The Identity Manager containers deployment process requires pre-installation, installation, and post-installation work. Use the information in this section as you prepare to deploy the Identity Manager containers.
Some containers are dependent on others. The following table provides details on those containers that are dependent on other containers.
Table 7-1 Dependent Containers
|
Container |
Dependent containers |
|---|---|
|
OSP |
|
|
Identity Applications |
|
|
Form Renderer |
Identity Applications |
|
Identity Reporting |
|
|
SSPR |
OSP |
Based on your container deployment, NetIQ recommends that you review the following prerequisites before deploying containers.
The /etc/hosts file of all the Docker hosts in your Docker deployment must be updated with the details of all the containers running on that host. Ensure that the hostname for all containers are in Fully Qualified Domain Name (FQDN) format only.
If you are deploying containers on distributed servers, ensure that the host file entries follows the below format for all the components:
<IP of the container> <FQDN> <short_name>
In the sample deployment used in this guide, add the following entries in the /etc/hosts file:
192.168.0.12 identityengine.example.com identityengine 192.168.0.2 remoteloader.example.com remoteloader 192.168.0.3 fanoutagent.example.com fanoutagent 192.168.0.4 imanager.example.com imanager 192.168.0.5 osp.example.com osp 192.168.0.6 postgresql.example.com postgresql 192.168.0.7 identityapps.example.com identityapps 192.168.0.8 formrenderer.example.com formrenderer 192.168.0.9 activemq.example.com activemq 192.168.0.10 identityreporting.example.com identityreporting 192.168.0.11 sspr.example.com sspr
You must also add the following entries on the hosts file of the machine where you will access the containers from:
<IP Address of Docker host A> <FQDN of all containers deployed on Docker Host A> <short name of all containers deployed on Docker host A>
<IP Address of Docker host B> <FQDN of all containers deployed on Docker Host B> <short name of all containers deployed on Docker host B>
If you are deploying containers on a single server, ensure that the host file entry follows the below format:
<IP of the host> <FQDN> <short_name>
For example:
172.120.0.1 identitymanager.example.com identitymanager
NOTE:The examples in the guide assume virtual IP addresses for all the containers. Based on your requirement, you can assign IP addresses that are accessible across your network.
You must know the ports that you want to use for each containers in your deployment. You must expose the required ports and map the container ports with the ports on the Docker host. The following table provides information on ports that you must expose on the Docker hosts based on the examples provided in the guide.
Table 7-2 Default Ports Exposed As per the Sample Deployment
|
Container |
Default ports assumed as per the sample deployment |
|---|---|
|
Remote Loader |
8090 |
|
Fanout Agent |
Not applicable |
|
iManager |
8743 |
|
iMonitor |
8030 |
|
OSP |
8543 |
|
Identity Applications |
18543 |
|
Identity Reporting |
28543 |
|
Form Renderer |
8600 |
|
ActiveMQ |
|
|
PostgreSQL |
5432 |
|
SSPR |
8443 NOTE:SSPR container runs only on 8443 port. |
However, you can customize the ports based on your requirement. The following considerations apply while you expose the ports:
Ensure that you expose those ports that are not in use.
The container port must be mapped to the same port on the Docker host. For example, the 8543 port on the container must be mapped to the 8543 port on the Docker host.
Identity Manager supports silent mode only for deployment of containers. You must generate the silent properties file if you are deploying containers for the first time. If you are updating containers from previous versions, the silent properties file is not required.
Navigate to the location where you have extracted the Identity_Manager_4.8.4_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_484_idm_conf_generator.tar.gz
Deploy the container using the following command:
docker run --rm -it --name=idm_conf_generator --hostname=identitymanager.example.com -v /data:/config idm_conf_generator:idm-4.8.4
NOTE:
Ensure that you specify the machine FQDN as a value for the hostname.
The --rm flag deletes the container after the silent properties file is created.
Specify the silent property file name with the absolute path:
NOTE:Ensure that you create the silent.properties file in the /config shared directory location. In other words, the silent properties file will be available in the /data directory of the Docker host.
Specify n for the Do you want to generate inputs for Kubernetes Orchestration parameter.
Decide the Identity Manager server edition you want to install. Enter y for Advanced Edition and n for Standard Edition.
From the list of components available for installation, select the required components:
To install Identity Manager Engine, select Identity Manager Engine.
To install Identity Reporting, select Identity Reporting.
To install Identity Applications, select Identity Applications.
NOTE:
You must generate a single silent.properties file for deploying all the Identity Manager components.
Ensure that you specify the following values for the ports used by different containers:
|
Prompt |
Port to be specified |
|---|---|
|
One SSO Server SSL port |
8543 |
|
Identity Reporting Tomcat HTTPS port |
28543 |
|
Identity Applications Tomcat HTTPS port |
18543 |
Use FQDN for all IP related configuration prompts. In other words, the hostname that you provide in the /etc/hosts entry for all components must be specified while generating the silent.properties file.
The SSO_SERVER_SSL_PORT, TOMCAT_HTTPS_PORT, UA_SERVER_SSL_PORT, and RPT_TOMCAT_HTTPS_PORT must be unique ports.
(Conditional) If you are deploying containers on a single server using the host network mode, you must perform the following tasks after the silent properties file is generated:
Modify the TOMCAT_HTTPS_PORT and UA_SERVER_SSL_PORT to 18543, and RPT_TOMCAT_HTTPS_PORT to 28543 respectively.
Remove the SSO_SERVER_SSL_PORT parameter from the silent.properties file.
sed -i.bak '/SSO_SERVER_SSL_PORT/d' silent.properties
Add the following parameters:
SSO_SERVER_SSL_PORT=8543
SKIP_PORT_CHECK=1
NOTE:When the silent.properties file is generated, it will be available in the shared directory of your Docker host. For example, /data.