Deploying services with Docker has become pretty popular in the DevOps world (understatement).
I want to demonstrate how to deploy an instance of ForgeRock’s OpenAM and OpenDJ using Docker.
Essentially this is my ForgeRock Docker Cheat Sheet
Setup:
I am running this on a virtual Ubuntu instance in Virtualbox on my laptop. You can run Docker on both Windows and OS X too … I just personally prefer Linux.
Step 1: Install Docker:
https://docs.docker.com/engine/installation/linux/ubuntulinux/
Step 2: Clone ForgeRock Docker Files:
cd /home/brad/Dev/
Use git to clone from: https://stash.forgerock.org/projects/DOCKER/repos/docker/browse
This will create a directory called “docker” in the above path.
Step 3: Build Files:
cd /home/brad/Dev/docker make clean make
At this point a few images are created on your local host, to view Images:
docker images
OpenDJ Instance:
Note: the first time you run an instance you need to create the “dj” directory first (persistent storage)
eg.:
cd /home/brad mkdir dj // <— just run this once; the first time you launch an instance on this host docker run -d -p 1389:389 -v `pwd`/dj:/opt/opendj/instances/instance1 -t 9f332a0fbb88
To enable a persistent store you can use docker’s volume capability. From the above command, “-v `pwd`/dj:/opt/opendj/instances/instance1” this tells docker to cp “/opt/opendj/instances/instance1” from the running instance to `pwd`/dj on the docker host. You can then kill this instance and then launch a new one, referring to the same volume.
To view the running docker instances:
docker ps
Now when we launch OpenAM, we’ll want to allow it to access the OpenDJ container. By default Docker does not setup this networking but we can create a link (see run command below). Using the link parameter, Docker will edit the /etc/hosts file on the OpenAM container and create a “link” to the OpenDJ server
OpenAM:
cd /home/brad mkdir am // <— just run this once; the first time you launch an instance on this host docker run -d -p 8080:8080 -v `pwd`/am:/root/openam –link dreamy_hypatia:opendj -t c02f00f42e18
As we did with OpenDJ we tell Docker to create a volume, on the Docker host, and copy the OpenAM configurations to this location. This allows us to launch a new instance without having to reconfigure OpenAM.
Next Steps:
There are a lot of things that I did not cover in this post, specifically running multiple instances for scalability. OpenDJ would need to be configured for replication and OpenAM would need to be configured to join a Site. I plan on covering these things in a future post.
Also, I didn’t cover Docker best practices (specifically security). In your environment, treat your container ids as you would passwords.
Lastly, I plan on exploring other options for persistent storage, in future posts. I am pretty sure there are better alternatives than storing this data on the Docker host’s filesystem. Possibly looking at creating another Docker container specifically for storage.
Acknowledgements:
Warren Strange (ForgeRock) … he’s constantly producing awesome and developed a lot (probably most) of the capability around the ForgeRock docker instances
My friends at GoodDogLabs for mentoring me on all things Docker
Also, I have been gleaning a lot of Docker tips from @frazelledazzell … she drops a ton of Docker knowledge via Twitter and her blog.
This blog post was first published @ http://tumy-tech.com, included here with permission.
Comments are closed.
Hi , i’m doing a docker for openam Apache Web Agent . I got it working the 1st time in 30 mins !! :)
When I tried the same thing second time , i’m getting this error and am just not able to resolve it .
