party-licenses
drwxrwsr-x 6 root fusionauth 4096 Feb 19 11:58 apache-tomcat
drwxrwsr-x 2 root fusionauth 4096 Feb 19 11:58 template
drwxrwsr-x 7 root fusionauth 4096 Feb 19 11:58 web
$ cd ..
$ mkdir logs
mkdir: cannot create directory 'logs': Permission denied
Given that the Docker user is fusionauth
, and root
owns /usr/local/fusionauth
, it doesn't work. Additionally, this user can't do anything in the apache-tomcat/conf
directory:
$ cd /usr/local/fusionauth/fusionauth-app/apache-tomcat
$ ls -al
total 140
drwxrwsr-x 6 root fusionauth 4096 Feb 19 11:58 .
drwxr-sr-x 6 root fusionauth 4096 Feb 20 20:30 ..
-rw-r----- 1 root fusionauth 19534 Feb 19 11:58 BUILDING.txt
-rw-r----- 1 root fusionauth 5407 Feb 19 11:58 CONTRIBUTING.md
-rw-r----- 1 root fusionauth 57011 Feb 19 11:58 LICENSE
-rw-r----- 1 root fusionauth 1726 Feb 19 11:58 NOTICE
-rw-r----- 1 root fusionauth 3255 Feb 19 11:58 README.md
-rw-r----- 1 root fusionauth 7139 Feb 19 11:58 RELEASE-NOTES
-rw-r----- 1 root fusionauth 16262 Feb 19 11:58 RUNNING.txt
drwxr-s--- 2 root fusionauth 4096 Feb 19 11:58 bin
drwx--S--- 2 root fusionauth 4096 Feb 19 11:58 conf
drwxr-s--- 2 root fusionauth 4096 Feb 19 11:58 lib
drwxr-s--- 2 root fusionauth 4096 Feb 19 11:58 temp
$ cd conf/
bash: cd: conf/: Permission denied
At first i thought this was the same as #31, which was closed yesterday, but i don't think that's the case.
Can you publish version 1.22.1
to Docker hub? I believe the latest version published is 1.22.0
(https://hub.docker.com/r/fusionauth/fusionauth-app/tags?page=1&ordering=last_updated). Thanks.
I want to deploy fusionAuth onto ARM64v8 - Raspberry Pi 4. So far the docker images for fusionAuth only support amd64 architecture. Is there a way to deploy fusionAuth docker image on Raspberry Pi 4 k8s cluster?
I am using the following docker-compose.yml for deployment cloned from following https://fusionauth.io/docs/v1/tech/installation-guide/docker
version: '3'
services:
db:
image: postgres:9.6
environment:
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
# Un-comment to access the db service directly
ports:
- 5432:5432
networks:
- db
restart: unless-stopped
volumes:
- db_data:/var/lib/postgresql/data
search:
image: docker.elastic.co/elasticsearch/elasticsearch:6.3.1
environment:
- cluster.name=fusionauth
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=${ES_JAVA_OPTS}"
# Un-comment to access the search service directly
ports:
- 9200:9200
- 9300:9300
networks:
- search
restart: unless-stopped
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- es_data:/usr/share/elasticsearch/data
fusionauth:
image: fusionauth/fusionauth-app:latest
depends_on:
- db
- search
environment:
DATABASE_URL: jdbc:postgresql://db:5432/fusionauth
DATABASE_ROOT_USER: ${POSTGRES_USER}
DATABASE_ROOT_PASSWORD: ${POSTGRES_PASSWORD}
DATABASE_USER: ${DATABASE_USER}
DATABASE_PASSWORD: ${DATABASE_PASSWORD}
FUSIONAUTH_MEMORY: ${FUSIONAUTH_MEMORY}
FUSIONAUTH_SEARCH_SERVERS: http://search:9200
FUSIONAUTH_URL: http://fusionauth:9011
networks:
- db
- search
restart: unless-stopped
ports:
- 9011:9011
volumes:
- fa_config:/usr/local/fusionauth/config
networks:
db:
driver: bridge
search:
driver: bridge
volumes:
db_data:
es_data:
fa_config:
I am unable to access the fusionauth UI screeen from http://localhost:9011 or http://fusionauth:9011
How can I access the UI welcome screen from outside docker container? is there any
enableExternal: true
env variable available?
