IBM Security Verify

Introduction

If you want to try out IBM Security Verify Access on Docker, but you don’t have a Docker environment, this post provides step-by-step instructions for setting up a Centos 7 Linux machine and then installing Docker Community Edition and docker-compose.

Once you have completed the steps in this post, you’ll be able to use my Verify Access with Docker and Docker Compose cookbook (on the IBM Security Learning Academy) to explore Docker concepts and configure Access Manager on Docker.

Subsequent blog posts expand on the environment built here to explore orchestration technologies such as Kubernetes and OpenShift.

Resource Requirements

For my environment, I used a virtual machine running under VMWare but you could use a different hypervisor or a physical machine. For my virtual machine I used these settings:

• Minimum 4GB Memory (8GB recommended)
• 30GB Disk
• Minimum 2 CPUs (4 CPUs recommended)
• Recommend enabling nested hypervisor support (but not required for first steps)

Install Centos 7

The first step of the setup is to install Centos 7. I used the Centos 7 Minimal ISO from the Centos web site.

Here are a few notes on the installation:

• You can use Automatic Partitioning. The XFS filesystem settings in the latest Centos 7 installer will work fine with Docker Overlay2 filesystem.
• Be sure to go into the Network & Host name section to enable your network card. Set a hostname and domain to give your machine a unique name.
• While the installation is running, you are asked to set a password for the root user and create a standard user. I created a standard user with username of demouser but you can choose your own name.

At the end of the installation you will reboot the system and end up at a login prompt.

Set up Graphical Desktop

To create a standalone system, install the X Window system, a desktop manager, and a browser. You can choose your own if you like but here are instructions for installing a minimal Gnome Desktop, a file editor, and the Firefox browser.

Login to the system as root. Rather than logging in at the console, you might prefer to connect with ssh so that you can cut and paste from this post.

Enter these commands:

yum -y update

yum -y groupinstall "X Window System"

yum -y install gnome-classic-session gnome-terminal nautilus-open-terminal control-center dejavu-sans-mono-fonts firefox gedit open-vm-tools-desktop

unlink /etc/systemd/system/default.target

ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target

Reboot the system.

Install a few useful utilities

Login to the system as root. You can connect with ssh or use the graphical desktop.

Enter the following commands to install some useful utilities:

yum -y install open-vm-tools unzip net-tools git bash-completion xdg-utils openldap-clients wget

Install Docker Community Edition

You will now install Docker Community Edition. This is done by adding the Docker CE repository to yum and then installing. This allows updates to be managed by the update manager.

As root, enter the following commands to install Docker CE and set it to auto-start:

yum-config-manager -y --add-repo https://download.docker.com/linux/centos/docker-ce.repo

yum install -y yum-utils device-mapper-persistent-data lvm2 docker-ce

systemctl enable docker

systemctl start docker

Install docker-compose

The docker-compose utility allows some basic automation of a Docker environment.

As root, enter the following commands to download and install:

curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

curl -L https://raw.githubusercontent.com/docker/compose/1.24.0/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose

Add standard user to docker group

If you want a standard user to be able to run Docker commands, they must be added to the docker group.

As root, enter the following commands (replacing demouser with the username of your standard user):

usermod -aG docker demouser

The installation is complete.

Reboot the system.

Test Docker

When the system has rebooted, login as the standard user.

Enter the following command to run a test Docker container:

docker run --name test hello-world

You should see the following output:

Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
d1725b59e92d: Pull complete 
Digest: sha256:0add3ace90ecb4adbf7777e9aacf18357296e799f81cabc9fde470971e499788
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

The container has started, output a welcome message, and stopped. To keep things tidy, delete the stopped container and the image using the following commands:

docker rm test
docker rmi hello-world

Add entries to /etc/hosts

As root, enter the following command to add a couple of static host mappings:

cat <<EOF >> /etc/hosts
127.0.0.2 lmi.iamlab.ibm.com
127.0.0.3 www.iamlab.ibm.com
EOF

Congratulations! You now have a working Docker environment in which you can explore installation of IBM Security Verify Access using Docker and docker-compose.