Standalone IDM deployment with Helm

This topic contains 7 replies, has 3 voices, and was last updated by  jayp 10 months, 2 weeks ago.

  • Author
    Posts
  • #21106
     jayp 
    Participant

    Hello,
    I am having trouble deploying a standalone IDM container that relies on embedded DS to Kubernetes. Later the point would be to integrate with external JDBC db and use that instead of embedded DS. However, I haven’t been able to find a suitable Helm chart from Forgerock. I think forgerock/openidm is the closest one but it also relies on postgresql container. I tried modifying the chart but no luck.

    Any tips how this should be done or how to modify the helm chart?

    #21108
     Warren Strange 
    Participant

    We don’t have an official helm chart for supporting the embedded DS server in OpenIDM.

    There is a sample deployment that you may want to look at for inspiration (this is purely a demo – and is not supported):

    https://stash.forgerock.org/projects/CLOUD/repos/forgeops/browse/sample-platform

    #21109
     jayp 
    Participant

    Any Helm charts which are supported for deploying with external JDBC repos? Could that be acheved for example with cpm-idm-opendj-postgres by giving the external repo parameters in the values.yaml?

    #21110
     Warren Strange 
    Participant

    That composite chart deploys a postgres database in a container – but if you have some other external database you can just point your IDM configuration to it. This:

    https://stash.forgerock.org/projects/CLOUD/repos/forgeops/browse/helm/idm-cloudsql

    Demonstrates how to connect up IDM to a cloud SQL repository. It assumes you have created the database with the right schema.

    #21333
     jayp 
    Participant

    Thanks Warren for the tips. However, I still have trouble understanding how to pass the values from values.yaml to the idm’s boot.props or other files. Configmap in Kubernetes look ok and has the correct values. When I check the actual idm files in the contianer, they do not have the values form the values.yaml. For example boot.properties does not correlate with configmap. Could you please explained this a little further? Thanks for the help, much appreciated!

    #21339
     Warren Strange 
    Participant

    The boot.properties file is defined in the configmap and is mounted on the opendim container at /var/run/openidm.

    Have a look at the entrypoint:
    https://stash.forgerock.org/projects/CLOUD/repos/forgeops/browse/docker/openidm/docker-entrypoint.sh

    It points IDM at this bootstrap file.

    The idm project configuration is cloned from git, and is also mounted on the idm containers file system at /git/config.

    #21374
     jayp 
    Participant

    Thanks for the clarification. Now I got the configuration process. The /var/run/boot.props looks correct and contains all the values from the helm values.yaml

    However, I am getting a strange error regarding database drivers:

    
    + [ openidm = openidm ]
    + PROJECT_HOME=/git/forgeops-init/default/idm/dev
    + [ -z  ]
    + [ -n /git/forgeops-init/default/idm/dev -a -r /git/forgeops-init/default/idm/dev/conf/logging.properties ]
    + LOGGING_CONFIG=-Djava.util.logging.config.file=/git/forgeops-init/default/idm/dev/conf/logging.properties
    + hostname
    + HOSTNAME=openidm-fbfbb6fc9-b9l6w
    + NODE_ID=openidm-fbfbb6fc9-b9l6w
    + BOOT_PROPERTIES=/var/run/openidm/boot.properties
    + [ -r secrets/keystore.jceks ]
    + echo Copying Keystores
    + cp -L secrets/keystore.jceks secrets/truststore security
    + [ -r /var/run/openidm/boot.properties ]
    + OPENIDM_OPTS=-Dopenidm.boot.file=/var/run/openidm/boot.properties
    + echo Using OPENIDM_OPTS: -Dopenidm.boot.file=/var/run/openidm/boot.properties
    + CLOPTS=-p /git/forgeops-init/default/idm/dev
    + LAUNCHER=org.forgerock.openidm.launcher.Main
    + cp /opt/openidm/conf/authentication.json.patch /opt/openidm/conf/identityProviders.json.patch /opt/openidm/conf/info-login.json.patch /opt/openidm/conf/info-ping.json.patch /opt/openidm/conf/info-version.json.patch /opt/openidm/conf/managed.json.patch /opt/openidm/conf/policy.json.patch /opt/openidm/conf/selfservice-registration.json.patch /opt/openidm/conf/selfservice.kba.json.patch /opt/openidm/conf/ui-dashboard.json.patch /opt/openidm/conf/ui.context-admin.json.patch /opt/openidm/conf/ui.context-selfservice.json.patch /git/forgeops-init/default/idm/dev/conf
    + echo Starting OpenIDM with options: -p /git/forgeops-init/default/idm/dev
    + exec java -Djava.util.logging.config.file=/git/forgeops-init/default/idm/dev/conf/logging.properties -server -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dopenidm.boot.file=/var/run/openidm/boot.properties -Djava.endorsed.dirs= -classpath /opt/openidm/bin/*:/opt/openidm/framework/* -Dopenidm.system.server.root=/opt/openidm -Djava.endorsed.dirs= -Djava.awt.headless=true -Dopenidm.node.id=openidm-fbfbb6fc9-b9l6w org.forgerock.openidm.launcher.Main -c /opt/openidm/bin/launcher.json -p /git/forgeops-init/default/idm/dev
    Copying Keystores
    Using OPENIDM_OPTS: -Dopenidm.boot.file=/var/run/openidm/boot.properties
    Starting OpenIDM with options: -p /git/forgeops-init/default/idm/dev
    Apr 03, 2018 10:53:15 AM org.forgerock.openidm.logging.LogServiceTracker logEntry
    SEVERE: Bundle: org.forgerock.openidm.repo-jdbc [9] FrameworkEvent ERROR
    org.apache.felix.log.LogException: org.osgi.framework.BundleException: Activator start error in bundle org.forgerock.openidm.repo-jdbc [9].
            at org.apache.felix.framework.Felix.activateBundle(Felix.java:2276)
            at org.apache.felix.framework.Felix.startBundle(Felix.java:2144)
            at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1371)
            at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
            at java.lang.Thread.run(Thread.java:748)
    Caused by: org.apache.felix.log.LogException: org.forgerock.openidm.config.enhanced.InvalidException: Could not find configured database driver com.mysql.jdbc.Driver to start repository 
            at org.forgerock.openidm.datasource.jdbc.impl.NonPoolingDataSourceFactory.newInstance(NonPoolingDataSourceFactory.java:46)
            at org.forgerock.openidm.datasource.jdbc.impl.JDBCDataSourceService.initDataSourceService(JDBCDataSourceService.java:168)
            at org.forgerock.openidm.datasource.jdbc.impl.JDBCDataSourceService.getBootService(JDBCDataSourceService.java:106)
            at org.forgerock.openidm.repo.jdbc.impl.Activator.start(Activator.java:65)
            at org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:697)
            at org.apache.felix.framework.Felix.activateBundle(Felix.java:2226)
            ... 4 more
    Caused by: java.lang.ClassNotFoundException: com.mysql.jdbc.Driver not found by org.forgerock.openidm.repo-jdbc [9]
            at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1574)
            at org.apache.felix.framework.BundleWiringImpl.access$400(BundleWiringImpl.java:79)
            at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2018)
            at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
            at java.lang.Class.forName0(Native Method)
            at java.lang.Class.forName(Class.java:264)
            at org.forgerock.openidm.datasource.jdbc.impl.NonPoolingDataSourceFactory.newInstance(NonPoolingDataSourceFactory.java:43)
            ... 9 more
     
    ShellTUI: No standard input...exiting.
    Apr 03, 2018 10:54:08 AM org.forgerock.openidm.info.impl.HealthService$4 run
    SEVERE: OpenIDM failure during startup, ACTIVE_NOT_READY: Not all modules started [] [org.forgerock.openidm.repo-jdbc] []

    I’ve followed the installation and integration guides procedures and tested the setup locally. However when deploying to the Kubernetes the containerized IDM cannot find the drivers in the bundle dir. The git/path/to/config/bundle contains the mysql-connector-java-5.1.46-bin.jar and git/path/to/config/conf the datasource.jdbc-default.json and repo.jdbc.json files.

    #21400
     jayp 
    Participant

    The solution to the problem was to put the drivers into the docker image’s openidm/bundle directory . The jars are not actually read from the /git/project directory in a container.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?