Let's talk about a very cool OpenIDM feature called custom endpoints . If you have used OpenIDM you know that objects in the system (be they repository, provisioner, or configuration objects) are available at RESTful endpoints that accept and return JSON representations. This makes OpenIDM super easy to integrate with and script. For example, if you add an LDAP adapter called "ldap", a REST endpoint becomes available at /openidm/system/ldap/ that allows you to query, read, write, update and delete LDAP entries. As an aside, most OpenIDM configuration objects are dynamically reloaded when they are modified. This makes development a joy as you do not need to bounce the Felix OSGI container every time you make a change. The container starts very fast (30 seconds or so on my laptop) - but every second counts! What you might not know is that you can easily add your own custom endpoints. A custom endpoint is an OpenIDM script that accepts a REST r...
ForgeRock Directory Services 7.0 was a big achievement for the Grenoble Directory team. It is the only "Kubernetes native" directory where you can add a new replica using kubectl: kubectl scale sts/ds-idrepo --replicas=3 The 7.0 deployment is assembled using standard Kubernetes primitives such as StatefulSets , Persistent Volume Claims, and Services. This is all built and orchestrated using Skaffold and Kustomize . An emerging pattern in the Kubernetes world is the use of Custom Resources and Operators . Broadly speaking, a custom resource is the declaration of the desired system state, and the operator's job is to observe the current state and bring the system into alignment with the declared state: source: https://blog.container-solutions.com/kubernetes-operators-explained The Kubernetes API server (the thing that responds to your kubectl commands) can be extended to handle new custom types. A custom resource definition (CRD) describes to the API se...
Ansible is a really nice "dev-ops" automation tool in the spirit of Chef, Puppet, etc. It's virtues are simplicity, an "agentless" installation model and a very active and growing community . One of the neat features of Ansible is the concept of "roles". These are reusable chunks of dev-ops code that perform a specific task. Ansible "Playbooks" orchestrate a number of roles together to perform software installation and configuration. Roles by themselves are not sufficient to drive reusability. We need a way to collaborate and share roles. Enter Ansible Galaxy , the central repository for Ansible roles. If you have ever used apt or yum , galaxy will appear quite familiar. For example, to install and use the "opendj" role, you issue the following command: $ ansible-galaxy install warren.strange.opendj (Roles are prefixed with a contributor name to avoid name collisions). If you want to install ForgeRock's...
Comments