Introduction
If you want to try out IBM Security Verify Access on Docker, but you don’t have a Docker environment, this post provides step-by-step instructions for setting up a Centos 7 Linux machine and then installing Docker Community Edition and docker-compose.
Once you have completed the steps in this post, you’ll be able to use my Verify Access with Docker and Docker Compose cookbook (on the IBM Security Learning Academy) to explore Docker concepts and configure Access Manager on Docker.
Subsequent blog posts expand on the environment built here to explore orchestration technologies such as Kubernetes and OpenShift.
Resource Requirements
For my environment, I used a virtual machine running under VMWare but you could use a different hypervisor or a physical machine. For my virtual machine I used these settings:
- Minimum 4GB Memory (8GB recommended)
- 30GB Disk
- Minimum 2 CPUs (4 CPUs recommended)
- Recommend enabling nested hypervisor support (but not required for first steps)
Install Centos 7
The first step of the setup is to install Centos 7. I used the Centos 7 Minimal ISO from the Centos web site.
Here are a few notes on the installation:
- You can use Automatic Partitioning. The XFS filesystem settings in the latest Centos 7 installer will work fine with Docker Overlay2 filesystem.
- Be sure to go into the Network & Host name section to enable your network card. Set a hostname and domain to give your machine a unique name.
- While the installation is running, you are asked to set a password for the root user and create a standard user. I created a standard user with username of
demouser but you can choose your own name.
At the end of the installation you will reboot the system and end up at a login prompt.
Set up Graphical Desktop
To create a standalone system, install the X Window system, a desktop manager, and a browser. You can choose your own if you like but here are instructions for installing a minimal Gnome Desktop, a file editor, and the Firefox browser.
Login to the system as root. Rather than logging in at the console, you might prefer to connect with ssh so that you can cut and paste from this post.
Enter these commands:
yum -y update
yum -y groupinstall "X Window System"
yum -y install
gnome-classic-session gnome-terminal nautilus-open-terminal
control-center dejavu-sans-mono-fonts firefox gedit
open-vm-tools-desktop
unlink /etc/systemd/system/default.target
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
Reboot the system.
Install a few useful utilities
Login to the system as root. You can connect with ssh or use the graphical desktop.
Enter the following commands to install some useful utilities:
yum -y install open-vm-tools unzip net-tools git bash-completion xdg-utils openldap-clients wget
Install Docker Community Edition
You will now install Docker Community Edition. This is done by adding the Docker CE repository to yum and then installing. This allows updates to be managed by the update manager.
As root, enter the following commands to install Docker CE and set it to auto-start:
yum-config-manager -y --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y yum-utils device-mapper-persistent-data lvm2 docker-ce
systemctl enable docker
systemctl start docker
Install docker-compose
The docker-compose utility allows some basic automation of a Docker environment.
As root, enter the following commands to download and install:
curl -L
https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname
-s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
curl -L
https://raw.githubusercontent.com/docker/compose/1.24.0/contrib/completion/bash/docker-compose
-o /etc/bash_completion.d/docker-compose
Add standard user to docker group
If you want a standard user to be able to run Docker commands, they must be added to the docker group.
As root, enter the following commands (replacing demouser with the username of your standard user):
usermod -aG docker demouser
The installation is complete.
Reboot the system.
Test Docker
When the system has rebooted, login as the standard user.
Enter the following command to run a test Docker container:
docker run --name test hello-world
You should see the following output:
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
d1725b59e92d: Pull complete
Digest: sha256:0add3ace90ecb4adbf7777e9aacf18357296e799f81cabc9fde470971e499788
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
The container has started, output a welcome message, and stopped. To keep things tidy, delete the stopped container and the image using the following commands:
docker rm test
docker rmi hello-world
Add entries to /etc/hosts
As root, enter the following command to add a couple of static host mappings:
cat <<EOF >> /etc/hosts
127.0.0.2 lmi.iamlab.ibm.com
127.0.0.3 www.iamlab.ibm.com
EOF
Congratulations! You now have a working Docker environment in which you can explore installation of IBM Security Verify Access using Docker and docker-compose.
#ISAM#containers#Docker#verifyaccess