Installation
IDP OSS 1.7.0 is currently supported on Unix based systems and has been tested on RHEL 7.6 and above, Ubuntu 16.x and CentOS 7. The deployment of IDP OSS version is currently supported on a single node environment.
Before setting up IDP in the system, please ensure that the following pre-requisites are met.
- 32GB RAM
- 200GB HDD
- 8 CPU cores
Following are the default ports used by the IDP microservices during installation process.
| Services | Ports |
|---|---|
| postgres | 5432 |
| idpsubscription | 8090 |
| zookeeper | 2181 |
| grafana | 3000 |
| keycloak | 8989 |
| idpeureka | 8761 |
| kafka | 9092 |
| idpdashboard | 8184 |
| idpapp | 8080 |
| idpservices | 8889 |
| orchestrator | 8281 |
| jenkinsconnector | 8282 |
| jenkins | 8085 |
| Jenkins Slave | 50000 |
| idpconfig | 8888 |
| idpoauth | 8181 |
| idpscheduler | 8222 |
However, following ports need to be exposed from the IDP server to access it from external machines.
| Services | Ports |
|---|---|
| UI | 80 |
| Jenkins Slave | 50000 |
Following internet URLs need to be whitelisted for the installation process to complete. In places where corporate firewalls restrict access, proxy details would be required to be configured in the installation script.
- Docker
- Git
To validate that Docker & Git are installed, execute the below commands which will display the versions of these components.
[root@hostname ~]# docker -v
**Docker version 18.06.1-ce, build e68fc7a
[root@hostname ~]# git --version
git version 1.8.3.1
Step 1. Cloning repository
git clone https://github.com/Infosys/openIDP.git
NOTE: While cloning the repository it will ask you for the username and password please provide your credentials to proceed further.
NOTE: If you have already cloned the repository/want to update the IDP instance, use git pull command.
git clone https://github.com/Infosys/openIDP.git
Step 2. Execute build script to install and configure IDP_OSS on your machine.
Please navigate to the path where the repository is cloned from git.
[root@hostname]# cd /root/IDP_OSS_git/openIDP
Execute ls –l command to list out the files and folders which are cloned.
Next step is to execute the script setup(build.sh script)
NOTE: Before executing the script there are certain steps that you need to perform manually, please execute the below steps before executing setup script. The configurations are also critical depending on whether you are installing IDP for the first time or upgrading it. Please refer to Additional Notes section at the bottom of the page to understand different configuration options.
1. mkdir /root/.m2
Create above directory where all the cache will be stored.
2.docker swarm init
The above command will make sure that the Docker Swarm has been initialized into the system. After the successful execution of above command you are good to go with setup script.
3.You can mention IP address if you wish to host it with IP address. By default it will take hostname of the system. You can edit the below line in the script (Optional - If hostname is not configured properly, then ip address have to be specified in the script). export HOSTNAME=$(hostname) change it to export HOSTNAME='ip.of.the.system'
4.[root@hostname]# bash build.sh
Note: No manual inputs are required from user’s end. After successful completion of the script user will be redirected to terminal prompt.
Note: if you want to skip the rebuild or re-deploy your IDP_OSS you can change the value of SKIP_BUILD and REMOVE_OLDER set to true/false
5.To validate all the services and docker containers are up and running, execute the below commands.
[root@hostname]#docker service list
6.[root@hostname]#docker ps
To display the containers of different services that are created by Docker to manage various features to manage the IDP application.
7.Once all the services are up and running, you can open a web browser (Chrome/IE) and check the URL by providing your system's host name followed by service name idpapp, if the installation and configuration has been completed without any error, IDP Login page appears.
Try logging with the default username and password.
Username: idpadmin
Password: idpadmin@123
Note: Any new user will have default password as “firstlogon@idp”. This password can be changed after first logon. If hostname details are unavailable, build script has to be modified to replace hostname with ip address
For Dashboard and Jenkins to load within IDP UI, following steps have to be followed to change a setting in Keycloak.
- Open http://<hostname>/auth in a new browser tab/window
- Click on “Administration Console”
- Login using admin/admin credentials to Keycloak
- Go to “Security Defenses” tab in the landing page (Realm Settings of Master realm)
- Replace existing value for “X-Frame-Options” field with following value --> ALLOW-FROM http://<hostname>/idpapp
- Remove the following value from Content-Security-Policy field --> frame-ancestors 'self';
- It should finally look similar to the screenshot below
- Save the settings and Logout from Keycloak
It is strongly recommended to change 'idpadmin' and 'admin' passwords in Keycloak post all configurations.
