Giter Site home page Giter Site logo

camunda-platform's Introduction

Camunda Platform 8

This repository contains links to Camunda Platform 8 resources, the official release artifacts (binaries), and supporting config files for running Docker Compose as a local development option.

⚠️ Docker Compose is only recommended for local development. ⚠️

We recommend using SaaS or Helm/Kubernetes for development.

For more information about Self-Managed, including additional development installation options, see our documentation.

For production setups we recommend using Helm charts which can be found at helm.camunda.io.

Links to additional Camunda Platform 8 repos and assets

Using docker compose

ℹ️ The docker-compose file in this repository uses the latest compose specification, which was introduced with docker compose version 1.27.0+. Please make sure to use an up-to-date docker compose version.

ℹ️ Docker 20.10.16+ is required.

To spin up a complete Camunda Platform 8 Self-Managed environment locally the docker-compose.yaml file in this repository can be used.

The full environment contains these components:

  • Zeebe
  • Operate
  • Tasklist
  • Connectors
  • Optimize
  • Identity
  • Elasticsearch
  • Keycloak
  • PostgreSQL

ℹ️ Web Modeler is not included by default. Please follow the instructions below to install it.

Clone this repo and issue the following command to start your environment:

docker compose up -d

Wait a few minutes for the environment to start up and settle down. Monitor the logs, especially the Keycloak container log, to ensure the components have started.

Now you can navigate to the different web apps and log in with the user demo and password demo:

Keycloak is used to manage users. Here you can log in with the user admin and password admin

The workflow engine Zeebe is available using gRPC at localhost:26500.

To tear down the whole environment run the following command:

docker compose down -v

Zeebe, Operate, Tasklist, along with Optimize require a separate network from Identity as you'll see in the docker-compose file.

Using the basic components

If Optimize, Identity, and Keycloak are not needed you can use the docker-compose-core.yaml instead which does not include these components:

docker compose -f docker-compose-core.yaml up -d

Deploying BPMN diagrams

In addition to the local environment setup with docker compose, use the Camunda Desktop Modeler to locally model BPMN diagrams for execution and directly deploy them to your local environment. As an enterprise customer, you can use Web Modeler.

Feedback and updates are welcome!

Securing the Zeebe API

By default, the Zeebe GRPC API is publicly accessible without requiring any client credentials for development purposes.

You can however enable authentication of GRPC requests in Zeebe by setting the environment variable ZEEBE_AUTHENTICATION_MODE to identity, e.g. via running:

ZEEBE_AUTHENTICATION_MODE=identity docker compose up -d

or by modifying the default value in the .env file.

Connectors

Both docker-compose files contain our out-of-the-box Connectors.

Refer to the Connector installation guide for details on how to provide the related Connector templates for modeling.

To inject secrets into the Connector runtime they can be added to the connector-secrets.txt file inside the repository in the format NAME=VALUE per line. The secrets will then be available in the Connector runtime with the format secrets.NAME.

To add custom Connectors either create a new docker image bundling them as described here.

Alternatively, you can mount new Connector JARs as volumes into the /opt/app folder by adding this to the docker-compose file. Keep in mind that the Connector JARs need to bring along all necessary dependencies inside the JAR.

Kibana

A kibana profile is available in the provided docker compose files to support inspection and exploration of the Camunda Platform 8 data in Elasticsearch. It can be enabled by adding --profile kibana to your docker compose command. In addition to the other components, this profile spins up Kibana. Kibana can be used to explore the records exported by Zeebe into Elasticsearch, or to discover the data in Elasticsearch used by the other components (e.g. Operate).

You can navigate to the Kibana web app and start exploring the data without login credentials:

Note You need to configure the index patterns in Kibana before you can explore the data.

  • Go to Management > Stack Management > Kibana > Index Patterns.
  • Create a new index pattern. For example, zeebe-record-* matches the exported records.
    • If you don't see any indexes then make sure to export some data first (e.g. deploy a process). The indexes of the records are created when the first record of this type is exported.
  • Go to Analytics > Discover and select the index pattern.

Desktop Modeler

ℹ️ The Desktop Modeler is open source, free to use.

Download the Desktop Modeler and start modeling BPMN, DMN and Camunda Forms on your local machine.

Deploy or execute a process

Without authentication

Once you are ready to deploy or execute processes use these settings to deploy to the local Zeebe instance:

  • Authentication: None
  • URL: http://localhost:26500

With Zeebe request authentication

If you enabled authentication for GRPC requests on Zeebe you need to provide client credentials when deploying and executing processes:

  • Authentication: OAuth
  • URL: http://localhost:26500
  • Client ID: zeebe
  • Client secret: zecret
  • OAuth URL: http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token
  • Audience: zeebe-api

Web Modeler Self-Managed

ℹ️ Web Modeler Self-Managed is available to Camunda enterprise customers only.

The Docker images for Web Modeler are available in a private registry. Enterprise customers either already have credentials to this registry, or they can request access to this registry through their CSM contact at Camunda.

To run Camunda Platform with Web Modeler Self-Managed clone this repo and issue the following commands:

$ docker login registry.camunda.cloud
Username: your_username
Password: ******
Login Succeeded
$ docker compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml up -d

To tear down the whole environment run the following command

$ docker compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml down -v

If you want to delete everything (including any data you created). Alternatively, if you want to keep the data run:

$ docker compose -f docker-compose.yaml -f docker-compose-web-modeler.yaml down

Login

You can access Web Modeler Self-Managed and log in with the user demo and password demo at http://localhost:8070.

Deploy or execute a process

Without authentication

Once you are ready to deploy or execute processes use these settings to deploy to the local Zeebe instance:

  • Authentication: None
  • URL: http://zeebe:26500

With Zeebe request authentication

If you enabled authentication for GRPC requests on Zeebe you need to provide client credentials when deploying and executing processes:

  • Authentication: OAuth
  • URL: http://zeebe:26500
  • Client ID: zeebe
  • Client secret: zecret
  • OAuth URL: http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token
  • Audience: zeebe-api

Emails

The setup includes Mailpit as a test SMTP server. It captures all emails sent by Web Modeler, but does not forward them to the actual recipients.

You can access emails in Mailpit's Web UI at http://localhost:8075.

Troubleshooting

Submitting Issues

When submitting an issue on this repository, please make sure your issue is related to the docker compose deployment method of the Camunda Platform. All questions regarding to functionality of the web applications should be instead posted on the Camunda Forum. This is the best way for users to query for existing answers that others have already encountered. We also have a category on that forum specifically for Deployment Related Topics.

Running on arm64 based hardware

When using arm64-based hardware like a M1 or M2 Mac the Keycloak container might not start because Bitnami only provides amd64-based images for versions < 22. You can build and tag an arm-based image locally using the following command. After building and tagging the image you can start the environment as described in Using docker-compose.

