invizus
January 30, 2023, 10:44pm
1
I would like to run privacyidea in a docker container. I know this is not supported method of installation but I thought it would be worth a try. I have posted info in this ticket first, you can see the Dockerfile and etc.
opened 02:23PM - 27 Jan 23 UTC
Type: Question
### Top-level intent
Run privacyidea in docker, login and configure my local … experimental installation. Menus do not load for some reason, no obvious logs in browser console or log files.
As this is not currently supported method of deployment I am at least hoping for advice how to debug, where to start.
### Steps to reproduce
I am aware that currently the recommended method to install privacyidea is in virtualenv. But I would like to run it in a docker container and I am experimenting with below. This also runs as root in the docker, because experimental.
#### 1. Prepare
`Dockerfile`
```
FROM python:3.8-bullseye
WORKDIR /app
COPY requirements.txt /app
RUN pip install -r https://raw.githubusercontent.com/privacyidea/privacyidea/v3.8/requirements.txt
RUN pip install -r requirements.txt
COPY pi.cfg /app
COPY app.py /app
COPY privacyidea.ini /app
COPY src/* /app/ # your other content like cert/keys, encfile, etc.
EXPOSE 8080
CMD uwsgi --ini /app/privacyidea.ini
```
`requirements.txt` this installs latest 3.8 version
```
uwsgi
privacyIDEA==3.8
markupsafe==2.0.1
```
`privacyidea.ini`
```
[uwsgi]
processes = 2
master = true
vacuum = true
http = 0.0.0.0:8080
wsgi-file = app.py
```
`app.py`
```
import sys
sys.stdout = sys.stderr
from privacyidea.app import create_app
# Now we can select the config file:
application = create_app(config_name="production",
config_file="/app/pi.cfg")
```
#### 2. build and run
run `docker build . -t privacyideadev`
`docker-compose.yml` :
```
version: "3.7"
services:
pi:
image: privacyideadev
ports:
- "8080:8080"
depends_on:
- db
environment:
- PRIVACYIDEA_CONFIGFILE=/app/pi.cfg
db:
image: mariadb
ports:
- "3306:3306"
volumes:
- /home/user/srv/db_data:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: *******
MYSQL_DATABASE: *******
MYSQL_USER: *******
MYSQL_PASSWORD: *******
```
then run `docker-compose up` to run stack, get container ID or names: `docker ps`
run commands in docker
`docker exec -ti <containerid> pi-manage`
### Expected outcome
fully working app
### Actual outcome
Menu's do not load
### Configuration
* **privacyIDEA version**: 3.8
* **Installation method**: experimental docker, uwsgi
* **Python version**: 3.8
* **Operating system**: bullseye
* **Webserver**: uwsgi
* **Token database**: MariaDB
### Log file
**Set PI_LOGLEVEL = logging.DEBUG in pi.cfg and take a look at the privacyidea.log!**
**If appropriate, attach the log file or paste relevant portions.**
no errors, too many logs lines (600+) not sure which ones are relevant.
The problem I have is that menu items are not loading. I did a bit of digging, enabling some console.log() messages in browser console. I suspect that authentication mechanism is not passing info to the browser.
My guess. In menu.html file template in this line privacyidea/menu.html at master · privacyidea/privacyidea · GitHub
<li ui-sref-active="active"
ng-show="loggedInUser.role == 'admin' && checkMainMenu('config')">
<a ui-sref="config.system">
<span class="glyphicon glyphicon-cog"
aria-hidden="true"></span>
<translate>Config</translate>
</a>
</li>
Angular will try to evaluate variables and if true, then will show this item.I have uncommented some debug logs in filestatic/components/login/controllers/loginControllers.jsconsole.log($scope.loggedInUser);
{ "username": "adfoajfasfasfd",
"realm": "",
"auth_token": "trr3i2otJEnTGSA",
"role": "admin",
"rights": [],
"menus": []
}
In another installation somewhere else done with virtualenv, I get 6 items in menus list and a lot of items in rights list as well.
As this is not currently supported method of deployment I am at least hoping for advice how to debug, where to start.
Thank you.
Welcome to privacyIDEA, @invizus .
This is most probably not related to your installation but your configuration.
Check your admin policies and re-read the chapter about admin policie in the docs.https://privacyidea.readthedocs.io/en/master/policies/admin.html
You funnily named admin probably has no rights.
Otherwise, which information do you think others might need to investigate your problem?
invizus
January 31, 2023, 11:42am
3
Thank you. I have tried adding policies found in your github, after fiddling with JSON (it was missing "policy": [] key in superuser.json policy), I am still unable to view the menu in web ui. Sometimes I even get errors in UI like:
Admin actions are defined, but the action caconnectorread is not allowed!
Maybe the policies are out of date in the github, I think.
I am confused in the documentation as well, should not admin permissions work out of the box? Following this step after install:https://privacyidea.readthedocs.io/en/master/firststeps/login.html
My admin user is created with pi-manage admin add.
I have also read this 16.3. So what’s the thing with all the admins? — privacyIDEA 3.9 documentation pi-manage admin to the realm.
Maybe it is worth for me to restart the installation from scratch, maybe have I missed some steps.
Ok reinstalling from scratch helped. Thank you.
If no admin policy at all is defined each admin will have all rights.
Maybe it is not clear enough in the docs?
https://privacyidea.readthedocs.io/en/master/policies/admin.html
Hi Invizus, will you be releasing your docker container for general use once its working…
Cossy
Sure, you can just use my code from github issue link but I do not mind putting up a repository in github, once I finished with testing it.
