How to automate the deployment of Identity Manager Containers on single host

2 Likes
over 1 year ago

1.     Introduction

This article discusses about how to deploy Identity Manager Containers on single host with host only network. For the current scenario we are considering the deployment of Identity Manager 4.8 Containers.

2.     Abbreviation

  • IDM – Identity Manager

3.     Pre-requisites

a.      Install Docker version 19.03.1 or later

For checking the current Docker version, run the following command in the terminal of the host machines:

docker --version

b.     To connect to the setup, add an entry in your workstation to the hosts file (Windows location c:\windows\system32\drivers\etc, Linux, /etc/hosts) with

<IP_Address> identitymanager.example.com identitymanager

Where IP Address is your docker host

Ex: 192.168.17.137 identitymanager.example.com identitymanager

Note: FQDN is fixed for this article, just change the IP Address

c.      Download Identity Manager 4.8 tar ball build

d.     Load IDM Docker images using following commands,

sudo docker load -i <Identity_Manger_Container_Unzip_Location>/IDM_48_identityapplication.tar.gz

sudo docker load -i <Identity_Manger_Container_Unzip_Location>/IDM_48_postgres.tar.gz

sudo docker load -i <Identity_Manger_Container_Unzip_Location>/IDM_48_osp.tar.gz

sudo docker load -i <Identity_Manger_Container_Unzip_Location>/IDM_48_identityengine.tar.gz

sudo docker load -i <Identity_Manger_Container_Unzip_Location>/IDM_48_activemq.tar.gz

sudo docker load -i <Identity_Manger_Container_Unzip_Location>/IDM_48_formrenderer.tar.gz

sudo docker load -i <Identity_Manger_Container_Unzip_Location>/IDM_48_iManager320.tar

sudo docker load -i <Identity_Manger_Container_Unzip_Location>/IDM_48_sspr.tar.gz

sudo docker load -i <Identity_Manger_Container_Unzip_Location>/IDM_48_identityreporting.tar.gz

e.     Create a directory /data

f.       Copy silent.properties from the attachment unzipped to /data directory

NOTE: All passwords are set to novell. This is specified in the silent.properties file. To customize the selections used, modify the silent.properties to match your preferences.

4.     Steps to run the Automation

Run the following to deploy IDM containers from unzipped directory of attachment,

sh hostonly.sh /data

5.     Post-configuration

a.     Reporting Post-configuration

            i.     Execute an interactive bash shell on the rpt-container using the following command:

                  sudo docker exec -it rpt-container bash

            ii.     Add the -Dcom.sun.net.ssl.checkRevocation=false parameter in the export CATALINA_OPTS entry of the setenv.sh file. In this example, the setenv.sh file is located under the /opt/netiq/idm/apps/tomcat/bin/ directory.

           iii.     Exit the container using the following command:

                exit

           iv.     Stop the container using the following command:

                sudo docker stop rpt-container

           v.     Start the container using the following command:

                 sudo docker start rpt-container

b.     Import the OAuth certificate to SSPR:

           i.     From the Docker host, edit the /data/sspr/SSPRConfiguration.xml file and set the value of the configIsEditable flag to true and save the changes.

           ii.     Launch a browser and enter the https://identitymanager.example.com:8443/sspr URL.

           iii.     Log in using administrator credentials, for example, uaadmin/novell

           iv.     Click on the user, for example, uaadmin, on the top-right corner and then click Configuration Editor.

           v.     Specify the configuration password and click Sign In.

           vi.     Click Settings > Single Sign On (SSO) Client > OAuth and ensure that all URLs use the HTTPS protocol and correct ports.

           vii.     Under OAuth Server Certificate, click Import from Server to import a new certificate and then click OK.

            viii.     Click 'save icon' at the top-right corner to save the certificate.

            ix.     Review the changes and click OK.

            x.     After the SSPR application is restarted, edit the SSPRConfiguration.xml file and set the value of the configIsEditable flag to false and save the changes.

 

6.     List of Identity Manager Containers deployed

  • Identity Manager Engine
  • iManager
  • One SSO Provider
  • ActiveMQ
  • PostgreSQL
  • Identity Applications
  • Self Service Password Reset
  • Form Renderer
  • Identity Reporting

 

7.     Useful components configuration details

a.      Identity Manager Engine / Identity Vault

Administrative user: cn=admin,ou=sa,o=system

LDAP port: 389

LDAPS port: 636

NCP port: 524

HTTP port: 8028

HTTPS port: 8030

 

b.     Identity Applications

Administrative user: cn=uaadmin,ou=sa,o=data

Database platform: PostgreSQL

Database host: identitymanager.example.com

Database port: 5432

Database name: idmuserappdb, igaworkflowdb & idmrptdb

Database user: idmadmin

Application URL: https://identitymanager.example.com:28543/idmdash

Application administrator URL: https://identitymanager.example.com:28543/idmadmin

 

c.      Identity Reporting

Administrative user: cn=uaadmin,ou=sa,o=data

Database platform: PostgreSQL

Database host: identitymanager.example.com

Database port: 5432

Database name: idmrptdb

Database user: postgres

Reporting URL: https://identitymanager.example.com:38543/IDMRPT

Data Collection Service URL: https://identitymanager.example.com:38543/idmdcs

              

d.     Self Service Password Reset

Administrative user: cn=uaadmin,ou=sa,o=data

Self Service Password Reset URL: https://identitymanager.example.com:8443/sspr

 

e.     iManager

iManager URL: https://identitymanager.example.com:8743/nps

 

8.     What next:

This article provides solution to deploy Identity Manager Containers on a single host using host network. Further details on Identity Manager Containers to deploy on single host with host network is available at the following link on Identity Manager Container’s documentation,

https://www.netiq.com/documentation/identity-manager-48/setup_linux/data/t4bk3ao21qbm.html

Identity Manager Containers can be deployed on distributed Docker hosts. For more details on how to deploy on distributed Docker hosts refer to the following link on Identity Manager Container’s documentation,

https://www.netiq.com/documentation/identity-manager-48/setup_linux/data/t4bk3ao21qbm.html

9.     To clean-up containers:

Run the following command to clean-up the containers from the unzipped directory of attachment,

sh hostonly_rm.sh

Note: Script will remove the ‘/data’ folder by default

Labels:

New Release-Feature
Other
Comment List
Anonymous
Related Discussions
Recommended