How to run SailPoint IIQ on Synology NAS v2 – Slim Edition

So after my previous post I got a lot of queries about it. Thanks for reading it 🙂 

Wanted a slimmer edition which didn’t require all the additional dockers like LDAP etc

So v2 – slim edition

Note: All disclaimers still valid from previous post

Build

This time I am using this git repo: https://github.com/steffensperling/sailpoint-iiq

Only changes to docker-compose.yaml was the path to my own locations. Also ports as current 8080 were used for other containers. Passwords and ports obviously changed 🙂 

Main changes were to Dockerfile under iiq-build folder. The one on the github is not using latest debian and also had issues installing Oracle JDK

Here is the modified version

create_mysql_db.sh was also modified to use 8.1 version of identityiq tables create script

Finally I had to update few lines in ./identityiq/WEB-INF/database/create_identityiq_tables-8.1.mysql which comes in IIQ package for me to work

That’s it.. Then build the docker

Notes

  • Need to change TOMCAT_VERSION to the one available on http://www-eu.apache.org/dist/tomcat/tomcat-9/ at the time of build
  • For some reason in my latest build webapps folder was empty. Had to do manual steps from Dockerfile after login to the sail point_iiq-8085 container. Had to run the webapps folder part (IIQ war file and index file deployment) and then restart container. Will try to figure out later what broke it.

After a few runs I got it up and running on latest version (IIQ 8.1 at the time of writing) and with persistent storage.

 

 

How to run SailPoint IdentityIQ on Synology NAS

Update: There is a newer slimmer guide for install. Try it out

I have a small home lab setup on which I do various stuff. I am running it on one of most beloved gadget – Synology NAS. It does so much for me like backup, stream, sync, upload, dockers, VM and more.. It just keeps giving!!! Worth having in every home!!!

A small glimpse of my current setup (I do much more than this on the NAS)

Homelab Setup

Hardware

  • NAS: Synology DS918+
  • RAM: 16GB
  • Disks: 4 x 12GB WD Elements (shucked). Setup in 3 x SHR + 1 standalone for secondary backup
  • SSD Cache: 2 x Samsung 970 EVO 250GB M.2

Docker Setup

Various containers running like

  • Pi-Hole – Excellent DNS for whole home to block ads
  • Home Assistant – Home Automation
  • Unifi SDN – For my home network hardware
  • SpeedTest – To keep a constant and historical graph of my internet and catch ISPs in a lie if they say “nothing changed – speed is good” – I slap the graph on the face (and have got money back from ISPs for compensation as well)
  • And many more like Grafana, Chronograf, Watchtower etc etc etc…

IdentityNow Setup

Running on the Virtual Machine Manager on the NAS

  • 1 x Windows Server running AD, IQService etc. To Install certificate for TLS, see my article.
  • 1 x Linux Server running OpenLDAP and other possible connectors
  • 1 x Standard VA deployment for my always on IDN

Goal

Now I wanted to tinker a bit with IdentityIQ due to various reasons and didn’t want to do the classic install (and why not – wanted a challenge). So I started to google and ask around and found that some people have actually dockerised the product – sweet. But couldn’t find a single guide on how to do it on my existing Synology hardware. So this became a weekend mission (in between actual work and COVID-19 lockdown).

DISCLAMER

  • You need to have a license with SailPoint to run your own IIQ Instance
  • The guide doesn’t contain ANY proprietary code
  • Not responsible for breaking your NAS or setup
  • This is not a supported setup by SailPoint or anyone else (including me). This is just for the enthusiasts.

 

Prerequisites

As said earlier, you need to have license from SailPoint and access to the download page. At the time of writing this guide, v8.1 is the latest version. Go to the download page and download identityiq-8.1.zip

Unzip it and grab the identityiq.war file for later use. Upload both the zip and war file to your NAS in a folder of your liking.

Build

I found many different ways to build the docker but I decided to go with the one done by IdentityWorks. They have their own git repo containing everything you need to do the works. 

They have various options there to build but I used the full stack method. Although I already had many of the requirements running as individual dockers due to other projects (traefik, ldap, mysql etc) but I thought to keep it simple and just do the whole build separately. Just in case I break anything.

NAS Customisation

Now If you run the guide as is then it will build it for you straight up from scratch in a new docker environment. But because I am running it on my NAS with existing dockers I came across various issues

  • Some build script commands don’t exist on Synology NAS
  • Some ports are already in use due to NAS UI / other dockers.

Build Script

In the build.sh script I found couple things which didn’t exist on my NAS

  • git command
  • unzip command
  • ant command
  • java package

To fix do the following

  • unzip command replacement

Replace the unzip with 7z command in the build.sh script

  • ant command

Install the package by adding a new repo in the package center. Follow the guide at https://github.com/rednoah/ant-installer

  • git command
  • java package

Install the packages which are available from Synology repo in package center

You should be now able to check if the above commands exist in the terminal

Docker Compose File

Since I am doing this setup on my existing docker, many of the ports were already in use. So I edited the file to change some default ports

Build It!!!

That’s it guys.. Hard work done. Do the deployment in the following steps

  1. Download Identity IIQ binaries
  2. Install additional packages on the NAS
  3. Login to the NAS and get root access
  4. Download the repo
  5. Upload the identityiq-8.1.zip and identityiq.war downloaded previously to the sailpoint-docker folder
  6. Edit the build.sh and docker-compose.yaml file as mentioned above.
  7. Run the rest of the commands

And you see the nice logs

Took around 30 min (apart from couple of hours of research) for the whole build to download various images and create containers and start them up. I kept an eye on the docker logs to see the status

(not the full list above – few more there)

And finally once everything was running and settled I tried going to the IIQ home page

http://xxx.xx.xxx.xxx:8085/identityiq/

I didn’t test the full extent of it. But I was able to create a source and test connection which was external to the docker and running on my VMM on the NAS itself.

Till the next time!!!