ROBOT |
ロボスタ |
JUKIが無人警備・消毒ロボ「パトロ」でUV消毒ロボットを試作 ロボットアームと紫外線照射機を搭載して動作を確認 |
https://robotstart.info/2021/05/28/juki-patoro-trial-production.html
|
patoro |
2021-05-28 06:16:20 |
IT |
ITmedia 総合記事一覧 |
[ITmedia Mobile] レッドオーシャン時代のMVNO市場を振り返る 「接続制度」と「公正競争」の行方は? |
https://www.itmedia.co.jp/mobile/articles/2105/28/news114.html
|
itmediamobile |
2021-05-28 15:37:00 |
IT |
MOONGIFT |
ClearURLs - 自動でトラッキング情報を削除してプライバシーを守るブラウザ機能拡張 |
http://feedproxy.google.com/~r/moongift/~3/5bov6-CyGfs/
|
ClearURLs自動でトラッキング情報を削除してプライバシーを守るブラウザ機能拡張Webの世界ではプライバシーが重視されます。 |
2021-05-28 17:00:00 |
IT |
情報システムリーダーのためのIT情報専門サイト IT Leaders |
インターネット専業銀行「みんなの銀行」がサービスを開始、スマホアプリで即座に口座を開設 | IT Leaders |
https://it.impress.co.jp/articles/-/21552
|
iphone |
2021-05-28 15:02:00 |
AWS |
AWS Japan Blog |
FISC「金融機関等におけるクラウド導入・運用に関する解説書(試行版)」発行によせて |
https://aws.amazon.com/jp/blogs/news/fisc-cloud-guidance/
|
金融機関 |
2021-05-28 06:56:30 |
AWS |
lambdaタグが付けられた新着投稿 - Qiita |
MoviePy を AWS Lambda (Chalice) で利用する |
https://qiita.com/t-kigi/items/a4f448c17935db082540
|
実際に使う場合の話実際にLambdaでMoviePyを使うのであれば、Sにファイルがアップロードされたことをトリガにして動作させるのが一般的なユースケースだろう。 |
2021-05-28 15:23:07 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
MoviePy を AWS Lambda (Chalice) で利用する |
https://qiita.com/t-kigi/items/a4f448c17935db082540
|
実際に使う場合の話実際にLambdaでMoviePyを使うのであれば、Sにファイルがアップロードされたことをトリガにして動作させるのが一般的なユースケースだろう。 |
2021-05-28 15:23:07 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
WSHでChakraを利用して幸せになりたい |
https://qiita.com/mukai1011/items/baa2f7dadd0283e50f7d
|
CLSIDは覚えられない職場など管理者権限のない環境でも設定できる他人の環境でも動くダブルクリックで実行できるWSHの利点を損ないたくない将来的にTypeScriptで書きたいなど環境Windows私の環境で試していることコンソールから実行する用に、バッチにPATHを通すダブルクリックで実行できる機構は「おまじない」に任せるレジストリ編集は補助的に利用この記事のコードは、GitHubに置いています。 |
2021-05-28 15:38:06 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
Wowza Streaming EngineのSecureTokenで利用するハッシュの生成方法 |
https://qiita.com/SECUAL_masa/items/6549193de77cfb083a52
|
UseWowzaSecureTokentoprotectstreamshlsexample本記事の目的上記Wowzaのサイトには「Hashgeneration」にて・どのような文字列からハッシュを生成するか・生成したハッシュをどう視聴URLに組み込むかは記載されていますが、具体的な生成方法が記載されていません。 |
2021-05-28 15:08:25 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
php「自作関数」を用いた「keyの抽出」 |
https://teratail.com/questions/340863?rss=all
|
php「自作関数」を用いた「keyの抽出」前提・実現したいこと連想配列からkeyを抽出した配列を返す関数を作りたいのでPHPの配列関数を使わずに作成したいと考えています。 |
2021-05-28 15:51:53 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
VirtualBoxでWindows2000(旧PCから吐き出したVHD)を起動すると、真っ黒な画面で停止します |
https://teratail.com/questions/340862?rss=all
|
正確には真っ黒画面の左上にカーソルがチカチカと表示されていますが、キーボードから入力しても何も反応しません。 |
2021-05-28 15:46:15 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
[MySQL] 勤怠システムでのデータの持ち方について |
https://teratail.com/questions/340861?rss=all
|
MySQL勤怠システムでのデータの持ち方についてお試しで会社の勤怠システムを作ろうと思ってます。 |
2021-05-28 15:27:37 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
pythonのアンインストール |
https://teratail.com/questions/340860?rss=all
|
いったんpythonとpython両方をアンインストールしてpythonをインストールするようにした方が良いのでしょうか。 |
2021-05-28 15:26:35 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
フッターを画面の一番下に表示したい |
https://teratail.com/questions/340859?rss=all
|
フッターを画面の一番下に表示したいこんにちは、現在LineのようなWebアプリを作成しているのですが、フッターが画面の下に表示されずに困っています。 |
2021-05-28 15:23:35 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
Rails Twitter取得した値をDBに保存 |
https://teratail.com/questions/340858?rss=all
|
rails |
2021-05-28 15:13:03 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
The server quit without updating PID file (/usr/local/var/mysql/*******.pidエラーで、MySQLが起動できない |
https://teratail.com/questions/340857?rss=all
|
TheserverquitwithoutupdatingPIDfileusrlocalvarmysqlpidエラーで、MySQLが起動できない現状MySQL系をインストールするために以下のコマンドを入力し、mysqlservernbspstartで起動させようとすると、ThenbspservernbspquitnbspwithoutnbspupdatingnbspPIDnbspfilenbspusrlocalvarmysqlpidというエラーが発生しました。 |
2021-05-28 15:12:11 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
【PHP】require_onceで呼び出した関数内の変数を扱いたい |
https://teratail.com/questions/340856?rss=all
|
【PHP】requireonceで呼び出した関数内の変数を扱いたい前提・実現したいことPHPを使ってデータベースの操作を行いたく、データベースへの接続コードを関数化し、requireonceを使って色々な場所で使い回せるようにしました。 |
2021-05-28 15:11:40 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
backwardができない |
https://teratail.com/questions/340855?rss=all
|
|
2021-05-28 15:06:03 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
deviseまとめ 備忘録 |
https://qiita.com/dai4869/items/df68d453203af6cb19f2
|
処理が呼ばれた段階で、ユーザーがログインしていなければ、そのユーザーをログイン画面に遷移させる。 |
2021-05-28 15:40:19 |
Azure |
Azureタグが付けられた新着投稿 - Qiita |
Azure API Management - OpenID Connect 認証設定 |
https://qiita.com/takmot/items/d37a7b839c4ee3058ded
|
|
2021-05-28 15:16:08 |
技術ブログ |
Developers.IO |
AWS Systems Manager(SSM) の数多い機能群を攻略するための図を書いてみた 2021 |
https://dev.classmethod.jp/articles/all-ssm-capabilities-2021/
|
awssystemsmanagerssm |
2021-05-28 06:10:13 |
海外TECH |
DEV Community |
Taking Advantage of the platform with Sutil and Web Components |
https://dev.to/tunaxor/taking-advantage-of-the-platform-with-sutil-and-web-components-5hm0
|
