The Identity Manager containers deployment process requires pre-installation, installation, and post-installation work. Use the information in this section as you prepare to deploy the Identity Manager containers.
Some containers are dependent on others. The following table provides details on those containers that are dependent on other containers.
Table 2-1 Dependent Containers
Container |
Dependent containers |
---|---|
OSP |
|
Identity Applications |
|
Form Renderer |
Identity Applications |
Identity Reporting |
|
SSPR |
OSP |
Docker supports several mechanisms for data storage and persistence. One such mechanism of persisting container data is by using shared volumes in containers.
The examples used in this guide assumes that you create and use shared volumes. For example, create a shared volume called /data on your Docker host.
mkdir /data
However, you can use other volumes that Docker supports. For more information, see Docker documentation.
NOTE:The /data directory of the Docker host will be mapped to the /config directory of the containers. Ensure that you have read-write permissions for the shared volumes. However, if you want to map the shared volume with a different directory inside the container, you must map them while deploying the container itself. For example, you can map the /data directory with the /etc/opt/novell/dirxml/rdxml/ directory inside the Remote Loader container.
Based on your container deployment, NetIQ recommends that you review the following prerequisites before deploying containers.
The /etc/hosts file of all the Docker hosts in your Docker deployment must be updated with the details of all the containers running on that host. Ensure that the hostname for all containers are in Fully Qualified Domain Name (FQDN) format only.
If you are deploying containers on a single server, ensure that the host file entry follows the below format:
<IP of the host> <FQDN> <short_name>
For example:
172.120.0.1 identitymanager.example.com identitymanager
If you are deploying containers on distributed servers, ensure that the host file entries follows the below format for all the components:
<IP of the container> <FQDN> <short_name>
In the sample deployment used in this guide, add the following entries in the /etc/hosts file:
192.168.0.12 identityengine.example.com identityengine 192.168.0.2 remoteloader.example.com remoteloader 192.168.0.3 fanoutagent.example.com fanoutagent 192.168.0.4 imanager.example.com imanager 192.168.0.5 osp.example.com osp 192.168.0.6 postgresql.example.com postgresql 192.168.0.7 identityapps.example.com identityapps 192.168.0.8 formrenderer.example.com formrenderer 192.168.0.9 activemq.example.com activemq 192.168.0.10 identityreporting.example.com identityreporting 192.168.0.11 sspr.example.com sspr
You must also add the following entries on the hosts file of the machine where you will access the containers from:
<IP Address of Docker host A> <FQDN of all containers deployed on Docker Host A> <short name of all containers deployed on Docker host A> <IP Address of Docker host B> <FQDN of all containers deployed on Docker Host B> <short name of all containers deployed on Docker host B>
NOTE:The examples in the guide assume virtual IP addresses for all the containers. Based on your requirement, you can assign IP addresses that are accessible across your network.
You must know the ports that you want to use for each containers in your deployment. You must expose the required ports and map the container ports with the ports on the Docker host. The following table provides information on ports that you must expose on the Docker hosts based on the examples provided in the guide.
Container |
Default ports assumed as per the sample deployment |
---|---|
Remote Loader |
8090 |
Fanout Agent |
Not applicable |
iManager |
8743 |
OSP |
8543 |
Identity Applications |
18543 |
Identity Reporting |
28543 |
Form Renderer |
8600 |
ActiveMQ |
|
PostgreSQL |
5432 |
SSPR |
8443 NOTE:SSPR container runs only on 8443 port. |
However, you can customize the ports based on your requirement. The following considerations apply while you expose the ports:
Ensure that you expose those ports which are not in use.
The container port must be mapped to the same port on the Docker host. For example, the 8543 port on the container must be mapped to the 8543 port on the Docker host.
Identity Manager supports silent mode only for deployment of containers. You must generate the silent properties file if you are deploying containers for the first time. If you are updating containers from previous versions, the silent properties file is not required.
From the location where you have extracted the Identity_Manager_4.8.2_Containers.tar.gz file, navigate to the Identity_Manager_4.8.2_Containers directory.
Run the following command to load the image:
docker load --input IDM_482_idm_conf_generator.tar.gz
Deploy the container using the following command:
docker run --rm -it --name=idm_conf_generator --hostname=identitymanager.example.com -v /data:/config idm_conf_generator:idm-4.8.2
NOTE:
Ensure that you specify the machine FQDN as a value for the hostname.
The --rm flag deletes the container after the silent properties file is created.
Specify the silent property file name with the absolute path:
NOTE:Ensure that you create the silent.properties file in the /config shared volume location. In other words, the silent properties file will be available in the /data directory of the Docker host.
Specify n for the Do you want to generate inputs for Kubernetes Orchestration parameter.
Decide the Identity Manager server edition you want to install. Enter y for Advanced Edition and n for Standard Edition.
From the list of components available for installation, select the required components:
To install Engine, select Identity Manager Engine.
To install Identity Reporting, select Identity Reporting.
To install Identity Applications, select Identity Applications.
NOTE:
You must generate a single silent.properties file for deploying all the Identity Manager components.
Ensure that you specify the following values for the ports used by different containers:
Prompt |
Port to be specified |
---|---|
One SSO Server SSL port |
8543 |
Identity Reporting Tomcat HTTPS port |
28543 |
Identity Applications Tomcat HTTPS port |
18543 |
Use FQDN for all IP related configuration prompts. In other words, the hostname that you provide in the /etc/hosts entry for all components must be specified while generating the silent.properties file.
The SSO_SERVER_SSL_PORT, TOMCAT_HTTPS_PORT, UA_SERVER_SSL_PORT, and RPT_TOMCAT_HTTPS_PORT must be unique ports.
(Conditional) If you are deploying containers on a single server using the host network mode, you must perform the following tasks after the silent properties file is generated:
Modify the SSO_SERVER_SSL_PORT to 8543, TOMCAT_HTTPS_PORT and UA_SERVER_SSL_PORT to 18543, and RPT_TOMCAT_HTTPS_PORT to 28543 respectively.
Add the SKIP_PORT_CHECK=1 entry.
NOTE:When the silent.properties file is generated, it will be available in the shared volume of your Docker host. For example, /data.