ForgeOps: Customize default setup-profiles

Author:

Lee Baines-Dark

Created at:

Aug 2024

Updated at:

Oct 2024

PURPOSE

This article will provide sample steps on how to customize one of the current setup-profiles in a ForgeOps DS image.

COMPATIBLE FORGEOPS VERSIONS

The steps below are relevant for ForgeOps versions 7.4 and later. These steps use the ForgeOps release branch release/7.5-20240618 as a guide.

PRE-REQUISITES

To ensure predictable results, the user must have knowledge of:

  • DS setup-profile configuration including the order ldif files in different versioned templates are read

  • ForgeOps DS docker build process including how you can also import custom schema or ldap configuration separately as documented here.

You will also need:

  • A Kubernetes environment for running a ForgeOps deployment.

STEPS

Test the steps with a single instance ForgeOps deployment. Once the steps are validated, you can use your custom image in your development environment. We are making a copy of the IdentityStore profile as an example.

Create a copy of your setup-profile in your ForgeOps branch

  1. Checkout the release/7.5-20240618 branch of ForgeOps.

  2. Deploy a single-instance ForgeOps deployment using either Kustomize or Helm.

  3. In the docker/ds/ds-new directory, add a new directory called setup-profile.

    cd /path/to/forgeops/docker/ds/ds-new
mkdir -p setup-profile

  4. In your terminal, navigate to your new setup-profile directory.

    cd setup-profile

  5. Copy the setup-profile you wish to customize being sure of the version of the profile you want to update.

    kubectl cp ds-idrepo-0:/opt/opendj/template/setup-profiles/AM/identity-store/7.0 .

  6. Customize your new setup-profile as required.
    Read the DS documentation for further details

Update the DS docker image to copy the new setup-profile into place

  1. Add the following 2 lines to the Dockerfile above RUN ./ds-setup.sh && rm ./ds-setup.sh && rm -fr ldif-ext

    RUN mkdir -p /opt/opendj/custom-profile
COPY --chown=forgerock:root setup-profile/7.0 /opt/opendj/custom-profile

  2. Add the following lines to ds-setup.sh above chmod -R a+rw template/setup-profiles/AM

    rm -rf template/setup-profiles/AM/identity-store/7.0/*
cp -a custom-profile/* template/setup-profiles/AM/identity-store/7.0

Build and redeploy DS

  1. Build a new image with your custom setup-profile

    forgeops build ds -t <custom-tag> --push-to <container-registry>

  2. Delete DS deployment

    forgeops delete ds -y

  3. Deploy DS

    forgeops install ds

Verify changes

You can verify the changes by checking ldap directly on the DS pod using ldapsearch. See the DS docs for more details.
Or you can connect an ldap directory studio. See instructions here