- Products & services Products & services
- Resources ResourcesLearning
- Learning
- Identity University Get technical training to ensure a successful implementation
- SailPoint professional certifications & credentials Advance your career or validate your identity security knowledge
- SailPoint recertification program Get recertified by demonstrating ongoing learning
- Training onboarding guide Make of the most of training with our step-by-step guide
- Training FAQs Find answers to common training questions
- Community Community
- Compass
- :
- Discuss
- :
- Community Wiki
- :
- IdentityIQ Wiki
- :
- Dockerization of IdentityIQ
- Article History
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Content to Moderator
Dockerization of IdentityIQ
Dockerization of IdentityIQ
Hi Sailors,
I want to show you guys how I use docker for IdentityIQ. You only need to follow the first steps (since my environment is different), but this should be able to help you build a docker environment for your IdentityIQ. So, let's start:
For the first step, we should determine at a minimum of what we need:
- Tomcat (version 8.5.42)
- Database MySQL (version 5.7.26)
For the second step, we should determine how to use docker:
- Build all stuff in a one container (slow (need to install all stuff) and more complex Dockerfile)
- Use docker-compose (horizontal scaling)
We have the minimal requirements for our dockerization.
Folder structure:
docker
|--db
|--sp
|--tomcat
|--webapps
docker - main folder contains docker-compose.yml and .env files
db - contains sql files for database initialization
sp - contains common staff for IdentityIQ (e.g.: iiq.properties, log4j.properties)
tomcat - all stuff for tomcat container
tomcat/webapps - contains wars to deploy
Each folder (db, sp, tomcat/webapps) contains version folders:
docker
|--db
|--7.3
|--8.0
|--sp
|--7.3
|--8.0
|--tomcat
|--webapps
|--7.3
|--8.0
Create docker-compose.yml:
version: "3"
services:
tomcat:
build: ./tomcat
working_dir: /usr/local/tomcat
environment:
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
links:
- "db:${MYSQL_LINK_NAME}"
ports:
- "${TOMCAT_APPLICATION_PORT}:8080"
- "${TOMCAT_APPLICATION_DEBUG_PORT}:8000"
depends_on:
- db
command: ["/home/sp-mysql-ping.sh"]
volumes:
- "./tomcat/webapps/${SP_VERSION}/identityiq.war:/usr/local/tomcat/webapps/identityiq.war"
db:
image: mysql:${MYSQL_VERSION}
volumes:
- "./db/${SP_VERSION}/:/docker-entrypoint-initdb.d/"
environment:
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
ports:
- "${MYSQL_PORT}:3306"
# +++++++++++++++ GLOBAL environment +++++++++++++++ MYSQL_LINK_NAME=mysql MYSQL_VERSION=5.7.26 TOMCAT_VERSION=8.5.42-jdk8-openjdk-slim SP_VERSION=7.3 # --------------- GLOBAL environment --------------- # +++++++++++++++ MYSQL environment +++++++++++++++ MYSQL_DATABASE=identityiq MYSQL_USER=identityiq MYSQL_PASSWORD=identityiq MYSQL_ROOT_PASSWORD=root MYSQL_PORT=3306 # --------------- MYSQL environment --------------- # +++++++++++++++ TOMCAT environment +++++++++++++++ TOMCAT_APPLICATION_PORT=8080 TOMCAT_APPLICATION_DEBUG_PORT=8000 # --------------- TOMCAT environment ---------------Docker-compose will create 2 containers:
- Tomcat
- MySQL
MySQL container will be built from an image, but Tomcat not. It is necessary for 1 reason: tomcat must start only after MySQL container.
For tomcat container uses Dockerfile:
FROM tomcat:8.5.42-jdk8-openjdk-slim #Add waiting script COPY ./sp-mysql-ping.sh /home/sp-mysql-ping.sh #Add waiting script RUN chmod +x /home/sp-mysql-ping.sh #Update all packages RUN apt update #Install mysql-client to check DB RUN apt install mysql-client -yThere are several steps to build the image:
- Copy the script for testing connection to mysql
- Installing mysql-client for script
Script (sp-mysql-ping.sh):
#!/bin/bash ATTEMPTS=0 echo "Waiting for mysql" until mysql -u $MYSQL_USER -h db -e "select 1 from $MYSQL_DATABASE.spt_identity" -p$MYSQL_PASSWORD &> /dev/null do printf "\nWaiting for MySQL" printf "\nAttempts: $ATTEMPTS" sleep 1 ATTEMPTS=$((ATTEMPTS+1)) done printf "\nMySQL is running\n" printf "\nTry to start tomcat\n" catalina.sh jpda runIn this script container, we will not start tomcat until DB is not initialized.
Main properties for identityiq.war:
# +++++++++++++++++ Database properties +++++++++++++++++ dataSource.username=identityiq dataSource.password=identityiq dataSource.url=jdbc:mysql://mysql:3306/identityiq?useServerPrepStmts=true&tinyInt1isBit=true&useUnicode=true&characterEncoding=utf8 dataSource.driverClassName=com.mysql.jdbc.Driver sessionFactory.hibernateProperties.hibernate.dialect=sailpoint.persistence.MySQL5InnoDBDialec # ----------------- Database properties ----------------- # +++++++++++++++++ Logs properties +++++++++++++++++ log4j.appender.file.File=/usr/local/tomcat/logs/sailpoint.log # ----------------- Logs properties -----------------
Before storing docker container, we need (version of IdentityIQ = 7.3):
- Put sql file of creating DB for identityiq in docker/db/7.3/
- Put identityiq.war in docker/tomcat/webapps/7.3/
Command for starting containers: "docker-compose up -d".
Using docker for IdentityIQ allows:
- Speedup developing and debugging
- Fast deployment (can have several versions at the same time)
- Horizontal scaling (adding specific containers: ldap, DB users...)
- Customization of environment (using sql dump as initial script for DB)
All sources you can find in GitHub.
