feat: support seeding default superuser via application.properties #565
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maranmaran
force-pushed
the
feature/support-default-superuser-from-application-props
branch
from
a725de5 to
f9106be
Compare
maranmaran
added a commit
to maranmaran/pulsar-manager
that referenced
this pull request
May 3, 2024
|
👋 👋 @lhotari Hey man, some tiny hiccups, I just adjusted my IDE and am good to go. I have another branch ready to update docs about this change. Additionally, I have experienced this #567 and I can't run the backend. |
This was referenced May 10, 2024
Merged
|
thanks for doing this. When is this going to be released (new image version pushed to docker)? |
|
can you please ask on [email protected] for the release ? we don't have a time based release, we do releases only when there is someone who needs them (or in case of security hotfixes, of course) |
|
for those who are interested in using master version of the image, but does not want too much hassle with local build, here is the workaround: docker-compose.yaml: pulsar:
...
pulsar-manager:
build:
context: .
additional_contexts:
git: https://github.com/apache/pulsar-manager.git#master
dockerfile: pulsar-manager.Dockerfile
ports:
- "9527:9527"
- "7750:7750"
depends_on:
pulsar:
condition: service_healthy
environment:
SPRING_CONFIGURATION_FILE: /pulsar-manager/custom-config/application.properties
volumes:
- ./custom-config:/pulsar-manager/custom-configIn your project folder (where you run # # Stage 1: Build the application
FROM openjdk:8-jdk AS builder
# Install build tools including Node.js for front-end build
RUN apt-get update && \
apt-get install -y git curl && \
curl -fsSL https://deb.nodesource.com/setup_16.x | bash - && \
apt-get install -y nodejs && \
npm install -g yarn
WORKDIR /pulsar-manager
COPY --from=git . .
# ENV NODE_OPTIONS=--openssl-legacy-provider
RUN cd front-end && npm install && npm run build:prod
# # Build the backend
RUN set -eux; apt-get update; apt-get install -y --no-install-recommends ca-certificates curl netbase wget ; rm -rf /var/lib/apt/lists/*
RUN set -ex; if ! command -v gpg > /dev/null; then apt-get update; apt-get install -y --no-install-recommends gnupg dirmngr ; rm -rf /var/lib/apt/lists/*; fi
RUN set -eux; apt-get update; apt-get install -y --no-install-recommends bzip2 unzip xz-utils fontconfig libfreetype6 ca-certificates p11-kit ; rm -rf /var/lib/apt/lists/*
ENV JAVA_HOME=/usr/local/openjdk-8
RUN { echo '#/bin/sh'; echo 'echo "$JAVA_HOME"'; } > /usr/local/bin/docker-java-home && chmod +x /usr/local/bin/docker-java-home && [ "$JAVA_HOME" = "$(docker-java-home)" ] # backwards compatibility
ENV PATH=/usr/local/openjdk-8/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV LANG=C.UTF-8
ENV JAVA_VERSION=8u342
RUN set -eux; arch="$(dpkg --print-architecture)"; case "$arch" in 'amd64') downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_x64_linux_8u342b07.tar.gz'; ;; 'arm64') downloadUrl='https://github.com/AdoptOpenJDK/openjdk8-upstream-binaries/releases/download/jdk8u342-b07/OpenJDK8U-jre_aarch64_linux_8u342b07.tar.gz'; ;; *) echo >&2 "error: unsupported architecture: '$arch'"; exit 1 ;; esac; wget --progress=dot:giga -O openjdk.tgz "$downloadUrl"; wget --progress=dot:giga -O openjdk.tgz.asc "$downloadUrl.sign"; export GNUPGHOME="$(mktemp -d)"; gpg --batch --keyserver keyserver.ubuntu.com --recv-keys EAC843EBD3EFDB98CC772FADA5CD6035332FA671; gpg --batch --keyserver keyserver.ubuntu.com --keyserver-options no-self-sigs-only --recv-keys CA5F11C6CE22644D42C6AC4492EF8D39DC13168F; gpg --batch --list-sigs --keyid-format 0xLONG CA5F11C6CE22644D42C6AC4492EF8D39DC13168F | tee /dev/stderr | grep '0xA5CD6035332FA671' | grep 'Andrew Haley'; gpg --batch --verify openjdk.tgz.asc openjdk.tgz; gpgconf --kill all; rm -rf "$GNUPGHOME"; mkdir -p "$JAVA_HOME"; tar --extract --file openjdk.tgz --directory "$JAVA_HOME" --strip-components 1 --no-same-owner ; rm openjdk.tgz*; { echo '#!/usr/bin/env bash'; echo 'set -Eeuo pipefail'; echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/lib/security/cacerts"'; } > /etc/ca-certificates/update.d/docker-openjdk; chmod +x /etc/ca-certificates/update.d/docker-openjdk; /etc/ca-certificates/update.d/docker-openjdk; find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; ldconfig; java -version