Is there a way to test or ping the fusionAuth App to make sure its up and running other than using docker ps -a
I'm trying to run fusionAuth using docker containers. Is the first time I'm doing this.
Running the following command
curl -o docker-compose.yml https://raw.githubusercontent.com/FusionAuth/fusionauth-containers/master/docker/fusionauth/docker-compose.yml curl -o .env https://raw.githubusercontent.com/FusionAuth/fusionauth-containers/master/docker/fusionauth/.env docker-compose up
I've got the following error with search:
>
> search_1 | OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
> search_1 | OpenJDK 64-Bit Server VM warning: UseAVX=2 is not supported on this CPU, setting it to UseAVX=1
> search_1 | [2019-10-26T07:59:42,358][INFO ][o.e.n.Node ] [] initializing ...
> search_1 | [2019-10-26T07:59:42,577][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
> search_1 | org.elasticsearch.bootstrap.StartupException: ElasticsearchException[java.io.IOException: failed to read [id:236, legacy:false, file:/usr/share/elasticsearch/data/nodes/0/_state/node-236.st]]; nested: IOException[failed to read [id:236, legacy:false, file:/usr/share/elasticsearch/data/nodes/0/_state/node-236.st]]; nested: IllegalArgumentException[[node_meta_data] unknown field [node_version], parser not found];
> search_1 | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | Caused by: org.elasticsearch.ElasticsearchException: java.io.IOException: failed to read [id:236, legacy:false, file:/usr/share/elasticsearch/data/nodes/0/_state/node-236.st]
> search_1 | at org.elasticsearch.ExceptionsHelper.maybeThrowRuntimeAndSuppress(ExceptionsHelper.java:199) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.gateway.MetaDataStateFormat.loadLatestState(MetaDataStateFormat.java:331) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.env.NodeEnvironment.loadOrCreateNodeMetaData(NodeEnvironment.java:357) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:245) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.node.Node.<init>(Node.java:270) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | ... 6 more
> search_1 | Caused by: java.io.IOException: failed to read [id:236, legacy:false, file:/usr/share/elasticsearch/data/nodes/0/_state/node-236.st]
> search_1 | at org.elasticsearch.gateway.MetaDataStateFormat.loadLatestState(MetaDataStateFormat.java:325) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.env.NodeEnvironment.loadOrCreateNodeMetaData(NodeEnvironment.java:357) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:245) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.node.Node.<init>(Node.java:270) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | ... 6 more
> search_1 | Caused by: java.lang.IllegalArgumentException: [node_meta_data] unknown field [node_version], parser not found
> search_1 | at org.elasticsearch.common.xcontent.ObjectParser.getParser(ObjectParser.java:347) ~[elasticsearch-x-content-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.common.xcontent.ObjectParser.parse(ObjectParser.java:158) ~[elasticsearch-x-content-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.common.xcontent.ObjectParser.apply(ObjectParser.java:182) ~[elasticsearch-x-content-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.env.NodeMetaData$1.fromXContent(NodeMetaData.java:110) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.env.NodeMetaData$1.fromXContent(NodeMetaData.java:94) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.gateway.MetaDataStateFormat.read(MetaDataStateFormat.java:199) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.gateway.MetaDataStateFormat.loadLatestState(MetaDataStateFormat.java:320) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.env.NodeEnvironment.loadOrCreateNodeMetaData(NodeEnvironment.java:357) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:245) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.node.Node.<init>(Node.java:270) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.3.2.jar:6.3.2]
> search_1 | ... 6 more
Hello,
I have been trying to upgrade the Elasticsearch version of my search configurations.
Current version is: 6.3.1.
I run this in an EKS cluster.
What I am asking is any tips regarding the upgrade.
When I firstly attempted to upgrade it failed.
I am trying to jump to >= 7.2
Is there a document showing how to update it, because I have started receiving feedback from our back-end developers stating that the application has been down for a whole day.
When I checked the logs find around 12/14 attempts of Fusion to connect to Elasticsearch.
Looking into the Elasticsearch logs shows that
[2022-03-03T05:04:55,070][WARN ][o.e.x.s.a.s.m.NativeRoleMappingStore] [PcFr0Jo] Failed to clear cache for realms [[]]
During the whole day Fusionauth was attempting to restart and connect and Elasticsearch was still trying start I guess.
