IIQ

How to run SailPoint IIQ on Synology NAS v2 – Slim Edition

So after my previous post I got a lot of queries about it. Thanks for reading it 🙂 

Wanted a slimmer edition which didn’t require all the additional dockers like LDAP etc

So v2 – slim edition

Note: All disclaimers still valid from previous post

Build

This time I am using this git repo: https://github.com/steffensperling/sailpoint-iiq

Only changes to docker-compose.yaml was the path to my own locations. Also ports as current 8080 were used for other containers. Passwords and ports obviously changed 🙂 

version: '2'
services:
  db:
    image: mariadb:latest
    container_name: sailpoint-iiq-mariadb-3306
    ports: 
      - "3306:3306"
    volumes:
      - '/volume1/docker/sailpoint-iiq/data/db:/var/lib/mysql'
    environment:
      - MYSQL_USER=identityiq
      - MYSQL_PASSWORD=identityiq
      - MYSQL_DATABASE=identityiq
      - MYSQL_ROOT_PASSWORD=password
  iiq:
    build: ./iiq-build
    image: sailpoint-iiq
    container_name: sailpoint-iiq-8085
    ports:
      - "8085:8080"
      - "9009:8009"
    environment:
      - MYSQL_USER=identityiq
      - MYSQL_PASSWORD=identityiq
      - MYSQL_DATABASE=identityiq
      - MYSQL_ROOT_PASSWORD=password
    depends_on:
      - db
    volumes:
    - '/volume1/docker/sailpoint-iiq/data/webapps:/opt/tomcat/webapps'

Main changes were to Dockerfile under iiq-build folder. The one on the github is not using latest debian and also had issues installing Oracle JDK

Here is the modified version

FROM debian:latest

MAINTAINER Steffen Sperling <[email protected]>

ENV TOMCAT_VERSION 9.0.46
ENV IIQ_VERSION 8.1

# Fix sh
RUN rm /bin/sh && ln -s /bin/bash /bin/sh

# Install dependencies
RUN apt-get update && \
apt-get install -y apt-utils wget vim unzip tar default-mysql-client openjdk-11-jdk

# Define commonly used JAVA_HOME variable
ENV JAVA_HOME /usr/lib/jvm/java-11-openjdk-amd64

RUN java -version

# Get Tomcat
RUN wget --quiet --no-cookies http://www-eu.apache.org/dist/tomcat/tomcat-9/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz -O /tmp/tomcat.tgz && \
tar xzvf /tmp/tomcat.tgz -C /opt && \
mv /opt/apache-tomcat-${TOMCAT_VERSION} /opt/tomcat && \
rm /tmp/tomcat.tgz && \
rm -rf /opt/tomcat/webapps/examples && \
rm -rf /opt/tomcat/webapps/docs && \
rm -rf /opt/tomcat/webapps/ROOT

# Add admin/admin user
ADD tomcat-users.xml /opt/tomcat/conf/
run mkdir -p /opt/tomcat/conf/Catalina/localhost
ADD manager.xml /opt/tomcat/conf/Catalina/localhost
# add IIQ
COPY src/identityiq-${IIQ_VERSION}.zip /tmp
RUN unzip /tmp/identityiq-${IIQ_VERSION}.zip identityiq.war && \
mkdir /opt/tomcat/webapps/identityiq && \
unzip identityiq.war -d /opt/tomcat/webapps/identityiq && \
chmod +x /opt/tomcat/webapps/identityiq/WEB-INF/bin/iiq && \
rm identityiq.war

RUN mkdir /opt/tomcat/webapps/ROOT
COPY index.html /opt/tomcat/webapps/ROOT

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENV CATALINA_HOME /opt/tomcat
ENV PATH $PATH:$CATALINA_HOME/bin

EXPOSE 8085
EXPOSE 8009
VOLUME "/opt/tomcat/webapps"
WORKDIR /opt/tomcat

# Launch IIQ
CMD ["/entrypoint.sh", "run"]
#CMD ["/opt/tomcat/bin/catalina.sh", "run"]

create_mysql_db.sh was also modified to use 8.1 version of identityiq tables create script

#!/bin/bash
# create database schema
mysql -uroot -p$(MYSQL_ROOT_PASSWORD) < /opt/tomcat/webapps/identityiq/WEB-INF/database/create_identityiq_tables-8.1.mysql
echo "=> Done creating database!"
# set database host in properties
sed -ri -e "s/mysql:\/\/localhost/mysql:\/\/db/" /opt/tomcat/webapps/identityiq/WEB-INF/classes/iiq.properties
sed -ri -e "s/dataSource.username\=.*/dataSource.username=$(MYSQL_USER)/" /opt/tomcat/webapps/identityiq/WEB-INF/classes/iiq.properties
sed -ri -e "s/dataSource.password\=.*/dataSource.password=$(MYSQL_PASSWORD)/" /opt/tomcat/webapps/identityiq/WEB-INF/classes/iiq.properties

echo "=> Done configuring iiq.properties!"

Finally I had to update few lines in ./identityiq/WEB-INF/database/create_identityiq_tables-8.1.mysql which comes in IIQ package for me to work

CREATE USER IF NOT EXISTS 'identityiq'@'%' IDENTIFIED WITH mysql_native_password BY 'identityiq';

WITH

CREATE USER IF NOT EXISTS 'identityiq'@'%' IDENTIFIED BY 'identityiq';

-----

CREATE USER IF NOT EXISTS 'identityiq'@'localhost' IDENTIFIED WITH mysql_native_password BY 'identityiq';

WITH

CREATE USER IF NOT EXISTS 'identityiq'@'localhost' IDENTIFIED BY 'identityiq';

-----

CREATE USER IF NOT EXISTS 'identityiqPlugin'@'%' IDENTIFIED WITH mysql_native_password BY 'identityiqPlugin';

WITH

CREATE USER IF NOT EXISTS 'identityiqPlugin'@'%' IDENTIFIED BY 'identityiqPlugin';

----

CREATE USER IF NOT EXISTS 'identityiqPlugin'@'localhost' IDENTIFIED WITH mysql_native_password BY 'identityiqPlugin';

WITH

CREATE USER IF NOT EXISTS 'identityiqPlugin'@'localhost' IDENTIFIED BY 'identityiqPlugin';

That’s it.. Then build the docker

docker-compose build
docker-compose up -d

Notes

  • Need to change TOMCAT_VERSION to the one available on http://www-eu.apache.org/dist/tomcat/tomcat-9/ at the time of build
  • For some reason in my latest build webapps folder was empty. Had to do manual steps from Dockerfile after login to the sail point_iiq-8085 container. Had to run the webapps folder part (IIQ war file and index file deployment) and then restart container. Will try to figure out later what broke it.

After a few runs I got it up and running on latest version (IIQ 8.1 at the time of writing) and with persistent storage.

 

 

By Piyush Khandelwal, ago