How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I get a full Amster export out of a ForgeOps deployment?

Last updated Jan 18, 2023

The purpose of this article is to provide information on getting a full Amster export out of a ForgeOps (ForgeRock DevOps) deployment.

1 reader recommends this article

Prerequisites

Make sure that only a single ForgeOps AM pod is running.

See the ForgeOps documentation for further information on deploying ForgeOps.

Getting a full Amster export out of ForgeOps (AM 7.2 and later)

The forgeops repository includes an Amster utility script that triggers a Kubernetes job running an Amster pod in your designated cluster. This Amster job provides import and export functionality against AM.

To export all realm configuration:

$ /path/to/forgeops/bin/amster export <destination directory for the exported config> --full

To export all realm and global configuration: 

$ /path/to/forgeops/bin/amster export <destination directory for the exported config> --full --global

Getting a full Amster export out of ForgeOps (Pre-AM 7.2)

  1. Run an Amster pod to get the export. Note that this example mounts the Amster private key in an environment variable:$ kubectl run -it my-amster --image=gcr.io/forgerock-io/amster/pit1:7.1.2 --env AMSTER_KEY=$(kubectl get secret amster --template={{.data.id_rsa}}) --restart=Never -- bashThe kubectl run command creates the Amster pod, and leaves you in a shell that lets you run commands in the pod.
  2. Save the Amster key to a file, for example:$ echo $AMSTER_KEY | base64 -d > id_rsa
  3. Run Amster:$ ./amster
  4. Connect to AM, for example:$ connect -k id_rsa https://am.example.com:8443/am
  5. Export the configuration:$ export-config --path /tmp/amster_export
  6. Before exiting the Amster pod (which will destroy the export), open another shell and copy the Amster export off the temporary Amster pod:$ kubectl cp my-amster:/tmp/amster_export .Ignore the following warning if it appears:tar: Removing leading `/' from member namesThe copied export is available in the local directory.
  7. Exit the Amster pod:$ exit
  8. Delete the Amster pod:$ kubectl delete pod my-amster

See Also

ForgeOps documentation:

Amster documentation:
Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.