Multiple FR stacks (namespaces), single k8s cluster?

Home Forums DevOps Multiple FR stacks (namespaces), single k8s cluster?

Learn more about our upcoming Identity Summits

Tagged: , ,

This topic has 2 replies, 1 voice, and was last updated 4 months, 1 week ago by ssd.

  • Author
    Posts
  • November 18, 2019 at 3:21 pm #27108
     ssd
    Participant

    Are there any issues with running multiple FR stacks (i.e. dev, stage, etc.) on a single k8s cluster following the CDM instructions? Do I need to change any settings in the NFS paths or elsewhere?

    November 18, 2019 at 10:46 pm #27140
     ssd
    Participant

    I am also seeing this error frequently on doing a helm install … openam:

    ERROR: AdminUtils.initialize: Initialize admin info
com.iplanet.services.ldap.LDAPServiceException: @[email protected]/serverconfig.xml (No such file or directory)
 LDAPServiceException code=19
	at com.iplanet.services.ldap.DefaultDataStoreConfigurationManager.getDataStoreConfigurationManager(DefaultDataStoreConfigurationManager.java:126)
	at com.iplanet.am.util.AdminUtils.initialize(AdminUtils.java:66)
	at com.iplanet.am.util.AdminUtils.<clinit>(AdminUtils.java:59)
...
ERROR: AdminTokenAction: App user name or password is empty
ERROR: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.

    I also see that the openam pod does not have a boot.json in $OPENAM_HOME. The openam/, logs/ and stats/ directories are not created there either.

    There have been no errors in the previous steps and occasionally this seems to succeed (I have one stack running in namespace a after multiple failed starts).

    This issue (https://bugster.forgerock.org/jira/browse/OPENAM-10958) claims to have resolved this in 6.5.2, but I am still seeing it.

    Any pointer would be appreciated

    • This reply was modified 4 months, 1 week ago by ssd.
    November 19, 2019 at 10:31 pm #27165
     ssd
    Participant

    Posting in case anyone else encounters this. I do not have a solution other than repeating the CDM deployment process multiple times (it was at least 6 for me) – note only the helm install steps, not the complete EKS cluster.

    I have tracked this down to the openam bootstrap container failing to find ou=services,ou=am-config (returns an LDAP code of 32 – not found). I could not determine where these values are created. But after several tries, eventually they were set and openam came up successfully.

    # extended LDIF
#
# LDAPv3
# base <ou=services,ou=am-config> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object
matchedDN: ou=am-config
text: The search base entry 'ou=services,ou=am-config' does not exist

# numResponses: 1
  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.
Visit our blog

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?