axing 发布的文章 - 星的博客

登录 / 注册

标签搜索

星

累计撰写 117 篇文章
累计收到 940 条评论

搜索到 115 篇与的结果

2025-08-19
ArgoCD快速体验一、gitlab仓库配置创建一个名为Argo Demo的仓库，在manifests目录下仅包含应用的yaml文件，文件内容如下apiVersion: apps/v1 kind: Deployment metadata: name: myapp namespace: default spec: selector: matchLabels: app: myapp template: metadata: labels: app: myapp spec: containers: - name: myapp image: ikubernetes/myapp:v1 resources: limits: memory: "128Mi" cpu: "500m" ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: myapp namespace: default spec: type: ClusterIP selector: app: myapp ports: - port: 80 targetPort: 80 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: myapp namespace: default spec: entryPoints: - web routes: - match: Host(`myapp.test.com`) kind: Rule services: - name: myapp port: 80 gitlab仓库如下：二、vargocd配置 2.1添加仓库地址添加仓库地址，Settings → Repositories，点击 CONNECT REPO 按钮添加仓库，填写以下信息验证通过后显示如下，点击创建应用创建应用创建完后如下所示三、访问验证 3.1验证应用部署状态查看k8s创建的资源信息，发现已经成功创建了对应的资源root@k8s-01:~/argocd# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-fd4fd598f-kkrck 1/1 Running 0 113s root@k8s-01:~/argocd# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19d myapp ClusterIP 10.101.17.194 <none> 80/TCP 2m2s root@k8s-01:~/argocd# kubectl get ingressroute NAME AGE myapp 2m13s 访问web页面验证3.2版本更新接下来模拟配置变更，将镜像版本从v1改为v2Argo CD默认每180秒同步一次，查看argocd信息，发现已经自动同步了yaml文件，并且正在进行发布访问web页面状态，发现已经完成了发布工作。此时整个应用关联关系如下3.3版本回退点击history and rollback即可看到整个应用的所有发布记录，并且可以选择指定版本进行回退操作。再次访问发现已经回退到v1版本
- 2025年08月19日
- 7 阅读
- 0 评论
- 0 点赞
2025-08-19
ArgoCD部署一、安装Argo CD 1.1创建nskubectl create namespace argocd1.2安装argocdkubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml注意事项：默认下载的是最新版argocd，安装argocd时，务必参阅支持的k8s版本列表，否则会出现安装失败pod运行异常的情况。参考文档：https://argo-cd.readthedocs.io/en/stable/operator-manual/installation/#supported-versions 由于k8s集群版本为1.27.6。因此安装的argo cd版本为2.11.3，yaml文件地址：https://github.com/argoproj/argo-cd/blob/v2.11.3/manifests/install.yaml执行成功后会在argocd的namespace下创建如下资源。 root@k8s-01:~/argocd# kubectl get all -n argocd NAME READY STATUS RESTARTS AGE pod/argocd-application-controller-0 1/1 Running 0 4m9s pod/argocd-applicationset-controller-7c75857ff5-9lrzm 1/1 Running 0 4m9s pod/argocd-dex-server-7496f974df-p9ms2 1/1 Running 0 92s pod/argocd-notifications-controller-66f486587f-grsgd 1/1 Running 0 4m9s pod/argocd-redis-544dbfdbc5-sbvn8 1/1 Running 0 4m9s pod/argocd-repo-server-87d6bf9b7-txql5 1/1 Running 0 4m9s pod/argocd-server-b54fdb74d-jsfwr 1/1 Running 0 4m9s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 4m9s service/argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 4m9s service/argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 4m9s service/argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 4m9s service/argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 4m9s service/argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 4m9s service/argocd-server ClusterIP 10.102.209.251 <none> 80/TCP,443/TCP 4m9s service/argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 4m9s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/argocd-applicationset-controller 1/1 1 1 4m9s deployment.apps/argocd-dex-server 