Important Note:  Ansible based deployment of IDM containers is officially supported from IDM 4.8.3 release. Please follow documentation as below

https://www.netiq.com/documentation/identity-manager-48/idm_installing_updating_483/data/deploying-identity-manager-containers-using-ansible.html

This article provides information on deploying the Identity Manager containers using Ansible.

1.0 Introduction to Ansible

  - Ansible is a open-source configuration management and provisioning tool
  - It uses SSH to connect and run the configured tasks. Ansible lets you to control and configure nodes from a single server
  - It makes deployment of containers seamless

  For details on how ansible works, please refer to https://www.ansible.com/overview/how-ansible-works

2.0 Where we can use this ansible-playbook

  - Installation of IDM 4.8.1 containers in single server environment
  - Installation of IDM 4.8.1 containers in distributed server environments

  Note : This script supports the deployment of all containers in any network modes like overlay, bridge etc. However, Identity Manager Engine container should be deployed in a host only mode.

3.0 Prerequisites for Installing Ansible
  One Linux server. I have used sles12sp3, however steps to install ansible may vary in different versions

4.0 Setting Up Ansible on Your Server

  1) Install Python.
  2) Download the get-pip.py file on your server:
      wget https://bootstrap.pypa.io/get-pip.py
  3) Install the get-pip.py file:
      python get-pip.py
  4) Install Ansible:
      pip install ansible
  5) Generate a SSH key using the following command:
      ssh-keygen
  6) Copy the SSH key from Ansible server (Control server) to all the Docker hosts:
      ssh-copy-id “docker-host fqdn”
      For example:  ssh-copy-id sles12sp3-siva.labs.blr.novell.com

  Ansible is now set up successfully.

5.0 Prerequisites for Running the Ansible Playbook

  1) Download the <Identity_Manager_4.8.1_Containers_Ansible.zip> file.
  2) Extract the zip file.
  3) Copy the silent properties file to the location where you have extracted the zip file in step 2. For instructions on generating the silent properties file, see Generating the Silent Properties file.
  Note : Please note that the name of the silent properties file should be "silent.properties"
  4) Copy the certificates onto the shared volume of your Docker host. For instructions on generating the certificates, see Generating Certificates.
  5) Ensure the network mode is already configured. For instructions on creating a sample network click here.

6.0 Running the Ansible Playbook

  The following sections provide details on deploying the Containers using ansible script

6.1 Updating the Input File With the Required Parameters
  1) Navigate to the location where you have extracted the <Identity_Manager_4.8.1_Containers_Ansible.zip> file.
  2) Open setup.csv file and specify the following details:
  NOTE: The sample setup.csv is available in the <Identity_Manager_4.8.1_Containers_Ansible.zip> file. You can modified the file based on your requirement.
  • Component : Specify the name of the container to be deployed. For example, OSP.
  • DockerHost : Specify the IP Address of the Docker host where the container will be deployed. For example, 172.20.0.1
  • ContainerIP : Specify the IP Address that will be assigned to the container. For example, 192.168.0.5.
  • ContainerName : Specify a name for the container. For example, osp-container.
  • ContainerHostname : Specify the FQDN that will be assigned to the container. For example, osp.example.com.
  • Port1 and Port2 : Specify the port(s) that will be exposed outside the container. For example, 8543.
  • Shared_volume : Specify the location of the shared volume location linked inside the docker Hosts. For example, /data. If you specify /data, it implies that the /data directory is present in the Docker host.)
  • tarball_location : Specify the location where the container ISO is extracted.

6.2 Executing the Ansible Playbook
  NOTE: The Ansible script can be used only for a fresh deployment of containers. In future, this script will be enhanced to support the patching of containers.
  1) Navigate to the location where you have extracted the <Identity_Manager_4.8.1_Containers_Ansible.zip> file.
  2) Run the following command to set up the environment variables for deploying the Ansible script:
     ansible-playbook setup.yml
     ansible-playbook convertsilentprop2yaml.yml
  3) Run the following command to deploy all the Identity Manager containers:
     ansible-playbook idmdockerContainer_playbook.yml  -e network_set="network_name”
     For example, ansible-playbook idmdockerContainer_playbook.yml  -e network_set="overlay_net"

  NOTE: To deploy the specific containers using the ansible-playbook, use the component-specific tags. For example, to deploy the OSP container only, run the following command:
  ansible-playbook idmdockerContainer_playbook.yml  --tags="osp_tag" -e network_set="overlay_net"

7.0 References
  The list of tags for deploying individual containers are available here:
  • To deploy the Identity Manager Engine container, use the "engine_tag"
  • To deploy the Remote Loader container, use the "remoteloader_tag"
  • To deploy the iManager container, use the "iManager_tag"
  • To deploy the OSP Container, use the "osp_tag"
  • To deploy the PostgreSQL container, use the "postgres_tag"
  • To deploy the Identity Applications container, use the "identityapps_tag"
  • To deploy the FormRenderer container, use the "formrender_tag"
  • To deploy the ActiveMQ container, use the "activemq_tag"
  • To deploy the Identity Reporting container, use the "reporting_tag"
  • To deploy the Fanout Agent container, use the "fanoutagent_tag"
  • To deploy the SSPR container, use the "sspr_tag"