We're running the server in kubernetes on a rancher cluster using the helm chart and occasionally the server gets into a state where unpredictably the DNS resolution starts to fail.
In our event logs we see
Request to the [https://github.com/login/oauth/access_token] endpoint failed. Status code [-1]
Exception encountered.
java.net.UnknownHostException : Message: github.com
Our network manager pointed us at DNS resolution issues with the musl library in alpine images.
See for example: https://support.cloudbees.com/hc/en-us/articles/360040999471-UnknownHostException-caused-by-DNS-Resolution-issue-with-Alpine-Images
Would you consider switching from alpine to another base layer?
In the deployment manifest for Kubernetes, you are using a very suspicious version of TinyTools.
You want to be using this version of TinyTools. Might even want to use latest so you get all of the security patches.
Docker-compose (and docker run)'s healthchecks execute a command inside the container, and fusionauth's healthcheck lives at an HTTP endpoint, so in order to test it from inside the container we need either wget or curl available.
One possible solution is to install these tools in the built image, another possible solution is switching to alpine which includes wget by default and may make built containers slimmer.
I have been battling with getting fa to work with mysql rds. I am using fusionauth/fusionauth-app:1.19.7
When I use this DATABASE_URL: jdbc:mysql://database-2.cwymdn16cxes.us-east-1.rds.amazonaws.com;dbname=fusionauthdb
and I look in the docker logs, I see a huge number or errors.
for example:
2021-02-27 12:23:59.094 PM ERROR com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - Configuration [database.url] is invalid. It must begin with either jdbc:mysql: or jdbc:postgresql:
2021-02-27 12:23:59.102 PM ERROR com.inversoft.maintenance.db.JDBCURL - Could not parse jdbcString [jdbc:mysql://database-2.cwymdn16cxes.us-east-1.rds.amazonaws.com;dbname=fusionauthdb]
If I instead use this one:
DATABASE_URL: jdbc:mysql://database-2.cwymdn16cxes.us-east-1.rds.amazonaws.com:3306/fusionauthdb
the errors go away, but the rds times out with this message after about 10 minutes:
mysqli::real_connect(): (HY000/1129): Host '69.124.176.183' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
Either way, I am trying to run fa in docker on my laptop and access the dbase on rds. When I type localhost:9011 the system always goes into maint mode as if it can't see the existing rds fusionauthdb.
I have another installation on EC2 that can access this same fusionauthdb fine. Any ideas on why the rds is timing out from the localhost but not from EC2 when accessing fusionauthdb?
Postgres' port isn't necessary to be bind on the public interface. Same goes for the Elasticsearch.
Using my own Elasticsearch and PostgreSQL. So in values.yaml
I am setting:
...
data:
memory: 256M
database:
# if empty {{- .Release.Name -}}-postgresql will be used
host: postgres-master.default.svc.cluster.local
port: 5432
tls: false
name: fusionauth
user: localhost
password: localhost
root:
user: localhost
password: localhost
elasticsearch:
host: elasticsearch-master.default.svc.cluster.local
port: 9200
...
elasticsearch:
enabled: false
postgresql:
enabled: false
But the pods are just stuck on:
fusionauth-6c4745bfd9-6jgth 0/1 Init:0/2 0 16m
fusionauth-6c4745bfd9-r48k2 0/1 Init:0/2 0 16m
fusionauth-6c4745bfd9-sjl72 0/1 Init:0/2 0 16m
Looking at the pods ENVARS I see:
Environment:
DATABASE_USER: localhost
DATABASE_PASSWORD: localhost
DATABASE_ROOT_PASSWORD: localhost
DATABASE_ROOT_USER: localhost
DATABASE_URL: jdbc:postgresql://fusionauth-postgresql:5432/fusionauth
FUSIONAUTH_SEARCH_SERVERS: http://elasticsearch-master:9200
FUSIONAUTH_MEMORY: 256M
Is that right? I would have expected to see the custom hosts in ENVARs
Hello guys,
I've been trying to convert the docker-compose
to a kubernetes
setup.