Taking Advantage of the platform with Sutil and Web ComponentsHello everyone here we are once again with another F blog post This time I want to bring attention to a project that has caught my eye and fits my way of doing web development from F davedawkins Sutil An experiment in applying the Svelte design to native Fable Sutil was Sveltish An experiment in applying the design principles from Svelte to native Fable mixed with Elmish and Feliz Sutil has no JS dependencies such as React A Feliz style DSL is supplied by Feliz Engine Sutil implements Elmish by importing parts of Elmish Transitions and most examples are ported directly from Svelte At first I thought that we might make use of a Fable compiler plugin to generate boilerplate but it turns out that F does a pretty good job of that itself See the Sutil website for demos and documentation for getting started View on GitHubSutil is an abstraction over Svelte in contrast to Feliz which is an abstraction over React both projects allow you to do web development the only and radical difference is that when you do your F there s a different engine under the hood when you website runs If you have control over the SPA you re building you can use whatever you want that is for sure but let s say you work for a company who has multiple products and then something like this happens We re going to go under a transformation process we will create a design system for our branding and all of our applications will use the same core components we have formed a team that has chosen the Lit Stencil FAST library don t worry you will be slowly replacing parts of existing applications with these core components in the future Since web components work on all modern browsers and are framework agnostic since they work as native tags e g you can use them inside Vue Aurelia Angular Svelte you name it even react with some caveats So now you have to make company s components work with your existing or new Fable SPA s The source code for this post can be found in this repository AngelMunoz sutil and web components Sutil Template for ElmishThis is a Sutil Svelte application template which kind of shows a bit how you can structure sutil applications and work with storesCheck out these filesMain fsApp fsComponents Skeleton fsPages Home fsstyles csssnowpack config jsQuick Startdotnet tool restorepnpm install or npm install or yarn installpnpm start or npm run start or yarn run start this is not a strict way to do it it s just A Way to do it so feel free to remove add whatever you need in your day to day View on GitHub A word on Web Component DistributionWeb components are usually distributed as ES Modules sometimes with polyfills to port back to older browsers and are often easy to install lt link rel stylesheet href shoelace style shoelace beta dist themes base css gt lt script type module src shoelace style shoelace beta dist shoelace js gt lt script gt Just drop those tags and you can start using shoelace components in your application no bundling no Webpack no preprocessors no whatever you fear from the JS ecosystem which make them compelling in some places where no JS frameworks are actually that useful e g server side rendered applications or multi page apps In our case we re building a Sutil SPA which it means we re likely using a bundling system like Snowpack Webpack so we will have to do the classic npm install shoelace style shoelace and then import every component we want with side effects because we don t want our app bundle to grow massively in size Now back to the integration web components are often registered like thisclass MyComponent extends HTMLElement customElements register my component MyComponent different libraries define them different but the customElements register is for EVERY component out there therefore most of the time what you ll see when dealing with web components will be a single importimport my component js In our case I ll be using Shoelace as the web component library in this repo Having that said if we take a look at Main fs We re importing each component as neededmodule Mainopen Fable Coreopen Sutil DOMopen Fable Core JsInteropimportSideEffects styles css importSideEffects shoelace style shoelace dist themes base css importDefault shoelace style shoelace dist components button button js gt ignoreimportDefault shoelace style shoelace dist components skeleton skeleton js gt ignore lt ImportMember shoelace style shoelace dist utilities base path js gt let setBasePath path string unit jsNative this requires a specific configuration for shoelace check snowpack config jssetBasePath shoelace Start the appApp view gt mountElement sutil app Usually we would use importSideEffects the library component js like above but the documentation of shoelace says that we should do default imports with their particular implementation to prevent bloated bundles and enable tree shaking hence why we import and ignore at the same time Please note the js at the end it s very important for snowpack to