1/1 1 1 4m9s deployment.apps/argocd-notifications-controller 1/1 1 1 4m9s deployment.apps/argocd-redis 1/1 1 1 4m9s deployment.apps/argocd-repo-server 1/1 1 1 4m9s deployment.apps/argocd-server 1/1 1 1 4m9s NAME DESIRED CURRENT READY AGE replicaset.apps/argocd-applicationset-controller-7c75857ff5 1 1 1 4m9s replicaset.apps/argocd-dex-server-7496f974df 1 1 1 4m9s replicaset.apps/argocd-notifications-controller-66f486587f 1 1 1 4m9s replicaset.apps/argocd-redis-544dbfdbc5 1 1 1 4m9s replicaset.apps/argocd-repo-server-87d6bf9b7 1 1 1 4m9s replicaset.apps/argocd-server-b54fdb74d 1 1 1 4m9s NAME READY AGE statefulset.apps/argocd-application-controller 1/1 4m9s root@k8s-01:~/argocd# 二、web访问argocd访问Argo server的方式有两种： 1. 通过web ui 2. 使用argocd 客户端工具2.1访问web ui(NodePort方式)通过kubectl edit -n argocd svc argocd-server将service的type类型从ClusterIP改为NodePort。改完后通过以下命令查看端口：root@k8s-01:~/argocd# kubectl get svc -n argocd NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 9m34s argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 9m34s argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 9m34s argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 9m34s argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 9m34s argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 9m34s argocd-server ClusterIP 10.102.209.251 <none> 80/TCP,443/TCP 9m34s argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 9m34s root@k8s-01:~/argocd# root@k8s-01:~/argocd# root@k8s-01:~/argocd# root@k8s-01:~/argocd# root@k8s-01:~/argocd# kubectl edit -n argocd svc argocd-serve Error from server (NotFound): services "argocd-serve" not found root@k8s-01:~/argocd# kubectl edit -n argocd svc argocd-server service/argocd-server edited root@k8s-01:~/argocd# kubectl get svc -n argocd NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE argocd-applicationset-controller ClusterIP 10.108.48.9 <none> 7000/TCP,8080/TCP 12m argocd-dex-server ClusterIP 10.104.66.145 <none> 5556/TCP,5557/TCP,5558/TCP 12m argocd-metrics ClusterIP 10.110.242.240 <none> 8082/TCP 12m argocd-notifications-controller-metrics ClusterIP 10.108.2.224 <none> 9001/TCP 12m argocd-redis ClusterIP 10.111.74.193 <none> 6379/TCP 12m argocd-repo-server ClusterIP 10.111.94.151 <none> 8081/TCP,8084/TCP 12m argocd-server NodePort 10.102.209.251 <none> 80:31232/TCP,443:32542/TCP 12m argocd-server-metrics ClusterIP 10.99.167.144 <none> 8083/TCP 12m https://192.168.30.180:31232/2.2获取admin密码用户名为admin，密码通过以下方式获取。 root@k8s-01:~/argocd# kubectl get secrets argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d DCg5oVXU8Xd-rNMW root@k8s-01:~/argocd# 2.3访问web ui(ingress方式)访问web ui必须使用https方式访问，以traefik为例，创建ingressroute资源 # 创建证书文件 root@k8s-01:~/argocd# kubectl get secrets argocd-initial-admin-secret -n argocd -o jsonpath="{.data.password}" | base64 -d DCg5oVXU8Xd-rNMWroot@kopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=argocd.local.com"rgocd.local.com" ..+..........+......+..+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+...+.....+....+...+..+...+....+...+..................+...+...............+.....+.+...+......+.........+..