Keycloak-gatekeeper cannot decode "state" due to "illegal base64 data" - keycloak

I am getting this error from keycloak-gatekeeper when trying to access protected resources
unable to decode the state parameter {"state": "8d07f10b-d096-4241-8a42-9f169de11352", "error": "illegal base64 data at input byte 8"}
Here is my docker-compose:
version: '3'
services:
keycloak-proxy:
image: "keycloak/keycloak-gatekeeper"
environment:
- PROXY_LISTEN=0.0.0.0:3000
- PROXY_DISCOVERY_URL=http://keycloak.example.com:8181/auth/realms/realmcom
- PROXY_CLIENT_ID=webapp
- PROXY_CLIENT_SECRET=0b57186c-e939-48ff-aa17-cfd3e361f65e
- PROXY_UPSTREAM_URL=http://test-server:8000
ports:
- "8282:3000"
command:
- "--verbose"
- "--enable-refresh-tokens=true"
- "--enable-default-deny=true"
- "--resources=uri=/*"
- "--enable-session-cookies=true"
- "--encryption-key=AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j"
test-server:
image: "test-server"

It seems to be a bug - https://github.com/keycloak/keycloak-gatekeeper/pull/433#issuecomment-443123758. Could you please file a Jira (https://issues.jboss.org/browse/KEYCLOAK), add the affected version and steps to reproduce the issue?

Related

Error when opening home page in business central when using PLANNER_AND_RULES profile

I'm trying out RedHat's Business Central using a docker-compose file as described in https://github.com/jboss-dockerfiles/business-central. At startup it runs a kie-server (quay.io/kiegroup/kie-server-showcase:7.67.0.Final) and a business-central webserver (quay.io/kiegroup/business-central-workbench-showcase:7.67.0.Final).
Because I'm only interested in the drools part and not the jbpm part, I starting the business-central server with -Dorg.kie.workbench.profile=PLANNER_AND_RULES as described in https://docs.jboss.org/drools/release/7.67.0.Final/drools-docs/html_single/#_selecting_a_profile
After login with admin I receive the following error:
business-central_1 | 18:11:13,321 ERROR [org.kie.workbench.common.services.backend.logger.GenericErrorLoggerServiceImpl] (default task-2) Error from user: admin Error ID: -1427996616 Location: HomePerspective|org.kie.workbench.common.screens.home.client.HomePresenter Exception: Uncaught exception: Client-side exception occurred although RPC call succeeded. Caused by: The profile is not expected and profile to define product name
Below, you can find the docker-compose file used:
version: "3.2"
services:
business-central:
image: quay.io/kiegroup/business-central-workbench-showcase:7.67.0.Final
ports:
- "8090:8080"
- "8091:8001"
environment:
KIE_SERVER_LOCATION: http://kie-server:8080/kie-server/services/rest/server
JAVA_OPTS: "-Xms256m -Xmx2048m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=512m -Djava.net.preferIPv4Stack=true -Dfile.encoding=UTF-8 -Dorg.kie.workbench.profile=PLANNER_AND_RULES"
kie-server:
image: quay.io/kiegroup/kie-server-showcase:7.67.0.Final
environment:
KIE_SERVER_ID: sample-server
KIE_SERVER_LOCATION: http://kie-server:8080/kie-server/services/rest/server
KIE_SERVER_CONTROLLER: http://business-central:8080/business-central/rest/controller
KIE_MAVEN_REPO: http://business-central:8080/business-central/maven2
ports:
- "8092:8080"
depends_on:
- business-central
volumes:
business-central_data:
UPDATE: on 2022-04-07
I also looked at the source code in github but couldn't find any reference to PLANNER_AND_RULES. I looked at several repo's in https://github.com/kiegroup/:
https://github.com/kiegroup/drools
https://github.com/kiegroup/droolsjbpm-build-bootstrap
https://github.com/kiegroup/droolsjbpm-knowledge
https://github.com/kiegroup/kie-soup
I have no idea how where to look for ;-(.
I found a very disturbing picture on explaining all the repo's that are being used, but it would be good if someone pointed out what repo to look for :-).

Is it a good idea to add meta data in a docker-compose file

I plan to add meta information in my docker-compose files, but I don't know if it's possible/a good way.
Figure this service, and the meta key:
OldMongoDB:
image: mongo:3.2
environment:
- URL: mongodb://localhost:27015
ports:
- "27015:27017"
meta:
- meta1: "some value usefull in tests"
- meta2: "other value usefull in tests"
Is it good for you to store additional values inside a docker-compose?
This is to be used by test scripts.