work properly you can ignore it in the case of other bundlers as far as i know What we just did is to import the library s either third party or your company s initiative one components into the browser now every time we write a sl button or sl skeleton the browser will understand that a custom element will be rendered Generally speaking Web Components work in the following wayPass attributes for valueswhich can set internally a property please note also that properties are not the same as attributesEmit Events CustomEvents so you can update attributes properties as you needThere are some cases where web components need you to call a method of that instance so you will have to query for a reference of that element to get the instance and then invoke the method That means that based on my not comprobable experience of the time you would just define attributes and listen for events Using Web Components In SutilThe Sutil DSL is very complete and permissive where needed i e you can use Css custom align self stretch Attr custom some attribute my value Html custom my tag on event name handler modifiersonCustomEvent lt T gt event name handler modifiersIf you can t find a property in the Sutil DSL you can report it to the repository but with these helpers you can easily continue working without having to wait for a fix There are several ways we can use these web components but we ll start with the most raw one Html custom sl button type sucess text This is a Web Component Button onClick fun gt printfn Hey success Check for the component documentation Cool that should give us a green button on our screen if we imported the button in the main filelet s try a circle button with an iconHtml custom sl button Attr custom circle Attr custom size large onClick fun gt printfn Hey circle Html custom sl icon Attr custom name gear this should give us something like thisno effort at all well perhaps a few keystrokes but that s it no need for wrappers no need for bindings just the standard sutil bindings let s try something fancier something that emits an event let s try a menulet printValue e Event current work around until a new release with onCustomEvent lt T gt is out let event e gt CustomEvent lt item value string gt match event detail with Some event gt printfn Got event item value None gt printfn Got nothing Html custom sl menu Html custom sl menu item Attr value First text First Html custom sl menu item Attr value Second text Second Html custom sl menu divider on sl select printValue Although we know here that we want to know the value property sometimes to have proper support for the element type we will need to create a proper bindinghandling custom events isn t that hard either even if we had to put a workaround which shouldn t be the case once the next release of Sutil at the current time of writing is out There are some components that are a little bit more complex like a drawer or a dialog which have actual methods for those elements you will need to write a small binding or if the component allows it act on it with its attributes propertieslet s check a dialog as an exampletype SlDialog inherit HTMLElement abstract member show unit gt JS Promise lt unit gt abstract member hide unit gt JS Promise lt unit gt let openDialog e Event let dialog document querySelector sl dialog dialog gt SlDialog show gt ignorelet closeDialog e Event let e e target gt HTMLElement e parentElement gt SlDialog hide gt ignoreHtml custom sl button type warning text Open Dialog onClick openDialog Html custom sl dialog Attr custom label My Dialog Html custom sl button type primary text Close Attr custom slot footer onClick closeDialog I think this might be the worst case scenario given that you would have to manually query for the element in the DOM then add a binding which is just extending HTMLElement the simpler way in the case of this library is just to change the open attribute property RecapWhen dealing with web components either from our design system or third party individual components we want to do a few thingsImport the Element via Script Tag or ESModule ImportUse any of the following to define your element its attributes and react to its changesHtml custom Attr custom on event name handler style the css parts it haswhile I didn t touch styling you ll find that I overrode some variables in the styles css file at the bottom media prefers color scheme dark root su background color fff The following are defined by the shoelace library and changed by us to let the component adapt to our color scheme sl color gray var su color sl color primary var su color If there s need for a styling write up as well let me know Closing thoughtsIf you like the React way of doing things which fits completely in the functional programming realm feel free to visit the extremely good even if you re not choosing Feliz give it a read Elmish Book which can give you a really good guidance on how to develop SPA s with F and the Fable Compiler If you like svelte or you don t want to do everything react style hooks context etc then Sutil offers you an alternative that is quite compelling based on observables and works as any other framework That means you can go back to certain browser API s that are automatically ruled out when using React like the Events and CustomEvents Web Components are not ruled out but react has some friction with them Let me know what you think ping me on twitter or in the comments below have an awesome weekend |
