Most of the Identity Manager containers offer an interactive mode of installation. However, NetIQ recommends the use of a silent properties file for the deployment of different containers.
NOTE:When the silent.properties file is generated, it will be available in the /data of the Docker host.
From the location where you have extracted the Identity_Manager_4.9.0_Containers.tar.gz file, navigate to the Identity_Manager_4.9.0_Containers/docker-images directory.
Run the following command to load the image:
docker load --input IDM_490_idm_conf_generator.tar.gz
Deploy the container using the following sample command:
NOTE:Ensure that you specify the machine FQDN as a value for the hostname.
docker run -it --name=idm_conf_generator --hostname=identitymanager.example.com -v /data:/config idm_conf_generator:idm-4.9.0-580
Specify the path for the properties file.
NOTE:Ensure that you create the silent.properties file in the shared volume location, for example, /config.
Specify the following settings to create the silent properties file:
|
Parameter |
Description |
|---|---|
|
Silent Property file name with absolute path |
Specify the path for the silent properties file. |
|
Configure the Silent properties for Docker Containers |
Specifies whether you want to configure the properties file for Docker containers. |
|
Generate inputs for Kubernetes Orchestration |
Applies only if you have selected y in the Configure the Silent properties for Docker Containers option. Specifies whether you want to generate the YAML file for Kubernetes. |
|
Directory name with absolute path for creating kube yaml file |
Applies only if you have selected y in the Generate inputs for Kubernetes Orchestration option. Specifies the path for creating the YAML file for Kubernetes. NOTE:It is recommended that you provide different paths for the Identity Applications and Identity Reporting YAML files. |
|
Kubernetes volume mount path |
Applies only if you have selected y in the Generate inputs for Kubernetes Orchestration option. Specifies the path for the Kubernetes volume. |
|
Identity Manager Engine hostname for Kubernetes deployment |
Applies only if you have selected y in the Generate inputs for Kubernetes Orchestration option. Specifies the hostname of the Identity Manager Engine. |
Decide the Identity Manager server edition you want to install. Enter y for Advanced Edition and n for Standard Edition.
Decide if you want to configure the components in a typical or custom mode.
From the list of components available for installation, select the required components:
To install Engine, select Identity Manager Engine.
To install Identity Reporting, select Identity Reporting.
To install Identity Applications, select Identity Applications.
For information about the configuration parameters, see Understanding the Configuration Parameters.
NOTE:
You must generate the silent.properties file for all components at once.
Use FQDN for all IP related configuration prompts.
The SSO_SERVER_SSL_PORT, TOMCAT_HTTPS_PORT, UA_SERVER_SSL_PORT, and RPT_TOMCAT_HTTPS_PORT must be unique ports. For example, modify the SSO_SERVER_SSL_PORT to 8543, TOMCAT_HTTPS_PORT and UA_SERVER_SSL_PORT to 18543, and RPT_TOMCAT_HTTPS_PORT to 28543 respectively.
(Conditional) If you are deploying containers on a single server using the host network mode, you must specify the tomcat.ks path as /opt/netiq/idm/apps/tomcat/conf/tomcat.ks for the certificate-related prompts specific to OSP, Identity Applications, and Identity Reporting.
(Conditional) If you are deploying containers on a single server using the host network mode, you must perform the following steps after the silent properties file is generated:
Modify the TOMCAT_HTTPS_PORT and UA_SERVER_SSL_PORT to 18543, and RPT_TOMCAT_HTTPS_PORT to 28543 respectively.
Remove the SSO_SERVER_SSL_PORT parameter from the silent.properties file.
sed -i.bak '/SSO_SERVER_SSL_PORT/d' silent.properties
Ensure that the value for the CUSTOM_OSP_CERTIFICATE is set to n.
Add the following entries at the end of the silent.propertes file:
SKIP_PORT_CHECK=1
SSO_SERVER_SSL_PORT=8543
CUSTOM_UA_CERTIFICATE="n"
TOMCAT_SSL_KEYSTORE_PASS="<password>"
CUSTOM_RPT_CERTIFICATE="n"