IBM Security Verify

  • 1.  Volumes for PolicyServer on Docker

    Posted Wed October 13, 2021 04:16 AM
    Hi,
    I have set up a PolicyServer on Docker, like explained in the cookbook for docker. After a docker-compose down and up the settings (agreement, password, database configuration) are gone.

    With directory do I have to bind to a volume to preserve these information?

    Regards
    Andreas

    ------------------------------
    Andreas Rühl
    ------------------------------


  • 2.  RE: Volumes for PolicyServer on Docker

    Posted Wed October 13, 2021 10:30 AM
    Hi Andreas,

    When you say "PolicyServer" I assume you're referring to the Configuration Container? This is container "isvaconfig" in the cookbook.
    This container should have a persistent volume mounted at /var/shared which is where snapshots are written when you publish them.

    As you configure your Verify Access system in the LMI, changes are made to the volatile container filesystem.  If you stop and start the container these are maintained but if you delete the container (as happens with docker-compose down) then these changes will be lost.

    To avoid this situation, before you delete the container you need to "publish" a snapshot... this will save it to the persistent volume.
    When a new (empty) configuration container starts, it will read the snapshot if it's present and reestablish the state.

    I hope this helps to explain how this works.

    Jon.


    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 3.  RE: Volumes for PolicyServer on Docker

    Posted Wed October 13, 2021 02:11 PM
    Hi Jon,
    thanks for your response.

    You are right, I'm talking about  the Configuration Container.

    If I create a snapshot, I can see it in the volume and it will be also available in the Config Container when it starts up after a compose up, but I need to apply the snapshot manually...

    What do you mean with "publish"? Maybe I forgot a step at this point.

    Regards
    Andreas

    ------------------------------
    Andreas Rühl
    ------------------------------



  • 4.  RE: Volumes for PolicyServer on Docker

    Posted Wed October 13, 2021 02:38 PM
    I have found it. The snapshot will be published with the "Container Management" -> "Publish Configuration" function, like other configurations.

    Thanks again!

    ------------------------------
    Andreas Rühl
    ------------------------------