2021-05-28 06:11:53 |
海外TECH |
DEV Community |
Keycloak on Distroless |
https://dev.to/stack-labs/keycloak-on-distroless-12ng
|
Keycloak on DistrolessKeycloak is a wonderful piece of software managed with success by RedHat to be used as an Identity and Access Management software RedHat distribute it as a zip package to be run on a machine with a JVM installed or as a container Nowadays container is a simpler solution especially if you are using an orchestrator like Kubernetes The Keycloak image is available on the DockerHub or Quay It provides an important level of configuration through environment variables which is useful if you are not familiar with WildFly configuration But this solution has an important downside especially for a tool dedicated to security…tags are not maintained at OS level over time and has many vulnerabilities You can see below a lot of vulnerabilities in the latest Keycloak image especially at the OS level In some case you can t choose to rely on so many vulnerabilities and need to fix that or at least reduce them trivy image jboss keycloak T INFO Detected OS redhat T INFO Detecting RHEL CentOS vulnerabilities T INFO Number of PL dependency files jboss keycloak redhat Total UNKNOWN LOW MEDIUM HIGH CRITICAL NOTE Number of CVEs in an image evolves over time so reports in this article can be way different if you run it by yourself On one side you can choose to upgrade every packages in the image manually hoping a fix is available in the official CentOS registry Another solution is to change the base image to something with less vulnerability like Google Distroless Those images only contain the runtime for your application and nothing less…no shell no package manager nothing…just your runtime For Keycloak we will use the Distroless Java image to sanitize our workload Crafting the best Dockerfile possibleThe original Keycloak image use a lot of bash scripts to configure the whole system This is a good idea but here we don t have any shell in our Distroless base image so we will have to extract the application and the way to launch it from scratch Moving Keycloak into DistrolessIf we analyse the jboss keycloak image with Dive we can see all Keycloak related files are stored into opt jboss We will copy them into our distroless then with the following Dockerfile FROM jboss keycloak as baseFROM gcr io distroless java nonrootCOPY chown nonroot nonroot from base opt jboss opt jbossThe execution is pretty simple docker build t keycloak distroless Building s FINISHED gt internal load build definition from Dockerfile s gt gt transferring dockerfile B s gt internal load dockerignore s gt gt transferring context B s gt internal load metadata for gcr io distroless java nonroot s gt internal load metadata for docker io jboss keycloak s gt base FROM docker io jboss keycloak s gt stage FROM gcr io distroless java nonroot sha d s gt CACHED stage COPY chown nonroot nonroot from base opt jb s gt exporting to image s gt gt exporting layers s gt gt writing image sha efabbecaeaadd s gt gt naming to docker io library keycloak distroless sSadly if we are launching it like this we will see the following error docker run rm it p keycloak distrolessError jar requires jar file specificationUsage java options lt mainclass gt args to execute a class or java options jar lt jarfile gt args to execute a jar file or java options m lt module gt lt mainclass gt args java options module lt module gt lt mainclass gt args to execute the main class in a module or java options lt sourcefile gt args to execute a single source file program Arguments following the main class source file jar lt jarfile gt m or module lt module gt lt mainclass gt are passed as the arguments to main class This is because the default ENTRYPOINT of this distroless image want to launch a fat JAR but keycloak is more complex than this so we will have to find the right ENTRYPOINT for our use case Generating the ENTRYPOINTFor this one we will use the original image to see how Keycloak is launched in its natural state To do that we will edit the standalone sh file to make it more verbose and copy the java command generated from it We will follow the official documentation to launch keycloak but we will log into the container to do our magic trick Starting the container with the minimal configuration and log into it thanks to the custom entrypoint docker run it rm e DB VENDOR h entrypoint bash jboss keycloak From here we are IN the Keycloak image The following