[root@ba5fdc467f62 opt]# tail -f /etc/httpd/logs/error_log
[Tue May 10 10:10:12.465343 2016] [suexec:notice] [pid 1] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 10 10:10:12.474240 2016] [auth_digest:notice] [pid 1] AH01757: generating secret for digest authentication …
[Tue May 10 10:10:12.474851 2016] [lbmethod_heartbeat:notice] [pid 1] AH02282: No slotmem from mod_heartmonitor
[Tue May 10 10:10:12.500238 2016] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.6 (CentOS) OpenAM Web Agent/4.0.0-SNAPSHOT configured — resuming normal operations
[Tue May 10 10:10:12.500254 2016] [core:notice] [pid 1] AH00094: Command line: ‘httpd -D FOREGROUND’
[Tue May 10 10:11:22.716411 2016] [amagent:error] [pid 22] [client 125.16.15.17:55998] OpenAM Web Agent is not configured to handle the request to / (unable to get agent configuration instance, configuration: /opt/web_agents/apache24_agent/bin/../instances/agent_1/config/agent.conf, error: max number of retries exhausted)
[Tue May 10 10:11:30.772343 2016] [amagent:error] [pid 22] [client 125.16.15.17:55998] OpenAM Web Agent is not configured to handle the request to /.noindex.html (unable to get agent configuration instance, configuration: /opt/web_agents/apache24_agent/bin/../instances/agent_1/config/agent.conf, error: max number of retries exhausted)
[Tue May 10 10:17:11.158133 2016] [amagent:error] [pid 24] [client 125.16.15.17:6905] OpenAM Web Agent is not configured to handle the request to / (unable to get agent configuration instance, configuration: /opt/web_agents/apache24_agent/bin/../instances/agent_1/config/agent.conf, error: max number of retries exhausted)
[Tue May 10 10:17:19.213945 2016] [amagent:error] [pid 24] [client 125.16.15.17:6905] OpenAM Web Agent is not configured to handle the request to /.noindex.html (unable to get agent configuration instance, configuration: /opt/web_agents/apache24_agent/bin/../instances/agent_1/config/agent.conf, error: max number of retries exhausted)
[Tue May 10 10:17:37.810655 2016] [amagent:error] [pid 54] [client 125.16.15.17:2530] OpenAM Web Agent is not configured to handle the request to / (unable to get agent configuration instance, configuration: /opt/web_agents/apache24_agent/bin/../instances/agent_1/config/agent.conf, error: max number of retries exhausted)agent.conf
file permissions for agent.conf
-rw-r–r– 1 root root 6793 May 10 11:38 agent.conf
-rwxr-xr-x 1 root root 6793 May 10 11:38 agent.conf.bak
which already has read permissions .
[root@f0c07c4865fc opt]# ps aux | egrep ‘(apache|httpd)’
root 1 0.0 4.0 508496 41392 ? Ssl 11:38 0:02 httpd -DFOREGROUND
root 45 0.0 0.0 4360 672 ? S 11:38 0:00 tail -f /etc/httpd/logs/error_log
apache 2180 0.0 0.6 500420 6576 ? S 14:21 0:00 httpd -DFOREGROUND
apache 2181 0.0 0.4 500300 4360 ? S 14:21 0:00 httpd -DFOREGROUND
apache 2182 0.0 0.4 500300 4360 ? S 14:21 0:00 httpd -DFOREGROUND
apache 2183 0.0 0.4 500300 4360 ? S 14:21 0:00 httpd -DFOREGROUND
apache 2184 0.0 0.4 500300 4360 ? S 14:21 0:00 httpd -DFOREGROUND
apache 3469 0.0 0.4 500300 4360 ? S 16:00 0:00 httpd -DFOREGROUND
root 3523 0.0 0.0 9044 860 ? S+ 16:03 0:00 grep -E –color=auto (apache|httpd)
I did something similar to wstrange/apache-agent-nightly , but instead of Ubuntu , I used centos : latest
also one more question regarding openam and opendj dockers , for some reason , my dockers just die after 2 weeks , I need to restart them again , sometimes I need terminate the EC2 and create a new one because docker service just hangs …
I guess its more of managing docker then openam deployment or is it ? **)
Very useful post. One minor thing. The -link on the last command should be –link
I try to pull openAm docker follow this above document
>Use git to clone from: https://stash.forgerock.org/projects/DOCKER/repos/docker/browse
>This will create a directory called “docker” in the above path.
so, i try but throw below error,
# git clone https://stash.forgerock.org/projects/DOCKER/repos/docker/browse
Cloning into ‘browse’…
fatal: https://stash.forgerock.org/projects/DOCKER/repos/docker/browse/info/refs not valid: is this a git repository?
suggest me , How to pull OPENAM official docker image.
That repo doesn’t exist.