So after my previous post I got a lot of queries about it. Thanks for reading it 🙂Â
Wanted a slimmer edition which didn’t require all the additional dockers like LDAP etc
So v2 – slim edition
Note: All disclaimers still valid from previous post
Build
This time I am using this git repo: https://github.com/steffensperling/sailpoint-iiq
Only changes to docker-compose.yaml was the path to my own locations. Also ports as current 8080 were used for other containers. Passwords and ports obviously changed 🙂Â
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
version: '2' services: db: image: mariadb:latest container_name: sailpoint-iiq-mariadb-3306 ports: - "3306:3306" volumes: - '/volume1/docker/sailpoint-iiq/data/db:/var/lib/mysql' environment: - MYSQL_USER=identityiq - MYSQL_PASSWORD=identityiq - MYSQL_DATABASE=identityiq - MYSQL_ROOT_PASSWORD=password iiq: build: ./iiq-build image: sailpoint-iiq container_name: sailpoint-iiq-8085 ports: - "8085:8080" - "9009:8009" environment: - MYSQL_USER=identityiq - MYSQL_PASSWORD=identityiq - MYSQL_DATABASE=identityiq - MYSQL_ROOT_PASSWORD=password depends_on: - db volumes: - '/volume1/docker/sailpoint-iiq/data/webapps:/opt/tomcat/webapps' |
Main changes were to Dockerfile under iiq-build folder. The one on the github is not using latest debian and also had issues installing Oracle JDK
Here is the modified version
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
FROM debian:latest MAINTAINER Steffen Sperling <steffen.sperling@ventum.com> ENV TOMCAT_VERSION 9.0.46 ENV IIQ_VERSION 8.1 # Fix sh RUN rm /bin/sh && ln -s /bin/bash /bin/sh # Install dependencies RUN apt-get update && \ apt-get install -y apt-utils wget vim unzip tar default-mysql-client openjdk-11-jdk # Define commonly used JAVA_HOME variable ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk-amd64 RUN java -version # Get Tomcat RUN wget --quiet --no-cookies http://www-eu.apache.org/dist/tomcat/tomcat-9/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz -O /tmp/tomcat.tgz && \ tar xzvf /tmp/tomcat.tgz -C /opt && \ mv /opt/apache-tomcat-${TOMCAT_VERSION} /opt/tomcat && \ rm /tmp/tomcat.tgz && \ rm -rf /opt/tomcat/webapps/examples && \ rm -rf /opt/tomcat/webapps/docs && \ rm -rf /opt/tomcat/webapps/ROOT # Add admin/admin user ADD tomcat-users.xml /opt/tomcat/conf/ run mkdir -p /opt/tomcat/conf/Catalina/localhost ADD manager.xml /opt/tomcat/conf/Catalina/localhost # add IIQ COPY src/identityiq-${IIQ_VERSION}.zip /tmp RUN unzip /tmp/identityiq-${IIQ_VERSION}.zip identityiq.war && \ mkdir /opt/tomcat/webapps/identityiq && \ unzip identityiq.war -d /opt/tomcat/webapps/identityiq && \ chmod +x /opt/tomcat/webapps/identityiq/WEB-INF/bin/iiq && \ rm identityiq.war RUN mkdir /opt/tomcat/webapps/ROOT COPY index.html /opt/tomcat/webapps/ROOT COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh ENV CATALINA_HOME /opt/tomcat ENV PATH $PATH:$CATALINA_HOME/bin EXPOSE 8085 EXPOSE 8009 VOLUME "/opt/tomcat/webapps" WORKDIR /opt/tomcat # Launch IIQ CMD ["/entrypoint.sh", "run"] #CMD ["/opt/tomcat/bin/catalina.sh", "run"] |
create_mysql_db.sh was also modified to use 8.1 version of identityiq tables create script
1 2 3 4 5 6 7 8 9 10 |
#!/bin/bash # create database schema mysql -uroot -p$(MYSQL_ROOT_PASSWORD) < /opt/tomcat/webapps/identityiq/WEB-INF/database/create_identityiq_tables-8.1.mysql echo "=> Done creating database!" # set database host in properties sed -ri -e "s/mysql:\/\/localhost/mysql:\/\/db/" /opt/tomcat/webapps/identityiq/WEB-INF/classes/iiq.properties sed -ri -e "s/dataSource.username\=.*/dataSource.username=$(MYSQL_USER)/" /opt/tomcat/webapps/identityiq/WEB-INF/classes/iiq.properties sed -ri -e "s/dataSource.password\=.*/dataSource.password=$(MYSQL_PASSWORD)/" /opt/tomcat/webapps/identityiq/WEB-INF/classes/iiq.properties echo "=> Done configuring iiq.properties!" |
Finally I had to update few lines in ./identityiq/WEB-INF/database/create_identityiq_tables-8.1.mysql which comes in IIQ package for me to work
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
CREATE USER IF NOT EXISTS 'identityiq'@'%' IDENTIFIED WITH mysql_native_password BY 'identityiq'; WITH CREATE USER IF NOT EXISTS 'identityiq'@'%' IDENTIFIED BY 'identityiq'; ----- CREATE USER IF NOT EXISTS 'identityiq'@'localhost' IDENTIFIED WITH mysql_native_password BY 'identityiq'; WITH CREATE USER IF NOT EXISTS 'identityiq'@'localhost' IDENTIFIED BY 'identityiq'; ----- CREATE USER IF NOT EXISTS 'identityiqPlugin'@'%' IDENTIFIED WITH mysql_native_password BY 'identityiqPlugin'; WITH CREATE USER IF NOT EXISTS 'identityiqPlugin'@'%' IDENTIFIED BY 'identityiqPlugin'; ---- CREATE USER IF NOT EXISTS 'identityiqPlugin'@'localhost' IDENTIFIED WITH mysql_native_password BY 'identityiqPlugin'; WITH CREATE USER IF NOT EXISTS 'identityiqPlugin'@'localhost' IDENTIFIED BY 'identityiqPlugin'; |
That’s it.. Then build the docker
1 2 |
docker-compose build docker-compose up -d |
Notes
- Need to change TOMCAT_VERSION to the one available on http://www-eu.apache.org/dist/tomcat/tomcat-9/ at the time of build
- For some reason in my latest build webapps folder was empty. Had to do manual steps from Dockerfile after login to the sail point_iiq-8085 container. Had to run the webapps folder part (IIQ war file and index file deployment) and then restart container. Will try to figure out later what broke it.
After a few runs I got it up and running on latest version (IIQ 8.1 at the time of writing) and with persistent storage.
Â
Â