2.1 Preparing Your Container Deployment

The Identity Manager containers deployment process requires pre-installation, installation, and post-installation work. Use the information in this section as you prepare to deploy the Identity Manager containers.

Some containers are dependent on others. The following table provides details on those containers that are dependent on other containers.

Table 2-1 Dependent Containers

Container

Dependent containers

OSP

  • Identity Engine

  • iManager

Identity Applications

  • OSP

  • Databases for Identity Applications

Form Renderer

Identity Applications

Identity Reporting

  • Identity Applications

  • Databases for Identity Reporting

SSPR

OSP

2.1.1 Managing Container Volume Data

Docker supports several mechanisms for data storage and persistence. One such mechanism of persisting container data is by using shared volumes in containers.

The examples used in this guide assumes that you create and use shared volumes. For example, create a shared volume called /data on your Docker host.

mkdir /data

However, you can use other volumes that Docker supports. For more information, see Docker documentation.

NOTE:The /data directory of the Docker host will be mapped to the /config directory of the containers. Ensure that you have read-write permissions for the shared volumes. However, if you want to map the shared volume with a different directory inside the container, you must map them while deploying the container itself. For example, you can map the /data directory with the /etc/opt/novell/dirxml/rdxml/ directory inside the Remote Loader container.

2.1.2 Prerequisites for Deploying Containers

Based on your container deployment, NetIQ recommends that you review the following prerequisites before deploying containers.

  • The /etc/hosts file of all the Docker hosts in your Docker deployment must be updated with the details of all the containers running on that host. Ensure that the hostname for all containers are in Fully Qualified Domain Name (FQDN) format only.

    • If you are deploying containers on a single server, ensure that the host file entry follows the below format:

      <IP of the host> <FQDN> <short_name>

      For example:

      172.120.0.1     identitymanager.example.com      identitymanager
      
    • If you are deploying containers on distributed servers, ensure that the host file entries follows the below format for all the components:

      <IP of the container> <FQDN> <short_name>

      In the sample deployment used in this guide, add the following entries in the /etc/hosts file:

      172.120.0.1     identityengine.example.com       identityengine
      192.168.0.2     remoteloader.example.com         remoteloader
      192.168.0.3     fanoutagent.example.com          fanoutagent
      192.168.0.4     imanager.example.com             imanager
      192.168.0.5     osp.example.com                  osp
      192.168.0.6     postgresql.example.com           postgresql
      192.168.0.7     identityapps.example.com         identityapps
      192.168.0.8     formrenderer.example.com         formrenderer
      192.168.0.9     activemq.example.com             activemq
      192.168.0.10    identityreporting.example.com    identityreporting   
      192.168.0.11    sspr.example.com                 sspr

      You must also add the following entries on the server where Identity Manager Engine container will be deployed. Based on the examples provided in this guide, these entries must be present in Docker Host A.

      <IP Address of the Docker host where Identity Manager Engine container will be deployed>       <FQDN>   <short name>   
           
      <IP Address of the Docker host where OSP container will be deployed>       <FQDN>   <short name>   osp.example.com
      
      <IP Address of the Docker host where Identity Applications container will be deployed>       <FQDN>   <short name>   identityapps.example.com
      
      <IP Address of the Docker host where Identity Reporting container will be deployed>       <FQDN>   <short name>   identityreporting.example.com

    NOTE:The examples in the guide assume virtual IP addresses for all the containers. Based on your requirement, you can assign IP addresses that are accessible across your network.

  • You must know the ports that you want to use for each containers in your deployment. You must expose the required ports and map the container ports with the ports on the Docker host. The following table provides information on ports that you must expose on the Docker hosts based on the examples provided in the guide.

    Container

    Default ports assumed as per the sample deployment

    Remote Loader

    8090

    Fanout Agent

    Not applicable

    iManager

    8743

    OSP

    8543

    Identity Applications

    18543

    Identity Reporting

    28543

    Form Renderer

    8600

    ActiveMQ

    • 8161

    • 61616

    PostgreSQL

    5432

    SSPR

    8443

    NOTE:SSPR container runs only on 8443 port.

    However, you can customize the ports based on your requirement. The following considerations apply while you expose the ports:

    • Ensure that you expose those ports which are not in use.

    • The container port must be mapped to the same port on the Docker host. For example, the 8543 port on the container must be mapped to the 8543 port on the Docker host.

2.1.3 Creating the Silent Properties File

Identity Manager supports silent mode only for deployment of containers. You must generate the silent properties file if you are deploying containers for the first time. If you are updating containers from 4.8, the silent properties file is not required.

  1. From the location where you have extracted the Identity_Manager_4.8.1_Containers.tar.gz file, navigate to the Identity_Manager_4.8.1_Containers directory.

  2. Run the following command to load the image:

    docker load --input IDM_481_idm_conf_generator.tar.gz

  3. Deploy the container using the following command:

    docker run --rm -it --name=idm_conf_generator --hostname=identitymanager.example.com -v /data:/config idm_conf_generator:idm-4.8.1

    NOTE:

    • Ensure that you specify the machine FQDN as a value for the hostname.

    • The --rm flag deletes the container after the silent properties file is created.

  4. Enter y to proceed with the installation and configuration of the components.

  5. Specify the silent property file name with the absolute path:

    NOTE:Ensure that you create the silent.properties file in the /config shared volume location. In other words, the silent properties file will be available in the /data directory of the Docker host.

  6. Specify n for the Do you want to generate inputs for Kubernetes Orchestration parameter.

  7. Decide the Identity Manager server edition you want to install. Enter y for Advanced Edition and n for Standard Edition.

  8. From the list of components available for installation, select the required components:

    • To install Engine, select Identity Manager Engine.

    • To install Identity Reporting, select Identity Reporting.

    • To install Identity Applications, select Identity Applications.

    NOTE:

    • You must generate a single silent.properties file for deploying all the Identity Manager components.

    • Ensure that you specify the following values for the ports used by different containers:

      Prompt

      Port to be specified

      One SSO Server SSL port

      8543

      Identity Reporting Tomcat HTTPS port

      28543

      Identity Applications Tomcat HTTPS port

      18543

    • Use FQDN for all IP related configuration prompts. In other words, the hostname that you provide in the /etc/hosts entry for all components must be specified while generating the silent.properties file.

    • The SSO_SERVER_SSL_PORT, TOMCAT_HTTPS_PORT, UA_SERVER_SSL_PORT, and RPT_TOMCAT_HTTPS_PORT must be unique ports. For example, modify the SSO_SERVER_SSL_PORT to 8543, TOMCAT_HTTPS_PORT and UA_SERVER_SSL_PORT to 18543, and RPT_TOMCAT_HTTPS_PORT to 28543 respectively.

  9. (Conditional) If you are deploying containers on a single server using the host network mode, you must add the following entry after the silent properties file is generated:

    SKIP_PORT_CHECK=1

NOTE:When the silent.properties file is generated, it will be available in the shared volume of your Docker host. For example, /data.