Public | Automated Build

Last pushed: 12 days ago
Short Description
jBPM Workbench
Full Description

jBPM Workbench Docker image

JBoss jBPM Workbench Docker image.

Table of contents

  • Introduction
  • Usage
  • Users and roles
  • Logging
  • GIT internal repository
  • Experimenting
  • Extending this image
  • Notes
  • Release notes

Introduction

The image contains:

  • JBoss Wildfly 10.1.0.Final
  • jBPM Workbench 7.2.0.Final

This image provides the jBPM Workbench. It's intended to be extended so you can add your custom configurations.

If you don't want to extend this image and you just want to try jBPM Workbench take a look at the jboss/jbpm-workbench-showcase:latest Docker image, it contains some default configurations.

Usage

To run a container:

docker run -p 8080:8080 -p 8001:8001 -d --name jbpm-workbench jboss/jbpm-workbench:latest

Once container and web applications started, you can navigate into the jBPM Workbench at:

http://localhost:8080/jbpm-console

Users and roles

The application have no users or roles configured, so you cannot not access it by default,

In order to use it, at least you have to create an application user in JBoss Wildfly with role admin.

If you are looking for a jBPM Workbench image that does not require to add custom configurations, try our jboss/jbpm-workbench-showcase:latest Docker image.

If you want to create your custom configuration and users, role, etc, you can take a look at section Extending this image

Logging

You can see all logs generated by the standalone binary running:

docker logs [-f] <container_id>

You can attach the container by running:

docker attach <container_id>

The jBPM Workbench web application logs can be found inside the container at path:

/opt/jboss/wildfly/standalone/log/server.log

Example:
sudo nsenter -t $(docker inspect --format '{{ .State.Pid }}' $(docker ps -lq)) -m -u -i -n -p -w
-bash-4.2# tail -f /opt/jboss/wildfly/standalone/log/server.log

GIT internal repository

The workbench stores all the project artifacts in an internal GIT repository. By default, the protocol available for accessing the GIT repository is SSH at port 8001.

You can clone the GIT repository by running:

git clone ssh://admin@localhost:8001/system

By default, the GIT repository is created when the application starts for first time at $WORKING_DIR/.niogit, considering $WORKING_DIR as the current directory where the application server is started.

You can specify a custom repository location by setting the following Java system property to your target file system directory:

    -Dorg.uberfire.nio.git.dir=/home/youruser/some/path

NOTE: This directory can be shared with your docker host and with another containers using shared volumes when running the container, if you need so.

If necessary you can make GIT repositories available from outside localhost using the following Java system property:

    -org.uberfire.nio.git.ssh.host=0.0.0.0

You can set this Java system properties permanent by adding the following lines in your standalone-full.xml file as:

    <system-properties>
      <!-- Custom repository location. -->
      <property name="org.uberfire.nio.git.dir" value="/home/youruser/some/path"/>
      <!-- Make GIT repositories available from outside localhost. -->
      <property name="org.uberfire.nio.git.ssh.host" value="0.0.0.0"/>
    </system-properties>

NOTE: Users and password for ssh access are the same that for the web application users defined at the realm files.

Extending this image

You can extend this image and add your custom layers in order to add custom configurations, users, roles, etc.

In order to extend this image, your Dockerfile must inherit from:

FROM jboss/jbpm-workbench:latest

Configuring Wildfly

  • The Wildfly configuration files are located at /opt/jboss/wildfly/standalone/configuration
  • In this file you can modify all Wildfly's subsystem configurations
  • jBPM Workbench requires running Wildfly using full profile, so custom modifications should be done in standalone-full.xml configuration file

Users and roles

  • By default this image does not provide users and roles for jBPM Workbench

  • The available roles for jBPM Workbench examples are:

      ROLE        DESCRIPTION
      *************************************************
      admin       The administrator
      analyst     The analyst
      developer   The developer
      manager     The manager
      user        The end user
      kiemgmt     KIE management user
      Accounting  Accounting role
      PM          Project manager role
      HR          Human resources role
      sales       Sales role
      IT          IT role
    

These are the steps to create your custom users and roles by using realm files in Widlfly:

1.- Create a realm properties file for users and deploy it in /opt/jboss/wildfly/standalone/configuration:

    jbpm-users.properties
    ---------------------
    #admin=admin
    admin=207b6e0cc556d7084b5e2db7d822555c
    #analyst=analyst
    analyst=047ca331957b5ce5021e8e01d3322a13
    #developer=developer
    developer=97df44a197a58de9674af3cd139df47e
    #manager=manager
    manager=e5148a68341fbc5afbe08fb4ab6da2c5        
    #user=user
    user=c5568adea472163dfc00c19c6348a665

2.- Create a realm properties file for roles and deploy it in /opt/jboss/wildfly/standalone/configuration:

    jbpm-roles.properties
    ---------------------
    admin=admin
    analyst=analyst
    developer=developer
    manager=manager
    user=user

3.- Modify your standalone-full.xml in order to:

3.1 - In the management section, modify default the security-realm for the ApplicationRealm as:

    <security-realm name="ApplicationRealm">
          <authentication>
            <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
            <properties path="jbpm-users.properties" relative-to="jboss.server.config.dir"/>
          </authentication>
          <authorization>
            <properties path="jbpm-roles.properties" relative-to="jboss.server.config.dir"/>
          </authorization>
      </security-realm>

3.2 - In the security subsystem, modify default the other security-domain for as:

    <security-domain name="other" cache-type="default">
      <authentication>
        <login-module code="Remoting" flag="optional">
          <module-option name="password-stacking" value="useFirstPass"/>
        </login-module>
        <login-module code="RealmDirect" flag="required">
          <module-option name="password-stacking" value="useFirstPass"/>
        </login-module>
        <login-module code="org.kie.security.jaas.KieLoginModule" flag="optional" module="deployment.jbpm-console.war"/>
      </authentication>
    </security-domain>

You can find an example by looking at the Dockerfile for jboss/jbpm-workbench-showcase:latest image.

Experimenting

To spin up a shell in one of the containers try:

docker run -t -i -p 8080:8080 -p 8001:8001 jboss/jbpm-workbench:latest /bin/bash

You can then noodle around the container and run stuff & look at files etc.

Troubleshoot

If the application can't be accessed via browser (http://localhost:8080/jbpm-console) please run the container in host network mode. It seems that latest docker versions have some restrictions on the networking side. Using an older daemon version this does not happen.
Try:

docker run .... --network="host .."

Notes

  • The context path for jBPM Workbench web application is jbpm-console
  • jBPM Workbench version is 7.2.0.Final
  • jBPM Workbench requires running JBoss Wildfly using the full server profile
  • No users or roles are configured by default
  • No support for clustering
  • Use of embedded H2 database server by default
  • No support for Wildfly domain mode, just standalone mode
  • This image is not intended to be run on cloud environments such as RedHat OpenShift or Amazon EC2, as it does not meet all the requirements.
  • Please give us your feedback or report a issue at Drools Setup or Drools Usage Google groups.

Release notes

7.2.0.Final

  • Use Wildfly 10.1.0.Final
  • Upgrade app to version latest = (7.2.0.Final)
Docker Pull Command
Owner
jboss
Source Repository