OpenAM restore on Alternate servers ..

This topic has 5 replies, 2 voices, and was last updated 1 month, 1 week ago by hekulkar.

  • Author
    Posts
  • #27964
     hekulkar
    Participant

    Hello Team,

    is there any way to restore AM configuration on alternate server ? for example we one site https://example.com and 4 tomcat servers hosted AM application and CTS configured on different servers.

    can I restore all configuration on One AM server and one CTS server ?

    regards..Hemant

    #27965
     Jatinder Singh
    Participant

    Are you attempting to build a new environment from existing? For example, using configuration of existing environment to stand-up 1 AM server and 1 CTS server? If the assumption is correct – are you using an external DS config or embedded?

    #27966
     hekulkar
    Participant

    Hi Jatinder,

    plan is to build new environment and import configuration .

    install fresh AM Server , CTS server & import DJ configuration from existing environment will it work ?

    or do you suggest any other method ..

    yes , we are using external DS config ..

    Regards..Hemant

    #27973
     Jatinder Singh
    Participant

    Edited:

    Yes, it can be done and is usually part of your DevOps practice. You can also reference ForgeRock’s forgeops the cloud deployment model where the configuration is git managed and is used to spin new instances and even promoted between environments.

    At high-level, the idea is to use environment variables/placeholders and substitute with real values as part of your DevOps operation.

    If you want to get close to apple to apple comparison, you will have to import all configuration including global along with any realms you may have. If you don’t have much custom configuration defined in the global space, you can only focus on importing realms. And then you can define CTS configuration manually through AM console.

    Below are high-level steps for importing all configuration from HOST to TARGET:

    NOTE: Make sure you are working with the same version of AM and Amster;

    1. Run amster to export current configuration from your HOST environment;
    2. Since you only have a single server in the TARGET environment, delete all servers from the Servers directory such that – only 01 directory is left along with 01.json file;
    3. If your server1 is called am1.example.com, run a grep to find all occurrences of am1.example.com to get an idea of places you need to run find/replace operation;
    4. Run sed to replace current fqdn of your HOST am instance with your new server. E.g. replacing am1.example.com with am1new.example.com;
    5. Also edit the Realms/root.json to modify your aliases accordingly;
    6. Perform the same for config-ds and cts-ds. If you have multiple config and cts servers set-up in your HOST, you will need to remove all extra such that only one CTS and Config is referenced.
    7. Verify your work to ensure only TARGET severs are in the amster export and all references to HA servers have been removed;
    8. Install new AM environment with one config and cts server as defined in your requirements;
    9. Once successfully set-up, run amster import with fail on error option to import the modified configuration. If you experience errors, fix and try again until the configuration is successfully imported without errors.

    As suggested above – you may be better off importing only the realm configuration which is slightly easier than having to deal with Servers under global configuration along with CTS and Config DS. The process is the same and you will still have to run sed operations but you can delete global directory and only focus on realms. Once your realms is correctly massaged with respect to your TARGET environment, you can run amster import with fail on error option to import configuration.

    Hope this helps!

    #27975
     hekulkar
    Participant

    Hi Jatinder,

    Thanks for your inputs and suggestion. I will try same …

    Regards…Hemant

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?