RUN ./gradlew build -x test
# ================================ Mostly original https://github.com/apache/pulsar-manager/blob/master/docker/Dockerfile ================================
FROM eclipse-temurin:17-jre-jammy
COPY --from=builder /pulsar-manager /pulsar-manager
# ARG BUILD_DATE
# ARG VCS_REF
# ARG VERSION
# LABEL org.label-schema.build-date=$BUILD_DATE \
# org.label-schema.name="Apache Pulsar Manager" \
# org.label-schema.description="An Apache Pulsar Manager for management Pulsar clusters" \
# org.label-schema.url="https://github.com/apache/pulsar-manager" \
# org.label-schema.vcs-ref=$VCS_REF \
# org.label-schema.vcs-url="https://github.com/apache/pulsar-manager" \
# org.label-schema.vendor="Apache Software Foundation" \
# org.label-schema.version=$VERSION \
# org.label-schema.schema-version="1.0"
RUN apt-get update
RUN apt-get install --yes nginx supervisor postgresql \
&& rm -rf /tmp/* \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p /run/nginx
WORKDIR /pulsar-manager
RUN ls -Al /pulsar-manager/build/distributions/pulsar-manager.tar
COPY --from=builder /pulsar-manager/build/distributions/pulsar-manager.tar .
RUN tar -xf pulsar-manager.tar
RUN rm -r pulsar-manager.tar
COPY --from=builder /pulsar-manager/docker/supervisord.conf /etc/
COPY --from=builder /pulsar-manager/docker/supervisord-token.conf /etc/
COPY --from=builder /pulsar-manager/docker/supervisord-private-key.conf /etc/
COPY --from=builder /pulsar-manager/docker/supervisord-secret-key.conf /etc/
COPY --from=builder /pulsar-manager/docker/supervisord-configuration-file.conf /etc/
COPY --from=builder /pulsar-manager/docker/default.conf /etc/nginx/conf.d/
COPY --from=builder /pulsar-manager/docker/startup.sh /pulsar-manager/
COPY --from=builder /pulsar-manager/docker/init_db.sql /pulsar-manager/
COPY --from=builder /pulsar-manager/docker/entrypoint.sh /pulsar-manager/
COPY --from=builder /pulsar-manager/front-end/dist /usr/share/nginx/html/
ENTRYPOINT [ "/pulsar-manager/entrypoint.sh" ]And in your project folder you also create a |
liangyepianzhou
pushed a commit
that referenced
this pull request
Jan 12, 2025
) * feat: support default superuser * seed only necessary props add enable flag * remove obsolete pulsar-manager.account * import * fix build - imports * disable superuser seed flag by default * queue pr checks * adjust check (cherry picked from commit 5e3eebd)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #563
Motivation
I'm working on integrating apache pulsar into .NET Aspire
Next to pulsar I wish to deliver a management UI, pulsar manager. Like Kafka and Rabbit do.
Here's my implementation
Right now, in order for me to seed default superuser, I must do this gymnastics of waiting for container and backend to be ready then acquire token, then issue put request.
This is clumsy a little and there should be a way to provide some default superuser via configuration. Like rabbit does, SQL, bunch of other tools.
In particular I'm afraid that Aspire team won't accept a solution like this one
Where I subscribe lifecycle hooks of container and then retry loop till I seed the user.
It works, but it feels too "hacky"
Modifications
In
PulsarApplicationListenerimplementedseedDefaultSuperuserRemoved obsolete
pulsar-manager.accountVerifying this change
./gradlew buildchecks.