+...+.+.....+.+......+..+.............+............+..+....+.....+....+....................+..........+.....+...+...+.+.........+.....+......+.+..+.......+......+........+.+.....+.............+..+.............+.....+.+......+......+.....+.........+.+..+............+....+..+...+.+...+..+..........+...........+...+....+......+......+...+.....+.+..+........................+.+..+.............+..+.+.........+...+..+......+.+.....+.+..............+......+....+...+...........+..........+..+.........+...+.............+..+.+.....+......+...+......+....+......+.........+.....+.+..+.........................+..+............+.+...+......+...........+....+...+........+...+.+.....+......+...+.........+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ..........+...+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+.....+.+.........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- root@k8s-01:~/argocd# kubectl create secret tls argocd-tls --cert=tls.crt --key=tls.key -n argocd secret/argocd-tls created root@k8s-01:~/argocd# kubectl describe secrets argocd-tls -n argocd Name: argocd-tls Namespace: argocd Labels: <none> Annotations: <none> Type: kubernetes.io/tls Data ==== tls.crt: 1131 bytes tls.key: 1704 bytes #创建ingress资源 root@k8s-01:~/argocd# cat ingress.yaml apiVersion: traefik.io/v1alpha1 kind: ServersTransport metadata: name: argocd-transport namespace: argocd spec: serverName: "argocd.local.com" insecureSkipVerify: true --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: argocd-tls namespace: argocd spec: entryPoints: - websecure routes: - match: Host(`argocd.local.com`) kind: Rule services: - name: argocd-server port: 443 serversTransport: argocd-transport tls: secretName: argocd-tls root@k8s-01:~/argocd# kubectl apply -f ingress.yaml serverstransport.traefik.io/argocd-transport created ingressroute.traefik.io/argocd-tls created添加hosts解析记录 192.168.30.180 argocd.local.com三、客户端工具访问argocd 3.1下载argocd客户端工具root@k8s-01:~/argocd# ls argocd-linux-amd64 ingress.yaml install.yaml tls.crt tls.key root@k8s-01:~/argocd# mv argocd-linux-amd64 /usr/local/bin/argocd root@k8s-01:~/argocd# chmod u+x /usr/local/bin/argocd root@k8s-01:~/argocd# argocd version argocd: v2.11.3+3f344d5 BuildDate: 2024-06-06T08:42:00Z GitCommit: 3f344d54a4e0bbbb4313e1c19cfe1e544b162598 GitTreeState: clean GoVersion: go1.21.9 Compiler: gc Platform: linux/amd64 FATA[0000] Argo CD server address unspecified 3.2客户端工具登录argocdroot@k8s-01:~/argocd# argocd login argocd.local.com:30443 --username admin --password DCg5oVXU8Xd-rNMW WARNING: server certificate had error: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead. Proceed insecurely (y/n)? y WARN[0020] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. 'admin:login' logged in successfully Context 'argocd.local.com:30443' updated 3.3修改密码root@k8s-01:~/argocd# argocd account update-password --account admin --current-password DCg5oVXU8Xd-rNMW --new-password '30044844Abc@' WARN[0000] Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web. Password updated Context 'argocd.local.com:30443' updated
- 2025年08月19日
- 5 阅读
- 0 评论
- 0 点赞
2025-08-19