The issue I ran into is, that the config folder remains empty after the fusionauth-app
container deploys. I presume upon the first startup the fusionauth.properties
and keystore
files would be either downloaded from created from the environment variables provided in the deplyoment file
containers:
- env:
- name: DATABASE_PASSWORD
value: <password>
- name: DATABASE_ROOT_PASSWORD
value: <password>
- name: DATABASE_ROOT_USER
value: postgres
- name: DATABASE_URL
value: jdbc:postgresql://fusionauth-db:5432/fusionauth
- name: DATABASE_USER
value: fusionauth
- name: FUSIONAUTH_MEMORY
value: 256M
- name: FUSIONAUTH_SEARCH_SERVERS
value: http://fusionauth-search:9200
image: fusionauth/fusionauth-app:latest
name: fusionauth
ports:
- containerPort: 9011
However the /usr/local/fusionauth/config
is empty after startup.
If I manually create the properties file during initialization, we're one step closer. :)
What’s the condition for the “silent configuration” to be triggered?
Hi,
When i run the docker-compose stack with default parameters,
The Elastic Search Container does not run properly.
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
After changing the .env
ES_JAVA_OPTS=-Xms1024m -Xmx1024m
and
FUSIONAUTH_MEMORY=1024M
It seems to not be reflected by the Elastic Search Container... nothing changes still the same error..
Am i missing something here or is it a bug?
Hi there,
great work: I was trying to use the kubernetes setup locally with minikube.
The container setup seems to work good.
However there is no way I got it working (meaning: accessing from outside the cluster) with an ingress such as traefik, except using port forward (which is a non-solution).
kubectl port-forward svc/fusionauth 9011:9011
I tried adding this traefik configuration for an ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: fusionauth
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: fusionauth.minikube
http:
paths:
- path: /
backend:
serviceName: fusionauth
servicePort: 9011
I followed this guide and used a Deployment
for the access. fusionauth.minikube is something like: clusterIp: where port was assigned to the deployment, in my case 30657
Browsing to http://fusionauth.minikube:30657 I get a nasty error
error_description" : "Invalid redirection uri http://fusionauth.minikube:30657:30657/login",
What I'm doing wrong here?
Thank you
Just did a fresh install and saw the following warning:
2020-10-19 10:14:56.764 PM WARN com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - Your FusionAuth configuration file [/usr/local/fusionauth/fusionauth-app/apache-tomcat/../../config/fusionauth.properties] needs attention. Here are the warnings:
- You are using a deprecated configuration property name of [DATABASE_ROOT_USER]. The new allowed names for that property are [database.root.username]
It seems that DATABASE_ROOT_USER should now be DATABASE_ROOT_USERNAME, but didn't make it into the updated compose file yet maybe? Making that change seems to have gotten rid of the warning.
org.apache.catalina.startup.Catalina load WARNING: Unable to load server configuration from [/usr/local/fusionauth/fusionauth-app/apache-tomcat/conf/server.xml]
org.apache.catalina.startup.Catalina start SEVERE: Cannot start server. Server instance is not configured.
IMAGE
fusionauth/fusionauth-app:1.15.1
image version 1.14.0 works!
is there any breaking change?
After initial setup FusionAuth warns about proxy configuration.
This prevents using the App, like adding an Application.
It seems X-Forwarded-Port is missing in the nginx configuration.
Adding the statement in http_default.conf fixes this, in my case.
Hi,
when running the example docker compose I don't want to create a "docker volume", instead I want to use a specific folder like:
image: fusionauth/fusionauth-app:latest
....
volumes:
- :/data/fa_config:/usr/local/fusionauth/config
When I do so I get this error:
fusionauth_1 | ===================================================================================================
fusionauth_1 |
fusionauth_1 | Unable to start the server. Here's why:
fusionauth_1 |
fusionauth_1 |
fusionauth_1 | [Error injecting constructor, java.lang.IllegalArgumentException: The configuration file [/usr/local/fusionauth/fusionauth-app/apache-tomcat/../../config/fusionauth.properties] doesn't exist.]
fusionauth_1 | -> [class java.lang.IllegalArgumentException] The configuration file [/usr/local/fusionauth/fusionauth-app/apache-tomcat/../../config/fusionauth.properties] doesn't exist.