command update the standalone sh file to be a lot verbosebash awk i inplace NR print set x opt jboss keycloak bin standalone sh Finally we will launch keycloak from here and stop it when we found the line starting with java bash opt jboss tools docker entrypoint sh Using Embedded H database DEBUG MODE false DEBUG PORT GC LOG SERVER OPTS gt case in SERVER OPTS Djboss bind address shift gt case in SERVER OPTS Djboss bind address Djboss bind address private shift gt case in SERVER OPTS Djboss bind address Djboss bind address private c standalone ha xml shift gt dirname opt jboss keycloak bin standalone sh DIRNAME opt jboss keycloak bin basename opt jboss keycloak bin standalone sh PROGNAME standalone sh GREP grep opt jboss keycloak bin common sh x x COMMON CONF opt jboss keycloak bin common conf r opt jboss keycloak bin common conf MAX FD maximum MALLOC ARENA MAX export MALLOC ARENA MAX cygwin false darwin false linux false solaris false freebsd false other false case uname in uname linux true false cd opt jboss keycloak bin pwd RESOLVED JBOSS HOME opt jboss keycloak x opt jboss keycloak x cd opt jboss keycloak pwd SANITIZED JBOSS HOME opt jboss keycloak opt jboss keycloak opt jboss keycloak export JBOSS HOME x x RUN CONF opt jboss keycloak bin standalone conf r opt jboss keycloak bin standalone conf opt jboss keycloak bin standalone conf x x JBOSS MODULES SYSTEM PKGS org jboss byteman x x JAVA OPTS Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true JAVA OPTS Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true JAVA OPTS Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true false true x x x x JAVA java true CONSOLIDATED OPTS Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true Djboss bind address Djboss bind address private c standalone ha xml for var in CONSOLIDATED OPTS echo Xmsm tr d p Xmsm case p in for var in CONSOLIDATED OPTS echo Xmxm tr d p Xmxm case p in for var in CONSOLIDATED OPTS echo XX MetaspaceSize M tr d p XX MetaspaceSize M case p in for var in CONSOLIDATED OPTS echo XX MaxMetaspaceSize m tr d p XX MaxMetaspaceSize m case p in for var in CONSOLIDATED OPTS echo Djava net preferIPvStack true tr d p Djava net preferIPvStack true case p in for var in CONSOLIDATED OPTS echo Djboss modules system pkgs org jboss byteman tr d p Djboss modules system pkgs org jboss byteman case p in for var in CONSOLIDATED OPTS echo Djava awt headless true tr d p Djava awt headless true case p in for var in CONSOLIDATED OPTS echo Djboss bind address tr d p Djboss bind address case p in for var in CONSOLIDATED OPTS echo Djboss bind address private tr d p Djboss bind address private case p in for var in CONSOLIDATED OPTS echo c standalone ha xml tr d p c standalone ha xml case p in false false false false x x JBOSS BASE DIR opt jboss keycloak standalone x x JBOSS LOG DIR opt jboss keycloak standalone log x x JBOSS CONFIG DIR opt jboss keycloak standalone configuration x x JBOSS MODULEPATH opt jboss keycloak modules false true echo Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true grep d JVM D OPTION echo Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true grep d JVM D OPTION echo Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true grep server SERVER SET echo Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true grep client CLIENT SET x x x x false x x a x x false PREPEND JAVA OPTS server setModularJdk java add modules java se version MODULAR JDK true true setDefaultModularJvmOptions Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true setModularJdk java add modules java se version MODULAR JDK true true true echo Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true grep add modules DEFAULT MODULAR JVM OPTIONS x x DEFAULT MODULAR JVM OPTIONS add exports java base sun nio ch ALL UNNAMED DEFAULT MODULAR JVM OPTIONS add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED DEFAULT MODULAR JVM OPTIONS add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED JAVA OPTS Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED JAVA OPTS server Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED echo server Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED grep java security manager SECURITY MANAGER SET x x MODULE OPTS true echo grep javaagent AGENT SET x x echo echo echo JBoss Bootstrap Environment JBoss Bootstrap Environment echo echo JBOSS HOME opt jboss keycloak JBOSS HOME opt jboss keycloak echo echo JAVA java JAVA java echo echo JAVA OPTS server Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED JAVA OPTS server Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED echo echo echo true x x eval java D Standalone server Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED Dorg jboss boot log file opt jboss keycloak standalone log server log Dlogging configuration file opt jboss keycloak standalone configuration logging properties jar opt jboss keycloak jboss modules jar mp opt jboss keycloak modules org jboss as standalone Djboss home dir opt jboss keycloak