Autonomous Identity 2021.3.2

Deploy Autonomous Identity on CentOS

This section shows you how to install and deploy Autonomous Identity using Minikube, Kubernetes, and Docker on a CentOS 7 laptop or computer. This example shows you how easy it is to deploy Autonomous Identity locally on your computer.

This example setup is only for evaluation purposes and should not be used for production deployments.

* Deployment Procedures*

Let’s set up Autonomous Identity on CentOS 7.

Prerequisites
  • Hardware: Linux-based, 16 cores, 32GB RAM

  • Software: CentOS7

Install and Set Up Docker
  1. Install yum-utils, a set of tools to manage repositories. The tools include yum-config-manager to manage repositories.

    $ sudo yum -y install yum-utils
  2. Configure a repository using yum-config-manager.

    $ sudo yum-config-manager --add-repo \
         https://download.docker.com/linux/centos/docker-ce.repo
  3. Install Docker.

    $ sudo yum -y install  docker-ce docker-ce-cli containerd.io git
  4. Enable Docker to start up on boot.

    $ s sudo systemctl enable docker
  5. Start Docker.

    $ sudo systemctl start docker
  6. Add the user to the Docker daemon group, so that they can connect to the Docker engine.

    $ sudo usermod -aG docker $USER
  7. Logout and then log back in to apply the group change from the previous step.

Install Minikube
  1. Download the latest version of Minikube for Linux and make the client command executable.

  2. Create a directory.

    $ sudo mkdir -p /usr/local/bin/
  3. Install Minikube.

    $ sudo install minikube /usr/local/bin/
  4. Fetch kubectl.

  5. Make kubectl executable.

    $ chmod +x ./kubectl
  6. Move the command to the /user/local/bin directory.

    $ sudo mv ./kubectl /usr/local/bin/kubectl
Start Minikube
  1. Set up a Minikube start script.

    $ echo minikube start --cpus 16 --memory 12288 --vm-driver="docker" --container-runtime=docker > ~/start-minikube.sh
  2. Run Minikube.

    $ bash ~/start-minikube.sh
  3. Check its status.

    $ minikube status
Deploy the Autonomous Identity Components in Minikube
  1. Copy the SSH key to the VM to access Stash.

  2. Create a directory for your Kubernetes files.

    $ mkdir -p ~/repo/autoid
  3. Change to the directory.

    $ cd ~/repo/autoid
  4. Clone the Kubernetes folder from ForgeRock Stash repository.

    $ git clone -b zoran-kubernetes-poc ssh://git@stash.forgerock.org:7999/opt/autoid/kubernetes.git
  5. Change to the /kubernetes folder.

    $ cd kubernetes
  6. Set up the Autonomous Identity components.

    $ kubectl create -k .
  7. List all pods in ps output format, and then wait for all pods to be in a "running" state. Note that you may see some errors for the pods: Error, CrashLoopBackOff, ErrImagePull, or ImagePullBackoff. These errors indicate that the pods are waiting for their dependencies to start. Continue waiting until all pods go into a "running" state.

    $ kubectl get pods -w
    
    NAME                            READY   STATUS              RESTARTS   AGE
    cassandra-db                    1/1     Running             0          28m
    cli                             1/1     Running             0          28m
    configuration-service           1/1     Running             0          28m
    consul-client                   1/1     Running             7          28m
    consul-server                   1/1     Running             0          28m
    nginx                           1/1     Running             0          28m
    openldap                        1/1     Running             0          28m
    phpldapadmin                    1/1     Running             0          28m
    selfservice                     1/1     Running             0          28m
    spark-56f58889fd-kbxdv          1/1     Running             0          28m
    spark-slaves-7f7674d5fc-7xjk8   1/1     Running             0          28m
    spark-slaves-7f7674d5fc-9dprx   1/1     Running             0          28m
    spark-slaves-7f7674d5fc-pfg5n   1/1     Running             0          28m
    spark-slaves-7f7674d5fc-wlvpp   1/1     Running             0          28m
    zoran-api                       1/1     Running             0          28m
    zoran-ui                        1/1     Running             0          28m
Run the Analytics on CentOS
  1. Chenge to the Demo Data folder.

    cd ~/repo/opt/autoid/kubernetes/demo-data
  2. Copy the Demo Data into the Analytics folder.

    $ ls | xargs -n1 -I {} /bin/bash -c 'kubectl cp {} cli:/autoid-data/analytics'
  3. Run the Analytics Pipeline.

    $ kubectl exec cli \-\- run-pipeline
Access the Autonomous Identity UI

Before we can access

  1. Update your /etc/hosts file to map your minikube IP to the UI.

    $ minikube ip
  2. Open an editor and your Minikube IP to the /etc/hosts

    192.168.64.29  zoran-ui.nip.io
  3. Open a browser and navigate to http://zoran-ui.nip.io:30080/

  4. To log in to Autonomous Identity, enter a test admin user: bob.rodgers; password: Welcom123.

  5. Access a self-service UI if you want to change your Autonomous Identity password: http://zoran-ui.nip.io:30070/

  6. If you want to access the Apache Spark console: http://zoran-ui.nip.io:30088/

Stop the Autonomous Identity
  • Stop Autonomous Identity

    $ docker stop $(docker ps -a -q)
Troubleshooting Tips

This section presents some troubleshooting tips when running the evaluation version of Autonomous Identity:

  • If you run low on memory, you can safely shutdown Minikube without losing data. All data in Cassandra, Consul, OpenLDAP are stored in Minikube using persistent volumes. You can access the data by running minikube ssh and going to the /data folder.

  • Analytics jobs are quite compute intensive. You can speed up the analytics job if you can dedicate more resources for Minikube.

    • Alter the Minikube parameters to increase the CPU cound and memory.

    • Increase the number of Spark slaves by changing the variables replicas in spark-slaves.yaml .

    • While running the analytics scripts, set --num-executors to the number of spark slaves.

    • Make sure the --executor-memory multiplied by the number of spark slaves is well within the memory allocated to Minikube.

    • If you change the Minikube resource allocation, delete the existing cluster and re-create.

    • To troubleshoot performance issues or pod crashes, run the Kubernetes dashboard. First, check if the metrics-server is running kubectl top node. It should show an output like this:

      NAME CPU(cores)  CPU% MEMORY(bytes)  MEMORY%
      minikube  189m 2% 1165Mi 8%

      If you see the output, start the Kubernetes dashboard by running minikube dashboard.

Copyright © 2010-2022 ForgeRock, all rights reserved.