Automating the ForgeRock Platform with Ansible/Vagrant/EC2

This topic has 12 replies, 5 voices, and was last updated 4 years, 9 months ago by Marius @ForgeRock.

  • Author
    Posts
  • #1021

    We had a very popular webinar in October 2014 (so getting a bit old now) about automating installation of our products using Ansible+Vagrant/EC2.

    A recording of the webinar is here:

    https://www.youtube.com/watch?v=_LvFxgHKUfU

    Or as a presentation on one of our Identity Summits;

    https://www.youtube.com/watch?v=QvocnDdgCaA

    And the slideshare version:

    http://www.slideshare.net/ForgeRock/100mthurspmwarren-strange-dev-ops

    The code is on github so please do fork and play around with it:
    https://github.com/wstrange/frstack

    #1049
     Brad Tumy
    Participant

    Thanks Marius. Have you guys put anything together specifically for Puppet or Chef?

    #1052

    Not yet, but we have a potential Chef effort with the community coming up. Working on how and what!

    As for puppet it looks like our friends at Conduct has a head start:
    https://github.com/ConductAS/puppet-openam

    I’m not able to tell how mature it is though, or how generic it is.

    We are looking for efforts already done by our community – and perhaps get some more attention to those efforts through this site.

    #1054
     Brad Tumy
    Participant

    Thanks Marius. I’ll take a look at the puppet scripts. I have a customer that may find this very relevant.

    #1076
     Aron Kozak
    Spectator

    @brad-tumy let us know what you think. We hope to build up a repository of more projects such as that.

    #10102
     usowmyas
    Participant

    Hi , We are successfull set up a openam with opendj Docker . How can we automate the deployment with Terraform for AWS EC2 . The most important issue now is that , for some reason OpenAM crashes for every 3 weeks .

    When we log into the EC2 , the docker hangs and we loose all data including realms , subject , Agents every thing . We need to create a new EC2 , and up the Docker from scratch .

    Can you please suggest the below :
    1) Data persistence using Dockers ( how to keep the data in OPENDJ ) ???
    2) AWS EC2 deployment best practices for OpenAM and OPENDJ
    3) Automating OpenAM first time configuration

    #10117
     Brad Tumy
    Participant

    @Usowmyas

    I wrote a blog post last week about deploying OpenAM and OpenDJ with Docker … I spoke a little bit about persistence:

    OpenDJ Instance:
    Note: the first time you run an instance you need to create the “dj” directory first (persistent storage)
    eg.:
    $ cd /home/brad
    $ mkdir dj // <— just run this once; the first time you launch an instance on this host
    $ docker run -d -p 1389:389 -v pwd/dj:/opt/opendj/instances/instance1 -t 9f332a0fbb88

    To enable a persistent store you can use docker’s volume capability. From the above command, “-v pwd/dj:/opt/opendj/instances/instance1” this tells docker to cp “/opt/opendj/instances/instance1” from the running instance to pwd/dj on the docker host. You can then kill this instance and then launch a new one, referring to the same volume.

    In addition to using a filesystem based volume you should also look at managing data in containers:
    https://docs.docker.com/engine/userguide/containers/dockervolumes/

    For automation there are a lot of options … puppet, chef, juju, etc …

    • This reply was modified 5 years, 5 months ago by Brad Tumy.
    #10119
     usowmyas
    Participant

    ok , this takes care of the opendj , but what about openam settings . like agents ?

    #10136
     Brad Tumy
    Participant

    I think Warren responded to this in the other thread that you created … not sure if you still had questions but we should probably consolidate the conversation into a single thread to avoid future confusion.

    #10139
     usowmyas
    Participant

    yes I agree.

    #10140
     usowmyas
    Participant

    I’m going to discontinue from the other thread and stay here for now . :) . ok , above suggestions worked !!

    yes , making volumes is keeping the LDAP data intact !! and working on making a Jenkins –> terraform –> Docker for deployment .

    But once we stop the docker and restart the docker , we still need to reconfigure the OpenAM first time steps. will it work if I mount this folder of docker “/opt/tomcat/webapps/openam” on EC2 ?

    Also in order to visualize logs , I’ve integrated with ELK stack having installed Filebeats on the EC2 . I’m able to get all the logs on Kibana UI . But dilemma is that should I install Filesbeats on the EC2 or should it be part of the OPENDJ , OPENAM Docker ? right now I’ve installed Filebeats on the EC2 and it not part of the docker .

    sudo docker run -d -p 1389:1389 -p 1636:1636 -p 4444:4444 -p 80:8080 –add-host “XXXXXXX.XXXXX.com:127.0.0.1” –add-host “XXXXX.XXXXX.XXXXX.XXXXX.XXXXX.com:52.90.103.205” -v /home/ec2-user/logs/OPENAMTOMCAT_LOGS:/opt/tomcat/logs -v /home/ec2-user/logs/OPENDJ_LOGS:/opt/opendj/logs -v /home/ec2-user/logs/OPENAM_LOGS:/root/openam/openam/log -v /home/ec2-user/logs/OPENAM_DEBUG:/root/openam/openam/debug -v /home/ec2-user/data/instance1
    :/opt/opendj/instances/instance1 –name opendj3_openam13_CENTOS_JAVA8 opendj

    above cmd works nice !!

    below are the volumes that I’m considering , do you suggest any other data volumes apart form below ?

    For Data :
    -v /home/ec2-user/data/instance1:/opt/opendj/instances/instance1

    For Logs :
    -v /home/ec2-user/logs/OPENAMTOMCAT_LOGS:/opt/tomcat/logs
    -v /home/ec2-user/logs/OPENDJ_LOGS:/opt/opendj/logs
    -v /home/ec2-user/logs/OPENAM_LOGS:/root/openam/openam/log
    -v /home/ec2-user/logs/OPENAM_DEBUG:/root/openam/openam/debug

    thanks a tone !!

    #15238
     Andrew.Pickin
    Participant

    First post has dead links.

    #15258

    Thanks Andrew, I’ve updated the original post with better links now.

    -Marius

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?