Djboss server base dir opt jboss keycloak standalone Djboss bind address Djboss bind address private c standalone ha xml amp JBOSS PID trap kill HUP HUP java D Standalone server Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED Dorg jboss boot log file opt jboss keycloak standalone log server log Dlogging configuration file opt jboss keycloak standalone configuration logging properties jar opt jboss keycloak jboss modules jar mp opt jboss keycloak modules org jboss as standalone Djboss home dir opt jboss keycloak Djboss server base dir opt jboss keycloak standalone Djboss bind address Djboss bind address private c standalone ha xml trap kill TERM INT trap kill QUIT QUIT trap kill PIPE PIPE trap kill TERM TERM x x WAIT STATUS ge wait INFO org jboss modules main JBoss Modules version Final INFO org jboss msc main JBoss MSC version Final INFO org jboss threads main JBoss Threads version Final INFO org jboss as MSC service thread WFLYSRV Keycloak WildFly Core Final starting INFO org jboss vfs MSC service thread VFS Failed to clean existing content for temp file provider of type temp Enable DEBUG level log to find what caused this INFO org wildfly security ServerService Thread Pool ELY WildFly Elytron version Final Cbash exit In the huge starting log we can see the following command starting with java java D Standalone server Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED Dorg jboss boot log file opt jboss keycloak standalone log server log Dlogging configuration file opt jboss keycloak standalone configuration logging properties jar opt jboss keycloak jboss modules jar mp opt jboss keycloak modules org jboss as standalone Djboss home dir opt jboss keycloak Djboss server base dir opt jboss keycloak standalone Djboss bind address Djboss bind address private c standalone ha xmlThis is the java command we will put inside our Dockerfile as an ENTRYPOINT to make Keycloak start FROM jboss keycloak as baseFROM gcr io distroless java nonrootCOPY chown nonroot nonroot from base opt jboss opt jbossENTRYPOINT java D Standalone server Xmsm Xmxm XX MetaspaceSize M XX MaxMetaspaceSize m Djava net preferIPvStack true Djboss modules system pkgs org jboss byteman Djava awt headless true add exports java base sun nio ch ALL UNNAMED add exports jdk unsupported sun misc ALL UNNAMED add exports jdk unsupported sun reflect ALL UNNAMED Dorg jboss boot log file opt jboss keycloak standalone log server log Dlogging configuration file opt jboss keycloak standalone configuration logging properties jar opt jboss keycloak jboss modules jar mp opt jboss keycloak modules org jboss as standalone Djboss home dir opt jboss keycloak Djboss server base dir opt jboss keycloak standalone Djboss bind address Djboss bind address private c standalone xml NOTE You can tune this command to increase or decrease the memory setup the private public bind address of your keycloak instance and many other parameters Here we changed the configuration file used c standalone xml instead of c standalone ha xml for simplicity reasons and the bound ip adresses to If we build and run this we will be able to access the Keycloak UI docker build t keycloak distroless Building s FINISHED gt internal load build definition from Dockerfile s gt gt transferring dockerfile B s gt internal load dockerignore s gt gt transferring context B s gt internal load metadata for gcr io distroless java nonroot s gt internal load metadata for docker io jboss keycloak s gt base FROM docker io jboss keycloak s gt stage FROM gcr io distroless java nonroot sha d s gt CACHED stage COPY chown nonroot nonroot from base opt jb s gt exporting to image s gt gt exporting layers s gt gt writing image sha cfbbadefdebb s gt gt naming to docker io library keycloak distroless s docker run rm it p keycloak distroless INFO org jboss modules main JBoss Modules version Final INFO org jboss msc main JBoss MSC version Final INFO org jboss threads main JBoss Threads version Final INFO org jboss as MSC service thread WFLYSRV Keycloak WildFly Core Final starting INFO org jboss vfs MSC service thread VFS Failed to clean existing content for temp file provider of type temp Enable DEBUG level log to find what caused this INFO org wildfly security ServerService Thread Pool ELY WildFly Elytron version Final INFO org wildfly extension undertow ServerService Thread Pool WFLYUT Registered web context auth for server default server INFO org jboss as server ServerService Thread Pool WFLYSRV Deployed keycloak server war runtime name keycloak server war INFO org jboss as server Controller Boot Thread WFLYSRV Resuming server INFO org jboss as Controller Boot Thread WFLYSRV Keycloak WildFly Core Final started in ms Started of services services are lazy passive or on demand INFO org jboss as Controller Boot Thread WFLYSRV Http management interface listening on management INFO org jboss as Controller Boot Thread WFLYSRV Admin console listening on If we try to access http localhost we can see the