fusionauth_1 |
fusionauth_1 | ===================================================================================================
fusionauth_1 |
fusionauth_1 |
fusionauth_1 | May 10, 2019 1:16:35.873 PM ERROR org.primeframework.mvc.guice.GuiceBootstrap - Unable to start the server. Exception:
fusionauth_1 |
fusionauth_1 | com.google.inject.CreationException: Unable to create injector, see the following errors:
fusionauth_1 |
fusionauth_1 | 1) Error injecting constructor, java.lang.IllegalArgumentException: The configuration file [/usr/local/fusionauth/fusionauth-app/apache-tomcat/../../config/fusionauth.properties] doesn't exist.
fusionauth_1 | at io.fusionauth.api.configuration.PropertiesFileFusionAuthConfiguration.<init>(PropertiesFileFusionAuthConfiguration.java:35)
fusionauth_1 | at io.fusionauth.api.configuration.PropertiesFileFusionAuthConfiguration.class(PropertiesFileFusionAuthConfiguration.java:21)
fusionauth_1 | while locating io.fusionauth.api.configuration.PropertiesFileFusionAuthConfiguration
fusionauth_1 | at io.fusionauth.app.maintenance.guice.FusionAuthMaintenanceModeSilentConfigurationModule.configure(FusionAuthMaintenanceModeSilentConfigurationModule.java:30)
fusionauth_1 | while locating com.inversoft.configuration.InversoftConfiguration
fusionauth_1 | for the 1st parameter of com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService.downloadMySQLConnector(JDBCMaintenanceModeDatabaseService.java:67)
fusionauth_1 |
fusionauth_1 | 1 error
fusionauth_1 | at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:543) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:178) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:109) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.Guice.createInjector(Guice.java:87) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.Guice.createInjector(Guice.java:69) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.Guice.createInjector(Guice.java:59) ~[guice-4.2.0.jar:na]
fusionauth_1 | at org.primeframework.mvc.guice.GuiceBootstrap.initialize(GuiceBootstrap.java:58) ~[prime-mvc-1.13.2.jar:1.13.2]
fusionauth_1 | at com.inversoft.maintenance.servlet.MaintenanceModePrimeServletContextListener.contextInitialized(MaintenanceModePrimeServletContextListener.java:39) [inversoft-maintenance-mode-0.12.8.jar:0.12.8]
fusionauth_1 | at io.fusionauth.app.primeframework.FusionAuthAppPrimeServletContextListener.contextInitialized(FusionAuthAppPrimeServletContextListener.java:29) [fusionauth-app-1.5.0.jar:1.5.0]
fusionauth_1 | at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4792) [catalina.jar:8.5.31]
fusionauth_1 | at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5256) [catalina.jar:8.5.31]
fusionauth_1 | at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [catalina.jar:8.5.31]
fusionauth_1 | at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1421) [catalina.jar:8.5.31]
fusionauth_1 | at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1411) [catalina.jar:8.5.31]
fusionauth_1 | at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_171]
fusionauth_1 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_171]
fusionauth_1 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_171]
fusionauth_1 | at java.lang.Thread.run(Thread.java:748) [na:1.8.0_171]
fusionauth_1 | Caused by: java.lang.IllegalArgumentException: The configuration file [/usr/local/fusionauth/fusionauth-app/apache-tomcat/../../config/fusionauth.properties] doesn't exist.