ArgoCD简介一、ArgoCD简介Argo CD 是 Kubernetes 生态中非常受欢迎的 GitOps 工具。Argo CD 可以整合我们的代码仓库，轻松定义一组应用程序，并在多 Kubernetes 集群中轻松部署我们定义的应用程序，部署完成之后 Argo CD 可以持续监控应用的状态，根据我们对应用的声明捕捉偏移，进行持续的部署。二、工作流程 1. Argo CD 从 Git Repo 拉取应用的配置，部署在 Kubernetes 集群中。 2. 当有人新增功能时，提交一个 Pull Requests 到 Git Repo 修改应用的部署配置，等待合并。 3. 在 Pull Requests 合并之后，通过 Webhook 触发 Argo CD 执行更新操作。 4. 应用得到更新，发送通知三、架构组件在 Argo CD 的处理逻辑中，定义了四个组件： 1. Event Source，接入各种事件消息 2. Sensor，将消息转换为触发的动作 3. Eventbus，消息订阅路由系统 4. Trigger，触发外部的实际动作对于运维人员，需要了解的主要是两点： Argo CD 可以处理什么事件？ AMQP、AWS SNS、AWS SQS、Cron Schedules、GCP PubSub、GitHub、GitLab、HDFS、File Based Events、Kafka、Minio、NATS、MQTT、K8s Resources、Slack、NetApp StorageGrid、Webhooks、Stripe、NSQ、Emitter、Redis、Azure Events Hub Argo CD 可以处理执行哪些动作？ Argo Workflows、Standard K8s Objects、HTTP Requests、AWS Lambda、NATS Messages、Kafka Messages、Slack Notifications、Argo Rollouts CR、Custom / Build Your Own Triggers、Apache OpenWhisk四、ArgoCD部署方式
- 2025年08月19日
- 6 阅读
- 0 评论
- 0 点赞
2025-08-14
thingsboard 安装部署一、安装 Java (OpenJDK 17)#ThingsBoard 3.x+ 需要 Java 11 或更高版本。Rocky Linux 9 仓库默认提供 OpenJDK 17。 sudo dnf install -y java-17-openjdk-devel #验证安装 java -version二、安装postgresql#如果有服务端的话安装客户端即可 sudo dnf install postgresql #ThingsBoard 使用 PostgreSQL 作为主数据库。Rocky Linux 9 默认仓库提供较新版本的 PostgreSQL（如 13 或更高）。 #安装 PostgreSQL Server & Client sudo dnf install -y postgresql-server postgresql-contrib #初始化数据库（如果尚未初始化） sudo postgresql-setup --initdb --unit postgresql #启动并启用 PostgreSQL 服务 sudo systemctl enable postgresql sudo systemctl start postgresql 三、创建 ThingsBoard 数据库和用户[root@localhost ~]# psql -h 192.168.30.23 -p 5432 -U postgres Password for user postgres: psql (13.20, server 12.22) Type "help" for help. postgres=# CREATE USER thingsboard WITH PASSWORD 'axing123456'; CREATE ROLE postgres=# CREATE DATABASE thingsboard WITH OWNER thingsboard; CREATE DATABASE postgres=# GRANT ALL PRIVILEGES ON DATABASE thingsboard TO thingsboard; GRANT postgres=# \q -- 创建一个名为 thingsboard 的新用户（role），并设置密码（请替换 'PUT_YOUR_STRONG_PASSWORD_HERE' 为强密码！） CREATE USER thingsboard WITH PASSWORD 'PUT_YOUR_STRONG_PASSWORD_HERE'; -- 创建一个名为 thingsboard 的新数据库，并指定所有者（owner）为刚刚创建的 thingsboard 用户 CREATE DATABASE thingsboard WITH OWNER thingsboard; -- 授予新用户所有权限 (通常 CREATE USER 和 CREATE DATABASE 已隐含足够权限，此步可选但推荐) GRANT ALL PRIVILEGES ON DATABASE thingsboard TO thingsboard; -- 退出 psql \q四、配置 ThingsBoard 存储库#下载地址 https://github.com/thingsboard/thingsboard/releases/tag/v3.9 #安装 [root@rabbit3 ~]# ls anaconda-ks.cfg mq redis.tar thingsboard-3.9.rpm [root@rabbit3 ~]# sudo dnf install -y ./thingsboard-3.9.rpm 五、初始化数据库 Schema#执行 vi /usr/share/thingsboard/conf/thingsboard.yml 修改postgresql连接地址和账号密码[root@rabbit3 ~]# sudo /usr/share/thingsboard/bin/install/install.sh --loadDemo OpenJDK 64-Bit Server VM warning: Option UseBiasedLocking was deprecated in version 15.0 and will likely be removed in a future release. ______ __ _ ____ __ /_ __/ / /_ (_) ____ ____ _ _____ / __ ) ____ ____ _ _____ ____/ / / / / __ \ / / / __ \ / __ `/ / ___/ / __ | / __ \ / __ `/ / ___/ / __ / / / / / / / / / / / / / / /_/ / (__ ) / /_/ / / /_/ // /_/ / / / / /_/ / /_/ /_/ /_/ /_/ /_/ /_/ \__, / /____/ /_____/ \____/ \__,_/ /_/ \__,_/ /____/ =================================================== :: ThingsBoard :: (v3.9.0) =================================================== Starting ThingsBoard Installation... Installing DataBase schema for entities... Installing SQL DataBase schema part: schema-entities.sql Installing SQL DataBase schema indexes part: schema-entities-idx.sql Installing SQL DataBase schema PostgreSQL specific indexes part: schema-entities-idx-psql-addon.sql Installing SQL DataBase schema views and functions: schema-views-and-functions.sql Successfully executed query: DROP VIEW IF EXISTS device_info_view CASCADE; Successfully executed query: CREATE OR REPLACE VIEW device_info_view AS SELECT * FROM device_info_active_attribute_view; Installing DataBase schema for timeseries... Installing SQL DataBase schema part: schema-ts-psql.sql Successfully executed query: CREATE TABLE IF NOT EXISTS ts_kv_indefinite PARTITION OF ts_kv DEFAULT; Loading system data... Creating JWT admin settings... Loading system widgets Loading system SCADA symbols Creating default notification configs for system admin Creating default notification configs for all tenants Loading system images and resources... Loading demo data... Installation finished successfully! ThingsBoard installed successfully! [root@rabbit3 ~]# sudo systemctl enable thingsboard sudo systemctl start thingsboard #查看状态 [root@rabbit3 ~]# sudo systemctl status thingsboard ● thingsboard.service - thingsboard Loaded: loaded (/usr/lib/systemd/system/thingsboard.service; enabled; preset: disabled) Active: active (running) since Thu 2025-08-14 10:05:16 CST; 3s ago Main PID: 7315 (thingsboard.jar) Tasks: 25 (limit: 48682) Memory: 209.7M CPU: 7.018s CGroup: /system.slice/thingsboard.service ├─7315 /bin/bash /usr/share/thingsboard/bin/thingsboard.jar └─7330 /usr/bin/java -Dsun.misc.URLClassPath.disableJarChecking=true -Dplatform=rpm -Dinstall.data_dir=/usr/share/thingsboard/data "-Xlog:gc*,heap*,age*,safepoint=debug:file=/var/log/thingsboard/gc.log:time,uptime,l> Aug 14 10:05:16 rabbit3 thingsboard.jar[7330]: OpenJDK 64-Bit Server VM warning: Option UseBiasedLocking was deprecated in version 15.0 and will likely be removed in a future release. Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: ______ __ _ ____ __ Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: /_ __/ / /_ (_) ____ ____ _ _____ / __ ) ____ ____ _ _____ ____/ / Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: / / / __ \ / / / __ \ / __ `/ / ___/ / __ | / __ \ / __ `/ / ___/ / __ / Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: / / / / / / / / / / / / / /_/ / (__ ) / /_/ / / /_/ // /_/ / / / / /_/ / Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: /_/ /_/ /_/ /_/ /_/ /_/ \__, / /____/ /_____/ \____/ \__,_/ /_/ \__,_/ Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: /____/ Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: =================================================== Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: :: ThingsBoard :: (v3.9.0) Aug 14 10:05:18 rabbit3 thingsboard.jar[7330]: =================================================== 六、访问webhttp://192.168.30.26:8080/ 系统管理员: Username: tenant@thingsboard.org Password: tenant 租户管理员: Username: customer@thingsboard.org Password: customer （重要！）首次登录后立即更改这些默认密码！#日志查看 sudo tail -f /var/log/thingsboard/thingsboard.log
