Dear group,
First, I have to say thank you for all the great work you guys make at maintaining this awesome project. I use dcm4chee since the early days and it's a very good piece of software.
I recently tried to deploy dcm4chee-arc-light through Docker on a physical machine hosting Red Hat Enterprise Linux 7.7 and I'm stuck with an issue related to the ldap connexion that I don't manage to solve by myself.
The whole deployment performs OK and I registered the UI as OIDC client in Keycloak as usual. But, when signing in dcm4chee-arc/ui2 after signing out of the Admin console, the request never ends, the progress indicator spins forever on a white background. About errors, in the javascript console of the browser I can see :
TypeError : this is undefined
In the Docker logs, the only line that seems abnormal is:
ldap_1 | 5df0fa7d connection_read(24): no connection!
I made some preliminary test on a similar virtual setup and it worked perfectly first try (both on Red Hat and CentOS 7), but I cannot find any difference between my two setups.
Also, I disabled firewalld, polkitd and SELinux to ensure nothing come in the way of Docker, but it seems that I'm missing a very sneaky thing somewhere.
Is a connexion to
github.com required to deploy dcm4chee-arc-light properly with Docker?
The network where the server is located have some HTTP restrictions and
github.com seems to be one of them:
Below are some details of my setup:
# docker-compose.env
$ cat docker-compose.env
STORAGE_DIR=/storage/fs1
POSTGRES_DB=pacsdb
POSTGRES_USER=pacs
POSTGRES_PASSWORD=pacs
AUTH_SERVER_URL=https://10.12.55.243:8843/auth
# docker-compose.yml
$ cat docker-compose.yml
version: "3"
services:
ldap:
image: dcm4che/slapd-dcm4chee:2.4.44-19.0
restart: always
logging:
driver: json-file
options:
max-size: "10m"
ports:
- "389:389"
- "636:636"
env_file: docker-compose.env
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/dicom/dcm4chee/dcm4chee-arc-light/ldap:/var/lib/ldap
- /var/local/dcm4chee-arc/slapd.d:/etc/ldap/slapd.d
keycloak:
image: dcm4che/keycloak:7.0.0
restart: always
logging:
driver: json-file
options:
max-size: "10m"
ports:
- "8880:8880"
- "8843:8843"
- "8990:8990"
- "8993:8993"
env_file: docker-compose.env
environment:
HTTP_PORT: 8880
HTTPS_PORT: 8843
MANAGEMENT_HTTP_PORT: 8990
MANAGEMENT_HTTPS_PORT: 8993
KEYCLOAK_WAIT_FOR: ldap:389
depends_on:
- ldap
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /var/local/dcm4chee-arc/keycloak:/opt/keycloak/standalone
db:
image: dcm4che/postgres-dcm4chee:12.0-19
restart: always
logging:
driver: json-file
options:
max-size: "10m"
ports:
- "5432:5432"
env_file: docker-compose.env
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/dicom/dcm4chee/dcm4chee-arc-light/database:/var/lib/postgresql/data
arc:
image: dcm4che/dcm4chee-arc-psql:5.19.0-secure
restart: always
ports:
- "8080:8080"
- "8443:8443"
- "9990:9990"
- "9993:9993"
- "11112:11112"
- "2575:2575"
env_file: docker-compose.env
environment:
WILDFLY_CHOWN: /opt/wildfly/standalone /storage
WILDFLY_WAIT_FOR: ldap:389 db:5432
depends_on:
- ldap
- keycloak
- db
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /var/local/dcm4chee-arc/wildfly:/opt/wildfly/standalone
- /home/dicom/dcm4chee/dcm4chee-arc-light/storage:/storage
# docker-compose deployment logs:
docker-compose -p dcm4chee down
Stopping dcm4chee_arc_1 ... done
Stopping dcm4chee_keycloak_1 ... done
Stopping dcm4chee_db_1 ... done
Stopping dcm4chee_ldap_1 ... done
Removing dcm4chee_arc_1 ... done
Removing dcm4chee_keycloak_1 ... done
Removing dcm4chee_db_1 ... done
Removing dcm4chee_ldap_1 ... done
Removing network dcm4chee_default
[root@dxs30 dcm4chee-arc-light]# docker-compose -p dcm4chee up
Creating network "dcm4chee_default" with the default driver
Creating dcm4chee_db_1 ... done
Creating dcm4chee_ldap_1 ... done
Creating dcm4chee_keycloak_1 ... done
Creating dcm4chee_arc_1 ... done
Attaching to dcm4chee_db_1, dcm4chee_ldap_1, dcm4chee_keycloak_1, dcm4chee_arc_1
db_1 | 2019-12-11 15:54:09.133 CET [1] LOG: starting PostgreSQL 12.0 (Debian 12.0-1.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
db_1 | 2019-12-11 15:54:09.133 CET [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
db_1 | 2019-12-11 15:54:09.133 CET [1] LOG: listening on IPv6 address "::", port 5432
ldap_1 | 5df10311 @(#) $OpenLDAP: slapd (May 23 2018 04:25:19) $
ldap_1 | Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
db_1 | 2019-12-11 15:54:09.137 CET [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db_1 | 2019-12-11 15:54:09.157 CET [24] LOG: database system was shut down at 2019-12-11 15:54:02 CET
ldap_1 | 5df10311 slapd starting
db_1 | 2019-12-11 15:54:09.163 CET [1] LOG: database system is ready to accept connections
keycloak_1 | Importing keystore /opt/keycloak/standalone/configuration/keystores/cacerts.jks to /usr/local/openjdk-11/lib/security/cacerts...