fusionauth_1 | at com.inversoft.configuration.BasePropertiesFileInversoftConfiguration.initialize(BasePropertiesFileInversoftConfiguration.java:263) ~[inversoft-config-0.6.2.jar:0.6.2]
fusionauth_1 | at io.fusionauth.api.configuration.PropertiesFileFusionAuthConfiguration.initialize(PropertiesFileFusionAuthConfiguration.java:94) ~[fusionauth-api-1.5.0.jar:1.5.0]
fusionauth_1 | at com.inversoft.configuration.BasePropertiesFileInversoftConfiguration.initializeAndLogErrors(BasePropertiesFileInversoftConfiguration.java:323) ~[inversoft-config-0.6.2.jar:0.6.2]
fusionauth_1 | at com.inversoft.configuration.BasePropertiesFileInversoftConfiguration.<init>(BasePropertiesFileInversoftConfiguration.java:64) ~[inversoft-config-0.6.2.jar:0.6.2]
fusionauth_1 | at io.fusionauth.api.configuration.PropertiesFileFusionAuthConfiguration.<init>(PropertiesFileFusionAuthConfiguration.java:35) ~[fusionauth-api-1.5.0.jar:1.5.0]
fusionauth_1 | at io.fusionauth.api.configuration.PropertiesFileFusionAuthConfiguration$$FastClassByGuice$$62935ad5.newInstance(<generated>) ~[fusionauth-api-1.5.0.jar:1.5.0]
fusionauth_1 | at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:148) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:148) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.SingleMethodInjector.inject(SingleMethodInjector.java:82) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.InjectionRequestProcessor$StaticInjection.injectMembers(InjectionRequestProcessor.java:125) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.InjectionRequestProcessor.injectMembers(InjectionRequestProcessor.java:80) ~[guice-4.2.0.jar:na]
fusionauth_1 | at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:173) ~[guice-4.2.0.jar:na]
fusionauth_1 | ... 16 common frames omitted
Any plans to implement the possibility to use the folder structure? :) The database and elastic search are already able to run with the folder structure.
Best regards,
Jan
Now that we have a charts repo ( https://github.com/FusionAuth/charts ) does it make sense to remove all of the Helm charts stuff from this repo and just point to the charts repo in the README?
I'm an idiot with this stuff, so I'll happily take your advice.
Please add ping or telnet to docker file. It is useful to test external postgresql/elasticsearch networking.
apt-get install iputils-ping -y
I'm curious, I found you there: https://opensource.builders/
But this repo doens't have a license, and you link to this docker image: https://hub.docker.com/r/fusionauth/fusionauth-app that has no repo associated.
I'm just wondering, thanks for the clarification.
If someone wants to extend our base docker image and add additional JDK modules, we could optionally let them do this with a Docker arg I think.
Modify the docker file definition and add additional arguments to the jlink
command.
Just a bit of advice, the namespace is assumed default by default, remove the "namespace: default" designator from the manifest so that alternate namespace can be defined within kubectl.
DB
I'm looking at using FusionAuth in a Kubernetes environment, where my database is already hosted by Amazon RDS, but I'll be hosting FusionAuth-app and ElasticSearch in Amazon EKS (kubernetes).
CREATE DATABASE "fusionauth" ENCODING 'UTF-8' LC_CTYPE 'en_US.UTF-8' LC_COLLATE 'en_US.UTF-8' TEMPLATE template0;
CREATE ROLE "fusionauth" WITH LOGIN PASSWORD '<hidden>';
GRANT ALL PRIVILEGES ON DATABASE "fusionauth" TO "fusionauth";
ALTER DATABASE "fusionauth" OWNER TO "fusionauth";
If I provide the following environment variables:
DATABASE_URL: jdbc:postgresql://myrdsurl:5432/fusionauth
DATABASE_USER: fusionauth
DATABASE_PASSWORD: <hidden>
FUSIONAUTH_SEARCH_SERVERS: http://search:9200
FUSIONAUTH_URL: http://fusionauth:9011
And I omit:
DATABASE_ROOT_USER: foo
DATABASE_ROOT_PASSWORD: bar
Then I am always greeted with the "Silent Configuration Mode Failed" failed message.
Why is the root database password required when the username and database has already been setup in Postgres?
Hi all,
I'm surprise to discover a link on https://thepraetorians.net/ on the / page
What is this link ?
Looks like there's GA support for the m1 chip with Docker.
https://docs.docker.com/docker-for-mac/apple-silicon/
We should test our image on this hardware (it should work, but there may be issues with mysql as mentioned in the above link).
It looks like openjdk runs fine on m1: https://doesitarm.com/app/openjdk/
Hi Team,
May you please share the vCPU requirements and recommendations for each component on FusionAuth?
I am planning to run this on Kubernetes, so please tell me if there would be any issues with that?
When I build from these Dockerfiles, I get an image that properly contains the arm64 JDK/JRE, but when I pull from Dockerhub I get an arm64 image with an x86-64 JDK that fails to start. Not sure where the inconsistency was introduced, but just wanting to draw attention to it. Image tag latest
for platform linux/arm64 is currently broken.