$ DOCKER_BUILDKIT=0 docker build -t bitnami/keycloak:19.0.3 "https://github.com/camunda/camunda-platform.git#8.2.15:.keycloak/"

Resource based authorizations

You can control access to specific processes and decision tables in Operate and Tasklist with resource based authorization.

This feature is disabled by default and can be enabled by setting RESOURCE_AUTHORIZATIONS_ENABLED to true, either via the .env file or through the command line:

RESOURCE_AUTHORIZATIONS_ENABLED=true docker compose up -d

Multi-Tenancy

You can use multi-tenancy to achieve tenant-based isolation.

This feature is disabled by default and can be enabled by setting MULTI_TENANCY_ENABLED to true, either via the .env file or through the command line:

ZEEBE_AUTHENICATION_MODE=identity MULTI_TENANCY_ENABLED=true docker compose up -d

As seen above the feature also requires you to use identity as an authentication provider.

Ensure you setup tenants in identity after you started the platform.

Camunda Platform 7

Looking for information on Camunda Platform 7? Check out the links below:

camunda-platform's People

Contributors

aabouzaid avatar akeller avatar chillleader avatar dependabot[bot] avatar dlavrenuek avatar falko avatar hisimminence avatar huygur avatar igpetrov avatar ingorichtsmeier avatar jessesimpson36 avatar jfriedenstab avatar johanwelgemoed avatar jonathanlukas avatar korthout avatar marciojv avatar markfarkas-camunda avatar maxtru avatar mcalm avatar megglos avatar menski avatar nikku avatar oleksiivanov avatar pihme avatar renovate[bot] avatar sbuettner avatar superbeagle avatar tmetzke avatar vil02 avatar wollefitz avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

pomoguy angryant2016 avall titanuser avallfox camunda-community-hub jaam wray177 pcolot01 jilanims arimal2323 artemmovchan franckpachot i-john muralis13 machine-wheelsup vkeskar21 mashkovd simonqiang cumthyb faisalirfan avirawat malnozili malalwanee xiaojun1024com anyidea thwiemann hlab-pawat vjvenkatesh jiakme ambientelivre jsarafidis sumodgeorge be-secure mhammoudoddo itsmanojhu antey1988 epalmen zavier-sanders justwezero jinbridge fridolinlueschen abed01-lab ajunlonglive rafimk jimmyjuise mcalm lvhaiyan888 huangwind205 gisgaleno pawga help-lixin langyilin kpolivenok laliotis21 yeaicc ashishkchawla alexrogalskiy norkingithub ukaratas cswclui naturewoker isabella232 ayakouzi flax163 jondejong eikeschumann971 dorolyci4 htl-digitalization yanwii nitin-mahesh bluebossa63 linerhome daniel-ewing skayliu wccdev huisunan zszakolci code8core paulosergiocmoreira zhangyueqi lalivenl equinox07 fork-foxs jl-asceoft dinkleberg1 upgradingdave guardian-liferay web3reviewer ardihikaru airwide-zilko nikolaysmeh apaydev-nanuk adpenrose donhuvy justabunchofcode rajareddi hanrx yurimello jwulf

camunda-platform's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

Detected dependencies

Branch main
docker-compose
docker-compose-core.yaml
docker-compose-web-modeler.yaml
docker-compose.yaml
docker-compose/camunda-8.6/docker-compose-core.yaml
docker-compose/camunda-8.6/docker-compose.yaml
github-actions
.github/workflows/add-to-project.yml
  • tibdex/github-app-token v2
  • actions/add-to-project v1.0.1
.github/workflows/release-generation.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • tibdex/github-app-token v1
  • tibdex/github-app-token v1
.github/workflows/release.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • tibdex/github-app-token v1
  • tibdex/github-app-token v1
.github/workflows/template-deploy.yaml
  • actions/checkout v4
  • actions/setup-node v4
  • actions/upload-artifact v4
.github/workflows/test-release.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • tibdex/github-app-token v1
  • tibdex/github-app-token v1
gomod
release-notes-fetcher/go.mod
  • go 1.19
npm
e2e_tests/package.json
  • @playwright/test ^1.33.0
  • playwright ^1.33.0
  • playwright-core ^1.33.0
regex
.env
  • camunda/operate 8.5.0
docker-compose/camunda-8.6/.env
  • camunda/operate 8.5.0
.env
  • camunda/connectors-bundle 8.5.3
  • camunda/optimize 8.5.1
  • camunda/web-modeler 8.5.1
  • elasticsearch 8.13.4
docker-compose/camunda-8.6/.env
  • camunda/connectors-bundle 8.5.3
  • camunda/optimize 8.5.1
  • camunda/web-modeler 8.5.1
  • elasticsearch 8.13.4
.env
  • bitnami/keycloak 21.1.2
docker-compose/camunda-8.6/.env
  • bitnami/keycloak 21.1.2
Branch stable/8.0
docker-compose
docker-compose-core.yaml
docker-compose.yaml
github-actions
.github/workflows/release.yaml
.github/workflows/template-deploy.yaml
.github/workflows/test-release.yaml
gomod
release-notes-fetcher/go.mod
npm
e2e_tests/package.json
regex
.env
.env
Branch stable/8.1
docker-compose
docker-compose-core.yaml
docker-compose-web-modeler-beta.yaml
docker-compose.yaml
dockerfile
.keycloak/Dockerfile
github-actions
.github/workflows/release.yaml
.github/workflows/template-deploy.yaml
.github/workflows/test-release.yaml
gomod
release-notes-fetcher/go.mod
npm
e2e_tests/package.json
regex
.env
.env
.env
.keycloak/Dockerfile
Branch stable/8.2
docker-compose
docker-compose-core.yaml
docker-compose-web-modeler.yaml
docker-compose.yaml
dockerfile
.keycloak/Dockerfile
github-actions
.github/workflows/release.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • tibdex/github-app-token v1
  • tibdex/github-app-token v1
.github/workflows/template-deploy.yaml
  • actions/checkout v4
  • actions/setup-node v4
  • actions/upload-artifact v4
.github/workflows/test-release.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • tibdex/github-app-token v1
  • tibdex/github-app-token v1
gomod
release-notes-fetcher/go.mod
  • go 1.19
npm
e2e_tests/package.json
  • @playwright/test ^1.33.0
  • playwright ^1.33.0
  • playwright-core ^1.33.0
regex
.env
  • camunda/operate 8.2.27
.env
  • camunda/connectors-bundle 0.23.2
  • camunda/optimize 3.10.10
  • camunda/web-modeler 8.2.14
.env
  • bitnami/keycloak 19.0.3
.keycloak/Dockerfile
  • bitnami/keycloak 19.0.3
Branch stable/8.3
docker-compose
docker-compose-core.yaml
docker-compose-web-modeler.yaml
docker-compose.yaml
github-actions
.github/workflows/add-to-project.yml
  • actions/add-to-project v1.0.1
.github/workflows/release.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • tibdex/github-app-token v1
  • tibdex/github-app-token v1
.github/workflows/template-deploy.yaml
  • actions/checkout v4
  • actions/setup-node v4
  • actions/upload-artifact v4
.github/workflows/test-release.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • tibdex/github-app-token v1
  • tibdex/github-app-token v1
gomod
release-notes-fetcher/go.mod
  • go 1.19
npm
e2e_tests/package.json
  • @playwright/test ^1.33.0
  • playwright ^1.33.0
  • playwright-core ^1.33.0
regex
.env
  • camunda/operate 8.3.11
.env
  • camunda/connectors-bundle 8.3.12
  • camunda/optimize 8.3.9
  • camunda/web-modeler 8.3.7
.env
  • bitnami/keycloak 21.1.2
Branch stable/8.4
docker-compose
docker-compose-core.yaml
docker-compose-web-modeler.yaml
docker-compose.yaml
github-actions
.github/workflows/add-to-project.yml
  • tibdex/github-app-token v2
  • actions/add-to-project v1.0.1
.github/workflows/release.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • tibdex/github-app-token v1
  • tibdex/github-app-token v1
.github/workflows/template-deploy.yaml
  • actions/checkout v4
  • actions/setup-node v4
  • actions/upload-artifact v4
.github/workflows/test-release.yaml
  • actions/checkout v4
  • actions/setup-go v5
  • tibdex/github-app-token v1
  • tibdex/github-app-token v1
gomod
release-notes-fetcher/go.mod
  • go 1.19
npm
e2e_tests/package.json
  • @playwright/test ^1.33.0
  • playwright ^1.33.0
  • playwright-core ^1.33.0
regex
.env
  • camunda/operate 8.4.6
.env
  • camunda/connectors-bundle 8.4.8
  • camunda/optimize 8.4.4
  • camunda/web-modeler 8.4.5
  • elasticsearch 8.12.2
.env
  • bitnami/keycloak 21.1.2
  • Check this box to trigger a request for Renovate to run again on this repository