The Build Script has environment variables which can help you switch the flow or behaviour of script from default options.
SKIP_TESTS
Default Value: true
Allowed Values: true | false
Implications: If set false, will skip the test during build. If set true, then test cases will execute with build section.
REMOVE_OLDER
Default Value: true
Allowed Values: true | false
Implications: If set false, will skip the removing older IDP stack from docker. If set true, then script will remove older IDP stack from docker, in case stack is not deployed earlier, then it will just pass.
SKIP_BUILD
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the whole build section. Useful if only configuration refresh like IP/hostname update is required.
SKIP_CLOUD
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Cloud Config Server Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_EUREKA
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Eureka Server Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_SERVICES
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Services Server Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_DSL
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the DSL Server Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_UI
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the UI Server Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_SUBSCRIPTION
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Subscription Server Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_DASHBOARD
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Dashboard Server Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_SCHEDULER
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Scheduler Server Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_JENKINS
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Jenkins Server Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_ORCHESTRATOR
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Orchestrator Component Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_CONNECTOR_JENKINS
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Jenkins Connector Component Build Section. If SKIP_BUILD is set true, then this will have no effect
SKIP_TOOLS_CONFIG
Default Value: false
Allowed Values: true | false
Implications: If set True, will skip the Configuration Section to configure tools for handshake across given hostname.
LOCAL_M2_CACHE (Recommended)
Default Value: NA
Allowed Values: "-v <Path_Of_M2_Folder>:/root/.m2/"
Implications: If set, all component build will pool common local M2 cache and will use settings.xml placed in that folder (helpful if you have Nexus server for all resolution)
ANSIBLE_IMAGE
Default Value: williamyeh/ansible:centos7
Allowed Values: Any docker image having ansible.
Implications: This docker image will be used in configuration stage for configuring stack for handshake on provided hostname.
MAVEN_BUILD_IMAGE
Default Value: maven:3.5.4-jdk-8-alpine
Allowed Values: Any docker image having maven.
Implications: This docker image will be used in build stage.
ANGULAR_BUILD_IMAGE
Default Value: alexsuch/angular-cli:6.2
Allowed Values: Any docker image having Angular CLI.
Implications: This docker image will be used in UI build stage.
ARCHIVE_MGMT_IMAGE
Default Value: alexsuch/angular-cli:6.2
Allowed Values: Any docker image having unzip binaries.
Implications: This docker image will be used in packaging manipulation in DSL build stage.
ARCHIVE_CREATE_IMAGE
Default Value: kramos/alpine-zip
Allowed Values: Any docker image having zip binaries.
Implications: This docker image will be used in packaging of artifacts as per stack requirements.
WGET_IMAGE
Default Value: mwendler/wget
Allowed Values: Any docker image having wget binaries.
Implications: This docker image will be used in downloading packages as per stack requirements.
NETWORK_IMAGE
Default Value: gochain/netstats:0.0.30
Allowed Values: Any docker image having network statistics binaries.
Implications: This docker image will be used in checking network as per stack requirements.
WGET_PROXY
Default Value: NA
Allowed Values: "-e use_proxy=yes -e http_proxy=http(s)://:@: -e https_proxy= http(s)://:@: -e ftp_proxy= http(s)://:@:"
Implications: If set, all artifact downloads will use this proxy to fetch (helpful if you have Corporate firewall blocking downloads via wget)
PIP_PROXY
Default Value: NA
Allowed Values: "--proxy http(s)://:@:"
Implications: If set, ansible configuration module will use this proxy to fetch required python module (helpful if you have Corporate firewall blocking downloads via pip)
NPM_PROXY
Default Value: NA
Allowed Values: "npm config set proxy http(s)://:@:&&npm config set https-proxy http(s)://:@:"
Implications: If set, NPM will use this proxy to fetch required node modules (helpful if you have Corporate firewall blocking downloads via npm)
HOSTNAME
Default Value: $(hostname)
Allowed Values: Hostname/IP Address of your system (Docker Master)
Implications: By default, it will record your systems hostname for component handshake. If your system has some issue with DNS resolution of own hostname, its recommended set this variable to IP address of your system.