loading...

FusionAuth on Arm64

jerry_hopper profile image jerry hopper ・4 min read

Since the release of FusionAuth – i’ve been a huge fan! its lightweight, stable and adheres to standards. FusionAuth is by far the best and most complete authentication authorization and user-management system, which gets you real value for your buck.

Build for Devs

‘Build for devs’ is one of the unique selling points of FusionAuth identity solution. But what about the hobbyist-developer? Or – what if you would like to develop your application at home, during these corona-times? Is that possible?

The answer is YES, if you have a server at home that runs linux – You can!
But not every developer has the space for a server or computer that would run the FusionAuth instance at home.

This is were the Raspberry Pi, NanoPi Neo or any other Arm64 Device can come in very handy. With a price varying from $20 to $90 dollar, you can own such a device – and have your custom development server for at home. Its already been done before , and now we’re going to use our single-board-computer as a full-blown identity solution.

Since FusionAuth version 1.15 a elastic-search instance is no longer required (but is optional for instances with heavy loads), which is optimal for a tiny fusionauth deployment at home.

Docker

To achieve absolute portability, we will be using Docker – which allows us to run applications inside a container – and thus keeping the installation/configuration to a minimum. FusionAuth is already available on Dockerhub, so running it should be a breeze. Lets go!

Login to your device, and start the fusionauth instance.

root@arm64docker:~# docker run -p 9011:9011 \
--name fusionauth-app \
fusionauth/fusionauth-app:latest

Unable to find image 'fusionauth/fusionauth-app:latest' locally
latest: Pulling from fusionauth/fusionauth-app
aad63a933944: Pull complete
38dcc57173c1: Pull complete
3c3aac2babe6: Pull complete
1eef9e911159: Pull complete
Digest: sha256:931ec2f08adf562a7f94c62dcf62ba562b41a571318588de231c5c21126b7b2c
Status: Downloaded newer image for fusionauth/fusionauth-app:latest
standard_init_linux.go:211: exec user process caused "exec format error"

As you can see, the process exits with the following error message : standard_init_linux.go:211: exec user process caused “exec format error”.

So, what’s going on? This error tells us that the application you wanted to start, was build for a different architecture. If we check dockerhub, and view the FusionAuth tags you will notice the Docker containers are build for Linux/amd64. When we check our SBC’s platform by typing the command uname -a the result will be a different platform then amd64

root@arm64docker:~# uname -a
Linux arm64docker 5.4.43-sunxi64 #20.05.2 SMP Tue Jun 2 17:20:17 CEST 2020 aarch64 GNU/Linux 

FusionAuth’s Dockerfile

We can conclude that FusionAuth is not Arm64 compatible…. But is that really true? FusionAuth is a Java application, and Java can run on Arm64 devices – so in theory it could work!

If we look at fusionAuth’s Dockerfile we can see how the container is build.
https://hub.docker.com/r/fusionauth/fusionauth-app

FROM alpine:latest as build

###### Install stuff we need and then cleanup cache #################
RUN apk add --no-cache \
  unzip \
  curl

###### Get and install FusionAuth App Bundle ########################
ENV FUSIONAUTH_VERSION=1.17.1
RUN curl -Sk --progress-bar https://storage.googleapis.com/inversoft_products_j098230498/products/fusionauth/${FUSIONAUTH_VERSION}/fusionauth-app-${FUSIONAUTH_VERSION}.zip -o fusionauth-app.zip \
  && mkdir -p /usr/local/fusionauth/fusionauth-app \
  && unzip -nq fusionauth-app.zip -d /usr/local/fusionauth

FROM fusionauth/fusionauth-java:14-jdk-alpine3.11.5

RUN addgroup fusionauth \
  && adduser -G fusionauth -D -H fusionauth

COPY --chown=fusionauth:fusionauth --from=build /usr/local/fusionauth /usr/local/fusionauth

###### Start FusionAuth App #########################################
LABEL description="Create an image running FusionAuth App. Installs FusionAuth App"
LABEL maintainer="FusionAuth <dev@fusionauth.io>"
EXPOSE 9011
USER fusionauth
ENV FUSIONAUTH_USE_GLOBAL_JAVA=1
CMD ["/usr/local/fusionauth/fusionauth-app/apache-tomcat/bin/catalina.sh", "run"]

If we breakdown what happens here, its :
– Download and unzip the FusionAuth application,
– Import Java,
– Add a FusionAuth
Notice that FusionAuth docker images are based on Alpine, and uses java Version 14

The Arm64 Dockerfile

Before we begin, its good to know that Alpine doesnt use Glibc – but musl. As there is no musl-compatible jdkv14, and installing Glibc on Alpine is not part of this tutorial, we will be using the (much larger) ubuntu Java image.

We create a Dockerfile, where we specify the V14 jdk container from adoptopenjdk We pull in the FusionAuth zip – like in the official Dockerfile. We add the user, and that’s it. See the below Dockerfile for details.

FROM adoptopenjdk:14-jdk-hotspot-bionic as build

###### Install stuff we need and then cleanup cache #################
RUN apt update && apt install unzip

###### Get and install FusionAuth App Bundle ########################
ENV FUSIONAUTH_VERSION=1.17.0
RUN curl -Sk --progress-bar https://storage.googleapis.com/inversoft_products_j098230498/products/fusionauth/${FUSIONAUTH_VERSION}/fusionauth-app-${FUSIONAUTH_VERSION}.zip -o fusionauth-app.zip \
  && mkdir -p /usr/local/fusionauth/fusionauth-app \
  && unzip -nq fusionauth-app.zip -d /usr/local/fusionauth


FROM adoptopenjdk:14-jdk-hotspot-bionic


#RUN addgroup fusionauth && adduser -G fusionauth -D -H fusionauth
RUN groupadd fusionauth
RUN useradd -r -s /bin/sh -g fusionauth -u 1001 fusionauth


# copy FusionAuth from other image.
COPY --chown=fusionauth:fusionauth --from=build /usr/local/fusionauth /usr/local/fusionauth

###### Start FusionAuth App #########################################
LABEL description="Create an image running FusionAuth App. Installs FusionAuth App"
LABEL maintainer="FusionAuth-community <hopper.jerry@gmail.com>"
EXPOSE 9011
USER fusionauth
ENV FUSIONAUTH_USE_GLOBAL_JAVA=1
CMD ["/usr/local/fusionauth/fusionauth-app/apache-tomcat/bin/catalina.sh", "run"]

We can now build the docker container, and use it on a Arm64 device. So, whether you run it on a Raspberry Pi, NanoPi , Jetson or any other sbc-device – your personal idp is ready for any development-task you are about to face, like running automated tests against a real oAuth2 server!

Another possibility, is to run your FusionAuth server on AWS Arm64 cloudplatform, if you prefer low-energy-footprint servers.

Have a look at the cool new Kickstart functionality to quikly deploy your identity management solution, and start developing your apps at home like a boss!

Community Arm64 build

But, if all of this is just a little too much for you, you can also download my prebuild Arm64 container on dockerhub
https://hub.docker.com/repository/docker/botnyx/fusionauth-app-aarch64

docker run \
    -p 9011:9011 \
    --name fusionauth-app \
    botnyx/fusionauth-app-aarch64:latest

Please keep in mind this arm64 image is not official, nor is it officially supported!

For more information about FusionAuth, visit : http://FusionAuth.io

Thats it, Happy developing!

This article was posted on my blog : https://blog.jerryhopper.com/2020/06/15/fusionauth-on-arm64/

Posted on by:

jerry_hopper profile

jerry hopper

@jerry_hopper

Dutch, doesnt hate php!

Discussion

markdown guide