Connectors: repetitive authentication errors in identity-based bundle

Description

Customer has reported that they observe repetitive stack traces thrown into logs every 5 minutes and sometimes often.

2023-02-15 17:20:25.797 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:20:30.884 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:25:33.253 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:25:38.354 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:30:40.697 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:36:07.686 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:41:09.176 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:41:14.252 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:46:15.628 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:46:20.746 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:51:22.186 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401
2023-02-15 17:51:27.264 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
io.camunda.operate.exception.OperateException: Authentication error : 401

I was able to reproduce the same behavior, however there is no consistent pattern:

2023-02-16 15:13:58 2023-02-16 13:13:58.223 ERROR 1 --- [pool-2-thread-1] o.s.s.s.TaskUtils$LoggingErrorHandler    : Unexpected error occurred in scheduled task
2023-02-16 15:13:58 
2023-02-16 15:13:58 io.camunda.operate.exception.OperateException: Authentication error : 401 
2023-02-16 15:13:58     at io.camunda.operate.CamundaOperateClient.execute(CamundaOperateClient.java:91)
2023-02-16 15:13:58     at io.camunda.operate.CamundaOperateClient.executeQuery(CamundaOperateClient.java:189)
2023-02-16 15:13:58     at io.camunda.operate.CamundaOperateClient.search(CamundaOperateClient.java:163)
2023-02-16 15:13:58     at io.camunda.operate.CamundaOperateClient.searchProcessDefinitions(CamundaOperateClient.java:50)
2023-02-16 15:13:58     at io.camunda.connector.runtime.inbound.operate.OperateClientLifecycle.searchProcessDefinitions(OperateClientLifecycle.java:117)
2023-02-16 15:13:58     at io.camunda.connector.runtime.inbound.importer.ProcessDefinitionImporter.scheduleImport(ProcessDefinitionImporter.java:63)
2023-02-16 15:13:58     at jdk.internal.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
2023-02-16 15:13:58     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
2023-02-16 15:13:58     at java.base/java.lang.reflect.Method.invoke(Unknown Source)
2023-02-16 15:13:58     at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84)
2023-02-16 15:13:58     at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
2023-02-16 15:13:58     at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
2023-02-16 15:13:58     at java.base/java.util.concurrent.FutureTask.runAndReset(Unknown Source)
2023-02-16 15:13:58     at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
2023-02-16 15:13:58     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
2023-02-16 15:13:58     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
2023-02-16 15:13:58     at java.base/java.lang.Thread.run(Unknown Source)

Impact

Inbound webhook still operates fine, however log errors are annoying. (to be confirmed)

Steps to reproduce

  1. docker-compose -f docker-compose.yaml up
  2. Wait for 5+ minutes. See logs via Docker Desktop or other means.

Apple Silicon (arm64) Container keycloak Error

Container keycloak Error
! keycloak The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested

Current version 19.0.3 does NOT support arm64
Latest version 22.0.1 supports arm64

Therefore change file .env
KEYCLOAK_SERVER_VERSION=22.0.1

I have tested that I can upload a BPMN and run it.

docker-compose does not work

Does anyone just clones this repo and runs it?

Have anyone tested just cloning and running it?

I am confused how many commits are done to this repo and the connection to keycloak and elasticsearch between the images is not working. Nothing matches the documentation. Authentication cannot be executed...

Healthchecks for all camunda components

I want to check health status of all camunda components : operate, zeebe worker, zeeqs, zeebe broker and zeebe gateway. Is there any way to include health checks for all these components in docker compose file?

Tasklist - Session expired on login

Hello,
I deployed a new camunda image to docker using the file [docker-compose-core.yaml](https://github.com/camunda/camunda-platform/blob/main/docker-compose-core. yaml).
When I try to login to camunda tasklist using default username and password, the login succeeds but when camunda tries to access /graphql url an error 403 appears (in browser console) and I return to the login page with the following message: Session expired
is it related to a missing configuration in the compose docker file?

Thank you

Keycloak redirection issues when using an IP address instead of localhost

Hi, we have a prospect who is using the docker compose to setup Camunda platform on a dev server.

They were not able to authenticate any application (task list, operate, identity,..) since the redirection back from key cloak would always happen on localhost, despite setting the Ipaddress based URL for the identity application.

The issue was resolved, after the IDENTITY_URL was set in the docker file. We now understand that by default, the IDENTITY_URL property takes localhost and hence the issue.

Solution : Explicitly set this property also in the docker compose file, so that developers would replace this property as well, and be able to use the docker compose for an environment that is not based on localhost.

Unable to start the process via Message Start Event in Camunda 8 using Python

Hi @menski, @falko @tmetzke and @Zelldon
My BPMN is as below.
image
Expected Flow

  1. an order is created and subsequently a message is created ("In customer lane the process should stop at “Receive the Goods” task.
  2. Message is used to check whether the goods are available or not
  3. if they are available the goods are deliver to the user and he can receive the goods
  4. if the user is happy with the product then the process is completed.
  5. if the user is not satisfied then user communicates with us and we try to resolve the issue
  6. if we are unable to resolve the issue we pass it on to the seller.