following page This is a good start but this is just the minimal setup with H database we often want something more robust for production Generating the perfect configurationThe jboss keycloak image use a lot of environment variables to configure keycloak and the underlying standalone xml for you…but in our case we can t use that because We don t have a shell to run those scripts We don t want to run those scripts at every startup scale up So we will have to steal the generated standalone xml file from the original container post start up and include it in our container For this example I will use PostgreSQL as our main database To do this I will use two shells side by side one to launch Keycloak and the other one to fetch the configuration In the first shell Creation of a docker networkfirst shell docker network create keycloak networkdabbefcdbbdefaccfebaa Launching PostgreSQL linked to the network previously createdfirst shell docker run rm d name postgres net keycloak network e POSTGRES DB keycloak e POSTGRES USER keycloak e POSTGRES PASSWORD password postgresdaefbcaafbeaeabeefedfcafirst shell docker run it rm name keycloak e DB ADDR postgres e DB USER keycloak e DB PASSWORD password e KEYCLOAK USER foo e KEYCLOAK PASSWORD bar net keycloak network jboss keycloak Using PostgreSQL database INFO org jboss modules CLI command executor JBoss Modules version Final INFO org jboss msc CLI command executor JBoss MSC version Final INFO org jboss threads CLI command executor JBoss Threads version Final INFO org jboss as MSC service thread WFLYSRV Keycloak WildFly Core Final starting INFO org jboss as Controller Boot Thread WFLYSRV Http management interface listening on management INFO org jboss as Controller Boot Thread WFLYSRV Admin console listening on In another shell while the previous is still running we will execute the following command to get the standalone xml file used to configure Keycloak second shell docker cp keycloak opt jboss keycloak standalone configuration standalone xml second shell lsstandalone xml We can now stop the keycloak containersecond shell docker stop keycloakkeycloaksecond shell Now we will start the Distroless Keycloak and mount the standalone xml inside the container docker run rm it e DB USER keycloak e DB PASSWORD password net keycloak network v pwd standalone xml opt jboss keycloak standalone configuration standalone xml p keycloak distroless INFO org jboss modules main JBoss Modules version Final INFO org jboss msc main JBoss MSC version Final INFO org jboss threads main JBoss Threads version Final INFO org jboss as MSC service thread WFLYSRV Keycloak WildFly Core Final starting INFO org jboss vfs MSC service thread VFS Failed to clean existing content for temp file provider of type temp Enable DEBUG level log to find what caused this INFO org wildfly security ServerService Thread Pool ELY WildFly Elytron version Final INFO org jboss as Controller Boot Thread WFLYSRV Keycloak WildFly Core Final started in ms Started of services services are lazy passive or on demand INFO org jboss as Controller Boot Thread WFLYSRV Http management interface listening on management INFO org jboss as Controller Boot Thread WFLYSRV Admin console listening on And Voila What about security The original and main purpose of this manipulation is to reduce the number of CVEs present in our image We will be able to compare it using trivy again on our newly image trivy image keycloak distroless T INFO Detected OS debian T INFO Detecting Debian vulnerabilities T INFO Number of PL dependency files T INFO Detecting jar vulnerabilities keycloak distroless debian Total UNKNOWN LOW MEDIUM HIGH CRITICAL We can see our image contain fewer vulnerabilities at LOW MEDIUM or HIGH level Again this depends on when you are doing this analysis With the solution provided in this article you ll be able to rebuild your keycloak on a new up to date Distroless base image without updating keycloak With the original keycloak image the keycloak version is tied to the OS version and security flaws NOTE The jboss keycloak was released few hours before the creation of this article while the distroless java debian non root was released month ago This is the worst comparison scenario possible for the Distroless base image Another benefit of this alternative is to create a smaller image for keycloak The previous dive reports stated MB for the official image when our custom image weight only MB so around MB reduction ️ ️ and I m sure we can remove almost MB by removing all useless binaries in the image useless drivers command line tools documentation… ConclusionWith this article you should be able to build from the official jboss keycloak image a custom one based on the Distroless java and even fix CVEs by doing it again when a new version of Distroless java image is released I hope you liked it you can find all the sample files from this article in this GitLab repository davinkevin keycloak distroless |
2021-05-28 06:04:52 |
医療系 |