- 2025年08月14日
- 5 阅读
- 0 评论
- 0 点赞
2025-08-13
keycloak安装一、关闭防火墙sudo systemctl stop firewalld sudo systemctl disable firewalld二、准备工作 2.1安装postgres略过2.2必要工具sudo dnf install -y wget unzip java-17-openjdk-devel2.3安装 Java 17# 检查 Java 版本 java -version # 应显示 OpenJDK 17 # 设置默认 Java sudo alternatives --config java2.4下载 Keycloak# 创建安装目录 sudo mkdir -p /opt/keycloak sudo chown `whoami` /opt/keycloak # 下载最新版（以 Keycloak 22.0.5 为例） wget https://github.com/keycloak/keycloak/releases/download/22.0.5/keycloak-22.0.5.zip unzip keycloak-22.0.5.zip -d /opt/keycloak mv /opt/keycloak/keycloak-22.0.5/* /opt/keycloak/2.5创建专用用户sudo useradd -r -s /sbin/nologin keycloak sudo chown -R keycloak:keycloak /opt/keycloak2.6配置 PostgreSQL 数据库如果在别的节点已经部署过了略过这步# 安装 PostgreSQL sudo dnf install -y postgresql-server # 初始化数据库 sudo postgresql-setup --initdb # 启动服务 sudo systemctl enable postgresql --now # 创建 Keycloak 数据库和用户 sudo -u postgres psql <<EOF CREATE USER keycloak WITH PASSWORD 'axing123456'; CREATE DATABASE keycloak OWNER keycloak; GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak; EOF2.7配置 Keycloakcd /opt/keycloak/conf vim keycloak.conf# 主机名 hostname=k8s-02 # 数据库配置 (Quarkus格式) quarkus.datasource.db-kind=postgresql quarkus.datasource.jdbc.driver=org.postgresql.Driver quarkus.datasource.jdbc.url=jdbc:postgresql://192.168.30.23:5432/keycloak quarkus.datasource.username=keycloak quarkus.datasource.password=axing123456 # 网络设置 http-host=0.0.0.0 http-port=32399 hostname-strict=false hostname-strict-https=false http-enabled=true # 设置上下文路径为 /auth http-relative-path=/auth # 启用 Token Exchange features=token-exchange # 开启客户端凭据授权 (Token Exchange 需要) oidc-client-credentials-grant-enabled=true # 启用域间 Token Exchange token-exchange-enabled=true三、创建 Systemd 服务 3.1配置sudo vim /etc/systemd/system/keycloak.service[Unit] Description=Keycloak Service After=network.target postgresql.service [Service] User=keycloak Group=keycloak ExecStart=/opt/keycloak/bin/kc.sh start --optimized WorkingDirectory=/opt/keycloak Restart=always RestartSec=30 Environment="KEYCLOAK_ADMIN=admin" Environment="KEYCLOAK_ADMIN_PASSWORD=axing123456" [Install] WantedBy=multi-user.target 3.2配置时间时区# 创建配置文件目录 sudo mkdir -p /etc/systemd/system/keycloak.service.d/ # 创建时区配置文件 sudo tee /etc/systemd/system/keycloak.service.d/timezone.conf <<EOF [Service] Environment="JAVA_TOOL_OPTIONS=-Duser.timezone=Asia/Shanghai" EOF # 重新加载 systemd sudo systemctl daemon-reload3.3 启动服务sudo systemctl daemon-reload sudo systemctl enable keycloak sudo systemctl start keycloak3.4其他# 从Keycloak服务器测试连接 PGPASSWORD="axing123456" psql -U keycloak -h 192.168.30.23 -p 5432 -d keycloak -c "SELECT version();" #测试上下文 curl http://192.168.30.21:32399/realms/master/.well-known/openid-configuration curl http://localhost:32399/realms/master/.well-known/openid-configuration
- 2025年08月13日
- 7 阅读
- 0 评论
- 0 点赞