Problems I’m Facing

  1. I’m unable to follow the path of Step 2 and Step 6 in both the process i’m trying to move into different lanes and do some stuff

What i have tried

from pyzeebe import ZeebeTaskRouter
from pyzeebe import ZeebeWorker, create_insecure_channel,Job
import asyncio
import random
import nest_asyncio
nest_asyncio.apply()


async def main():
    worker = ZeebeWorker(channel)
    router = ZeebeTaskRouter()
#     ProcessOrderMsg

    async def my_exception_handler(exception: Exception, job: Job) -> None:
        print(exception)
        await job.set_error_status(message= 'itemsOutOfStock', error_code='itemsOutOfStock') 

    @router.task(task_type="Order", exception_handler=my_exception_handler)
    async def Order():
        await client.publish_message(name="ProcessOrderMsg", correlation_key="ProcessOrderMsg")
        return {}

    @router.task(task_type="ProcessOrder", exception_handler=my_exception_handler)
    def ProcessOrder():
        return {}


    @router.task(task_type="DeliverTheGoods", exception_handler=my_exception_handler)
    def DeliverTheGoods():

        return {}
# testMessage
    @router.task(task_type="ReceiveTheGoods", exception_handler=my_exception_handler)
    async def ReceiveTheGoods():
        return {"status":"complain","msg":"success"}

#     EndMsgEvent
    @router.task(task_type="Complain", exception_handler=my_exception_handler)
    async def Complain(msg: str):    

        await client.publish_message(name="ComplaintMessage", correlation_key="ComplaintMessage")


    @router.task(task_type="ProcessComplaint", exception_handler=my_exception_handler)
    async def ProcessComplaint(cool: str):    
        return {"EndMsgEvent1":"EndMsgEvent1"}
    worker.include_router(router)
    await worker.work()
asyncio.run(main())

Any Help or guidance will be great help and for any clearification please feel free to ask.

Reduce different ways of deploying our application

Currently, we have 3 ways of deploying the docker compose version of camunda platform.

  1. Deploy docker-compose-core.yaml
  2. Deploy docker-compose.yaml
  3. Deploy docker-compose.yaml with docker-compose-web-modeler.yaml

This introduces unnecessary complexity, because:

  1. 3 methods of deploying our compose files introduces more of a risk that one of them will be dysfunctional.
  2. We risk that changes to one compose file may not get properly added to the other compose files.
  3. We also need 3 versions of our CI checks to test that the 3 compose files will come up healthy. So 3 deployment methods of our CI pipelines need to be maintained in addition to the CI pipelines for each stable release in our stable/8.x branches.
  4. Support / github issues sometimes gets into frustrations of users using one compose file vs the other.

But why do we have 3 different compose files? Do we need them?

I might be wrong, but as far as I can tell, the reason we might have these files is to reduce system overhead and reduce startup time of the application for development purposes. Maybe you just don't want one or more services.

Here's why I think that's not an issue:

  1. It takes only a minute to pull all images and start up all components using docker compose. And further updates for development purposes take less time since you only need to run docker compose up -d again, and only services with configuration changes will get updated.
  2. There's not much of a reason to want to login via keycloak vs login via operate directly. It's the same username/password.
  3. Not much system resources are being used. From my testing, about 4GB of RAM total for all components and a negligible amount of CPU usage.
  4. If you don't want the modeler or Optimize, simply don't use it. Or don't expose the port. Or remove those sections from YOUR docker compose file when you deploy.

Proposed actions:

  • Remove docker-compose-core.yaml
  • Combine docker-compose.yaml and docker-compose-web-modeler.yaml

Let me know if you disagree.

Secure zeebe Gateway via identity based oauth

As of now the Zeebe gateway is not requiring any authentication.
To provide an example setup of the recently added native oauth authentication within the Zeebe Gateway the compose setup should get extended enabling oauth on the zeebe gateway.
This also requires to configure oauth for the client of all components that connect to zeebe, these are:

  • Operate
  • Tasklist
  • Connectors
  • WebModeler (here the user has to enter the client credentials)

docker compose issues

I ran into the following issues attempting to run the compose files with:
Docker version 20.10.8, build 3967b7d
docker-compose version 1.25.0, build unknown

Platform: WSL/Ubuntu 4.19.128-microsoft-standard

  1. Missing .env variable or older docker version perhaps?

docker-compose -f docker-compose-core.yaml up -d

ERROR: Invalid interpolation format for "zeebe" option in service "services": "camunda/zeebe:${CAMUNDA_PLATFORM_VERSION:-8.0.2}"
ERROR: Invalid interpolation format for "elasticsearch" option in service "services": "docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION:-7.17.0}"

  • Resolved by adding variables to a .env file and changing the compose variables
  1. Missing network definition

ERROR: The Compose file './docker-compose-core.yaml' is invalid because:
Unsupported config option for networks: 'camunda-platform'
Unsupported config option for volumes: 'elastic'
Unsupported config option for services: 'tasklist'

Something seems to be missing or assumptions about configuration environment are made that need to be documented.

Please provide ARM based images

There was already an open issue in the camunda-cloud/camunda-cloud-get-started repository, which unfortunately was removed with the launch of Camunda Platform 8. But the issue still remains.

We need images for tasklist, operate and zeebe itself which are based on the ARM architecture. There are actually a lot of issues on Apple Silicon based machines which are based on the ARM processor architecture. The problems are that operate periodically isn't reachable and also Zeebe dies periodically.

Identity cannot connect to keycloak by running docker-compose.yaml

Hello,
By running the default docker-compose file
docker-compose up -d I see that Identity cannot connect to Keycloak. Also, the full stack is useless because Keycloak doesn't allow any HTTP endpoint, and connecting to Keycloak from the browser doesn't work.

I use this workaround to make it work.

  1. wait for Keycloak to start
  2. Set sslRequired to NONE by following these steps:
    docker exec -it keycloak bash
    cd opt/jboss/keycloak/bin
    ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin
    ./kcadm.sh update realms/master -s sslRequired=NONE
  3. Connect to Keycloak on http://localhost:18080/
  4. Go to Realm settings -> Login -> and set Require SSL to NONE
  5. Save and wait for Identity to reconnect.

Regards,
Mircea C.

Add Connectors OOTB image to docker compose

To enable users to test Camunda provided out of the box connectors we want to add them to the docker compose. As connectors are part of the core execution story we will add them to both docker compose files. The README should describe how to add secrets and custom connectors.

docker-compose files committed to alpha release branches are confusing

For example, a user would expect that if a docker-compose.yaml is committed with branch 8.2.0-alpha5, then the file would be tagged with 8.2.0-alpha5 images. This would also make it easier to run the alpha release. Currently it is necessary to set the env var CAMUNDA_PLATFORM_VERSION to use the alpha release. Either the files should be updated with the alpha release tags or there should be a 'running alpha release' documentation that explains this clearly.

