Installing Sailpoint IIQ Stack on docker (IIQ,Tomcat,MySql) – Docker Compose

anirbanb2004

Like many other Identity Management tools , Sailpoint IIQ also has 2 main layers in the stack

  1. Application Server ( I will be using Tomcat)
  2. A Compatible Database Server (I used MySql)
  3. A Network Layer to have Auth Source / Target Applications to be

Definitely you can install the database server and application server on your machine and run those sequence and have your IIQ instance up and accessible.

But trust me , while delving into a deeper subject , why to bother to spend energy in troubleshooting Application Server installation issues, or troubleshooting DB Server and Services configuration issue? Exactly for the same reason, my recommendation and I do personally use Docker Images of both Tomcat and MySql.

Anytime for any reason if my App Server or DB gets crashed or corrupted, I can just execute single docker command and it will create a fresh instance for me each time.

Obviously with docker image by default, you won’t have any persistent data. Which means within the docker instances any write operation you do, any new file you create or in Db any new entry you make, after each time you refresh the docker image, those all changes will be gone.

To avoid that , we can use volume for each image, for example for Tomcat, our application of IIQ war file will be within the www folder , also for MySql, the Db File Space for these, we be using Volumne, and point them to a folder location on Host Machine.

Now even we refresh the Image, these files will stay in host always, and once the new image starts , it will utilize these files from Volume.

Without further delay, lets start looking directly in my docker-compose file below

version: "3.9"
services:
  DB:
    platform: linux/x86_64
    image: "mysql"
    environment:
      - "MYSQL_ROOT_PASSWORD=XXX"
    volumes:
      - /Users/anirbanbhattacharya/Documents/Docker/db_file-dev:/var/lib/mysql
    container_name: "my-db-dev"
  phpmyadmin:
    image: "phpmyadmin"
    ports:
      - 80:80
    environment:
      - "PMA_HOST=my-db-dev"
      - "MYSQL_ROOT_PASSWORD=XXX"
    container_name: "phpmyadmin-dev"
    depends_on:
      - DB
  tomcat:
    image: "tomcat:9.0"
    ports:
      - 8080:8080
    depends_on:
      - DB
    volumes:
      - /Users/anirbanbhattacharya/Documents/Docker/webapps-dev:/usr/local/tomcat/webapps:rw
      - /Users/anirbanbhattacharya/Documents/Docker/FILE_SHARE-dev:/FILE_SHARE:rw
    container_name: "tomcat-dev"

I am not going to explain the detail of how docker-composer works but a very basic run down as below

Instead of executing separate docker commands for each of the images, we can create a single file as above to list all the images we want and also in proper order.

  1. My first Service is a DB Server which will run the MySql image.

Note here , I used Volume using the statement below “/Users/anirbanbhattacharya/Documents/Docker/db_file-dev:/var/lib/mysql”

This has two parts separated by colon (:) the left side is the location on the host machine and the right side is the symlink name within the docker OS. That statement tells the docker OS once it runs, if any application from within that Operating System is trying to access a location /var/lib/mysql” let will take that application to /Users/anirbanbhattacharya/Documents/Docker/db_file-dev” on the host machine.

That way any new DB , table etc we create will actually be stored in Host system , under “/Users/anirbanbhattacharya/Documents/Docker/db_file-dev” and will be there even the DB image is destroyed.

2. Next service is an application phpmyadmin, its a simple PHP based web application to manage MySql DB. I will be using it to load the installation DB scripts of IIQ.

3. The last service is tomcat, the application server. If you notice here I created 2 volumes.

a. For tomcat itself , we created a volume for webapps folder so that we can keep the actual application files on host file system and prevent from getting wiped out after each refresh.

b. I created another volume for FILE_SHARE-dev, this will be used by IIQ for accessing flatfiles or any other files etc.

Now if I execute the command docker compose up, it will create network, and also all the containers of the above images.

Containers Created

So at this moment my infrastructure is ready for IIQ installation.

Next, from Sailpoint IIQ site , will download the Identity IQ Server, I downloaded IIQ8.2 version and the file name was identityiq-8.2.zip

The Zip file has the following contents

As of now we are interested into the .war file and the database folder.

The Contents of database folder

Create the required Database table:

In this step we will be creating the required DB Objects in the database. The required script for respective database is provided in the above database folder.

As I am using MySql and I am doing a fresh installation, the script I will be using is create_identityiq_tables-8.2.mysql (later I will be using the plugin DB script, but not needed for basic installation)

But stop for a moment before executing the script.

At the beginning of the script you will see it is creating a specific database first, if you have a pre-created DB to be used for the same, make sure use that.

CREATE DATABASE IF NOT EXISTS identityiq CHARACTER SET utf8mb4;

Logged into PhpMyAdmin, and pasted the SQL Statement here

Once the Query been executed, we can see the new two schema got created identityiq and identityiqPlugin

Query been executed

Now the Database is ready, we can deploy the application war file in tomcat webapps folder.

We will copy the identityiq.war in webapps-dev folder (which is mounted in tomcat-dev container as webapps folder). Because of auto deploy, we will see this gets deployed and expanded automatically and we can see identityiq folder.

If we explore identityiq folder , it will look like regular tomcat web application

The contents of ./webapps-dev/identityiq

But even now the application doesn’t know the details of the database, so if we hit http://localhost:8080/identityiq , we will see the below error

Now , login into the docker machine running tomcat,

We need to change the permission of WEB-INF/bin/iiq to be executable

Now , we need to tell the application about the DB details to connect. for that we need to edit a properties file in WEB-INF/classes/iiq.properties

iiq.properties

Once this file is changed, on the docker machine of tomcat , go to webapps/identityiq/WEB-INF/bin folder and launch iiq console using ./iiq console

Now we will import the default initial configuration XML files by executing import init.xml from above iiq console

Now stop and start the containers

Now let’s try to access http://localhost:8080/identityiq/home.jsf

It will take a long time for the first time to get the servlets cached, and eventually you will see Sailpoint login screen

Use default username and password spadmin /admin and login 🙂

Now lets have a look at the containers created,

Containers

Okay, now if I want to save resources on my computer and remove the containers, I will simply execute docker compose down and it will gracefully stop and remove all the containers

But remember , all our DB files and webapps (application files) were on host system (in docker OSes they gets mounted as volume) so even the the original containers are removed, all our DB and APP files are there. Next time we use same docker compose file to create the containers again, they will reuse these DB and APP files.

So if I need them again, I will simply execute docker compose up , and the containers will be re-created again, and as the DB files (which has DB , tables etc ) and webapps folder are same, our installation stays intact.

Please follow and like us:
RSS
Follow by Email
Facebook
fb-share-icon
Twitter
Tweet
Pinterest
Pin Share
LinkedIn
Share

Written by 

Leave a Reply