Using a container

You can start IAM.tf using a container, in this example we will use Docker, but you can also use Containerd, Kubernetes or any other container environment.

docker run \
        --name iamtf \
        --detach \
        --env JOSSO_CLIENT_ID="idbus-f2f7244e-bbce-44ca-8b33-f5c0bde339f7" \
        --env JOSSO_CLIENT_SECRET="7oUHlv(HLT%vxK4L" \
        --env JOSSO_ADMIN_USR=myadmin \
        --env JOSSO_ADMIN_PWD=changeme \
        --env JOSSO_SKIP_ADMIN_CREATE=false \
        -p8081:8081 -p8101:8101 \
        atricore/iamtf:latest

Environment Variables

As with many container based tools, you can configure several IAM.tf settings using environment variables.

Client ID and secret are credentials used to manage the server, these can also be configured in a file hosted in the container: /opt/atricore/iamtf/server/etc/com.atricore.idbus.console.appliance.default.idau.cfg

• JOSSO_CLIENT_ID: client id to be used to connect to the server using the terraform plugin.
• JOSSO_CLIENT_SECRET: secret to be used to connect to the server using the terraform plugin
• JOSSO_ADMIN_USR: optional, the server will create an administrator user to allow ssh access.
• JOSSO_ADMIN_PWD: optional, the password for the administrator user
• JOSSO_SKIP_ADMIN_CREATE: optinal, IAM.tf server will only create the administrator user if this flag is set to FALSE.

Network Ports

• 8081: default IAM.tf server HTTP port.
• 8101: optional, IAM.tf server SSH service port. You don't need to expose this port, unless you want to SSH into the server.

Persisting configuration

IAM.tf servers have an extensive configuration. You can persist changes to it by mapping certain server folders to a volume. Look for your container tool volume support for details.

Server configuration

Contains configuration files for different server components. (logging, HTTP server, SSH server, DB store, etc)

• /opt/atricore/iamtf/server/etc

Server internal store

Internal derby DB storage.

• /opt/atricore/iamtf/server/data/derby