SUPPORT-16319

wrong path to Postgres data folder

postgres-14.5-alpine stores the database files to /var/lib/postgresql/data, not under /usr/local/postgres/data as in the docker-compose.yaml

therefore the volume mapping needs to be changed to:

    volumes:
      - postgres:/var/lib/postgresql/data

FATAL: role "root" does not exist

All containers seem to be running smooth, except for postgres – FATAL: role "root" does not exist.
Have anyone already encountered this issue and know how to fix it?

Zeebe is not up.

Hi,
I deployed camunda8 in a VM using docker-compose-core.yaml. But I don't get any response while I'm trying to access Zeebe: http://localhost:26500/. I'm able to reach Operate and Tasklist.

ElasticSearch unhealthy and keycloak stops

I am using Ubuntu 22.04 with the docker-repo and everything patched to todays available versions. After cloning the repo and running docker-compose I always get an unhealthy elasticsearch container and the keycloak container simply stops.

keycloak seems to try a connection to a mssql server:

Added 'admin' to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json', restart server to load user
-b 0.0.0.0
=========================================================================
  Using Microsoft SQL Server database
=========================================================================
16:13:38,515 INFO  [org.jboss.modules] (CLI command executor) JBoss Modules version 2.0.0.Final

which then leads to this exception (shortened for readability):

16:15:14,145 WARN  [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (ServerService Thread Pool -- 58) IJ000604: Throwable while attempting to get a new connection: null: javax.resource.ResourceException: IJ031084: Unable to create connection
	at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:364)
	at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.getLocalManagedConnection(LocalManagedConnectionFactory.java:371)
	at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createManagedConnection(LocalManagedConnectionFactory.java:287)
[...]
[email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.base/java.lang.Thread.run(Thread.java:829)
	at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host mssql, port 1433 has failed. Error: "connect timed out. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".
	at com.microsoft.sqlserver.jdbc//com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:234)
[...]
	at com.microsoft.sqlserver.jdbc//com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:825)
	at [email protected]//org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory.createLocalManagedConnection(LocalManagedConnectionFactory.java:335)

ElasticSearch gives me messages like these:

{"type": "server", "timestamp": "2022-08-18T16:15:03,319Z", "level": "ERROR", "component": "o.e.x.m.e.l.LocalExporter", "cluster.name": "docker-cluster", "node.name": "af19f3f6cf1e", "message": "failed to set monitoring pipeline [xpack_monitoring_6]", "cluster.uuid": "1TPkbz_kT-OIUSXTWWWnIg", "node.id": "JVKssa2YReSQYPlVs2Z-WQ" , 
"stacktrace": ["org.elasticsearch.cluster.metadata.ProcessClusterEventTimeoutException: failed to process cluster event (put-pipeline-xpack_monitoring_6) within 30s",
"at org.elasticsearch.cluster.service.MasterService$Batcher.lambda$onTimeout$0(MasterService.java:158) [elasticsearch-7.17.0.jar:7.17.0]",
"at java.util.ArrayList.forEach(ArrayList.java:1511) [?:?]",
"at org.elasticsearch.cluster.service.MasterService$Batcher.lambda$onTimeout$1(MasterService.java:157) [elasticsearch-7.17.0.jar:7.17.0]",
"at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:718) [elasticsearch-7.17.0.jar:7.17.0]",
"at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]",
"at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]",
"at java.lang.Thread.run(Thread.java:833) [?:?]"] }

Move MailHog to `docker-compose.yaml`

Web Modeler Self Managed uses MailHog as a fake Email Server. It has a Web UI where you can see sent messages.

This functionality might also be interesting for KeyCloak, Optimize. Therefore MailHog could be moved into the base file.

error response from deamon with docker-compose

I want to locally run the camunda platform.
Following the instructions (clone repo & run docker-compose up -d from inside the camunda-platform directory results in the error:
Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting rlimits for ready process: error setting rlimit type 8: operation not permitted: unknown

The local web apps (localhost:8081,localhost:8082,localhost:8083,localhost:8084) are not reachable.
All containers seem to be created but not all are running:

NAME COMMAND SERVICE STATUS PORTS connectors "/start.sh" connectors created elasticsearch "/bin/tini -- /usr/l…" elasticsearch created 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp, :::9200->9200/tcp, :::9300->9300/tcp identity "java -jar identity.…" identity running (healthy) 0.0.0.0:8084->8084/tcp, :::8084->8084/tcp keycloak "/opt/bitnami/script…" keycloak running (healthy) 0.0.0.0:18080->8080/tcp, :::18080->8080/tcp operate "/bin/tini -- /usr/l…" operate created optimize "/sbin/tini -- ./opt…" optimize created postgres "docker-entrypoint.s…" postgres running (healthy) 5432/tcp tasklist "java -XX:+ExitOnOut…" tasklist created zeebe "tini -- /usr/local/…" zeebe created

How can this be resolved?

Support older versions of docker and docker-compose

Linux distros (like Ubuntu) do not include your required version of docker into their current version. Therefore the docker-repo has to be used. This adds additional questions like licensing and support to just trying Camunda 8.

Platform won't start with Web Modeler due to Identity container being unhealthy

To reproduce:

  • clone repo
  • Run docker-compose -f docker-compose.yaml -f docker-compose-web-modeler-beta.yaml pull to pull latest snapshots
  • Run docker-compose -f docker-compose.yaml -f docker-compose-web-modeler-beta.yaml up -d

Start fails because Identity container is unhealthy.

Log looks ok:

 :: Spring Boot ::                (v3.0.1)
2023-02-13 11:55:53.514  INFO 1 --- [           main] i.c.i.Application                        : Starting Application using Java 17.0.5 with PID 1 (/app/identity.jar started by root in /app)
2023-02-13 11:55:53.528  INFO 1 --- [           main] i.c.i.Application                        : The following 1 profile is active: "keycloak"
2023-02-13 11:55:55.983  WARN 1 --- [           main] ocalVariableTableParameterNameDiscoverer : Using deprecated '-debug' fallback for parameter name resolution. Compile the affected code with '-parameters' instead or avoid its introspection: io.camunda.identity.config.IdentityCommon
2023-02-13 11:55:55.993  WARN 1 --- [           main] ocalVariableTableParameterNameDiscoverer : Using deprecated '-debug' fallback for parameter name resolution. Compile the affected code with '-parameters' instead or avoid its introspection: io.camunda.identity.security.spring.filter.FilterExceptionHandler
2023-02-13 11:55:56.478  WARN 1 --- [           main] ocalVariableTableParameterNameDiscoverer : Using deprecated '-debug' fallback for parameter name resolution. Compile the affected code with '-parameters' instead or avoid its introspection: io.camunda.identity.impl.keycloak.config.record.KeycloakClient
2023-02-13 11:55:56.748  WARN 1 --- [           main] .s.s.UserDetailsServiceAutoConfiguration : 
Using generated security password: bcbbeb31-9b58-4292-8866-ecf85c19272d
This generated password is for development use only. Your security configuration must be updated before running your application in production.
2023-02-13 11:55:58.537  INFO 1 --- [           main] i.c.i.Application                        : Started Application in 5.504 seconds (process running for 6.269)

Tested with today's (13.02.2023) snapshot on Linux Ubuntu 22.04.1 LTS

Unable to access Operate on remote host

Hi folks,

It seems to be unable to access Operate on remote host when deployed with Keycloak (docker-compose.yaml).