I chose to utilize Load Balancer over the ingress controller, and I'm sure that's where this is coming from. Apart from which would be better to utilize in production (opinions are welcome), I'm curious to figure out how to fix it. I utilized the same configuration files, except for the istio
folder config files, and I already have elasticsearch running under a different namespace for logging for the k8 cluster.
With that said, I did need to add namespace: fusionauth
to the fusionauth DB PVC config file (since unlike the example, I was not using the default namespace).
I also had to change the URL in the fusionauth deployment for elasticsearch, since it was under a different namespace (elasticsearch.logging.svc.cluster.local
).
The only real major change was the fusionauth SVC configuration. I'm using the following.
apiVersion: v1
kind: Service
metadata:
name: fusionauth
namespace: fusionauth
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:..."
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
spec:
selector:
app: fusionauth
ports:
- name: http
protocol: TCP
port: 80
targetPort: 9011
- name: https
protocol: TCP
port: 443
targetPort: 9011
type: LoadBalancer
With the following configuration, everything appears to be working. Except, I have the following warning Your browser reported a request origin that is not equal to the actual HTTP request. Because these are not equal we will fail CSRF (Cross Site Request Forgery) validation when you submit a form that is using the POST method. If you attempt to create an Application, API key, User, etc you will receive an Unauthorized message.
which can be fixed with X-Forwarded-Proto: https
. Now, this is of course easy when using nginx reverse proxies, so I'm guessing that's why you're using the ingress controller. Can this be fixed with load balancers? Also, with this setup, I'm able to capture HTTP and HTTPS requests, but the user is not auto redirected to HTTPS.
see docker scan fusionauth/fusionauth-app:1.37.1
There are 13 vulnerabilities in apt/deb packages, and 11 vulnerabilities in maven packages.
Apt ones are usually fixed by running an apt-get upgrade
in the build of your release docker image. Maven ones I'm less sure about as I'm not a Java dev but Snyk recommends fixes.
Helm charts need migration for newer version of k8s as outlined in,
https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
Error when installing chart off tag 1.14.0 using kind below,
$ kind --version
kind version 0.7.0
:$ sudo kubectl version$ sudo kind --version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:20:10Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2020-01-14T00:09:19Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}
:
kind version 0.7.0
:$ sudo helm version/fusionauth-containers$ git branch
version.BuildInfo{Version:"v3.0.3", GitCommit:"ac925eb7279f4a6955df663a0128044a8a6b7593", GitTreeState:"clean", GoVersion:"go1.13.6"}
:
https://github.com/FusionAuth/fusionauth-containers/blob/master/docker/fusionauth/fusionauth-app/Dockerfile references version 1.17.1, which doesn't exist.
Latest as of bug filing is 1.17.0: https://hub.docker.com/r/fusionauth/fusionauth-app/tags
Re: #59
We added the option for anyone to add additional JDK modules and build their own image based upon our Dockerfile
. This was added to make it easier to add JMX support to the base image. This can be done by setting JDK_MODULES
.
If we think that many will want to use JMX, perhaps it makes sense to add these two modules to our base image if it doesn't add much bloat.
At a minimum, we would need to add jdk.management.agent
and if we want to support the HTTP connector, we'd also need to add jdk.httpserver
.
Hi all,
Mostly just curious if this is the preferred use over the fusionauth-search container. It feels like having both is redundant. I have been using this with luck locally but as im settling on automating some local dev things I'm wondering why there is an fa_search container at all if this is the preferred method or vice versa.
Would be good to get an understanding of why both are here?
FA stopped working for me and my teammates this week, even the example isn't working anymore. We're using Docker and docker-compose
.
Here's the output of the example:
fusionauth_1 | tty: ignoring all arguments
fusionauth_1 | not a tty
fusionauth_1 | /usr/local/fusionauth/fusionauth-app/apache-tomcat/bin/catalina.sh: /usr/local/fusionauth/fusionauth-app/apache-tomcat/bin/setenv.sh: line 59: curl: not found
When launching the v3 docker-compose in a swarm stack, the Elasticsearch container fails repeatedly and kills itself.
This error is recorded in the container log:
ERROR: [1] bootstrap checks failed
[1]: memory locking requested for elasticsearch process but memory is not locked
Apparently this is due to swarm ignoring the ulimits parameter.
Is there a way to run this app in swarm mode? Trying to get redundancy/resiliency for the application.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.