keycloak_1 | Entry for alias mykey successfully imported.
keycloak_1 | Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
keycloak_1 | Waiting for ldap:389 ... done
keycloak_1 | Starting Keycloak 7.0.0
arc_1 | Importing keystore /opt/wildfly/standalone/configuration/keystores/cacerts.jks to /usr/java/openjdk-13/lib/security/cacerts...
keycloak_1 | =========================================================================
keycloak_1 |
keycloak_1 | JBoss Bootstrap Environment
keycloak_1 |
keycloak_1 | JBOSS_HOME: /opt/keycloak
keycloak_1 |
keycloak_1 | JAVA: /usr/local/openjdk-11/bin/java
keycloak_1 |
keycloak_1 | JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED
keycloak_1 |
keycloak_1 | =========================================================================
keycloak_1 |
arc_1 | Entry for alias mykey successfully imported.
arc_1 | Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
arc_1 | Waiting for ldap:389 ... done
arc_1 | Waiting for db:5432 ... done
arc_1 | Starting Wildfly 18.0.0.Final
arc_1 | =========================================================================
arc_1 |
arc_1 | JBoss Bootstrap Environment
arc_1 |
arc_1 | JBOSS_HOME: /opt/wildfly
arc_1 |
arc_1 | JAVA: /usr/java/openjdk-13/bin/java
arc_1 |
arc_1 | JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED
arc_1 |
arc_1 | =========================================================================
arc_1 |
keycloak_1 | WARNING: An illegal reflective access operation has occurred
keycloak_1 | WARNING: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions (jar:file:/opt/keycloak/modules/system/layers/base/org/wildfly/extension/elytron/main/wildfly-elytron-integration-9.0.2.Final.jar!/) to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()
keycloak_1 | WARNING: Please consider reporting this to the maintainers of org.wildfly.extension.elytron.SSLDefinitions
keycloak_1 | WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
keycloak_1 | WARNING: All illegal access operations will be denied in a future release
# ldap container logs:
$ docker logs dcm4chee_ldap_1 --since 48h -f
5df0f9e1 @(#) $OpenLDAP: slapd (May 23 2018 04:25:19) $
Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5df0f9e1 slapd starting
5df0fa7d connection_read(24): no connection!
5df0fcc9 connection_read(17): no connection!
5df0fcc9 connection_read(20): no connection!
5df0fcc9 connection_read(22): no connection!
# iptables
$ iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.19.0.2 tcp dpt:postgres
ACCEPT tcp -- anywhere 172.19.0.3 tcp dpt:ldaps
ACCEPT tcp -- anywhere 172.19.0.3 tcp dpt:ldap
ACCEPT tcp -- anywhere 172.19.0.4 tcp dpt:8993
ACCEPT tcp -- anywhere 172.19.0.4 tcp dpt:http-wmap
ACCEPT tcp -- anywhere 172.19.0.4 tcp dpt:cddbp-alt
ACCEPT tcp -- anywhere 172.19.0.4 tcp dpt:8843
ACCEPT tcp -- anywhere 172.19.0.5 tcp dpt:dicom
ACCEPT tcp -- anywhere 172.19.0.5 tcp dpt:palace-2
ACCEPT tcp -- anywhere 172.19.0.5 tcp dpt:osm-appsrvr
ACCEPT tcp -- anywhere 172.19.0.5 tcp dpt:pcsync-https
ACCEPT tcp -- anywhere 172.19.0.5 tcp dpt:webcache
ACCEPT tcp -- anywhere 172.19.0.5 tcp dpt:hl7
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Any help will be greatly appreciated, ask me if you need more insights.
Best regards,
JP