Steps to reproduce:

  1. Have a remote host to deploy. I use AWS EC2 t3.xlarge with RH5 linux.
  2. Make sure remote host is reachable. I use public IP assigned to my host.
  3. Make sure remote host has exposed ports. I use AWS security rules with expose ports 8080-8084, 18080, 26500.
  4. Make sure you have installed docker, docker-compose, git.
  5. Clone camunda-platform at your remote host.
  6. Deploy platform version with keycloak: docker-compose -f docker-compose.yaml up.
  7. Once deployed, go to operate in your browser: XXX.XXX.XXX.XXX:8081.
  8. See being redirected to localhost: http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/auth?client_id=operate&redirect_uri=http%3A%2F%2F1XXX.XXX.XXX.XXX%3A8081%2Fidentity-callback&response_type=code&scope=openid+email&state=

Screenshot 2022-12-19 at 11 57 15

Change `dev` profile name to something else

We should consider changing the name of the dev profile, because it could lead users to believe that the rest is production-ready. This project's main focus is on development purposes.

Some ideas for a different profile name:

  • kibana
  • debug
  • troubleshoot or troubleshooting
  • inspect
  • etc

See #39 (review)

Camunda SaaS: Creating groups

How can I create groups in Camunda Cloud?
I found that there is Identity UI in self-managed, but I can't find something equivalent in SaaS
45e7bde8-cdbf-43b6-ad0e-108d885adaf7

ARM image for keycloak throws error

When building your own keycloak docker image on aarch64 architectures (commonly on m1 macs), running recently will throw an error:

ERROR: Failed to run 'build' command.
ERROR: Failed to update server configuration.
ERROR: Could not initialize class sun.util.calendar.ZoneInfoFile
For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.

While debugging, I noticed there was a missing symlink, and that the file that the symlink pointed to belongs to a package not installed on our docker image. This PR adds that package, and provides that file.

To debug this, I created an aarch64 VM, since I do not own an M1 Mac, and then I ran

DOCKER_BUILDKIT=0 docker build -t bitnami/keycloak:19.0.3 -f .keycloak/Dockerfile

And then

docker compose up -d

Before the patch, you will see the error I showed above. After this patch, it should start up normally.

Can't start camunda platform -> ERROR: for tasklist Container "<container-id>" is unhealthy.

Camunda platform with docker-compose won't start

$ docker-compose up

Output:

Creating network "camunda-platform_identity-network" with the default driver
Creating network "camunda-platform_camunda-platform" with the default driver
Creating volume "camunda-platform_zeebe" with default driver
Creating volume "camunda-platform_elastic" with default driver
Creating volume "camunda-platform_postgres" with default driver
Creating volume "camunda-platform_keycloak-theme" with default driver
Creating volume "camunda-platform_kibana" with default driver
Pulling postgres (postgres:14.5-alpine)...
14.5-alpine: Pulling from library/postgres
213ec9aee27d: Pull complete
40ab741cca09: Pull complete
c3636f308d36: Pull complete
ffb93d592d77: Pull complete
38e1167f56e0: Pull complete
5da721964db9: Pull complete
f4263eceafe0: Pull complete
b58169c5d1b0: Pull complete
Digest: sha256:ac09c433f64f2d310a83e5cc24dadc13561f645199d4ec8e503824de22e14668
Status: Downloaded newer image for postgres:14.5-alpine
Pulling keycloak (bitnami/keycloak:19.0.3)...
19.0.3: Pulling from bitnami/keycloak
f8c1c832ce65: Pull complete
afe50b8553f7: Pull complete
Digest: sha256:4ac04104d20d4861ecca24ff2d07d71b34a98ee1148c6e6b6e7969a6b2ad085e
Status: Downloaded newer image for bitnami/keycloak:19.0.3
Pulling identity (camunda/identity:8.2.5)...
8.2.5: Pulling from camunda/identity
f56be85fc22e: Pull complete
5301b279ac12: Pull complete
e91d288932f4: Pull complete
abb1176f493c: Pull complete
6a49d8ac4653: Pull complete
091cd229a1b3: Pull complete
Digest: sha256:7d9872275eecdb3b7f3903c75a3b951b2ca923f518070207996f65a04cc4e8bb
Status: Downloaded newer image for camunda/identity:8.2.5
Pulling elasticsearch (docker.elastic.co/elasticsearch/elasticsearch:7.17.9)...
7.17.9: Pulling from elasticsearch/elasticsearch
36a9c60c46d0: Pull complete
e702cbf68995: Pull complete
d42ba0f6aa39: Pull complete
13c59ecc70cc: Pull complete
12d112623fed: Pull complete
3e95eee02a15: Pull complete
e8819c48f163: Pull complete
ea0623c40fc9: Pull complete
a621ebe36959: Pull complete
Digest: sha256:59b37f77bd8b015d5b60f75bebb22d06028f7f15036f9d3559d2b7c16ece74db
Status: Downloaded newer image for docker.elastic.co/elasticsearch/elasticsearch:7.17.9
Pulling optimize (camunda/optimize:3.10.0)...
3.10.0: Pulling from camunda/optimize
f56be85fc22e: Already exists
a6b9f168b6c3: Pull complete
4f4fb700ef54: Pull complete
035fcf47fbde: Pull complete
Digest: sha256:a7168875f9640c426fd87131c9f0c8bdc52b96b9a86274096c31082a8f950eb6
Status: Downloaded newer image for camunda/optimize:3.10.0
Pulling zeebe (camunda/zeebe:8.2.5)...
8.2.5: Pulling from camunda/zeebe
99803d4b97f3: Pull complete
b493027a1bf3: Pull complete
8480b25d7069: Pull complete
7d075581aba1: Pull complete
80bf06916f7f: Pull complete
36c4856f2b8c: Pull complete
93fbabe905c4: Pull complete
58ede824ec6d: Pull complete
a44c06fac59f: Pull complete
Digest: sha256:fcbfb34436340d71140d9bebe71f1052dec0d423f56379f7e7141ad34ed318fc
Status: Downloaded newer image for camunda/zeebe:8.2.5
Pulling tasklist (camunda/tasklist:8.2.5)...
8.2.5: Pulling from camunda/tasklist
99803d4b97f3: Already exists
b493027a1bf3: Already exists
8480b25d7069: Already exists
7d075581aba1: Already exists
7d0cfb1e838e: Pull complete
1a63c03d5343: Pull complete
74f4da491828: Pull complete
62d62e981b6a: Pull complete
Digest: sha256:3b28e4b01d8c927b436678e43062c0e04a3717c4314aec58b73222da78c0e937
Status: Downloaded newer image for camunda/tasklist:8.2.5
Pulling operate (camunda/operate:8.2.5)...
8.2.5: Pulling from camunda/operate
99803d4b97f3: Already exists
b493027a1bf3: Already exists
8480b25d7069: Already exists
7d075581aba1: Already exists
7d9809ff6bf5: Pull complete
0cdcb2ebfbbf: Pull complete
50a2c4d79769: Pull complete
28e3314906b2: Pull complete
Digest: sha256:d824c8aaa669ee073c3980103a82041d7275af74108c475906b9384e7bfd6319
Status: Downloaded newer image for camunda/operate:8.2.5
Pulling connectors (camunda/connectors-bundle:0.19.2)...
0.19.2: Pulling from camunda/connectors-bundle
1bc677758ad7: Pull complete
0d0e0ecb256a: Pull complete
212512b6dedf: Pull complete
648d9d544695: Pull complete
c200a88046e1: Pull complete
c20b0a9ad1d3: Pull complete
016f3d61e066: Pull complete
1bdd5174183a: Pull complete
Digest: sha256:d1dfda09c78602303c6be16d188b2f8b10066a02718ad144702505f9e5626635
Status: Downloaded newer image for camunda/connectors-bundle:0.19.2
Creating elasticsearch ... done
Creating postgres      ... done
Creating keycloak      ... done
Creating identity      ... done
Creating optimize      ... done
Creating zeebe         ... done
Creating operate       ... done
Creating connectors    ... done

