Deploying services with Docker has become pretty popular in the DevOps world (understatement).
I want to demonstrate how to deploy an instance of ForgeRock’s OpenAM and OpenDJ using Docker.
Essentially this is my ForgeRock Docker Cheat Sheet
I am running this on a virtual Ubuntu instance in Virtualbox on my laptop. You can run Docker on both Windows and OS X too … I just personally prefer Linux.
Step 1: Install Docker:
Step 2: Clone ForgeRock Docker Files:
$ cd /home/brad/Dev/
Use git to clone from: https://stash.forgerock.org/projects/DOCKER/repos/docker/browse
This will create a directory called “docker” in the above path.
Step 3: Build Files:
$ cd /home/brad/Dev/docker
$ make clean
At this point a few images are created on your local host, to view Images:
$ docker images
Note: the first time you run an instance you need to create the “dj” directory first (persistent storage)
$ cd /home/brad
$ mkdir dj // <— just run this once; the first time you launch an instance on this host
$ docker run -d -p 1389:389 -v `pwd`/dj:/opt/opendj/instances/instance1 -t 9f332a0fbb88
To enable a persistent store you can use docker’s volume capability. From the above command, “-v `pwd`/dj:/opt/opendj/instances/instance1” this tells docker to cp “/opt/opendj/instances/instance1” from the running instance to `pwd`/dj on the docker host. You can then kill this instance and then launch a new one, referring to the same volume.
To view the running docker instances:
$ docker ps
Now when we launch OpenAM, we’ll want to allow it to access the OpenDJ container. By default Docker does not setup this networking but we can create a link (see run command below). Using the link parameter, Docker will edit the /etc/hosts file on the OpenAM container and create a “link” to the OpenDJ serverOpenAM:
$ cd /home/brad
$ mkdir am // <— just run this once; the first time you launch an instance on this host
$ docker run -d -p 8080:8080 -v `pwd`/am:/root/openam –link dreamy_hypatia:opendj -t c02f00f42e18
As we did with OpenDJ we tell Docker to create a volume, on the Docker host, and copy the OpenAM configurations to this location. This allows us to launch a new instance without having to reconfigure OpenAM.
There are a lot of things that I did not cover in this post, specifically running multiple instances for scalability. OpenDJ would need to be configured for replication and OpenAM would need to be configured to join a Site. I plan on covering these things in a future post.
Also, I didn’t cover Docker best practices (specifally security). In your environment, treat your container ids as you would passwords.
Lastly, I plan on exploring other options for persistent storage, in future posts. I am pretty sure there are better alternatives than storing this data on the Docker host’s filesystem. Possibly looking at creating another Docker container specifically for storage.
Warren Strange (ForgeRock) … he’s constantly producing awesome and developed a lot (probably most) of the capability around the ForgeRock docker instances
My friends at GoodDogLabs for mentoring me on all things Docker