We have just launched Version 5 of the ForgeRock Identity Platform with numerous enhancements for DevOps friendliness. I have been meaning to jump into the world of DevOps for some time so the new release afforded a great opportunity to do just that.
Catch up with previous entries in the series:
I will be using IBM Bluemix here as I have recent experience of it but nearly all of the concepts will be similar for any other cloud environment.
Building Docker Containers
In this blog we are going to build our docker containers that will contain the ForgeRock platform components, tag them and upload them to the Bluemix registry.
Install all of the below:
Used to build, tag and upload docker containers.
Bluemix CLI: http://clis.ng.bluemix.net/ui/home.html
Used to deploy and configure the Bluemix environment.
CloudFoundry CLI: https://github.com/cloudfoundry/cli
Deploy and manage Kubernetes clusters.
1. Log in to the Blue Mix CLI using you Blue Mix account credentials:
bx login -a https://api.ng.bluemix.net
Note we are using the US instance of Bluemix here as it has support for Kubernetes in beta.
When prompted to select an account ( just type 1) and if you are logged in successfully you should see the above. Now you can interact with the Bluemix environment just as you might if you were logged in via a browser.
2. Add the Bluemix Docker components:
bx plugin repo-add Bluemix https://plugins.ng.bluemix.netbx plugin install container-service -r Bluemix bx plugin install IBM-Containers -r Bluemix
Check they have installed:
bx plugin list
3. Clone (or download) the ForgeRock Docker Repo to somewhere local:
4. Download the ForgeRock AM and DS component binaries from backstage:
5. Unzip and copy ForgeRock binaries into the Docker build directories:
unzip AM-5.0.0.zip cp openam/AM-5.0.0.war /usr/local/DevOps/stash/docker/openam/
mv DS-5.0.0.zip /usr/local/DevOps/stash/docker/openam/opendj.zipcp openam/AM-5.0.0.war /usr/local/DevOps/stash/docker/openam/
mv Amster-5.0.0.zip /usr/local/DevOps/stash/docker/amster/amster.zip
For those unfamiliar, Amster is our new RESTful configuration tool for AM in the 5 platform, replacing SSOADM with a far more DevOps friendly tool, I’ll be covering it in a future blog.
We are going to create three containers: AM, DJ & Amster:
1. Build and Tag OpenAM container ( don’t forget the . ) :
cd /usr/local/DevOps/stash/docker/openam docker build -t wayneblacklockfr/openam .
Note wayneblacklockfr/openam is just a name to tag the container with locally, replace it with whatever you like but keep the /openam.
All being well you will see something like the below:
Congratulations, you have built your first ForgeRock container!
Now we need to get the namespace for tagging, this is usually your username but check using:
bx ic namespace-get
Now lets tag it ready for upload to Bluemix, use the container ID output at the end of the build process and your namespace
docker tag d7e1700cfadd registry.ng.bluemix.net/wayneblacklock/openam:14.0.0
Repeat the process for Amster and DS.
2. Build and Tag Amster container:
cd /usr/local/DevOps/stash/docker/amster docker build -t wayneblacklockfr/amster . docker tag 54bf5bd46bf1 registry.ng.bluemix.net/wayneblacklock/amster:14.0.0
3. Build and Tag DS container:
cd /usr/local/DevOps/stash/docker/opendj docker build -t wayneblacklockfr/opendj . docker tag 19b8a6f4af73 registry.ng.bluemix.net/wayneblacklock/opendj:4.0.0
4. View the containers:
You can take a look at what we have built with: docker images
Finally we want to push our containers up to the Bluemix registry.
1. Login again:
bx login -a https://api.ng.bluemix.net
2. Initiate the Bluemix container service, this may take a moment:
bx ic init
Ignore Option 1 & Option 2, we are not doing either.
3. Push your Docker images up to Bluemix:
docker push registry.ng.bluemix.net/wayneblacklock/openam:14.0.0 docker push registry.ng.bluemix.net/wayneblacklock/amster:14.0.0 docker push registry.ng.bluemix.net/wayneblacklock/opendj:4.0.0
4. Confirm your images have been uploaded:
bx ic images
If you login to the Bluemix webapp you should be able to see your containers in the catalog:
We will take a look at actually deploying a Kubernetes cluster and everything we have to do to ready our containers for deployment.