ERROR: for tasklist  Container "83757b9637fd" is unhealthy.
ERROR: Encountered errors while bringing up the project.

I've tried many times even removing completelly all images, containers, volumes & networks. and result is always the same.
I've tried on MacOS with Docker version 20.10.12, build e91ed57

Any idea about how to fix this?
Best Regards.

Improvement: add version: '3' to docker files

Well, said in title. For some people current docker file will fail with
ERROR: Invalid interpolation format for "zeebe" option in service "services":
camunda/zeebe:${CAMUNDA_PLATFORM_VERSION:-8.0.0}"
if there is no version info on files.

Add short documentation on how to download connector templates

Problem

Customers are already asking how to make Connector templates available in Web Modeler Self-Managed Beta:

Solution

Add a paragraph here https://github.com/camunda/camunda-platform#connectors that describes that you need to download and import the templates yourself, where the templates are and how to import them.

i.c.o.z.ImportJob : Import is not possible for Zeebe version: 8.0

Self managed docker-compose based installation slightly changed for arm64 platform.
Everything is starting perfectly and working until I try to deploy bpmn process.
Deployment via Modeler returns OK, but I cannot see any deployments in Operate and see this error in log (probably operate-importer-1.3.4.jar is wrong version for Platform 8.0) :

operate | io.camunda.operate.exceptions.OperateRuntimeException: Import is not possible for Zeebe version: 8.0
operate | at io.camunda.operate.zeebeimport.ImportBatchProcessorFactory.getImportBatchProcessor(ImportBatchProcessorFactory.java:40) ~[operate-importer-1.3.4.jar!/:?]
operate | at io.camunda.operate.zeebeimport.ImportJob.processOneIndexBatch(ImportJob.java:115) ~[operate-importer-1.3.4.jar!/:?]
operate | at io.camunda.operate.zeebeimport.ImportJob.call(ImportJob.java:80) ~[operate-importer-1.3.4.jar!/:?]
operate | at io.camunda.operate.zeebeimport.RecordsReader.lambda$scheduleImport$2(RecordsReader.java:249) ~[operate-importer-1.3.4.jar!/:?]
operate | at java.util.concurrent.FutureTask.run(Unknown Source) [?:?]
operate | at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
operate | at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
operate | at java.lang.Thread.run(Unknown Source) [?:?]

failed: FATAL: role "root" does not exist

hi everyone, when I create a user on Postgres by command line :
createuser -P hoangvmanh
after i confirmed the password it did not work and show an error:
createuser: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: role "root" does not exist

how can I fix it?

Modeler: Interrupting timer boundary event behavior

I'm trying to use an Interrupting timer to interrupt a task after a while of time, but when the timer is triggered the flow is going in two paths, the timer path and the interrupted task path as below

3a04dac5-f0d4-4cf5-a8de-30e74071c94b
I can't figure out why the flow didn't go in only one active path (timer path)

However, It is worked as expected in Camunda 7
6f3f78d3-61e3-4328-b8c8-8c5af410fadd

[BUG] Unable to connect Operate to an external elasticsearch (exposed via https)

Describe the bug:

I am unable to connect Operate to an external Elasticsearch (exposed via https).

Actual behavior:

Zeebe connected to Elasticsearch (using keystore)
Unable to connect Operate to Elasticsearch (using crt file). Similar behavior when I try with the keystore

Expected behavior:

https://docs.camunda.io/docs/self-managed/operate-deployment/operate-configuration/#elasticsearch

How to reproduce:

  1. Create a managed elasticsearch instance (e.g. https://cloud.elastic.co)
  2. Save credentials (username/password) and download the CA certificate
  3. Edit the docker-compose file below
  4. docker-compose up -d

Logs:

2022-10-14 09:23:56.195  WARN 7 --- [           main] i.c.o.u.RetryOperation                   : Invalid or missing build flavor [oss]
2022-10-14 09:23:56.198  WARN 7 --- [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'io.camunda.operate.es.writer.MetricWriter': Unsatisfied dependency expressed through field 'dao'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'io.camunda.operate.es.dao.UsageMetricDAO' defined in URL [jar:file:/usr/local/operate/lib/operate-webapp-8.0.6-exec.jar!/BOOT-INF/lib/operate-els-schema-8.0.6.jar!/io/camunda/operate/es/dao/UsageMetricDAO.class]: Unsatisfied dependency expressed through constructor parameter 2; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'esClient' defined in class path resource [io/camunda/operate/es/ElasticsearchConnector.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.elasticsearch.client.RestHighLevelClient]: Factory method 'esClient' threw exception; nested exception is io.camunda.operate.exceptions.OperateRuntimeException: Couldn't connect to Elasticsearch. Abort.
2022-10-14 09:23:56.214  INFO 7 --- [           main] o.a.c.c.StandardService                  : Stopping service [Tomcat]

Environment:

