Deploying #OpenAM instances in #Docker

Deploying services with Docker has become pretty popular in the DevOps world (understatement).

I want to demonstrate how to deploy an instance of ForgeRock’s OpenAM and OpenDJ using Docker.

Essentially this is my ForgeRock Docker Cheat Sheet

Setup:
I am running this on a virtual Ubuntu instance in Virtualbox on my laptop. You can run Docker on both Windows and OS X too … I just personally prefer Linux.

Step 1: Install Docker:
https://docs.docker.com/engine/installation/linux/ubuntulinux/

Step 2: Clone ForgeRock Docker Files:
$ cd /home/brad/Dev/
Use git to clone from: https://stash.forgerock.org/projects/DOCKER/repos/docker/browse

This will create a directory called “docker” in the above path.

Step 3: Build Files:
$ cd /home/brad/Dev/docker
$ make clean
$ make

At this point a few images are created on your local host, to view Images:

$ docker images

 

OpenDJ Instance:
Note: the first time you run an instance you need to create the “dj” directory first (persistent storage)
eg.:
$ cd /home/brad
$ mkdir dj // <— just run this once; the first time you launch an instance on this host
$ docker run -d -p 1389:389 -v `pwd`/dj:/opt/opendj/instances/instance1 -t 9f332a0fbb88

To enable a persistent store you can use docker’s volume capability. From the above command, “-v `pwd`/dj:/opt/opendj/instances/instance1” this tells docker to cp “/opt/opendj/instances/instance1” from the running instance to `pwd`/dj on the docker host. You can then kill this instance and then launch a new one, referring to the same volume.

To view the running docker instances:
$ docker ps

Now when we launch OpenAM, we’ll want to allow it to access the OpenDJ container. By default Docker does not setup this networking but we can create a link (see run command below). Using the link parameter, Docker will edit the /etc/hosts file on the OpenAM container and create a “link” to the OpenDJ serverOpenAM:
$ cd /home/brad
$ mkdir am // <— just run this once; the first time you launch an instance on this host
$ docker run -d -p 8080:8080 -v `pwd`/am:/root/openam –link dreamy_hypatia:opendj -t c02f00f42e18

As we did with OpenDJ we tell Docker to create a volume, on the Docker host, and copy the OpenAM configurations to this location. This allows us to launch a new instance without having to reconfigure OpenAM.

Next Steps:
There are a lot of things that I did not cover in this post, specifically running multiple instances for scalability. OpenDJ would need to be configured for replication and OpenAM would need to be configured to join a Site. I plan on covering these things in a future post.

Also, I didn’t cover Docker best practices (specifally security). In your environment, treat your container ids as you would passwords.

Lastly, I plan on exploring other options for persistent storage, in future posts. I am pretty sure there are better alternatives than storing this data on the Docker host’s filesystem. Possibly looking at creating another Docker container specifically for storage.

Acknowledgements:
Warren Strange (ForgeRock) … he’s constantly producing awesome and developed a lot (probably most) of the capability around the ForgeRock docker instances

My friends at GoodDogLabs for mentoring me on all things Docker

Also, I have been gleaning a lot of Docker tips from @frazelledazzell … she drops a ton of Docker knowledge via Twtter and her blog.