Connecting Red Hat Single Sign-on on Openshift to an External Database
In this post, I demonstrate how I've implemented an instance of Red Hat Single Sign-on (RHSSO) with an external MySQL database on Openshift version 4.8.
Join the DZone community and get the full member experience.Join For Free
In the last few days, I needed to install RHSSO on Openshift version 4.8, however, I needed to implement small customization in the database connection. By default a non-ephemeral RHSSO installation uses an embedded installation of PostgreSQL database, however, I would change the type of database from PostgreSQL to MySQL, and even change the location of this one to the outside of Openshift.
For non-Openshift installations it is common, however, for RHSSO 7.5 on Openshift 4.8, there are some details:
- First point: The "Operator component" for RHSSO is not prepared until this date for managing a non-Postgres database.
- Second Point: There isn't an official RHSSO template for other databases either in version 7.5.
- Third Point: We are talking about an environment Openshift 4.8.
Forget the Operator Component. Until this date, it is in the Tech Preview version and does not support this implementation.
Basically, we need to create a custom image of RHSSO and change the data source to MySQL type. Remember RHSSO is software that is performing inside of JBoss Enterprise Application Platform 7 (EAP7), and because of that, we can customize it using a CLI (Command Line Interface).
For that, follow these below steps:
- Download the MySQL JDBC Driver. I used MySQL 8 (mysql-connector-java-8.0.27.jar).
- Create a file called sso-extensions.cli and put the below content. Basically, it is a property file with the params of MySQL Database and the commands for removing the PostgreSQL configuration. Notice that we remove a data source called KeycloakDS and after that, recreate it with the new definitions.
batch set DB_DRIVER_NAME=mysql set DB_USERNAME=root set DB_PASSWORD=jujuba set DB_DRIVER=com.mysql.jdbc.Driver set DB_XA_DRIVER=com.mysql.cj.jdbc.MysqlXADataSource set DB_JDBC_URL=jdbc:mysql://mysql.database-poc:3306/sampledb set DB_EAP_MODULE=com.mysql set FILE=/opt/eap/extensions/mysql-connector-java-8.0.27.jar module add --name=$DB_EAP_MODULE --resources=$FILE --dependencies=javax.api,javax.resource.api /subsystem=datasources/jdbc-driver=$DB_DRIVER_NAME:add( \ driver-name=$DB_DRIVER_NAME, \ driver-module-name=$DB_EAP_MODULE, \ driver-class-name=$DB_DRIVER, \ driver-xa-datasource-class-name=$DB_XA_DRIVER \ ) /subsystem=datasources/data-source=KeycloakDS:remove() /subsystem=datasources/data-source=KeycloakDS:add( \ jndi-name=java:jboss/datasources/KeycloakDS, \ enabled=true, \ use-java-context=true, \ connection-url=$DB_JDBC_URL, \ driver-name=$DB_DRIVER_NAME, \ user-name=$DB_USERNAME, \ password=$DB_PASSWORD \ ) run-batch
- Create an image using the official RHSSO Image. (sso75-openshift-rhel8:latest). Below is the Dockerfile to create an image.
FROM registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:latest COPY sso-extensions.cli /opt/eap/extensions/ COPY mysql-connector-java-8.0.27.jar /opt/eap/extensions/mysql-connector-java-8.0.27.jar
Notice that it is mandatory to copy the sso-extensions.cli file and mysql-connector-java-8.0.27.jar to folder called /opt/eap/extensions/
- Build and push the image for some service registry accessible from Openshift. I used the docker hub service.
$docker build -t iamrogerio2/rhsso75-mysql:1.0 . $docker push iamrogerio2/rhsso75-mysql:1.0
The published image is something like this: docker.io/iamrogerio2/rhsso75-mysql.
- Deploy this image in an Openshift namespace. If the MySQL server is on and the parameters of sso-extensions.cli file are correct, the RHSSO will create a lot of tables in the database indicating that the connection is ok.
Below is the command to create a namespace and deploy the image.Shell
$ oc new-project rhsso75-example $ oc new-app --docker-image="iamrogerio2/rhsso75-mysql:1.0" $ oc create route edge --service=rhsso75-mysql
Notice that I need to create an HTTPS route using default certificates from Openshift.
- This is an optional step but is good practice. Create a configMap to store the file sso-extensions.cli, this way, you don't need to recreate the image if you need to change any database parameter. Basically, we import the sso-extensions.cli file into a configMap and set this configMap into deployConfig.
$ oc create configmap jboss-cli --from-file=sso-extensions.cli $ oc set volume dc/rhsso75-mysql --add --name=jboss-cli -m /opt/eap/extensions -t configmap --configmap-name=jboss-cli --default-mode='0755' --overwrite
I didn't work with other database integrations, however, the official documentation for version 7.5 describes these databases:
Opinions expressed by DZone contributors are their own.