  • Platform: local docker-compose
  • Chart version: 8.0.6
  • Docker-compose :
services:
  zeebe:
    image: camunda/zeebe:8.0.6
    container_name: zeebe
    ports:
      - "26500:26500"
      - "9600:9600"
    environment:
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=https://external-elasticsearch-url.com
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_AUTHENTICATION_USERNAME=elastic
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_AUTHENTICATION_PASSWORD=xxxxxxxxxxxxxxxxxx
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1
      - ZEEBE_LOG_LEVEL=info
      - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m"
    networks:
      - camunda-platform
    volumes:
      - /Users/victor/camunda-platform/elasticsearch.jks:/opt/java/openjdk/lib/security/cacerts

  operate:
    image: camunda/operate:8.0.6
    container_name: operate
    ports:
      - "8080:8080"
    environment:
      - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500
      - CAMUNDA_OPERATE_ELASTICSEARCH_URL=https://external-elasticsearch-url.com
      - CAMUNDA_OPERATE_ELASTICSEARCH_USERNAME=elastic
      - CAMUNDA_OPERATE_ELASTICSEARCH_PASSWORD=xxxxxxxxxxxxxxxxxx
      - CAMUNDA_OPERATE_ELASTICSEARCH_SSL_CERTIFICATEPATH=/usr/local/operate/certificates/elasticsearch.crt
      - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=https://external-elasticsearch-url.com
      - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_USERNAME=elastic
      - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_PASSWORD=xxxxxxxxxxxxxxxxxx
      - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_SSL_CERTIFICATEPATH=/usr/local/operate/certificates/elasticsearch.crt
    networks:
      - camunda-platform
    volumes:
      - /Users/victor/camunda-platform/elasticsearch.crt:/usr/local/operate/certificates/elasticsearch.crt
    depends_on:
      - zeebe

networks:
  camunda-platform:

or

services:
  zeebe:
    image: camunda/zeebe:8.0.6
    container_name: zeebe
    ports:
      - "26500:26500"
      - "9600:9600"
    environment:
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_CLASSNAME=io.camunda.zeebe.exporter.ElasticsearchExporter
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_URL=https://external-elasticsearch-url.com
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_AUTHENTICATION_USERNAME=elastic
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_AUTHENTICATION_PASSWORD=xxxxxxxxxxxxxxxxxx
      - ZEEBE_BROKER_EXPORTERS_ELASTICSEARCH_ARGS_BULK_SIZE=1
      - ZEEBE_LOG_LEVEL=info
      - "JAVA_TOOL_OPTIONS=-Xms512m -Xmx512m"
    networks:
      - camunda-platform
    volumes:
      - /Users/victor/camunda-platform/elasticsearch.jks:/opt/java/openjdk/lib/security/cacerts

  operate:
    image: camunda/operate:8.0.6
    container_name: operate
    ports:
      - "8080:8080"
    environment:
      - CAMUNDA_OPERATE_ZEEBE_GATEWAYADDRESS=zeebe:26500
      - CAMUNDA_OPERATE_ELASTICSEARCH_URL=https://external-elasticsearch-url.com
      - CAMUNDA_OPERATE_ELASTICSEARCH_USERNAME=elastic
      - CAMUNDA_OPERATE_ELASTICSEARCH_PASSWORD=xxxxxxxxxxxxxxxxxx
      - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=https://external-elasticsearch-url.com
      - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_USERNAME=elastic
      - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_PASSWORD=xxxxxxxxxxxxxxxxxx
    networks:
      - camunda-platform
    volumes:
      - /Users/victor/camunda-platform/elasticsearch.jks:/opt/java/openjdk/lib/security/cacerts
    depends_on:
      - zeebe

networks:
  camunda-platform:

Process History not showing user form variables

For example

image

The user task "Mayor Decides: in the process has a form that has a number of variables... They should show when you click on the task. Variables show fine for other service tasks, dmn's etc. but nothing for forms.

image

Tasklist REST API: Complete an unassigned task or assigned to another user

I expect that I can complete only tasks that are assigned to me, not to another user, this worked fine in Camunda Cloud UI but when I use Tasklist REST API I can complete any task as long as I have the task Id

493f109c-10fd-4158-92a0-e47b8f03b29c

bd04cd0d-7aff-4da3-bb20-962f9b9c943e

Also, I found out that I can complete an unassigned task

e45e9c57-e70a-4bc7-b34c-8f6d33b9f39f

I think these cases should be handled with the following errors

2cd80570-10bc-448d-ba70-fb0e2f49c167

More clarity what's recommended for local development

If we read through the documentation and also through the readme, it's currently not really clear what it's recommended for local development.

The documentation says as example, the recommended way for development is:

For development usage, we highly recommend using our Helm charts on KIND if SaaS provided by Camunda is not an option for you. Those Helm charts are battle-tested and give you an experience close to production.

  1. SaaS
  2. Helm charts on KIND or Helm on a managed Kubernetes offering (like GKE) or Helm on a local Kubernetes installation like minikube.
  3. Docker Compose
  4. Local installation

But is says also:

  • Kubernetes: We strongly recommend using Kubernetes to run Camunda Platform 8 in production. Using minikube, Kubernetes can also be an interesting environment to run Camunda Platform 8 locally on developer machines.
  • Docker: You can run the provided Docker images of the components, also in production. For your convenience, we provide a Docker Compose configuration to run Camunda Platform 8 on developer machines. Note that the Docker Compose configuration is not optimized for production usage, but for local development.

The readme of this repo says:
⚠️ Docker Compose is only recommended for local development. ⚠️

We recommend using SaaS or Helm/Kubernetes for development.

And in the docker compose file there is also a hint:

# For local development, we recommend using KIND instead of `docker-compose`:

# https://docs.camunda.io/docs/self-managed/platform-deployment/helm-kubernetes/guides/local-kubernetes-cluster/

We are currently writing documentation and a best practice recommendation for our developers and the discussion came up if docker compose or a local Kubernetes deployment is the preferred way. Especially if we look on the aspects of "battle-tested" and "experience close to production".

There is also the question of what exactly is meant by 'development' and 'local development'. My assumption was that:

  • development: means the overall development process where you provide an installation for different development environments like: Dev, Test and Stage
  • local development: installing the platform on a local machine or development VM

Is this correct?

Tasklist logs are full of warnings in core setup

The logs of tasklist are full fo warnings:

2022-05-18 11:36:15.327  WARN 1 --- [       Thread-2] o.e.c.RestClient                         : request [POST http://elasticsearch:9200/zeebe-record-variable/_search?routing=1&typed_keys=true&max_concurrent_shard_requests=5&request_cache=false&search_type=query_then_fetch&batched_reduce_size=512] returned 1 warnings: [299 Elasticsearch-7.17.0-bee86328705acaa9a6daede7140defd4d9ec56bd "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-minimal-setup.html to enable security."]

As security is no concern by intend, the warning should be suppressed.

They are printed several times every few seconds (I assume for each request).

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.