医療介護 CBnews |
リーフレットで医療観察制度を解説-島根県、再犯防止の支援・理解促進で作成 |
https://www.cbnews.jp/news/entry/20210528150546
|
再犯防止 |
2021-05-28 15:40:00 |
医療系 |
医療介護 CBnews |
公費負担申請、患者所在不明なら所得証明書は省略可-厚労省が周知 |
https://www.cbnews.jp/news/entry/20210528143214
|
入院患者 |
2021-05-28 15:30:00 |
医療系 |
医療介護 CBnews |
小多機の利用定員、市町村独自に定めることが可能に-厚労省老健局長通知 |
https://www.cbnews.jp/news/entry/20210528145630
|
都道府県知事 |
2021-05-28 15:25:00 |
金融 |
JPX マーケットニュース |
[OSE]特別清算数値(2021年5月第4週限):日経225 |
https://www.jpx.co.jp/markets/derivatives/special-quotation/
|
特別清算 |
2021-05-28 15:15:00 |
金融 |
JPX マーケットニュース |
[東証]上場廃止等の決定:NEXT FUNDS JPX日経400レバレッジ・インデックス連動型上場投信 |
https://www.jpx.co.jp/news/1023/20210528-11.html
|
nextfundsjpx |
2021-05-28 15:10:00 |
金融 |
ニッセイ基礎研究所 |
家族計画の変化に見る、新型コロナの少子化への影響(1)-イントロダクション- |
https://www.nli-research.co.jp/topics_detail1/id=67876?site=nli
|
高収入の人ほど、子育てへの経済的な不安によっても将来的に持ちたい子の数を減らす傾向が見られることから、経済的な不安を小さくするための対策は、新型コロナの少子化加速への影響を防ぐ対策として、年収の多寡にかかわらず、重要であることが示唆される。 |
2021-05-28 15:52:05 |
金融 |
ニュース - 保険市場TIMES |
損保ジャパンら、「情報モラルリーフレット教材」を越谷市内の小中学校に無償配布 |
https://www.hokende.com/news/blog/entry/2021/05/28/160000
|
損保ジャパンら、「情報モラルリーフレット教材」を越谷市内の小中学校に無償配布スマホとのつきあい方を親子で学べる教材損保ジャパンと損保ジャパンの子会社・Mysuranceは月日、埼玉県越谷市内の小中学校校に、親子でスマートフォンとのつきあい方を学べる「情報モラルリーフレット教材」を無償配布すると発表した。 |
2021-05-28 16:00:00 |
ニュース |
ジェトロ ビジネスニュース(通商弘報) |
スイス連邦政府、EUとの制度的条約交渉を中止 |
https://www.jetro.go.jp/biznews/2021/05/8dd0252c72a10689.html
|
連邦政府 |
2021-05-28 06:30:00 |
ニュース |
ジェトロ ビジネスニュース(通商弘報) |
ロックダウン緩和、第2段階へ移行 |
https://www.jetro.go.jp/biznews/2021/05/e3eba7259caf67a5.html
|
緩和 |
2021-05-28 06:25:00 |
海外ニュース |
Japan Times latest articles |
Hong Kong has a new type of prisoner: Pro-democracy activists |
https://www.japantimes.co.jp/news/2021/05/28/asia-pacific/hong-kong-prison/
|
Hong Kong has a new type of prisoner Pro democracy activistsWith fraught political future and the threat of another arrest the arrested protesters are emblematic of the uncertainties facing the city s stricken democracy movement |
2021-05-28 15:21:16 |
海外ニュース |
Japan Times latest articles |
Japan permits continued stay of Myanmar residents due to coup |
https://www.japantimes.co.jp/news/2021/05/28/national/myanmar-residents-visa-extension/
|
emergency |
2021-05-28 15:05:10 |
海外ニュース |
Japan Times latest articles |
Seeking a pill to cure COVID-19: Drugmakers eye alternative to vaccines |
https://www.japantimes.co.jp/news/2021/05/28/world/science-health-world/coronavirus-medicine-development/
|
tamiflu |
2021-05-28 15:03:54 |
海外ニュース |
Japan Times latest articles |
Female team ready to usher in new era at Indy 500 |
https://www.japantimes.co.jp/sports/2021/05/28/more-sports/auto-racing/female-team-indy-500/
|
paretta |
2021-05-28 15:07:39 |
ニュース |
BBC News - Home |
Insurers must not penalise loyal customers, says FCA |
https://www.bbc.co.uk/news/business-57270415
|
january |
2021-05-28 06:30:30 |
ニュース |
BBC News - Home |
Davis & James shine as Lakers beat Suns in play-offs |
https://www.bbc.co.uk/sport/basketball/57278777
|
phoenix |
2021-05-28 06:43:07 |
LifeHuck |
ライフハッカー[日本版] |
iOS 14.6リリース|AirTag「紛失モード」でメールアドレスを追加可能に |
https://www.lifehacker.jp/2021/05/235459ios-14-6-apple-card-family-iphone-ipad.html
|
airtag |
2021-05-28 16:00:00 |
GCP |
Google Cloud Platform Japan 公式ブログ |
Key Visualizer で大規模な Cloud Spanner パフォーマンス指標を把握する |
https://cloud.google.com/blog/ja/topics/developers-practitioners/understanding-cloud-spanner-performance-metrics-scale-key-visualizer/
|
適切なキーを選択すると、Spannerがデータと処理を均等に分散できるようになるため、同一リソースデータにアクセスするためのIOやクエリを実行するためのCPUなどを求めて複数の行が競合するホットスポットを回避できます。 |
2021-05-28 07:00:00 |
北海道 |
北海道新聞 |
携帯代理店へのノルマや評価検証 高額プラン勧誘で、総務省 |
https://www.hokkaido-np.co.jp/article/549060/
|
携帯電話 |
2021-05-28 15:05:00 |
北海道 |
北海道新聞 |
教員免許再取得、拒絶可能に わいせつ行為防止に、新法成立 |
https://www.hokkaido-np.co.jp/article/549024/
|
児童生徒 |
2021-05-28 15:04:19 |
北海道 |
北海道新聞 |
聖火、忍びの里・甲賀から北へ 滋賀県2日目 |
https://www.hokkaido-np.co.jp/article/549041/
|
忍者の里 |
2021-05-28 15:04:06 |
北海道 |
北海道新聞 |
トヨタ、4月の世界販売倍増 85万台、半導体不足に懸念 |
https://www.hokkaido-np.co.jp/article/549040/
|
世界販売 |
2021-05-28 15:02:07 |
IT |
週刊アスキー |
VIVE Pro 2を体験!VRで見る5K&120Hzの世界は「ほぼ現実」レベルの没入感 |
https://weekly.ascii.jp/elem/000/004/056/4056841/
|
vivepro |
2021-05-28 15:40:00 |
IT |
週刊アスキー |
スシロー×タカラトミーの奇跡のコラボ「極み!おとどけ!スシロー×プラレール」 |
https://weekly.ascii.jp/elem/000/004/056/4056861/
|
玩具 |
2021-05-28 15:20:00 |
マーケティング |
AdverTimes |
元中日ドラゴンズ・吉見一起とPITTA MASKのコラボ新CM 「守備にも応援が必要だ。」 |
https://www.advertimes.com/20210528/article352282/
|
pittamask |
2021-05-28 07:00:17 |
マーケティング |
AdverTimes |
電通グループ、「持続可能な開発のための世界経済人会議」へ参画 |
https://www.advertimes.com/20210528/article352293/
|
wbcsd |
2021-05-28 06:30:37 |
GCP |
Cloud Blog JA |
Key Visualizer で大規模な Cloud Spanner パフォーマンス指標を把握する |
https://cloud.google.com/blog/ja/topics/developers-practitioners/understanding-cloud-spanner-performance-metrics-scale-key-visualizer/
|
適切なキーを選択すると、Spannerがデータと処理を均等に分散できるようになるため、同一リソースデータにアクセスするためのIOやクエリを実行するためのCPUなどを求めて複数の行が競合するホットスポットを回避できます。 |
2021-05-28 07:00:00 |
コメント
コメントを投稿