This guide deploys OpenIAM using Ansible automation. You can deploy using Docker Compose or RPM packages depending on your environment requirements.
ansible-galaxy collection install community.docker
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install community.general
# inventory.ini
[openiam_servers]
openiam1.example.com ansible_host=192.168.1.100
[openiam_docker:children]
openiam_servers
[openiam_rpm:children]
openiam_servers
---
- name: Deploy OpenIAM with Docker
hosts: openiam_docker
become: true
vars:
openiam_version: "4.2.2"
openiam_dir: /opt/openiam
openiam_db_password: "{{ vault_openiam_db_password }}"
openiam_rabbitmq_password: "{{ vault_openiam_rabbitmq_password }}"
pre_tasks:
- name: Gather system information
setup:
- name: Ensure required packages are installed
package:
name:
- docker
- docker-compose-plugin
- python3-docker
state: present
notify: restart docker
- name: Ensure Docker service is enabled and running
systemd:
name: docker
enabled: true
state: started
- name: Add ansible user to docker group
user:
name: "{{ ansible_user }}"
groups: docker
append: true
tasks:
- name: Create OpenIAM directory
file:
path: "{{ openiam_dir }}"
state: directory
owner: root
group: root
mode: '0755'
- name: Create config and logs directories
file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: '0755'
loop:
- "{{ openiam_dir }}/config"
- "{{ openiam_dir }}/logs"
- "{{ openiam_dir }}/db-init"
- name: Generate Docker Compose file
template:
src: docker-compose.yml.j2
dest: "{{ openiam_dir }}/docker-compose.yml"
owner: root
group: root
mode: '0644'
- name: Start OpenIAM services
docker_compose:
project_src: "{{ openiam_dir }}"
state: present
pull: yes
register: compose_result
- name: Wait for OpenIAM to be ready
uri:
url: "http://localhost:9080/openiam-esb/actuator/health"
method: GET
status_code: 200
timeout: 10
delay: 30
retries: 20
delegate_to: localhost
handlers:
- name: restart docker
systemd:
name: docker
state: restarted
version: '3.8'
services:
openiam-db:
image: mariadb:10.6
container_name: openiam-db
environment:
MYSQL_ROOT_PASSWORD: {{ openiam_db_password }}
MYSQL_DATABASE: openiam
MYSQL_USER: openiam_user
MYSQL_PASSWORD: {{ openiam_db_password }}
volumes:
- openiam_db_data:/var/lib/mysql
- ./db-init:/docker-entrypoint-initdb.d
restart: unless-stopped
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
timeout: 20s
retries: 10
openiam-redis:
image: redis:7-alpine
container_name: openiam-redis
restart: unless-stopped
healthcheck:
test: ["CMD", "redis-cli", "ping"]
timeout: 3s
retries: 5
openiam-rabbitmq:
image: rabbitmq:3.12-management
container_name: openiam-rabbitmq
environment:
RABBITMQ_DEFAULT_USER: openiam
RABBITMQ_DEFAULT_PASS: {{ openiam_rabbitmq_password }}
restart: unless-stopped
healthcheck:
test: ["CMD", "rabbitmqctl", "status"]
timeout: 10s
retries: 5
openiam-elasticsearch:
image: elasticsearch:7.17.16
container_name: openiam-elasticsearch
environment:
- discovery.type=single-node
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- xpack.security.enabled=false
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- openiam_es_data:/usr/share/elasticsearch/data
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "curl -f http://localhost:9200/_cluster/health || exit 1"]
interval: 30s
timeout: 10s
retries: 5
openiam:
image: openiam/openiam:{{ openiam_version }}
container_name: openiam
depends_on:
openiam-db:
condition: service_healthy
openiam-redis:
condition: service_started
openiam-rabbitmq:
condition: service_healthy
openiam-elasticsearch:
condition: service_healthy
ports:
- "9080:9080"
environment:
