<!-- Space: qifu -->
<!-- Parent: 后端技术&知识&规范 -->
<!-- Parent: 技术方案 -->
<!-- Parent: 基建 -->
<!-- Title: 20250107-Yearning安装及SSO接入指南 -->

<!-- Macro: :anchor\((.*)\):
     Template: ac:anchor
     Anchor: ${1} -->
<!-- Macro: \!\[.*\]\((.+)\)\<\!\-\- width=(.*) \-\-\>
     Template: ac:image
     Url: ${1}
     Width: ${2} -->
<!-- Macro: \<\!\-\- :toc: \-\-\>
     Template: ac:toc
     Printable: 'false'
     MinLevel: 2 
     MaxLevel: 4 -->
<!-- Include: 杂项/声明文件.md -->

<!-- :toc: -->

# Yearning 安装及 SSO 接入指南

## Yearning 安装启动

- 可以参考：https://next.yearning.io/zh/usage/ixah25xr/

### Docker Compose

#### `docker-compose.yml` 文件

```yaml
version: '3'

services:
  yearning:
    image: yeelabs/yearning:v3.1.5
    environment:
      MYSQL_USER: yearning
      MYSQL_PASSWORD: ukC2ZkcG_ZTeb
      MYSQL_ADDR: mysql
      MYSQL_DB: yearning
      SECRET_KEY: dbcjqheupqjsuwsm
      IS_DOCKER: is_docker
    ports:
      - 8000:8000
    volumes:
      - ./opt/conf.toml:/opt/conf.toml
    #- 首次使用请先初始化
    #- command: /bin/bash -c "./Yearning install && ./Yearning run"
    depends_on:
      - mysql
    restart: always

  mysql:
    image: mysql:5.7
    environment:
      MYSQL_ROOT_PASSWORD: ukC2ZkcG_ZTeb
      MYSQL_DATABASE: yearning
      MYSQL_USER: yearning
      MYSQL_PASSWORD: ukC2ZkcG_ZTeb
    command:
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_general_ci
    volumes:
      - ./data/mysql:/var/lib/mysql

#- 默认账号：admin，默认密码：Yearning_admin
```

#### `conf.toml` 文件

```toml
[Mysql]
Db = "Yearning"
Host = "127.0.0.1"
Port = "3306"
Password = ""
User = "root"

[General]
SecretKey = "dbcjqheupqjsuwsm"
Hours = 4
Lang = "zh_CN"

[Oidc]
Enable = false
ClientId = "${keycloak的客户端ID}"
ClientSecret = "${keycloak的客户端Secret}"
Scope = "openid profile"
AuthUrl = "${issuer链接}/protocol/openid-connect/auth"
TokenUrl = "${issuer链接}/protocol/openid-connect/token"
UserUrl = "${issuer链接}/protocol/openid-connect/userinfo"
RedirectUrL = "${yearning的地址}/oidc/_token-login"
UserNameKey = "preferred_username"
RealNameKey = "name"
EmailKey = "email"
SessionKey = "session_state"
```

### Yearning OIDC 配置

- 可以参考：https://next.yearning.io/zh/usage/boccobus/

#### 修改 `conf.toml`（Keycloak示例）

```toml
[Oidc]
Enable = true
ClientId = "${keycloak的客户端ID}"
ClientSecret = "${keycloak的客户端Secret}"
Scope = "openid profile"
AuthUrl = "${issuer链接}/protocol/openid-connect/auth"
TokenUrl = "${issuer链接}/protocol/openid-connect/token"
UserUrl = "${issuer链接}/protocol/openid-connect/userinfo"
RedirectUrL = "${yearning的地址}/oidc/_token-login"
UserNameKey = "preferred_username"
RealNameKey = "name"
EmailKey = "email"
SessionKey = "session_state"
```

- ${keycloak的客户端ID}：例如 `yearning`
- ${keycloak的客户端Secret}: Keycloak中获取
- ${issuer链接}: Keycloak 中获取
- ${yearning的地址}：yearning 请求地址

### 异常处理

- 如果出现异常，可以排查 `Yearning` 服务和 `Keycloak` 服务是否可以访问通畅。
- 或者说 `Yearning` SSO 配置中的链接在 `Yearning` 所在服务中是否可以正常访问


## 参考

- [Yearning安装教程](https://next.yearning.io/zh/usage/ptbzchak/)
- [使用go语言编译部署最新版Yearning【v3.0.1】](https://blog.csdn.net/qq_44930876/article/details/125679454)