Unable to run Sonarqube analysis from cloudbuild.yaml with Google Cloud build

I have integrated my github repo with Google cloud build to automatically build a docker images after every commit in github. This is working fine, but now I want to do sonarqube analysis on code before Docker image building process. So for that I have integrated the sonarqube part in cloudbuild.yaml file. But not able to run it.
I have followed the steps provided in link: https://github.com/GoogleCloudPlatform/cloud-builders-community/tree/master/sonarqube
and pushed the sonar-scanner image in google container registry.
My sonarqube server is running on a GCP instance. On every commit in github, cluod build automatically triggered and start doing task mentioned in cloudbuild.yaml file
Dockerfile:
FROM nginx
COPY ./ /usr/share/nginx/html
cloudbuild.yaml :
steps:
- name: 'gcr.io/PROJECT_ID/sonar-scanner:latest'
args:
- '-Dsonar.host.url=sonarqube_url'
- '-Dsonar.login=c2a7631a6e402c338739091ffbc30e5e3d66cf19'
- '-Dsonar.projectKey=sample-project'
- '-Dsonar.sources=.'
- name: 'gcr.io/cloud-builders/docker'
args: [ 'build', '-t', 'gcr.io/PROJECT_ID/html-css-website', '.' ]
images:
- 'gcr.io/PROJECT_ID/html-css-website'
Error:
Status: Build failed
Status detail: failed unmarshalling build config cloudbuild.yaml: yaml: line 3: did not find expected key
If the formatting you've pasted actually matches what you've got in your project then your issue is that the args property within the first steps block is indented too far: it should be aligned with the name property above it.
---
steps:
- name: "gcr.io/PROJECT_ID/sonar-scanner:latest"
args:
- "-Dsonar.host.url=sonarqube_url"
- "-Dsonar.login=c2a7631a6e402c338739091ffbc30e5e3d66cf19"
- "-Dsonar.projectKey=sample-project"
- "-Dsonar.sources=."
- name: "gcr.io/cloud-builders/docker"
args:
- "build"
- "-t"
- "gcr.io/PROJECT_ID/html-css-website"
- "."
images:
- "gcr.io/PROJECT_ID/html-css-website"

How to set node-exporter of Prometheus

How to set node-exporter of Prometheus for collecting host metrics in docker-swarm
version: '3.3'
services:
node-exporter:
image: prom/node-exporter
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /:/rootfs:ro
command:
- '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys'
- --collector.filesystem.ignored-mount-points
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
- '--collector.textfile.directory=/etc/node-exporter/'
- '--collector.enabled="conntrack,diskstats,entropy,filefd,filesystem,loadavg,mdadm,meminfo,netdev,netstat,stat,textfile,time,vmstat,ipvs"'
ports:
- 9100:9100
i am getting this error:- node_exporter: error: unknown long flag '--collector.enabled', try --help
what's wrong about last line under command section in this docker-compose file & if wrongly set/passed, how to pass it correctly.
Try to use --collector.[collector_name] (e.g. --collector.diskstats) keys instead of --collector.enabled as it does not work anymore since 0.15 version or higher.
For multiple collectors you can try as below after version "< 0.15":
--collector.processes --collector.ntp ...... so on
In the older version " > 0.15 " we were using as below for specific collectors:
--collectors.enabled meminfo,loadavg,filesystem

Send email with Gitlab docker image

Here's my goal, I would like to configure emails for my Gitlab server. I followed a lot of tutorials but I can't make it work.
My configuration is the following, I've got a reverse-proxy in a Docker container and my Gitlab server also in a Docker container.
About versions :
Docker version 17.09.0-ce, build afdb6d4
docker-compose version 1.16.1, build 6d1ac21
Here's my docker-compose.yml file
version: '3.3'
networks:
proxy:
external: true
internal:
external: false
services:
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
environment:
- TZ=Europe/Paris
- GITLAB_TIMEZONE=Paris
- IMAP_USER=USER#GMAIL.COM
- IMAP_PASSWORD=MYGMAILPASS
- GITLAB_INCOMING_EMAIL_ADDRESS=USERGMAIL+%{key}#gmail.com
volumes:
- /srv/gitlab/config:/etc/gitlab
- /srv/gitlab/logs:/var/log/gitlab
- /srv/gitlab/data:/var/opt/gitlab
restart: always
labels:
- traefik.backend=gitlab
- traefik.frontend.rule=Host:git.domain.com
- traefik.docker.network=proxy
- traefik.port=80
- traefik.frontend.entryPoints=http,https
networks:
- internal
- proxy
I followed this tutorial which seems to be good :
https://github.com/sameersbn/docker-gitlab#available-configuration-parameters
I must miss something in my configuration but I can't figure out what is it ...
Does anyone can help me to configure email sending ? I don't know either the proper way to test email sending from GitLab.
Is the best way is to configure from docker-compose environment variables or directly from gitlab.rb file ?
Some help would be much appreciated
The instructions you followed are for a different docker image than the one you're actually using. You also set up IMAP, which is for receiving emails. In GitLab's case, it's for replying to issues by email.
What you want are the SMTP settings. The GitLab docker image does not come with sendmail installed, so you will have to follow the instructions here to set up SMTP in GitLab: https://docs.gitlab.com/omnibus/settings/smtp.html#example-configuration
You can dump gitlab.rb configuration right in your docker-compose under the environment section. My Fastmail setup for reference:
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "***"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "***"
gitlab_rails['smtp_password'] = "***"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'