DB_HOST: openiam-db
DB_NAME: openiam
DB_USER: openiam_user
DB_PASSWORD: {{ openiam_db_password }}
REDIS_HOST: openiam-redis
RABBITMQ_HOST: openiam-rabbitmq
RABBITMQ_USER: openiam
RABBITMQ_PASSWORD: {{ openiam_rabbitmq_password }}
ELASTICSEARCH_HOST: openiam-elasticsearch
volumes:
- ./config:/opt/openiam/config
- ./logs:/opt/openiam/logs
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9080/openiam-esb/actuator/health"]
interval: 30s
timeout: 10s
retries: 5
volumes:
openiam_db_data:
openiam_es_data:
---
- name: Deploy OpenIAM with RPM
hosts: openiam_rpm
become: true
vars:
openiam_version: "4.2.2"
openiam_download_url: "https://download.openiam.com/release/enterprise/{{ openiam_version }}/rpm/openiam-{{ openiam_version }}.noarch.x86_64.rpm"
pre_tasks:
- name: Gather system information
setup:
- name: Validate OS compatibility
assert:
that:
- ansible_distribution == "RedHat" or ansible_distribution == "CentOS" or ansible_distribution == "Rocky" or ansible_distribution == "AlmaLinux"
- ansible_distribution_major_version == "9"
fail_msg: "OpenIAM RPM installation only supports RHEL/CentOS/Rocky/AlmaLinux 9+"
success_msg: "Compatible OS detected"
tasks:
- name: Install required system packages
package:
name:
- curl
- wget
- tar
- gzip
- java-11-openjdk
state: present
- name: Download OpenIAM RPM
get_url:
url: "{{ openiam_download_url }}"
dest: "/tmp/openiam-{{ openiam_version }}.noarch.x86_64.rpm"
mode: '0644'
force: true
- name: Install OpenIAM RPM
package:
name: "/tmp/openiam-{{ openiam_version }}.noarch.x86_64.rpm"
state: present
- name: Initialize OpenIAM (first run)
command: /usr/bin/openiam-cli init
args:
creates: /opt/openiam/.initialized
register: init_result
- name: Create initialization marker
file:
path: /opt/openiam/.initialized
state: touch
mode: '0644'
when: init_result.changed
- name: Start OpenIAM services
systemd:
name: openiam
state: started
enabled: true
- name: Wait for OpenIAM to be ready
uri:
url: "http://localhost:9080/openiam-esb/actuator/health"
method: GET
status_code: 200
timeout: 10
delay: 30
retries: 20
delegate_to: localhost
post_tasks:
- name: Display connection information
debug:
msg:
- "OpenIAM is now running on {{ ansible_default_ipv4.address }}:9080"
- "Default credentials: sysadmin / passwd00 (change immediately!)"
- "Access WebConsole at: https://{{ ansible_default_ipv4.address }}:9080"
# Run the Docker-based deployment
ansible-playbook -i inventory.ini docker-deploy.yml
# With vault password
ansible-playbook -i inventory.ini --ask-vault-pass docker-deploy.yml
# Run the RPM-based deployment
ansible-playbook -i inventory.ini rpm-deploy.yml
# With vault password
ansible-playbook -i inventory.ini --ask-vault-pass rpm-deploy.yml
Create a vault file to store sensitive information:
# Create encrypted vault
ansible-vault create group_vars/all/vault.yml
Include these variables in the vault:
vault_openiam_db_password: "your_secure_database_password"
vault_openiam_rabbitmq_password: "your_secure_rabbitmq_password"
For more complex deployments, create an Ansible role:
# Create role structure
ansible-galaxy init roles/openiam
Then customize the role with tasks, templates, and handlers for your specific requirements.
After deployment, verify the installation:
# Check service status
ansible openiam_servers -m shell -a "openiam-cli status"
# Check logs
ansible openiam_servers -m shell -a "openiam-cli log ui"
# Health check
ansible openiam_servers -m uri -a "url=http://localhost:9080/openiam-esb/actuator/health method=GET"
Beyond this playbook, we offer:
Contact our automation team: office@linux-server-admin.com