Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2016-07-21

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:05 MegaMatt joined #openam
05:05 aldaris joined #openam
06:13 aldaris joined #openam
08:10 abyss joined #openam
08:10 abyss Hi
08:10 aldaris Good morning
08:11 abyss I'd like ask some questions about openam and opendj, replication and support with that, is this a good channel for that?:)
08:21 aldaris it's a good start
08:21 aldaris ^^ abyss
08:26 abyss aldaris: ok. Thank you. I have a litle issue because our company take over application which have solution with openam and opendj. Ofcourse I haven't received any information how to configure all stack properly, we received only proof of concept.
08:27 abyss Proof of concept contain only how to install openam and use with embedded opendj. Now I have extend this to use openam and opendj in cluster mode. The most problem is that I don't know openam and opendj at all and I have only 3-4 days to do that ;)
08:27 aldaris abyss looks like this happens way too often :)
08:28 abyss ;)
08:31 abyss My first question is it is possible to install two openam which I configure the same and point them to LB. LB will take care about dispatch traffic to opendjs servers (let say on LB will be configured two opendj servers) and that opendj will be in replication (master-master).
08:31 aldaris do you want embedded or external DJ?
08:31 abyss Both openams servers won't know about themselves
08:32 aldaris openam instances should know about each other, you shouldn't individually configure those, you should configure to be part of one deployment
08:32 abyss aldaris: external, because when I choose embedded I get info similiar to it should be done on production etc;)
08:32 abyss aldaris: ok, thats complicate my idea;)
08:34 abyss aldaris: I need the most easy way to that but acceptable on production :) But I could accept some disadventages (like when LB switch to another openam I will lose all informations (ex. tokens) and users will have to log in again etc - not much time, so not much good solution;)
08:35 abyss (btw: my english is another issue so please forgive me any mistakes or if something is not clear, please just say, thank you)
08:37 aldaris I'd say that such a setup is unlikely to work, and may result in higher cost for maintenance
08:40 abyss but only issue in my approach is that openams don't know about each other, yes? But rest of this is ok? I mean LB -> openam1 <--- replication ----> openam2 -> LB -> opendj1 <--- replicaction -->opendj2 is ok?
08:41 abyss I imagine this like that;)
08:41 aldaris openam doesn't replicate things, they just crosstalk with each other if and when needed
08:41 aldaris having an LB in front of the components will work of course
08:42 abyss ok, so openam doesn't contain any data it is only something like router application?
08:42 abyss *router for application
08:42 aldaris correct, it utilizes OpenDJ to store its configuration and the users
08:44 abyss ok, so what I should do or where to start to achieve good enough solution to production? I tried start from documentation ofcourse, but it is very large and I afraid I won't accomplish this task in such a limited time :(
08:45 abyss btw: the socond case will be ofcourse: how to move old data from embedded opendj to new opendjs ;)
08:45 abyss *second
08:46 aldaris moving config from embedded to external is a more advanced task, not sure if you really want to jump onto that
08:49 abyss ofcourse I realize the worst scenario - there's no easy way and I have to dig (very deep;)) into documentation. Then it is possible to get support from you during these days? I mean you know, when I stuck or something like that;) Or to clarify something etc.? Or it is not possible?
08:49 abyss ;)
08:53 aldaris you can try, but I'm a bit busy at the moment compiling security patches ;)
09:21 abyss you're a developer of openam?:)
09:24 aldaris yes, I'm mainly focusing on bugfixes nowadays tho
09:27 abyss Nice:) It's very large project, so I full of admiration :)
09:42 aldaris joined #openam
11:03 MegaMatt joined #openam
11:57 aldaris joined #openam
12:39 daveloper joined #openam
12:53 aldaris joined #openam
13:03 aldaris1 joined #openam
13:56 aldaris joined #openam
14:05 daveloper joined #openam
14:09 abyss aldaris: do I need core token service to achieve that I want?
14:10 aldaris for a simple environment, no
14:15 abyss aldaris: sorry, but could you clarify "simple environment"? :) I'd like to make failover but not neccesarly with keeping login data or something (I meant when one of the opendj/openam server collapse then when people will have to login again is not matter for me)
14:16 aldaris core token service has several purposes
14:16 aldaris the main two is session failover and OAuth2 token storage
14:24 abyss aldaris: sorry, but I'd like to understand what we are talking about - so I don't need this unless I would like to keep logged users during failover and switching to another openam/opendj, yes?
14:24 abyss Less reading then more time to achieve clustering so I'd like to avoid ducumentation that I don't need to read;)
14:25 MegaMatt @abyss - I’d highly recommend taking the training classes………..And more time reading documentation ;)
14:25 aldaris session failover == not having to re-login when one of the AM nodes goes down
14:26 MegaMatt You’re setting yourself up for a world of torture that could probably be avoided easily if you take training instead of rushing in with less understanding.
14:26 abyss MegaMatt: I would like;)
14:26 abyss aldaris: exactly :) Thank you
14:27 abyss MegaMatt: I will copy/paste my problem;) It is not depends on me :(
14:27 abyss 10:26 < abyss> aldaris: ok. Thank you. I have a litle issue because our company take over application which have solution with openam and opendj. Ofcourse I
14:27 abyss haven't received any information how to configure all stack properly, we received only proof of concept.
14:27 abyss 10:27 < abyss> Proof of concept contain only how to install openam and use with embedded opendj. Now I have extend this to use openam and opendj in cluster
14:27 abyss errr, it is legible?
14:27 abyss mode. The most problem is that I don't know openam and opendj at all and I have only 3-4 days to do that ;)
14:28 MegaMatt Yes, I follow
14:28 MegaMatt I mean, maybe at the very least read a chapter on session failover?
14:28 MegaMatt https://backstage.forgerock.com/#!/docs/openam/12.0.0/install-guide/chap-session-failover
14:28 abyss one way or another I have less days because I spent almost whole day on stupid meeetings :/
14:29 abyss MegaMatt: I'd like to ease as possible that installation, so I don't wanna make session failover, I need only failover of openam and opendj, when one server goes down the ofcourse everybody has to relogin but whole app still working
14:29 abyss I have too little time to take care about more advanced task (like failover)
14:30 abyss *(like session failover)
14:31 MegaMatt Ok, sounds like a pretty simple installation then - what part are you stuck on?
14:31 abyss I even don't start;)
14:31 abyss As I mentioned I had meetings (stupid;p) all day :/
14:31 abyss I completely don't know openam and opendj
14:31 MegaMatt Ok, so then I guess I’d just start with the installation guide?
14:33 abyss MegaMatt: hmmm, I guess;) We have openam installed with embedded opendj and it's working somehow but ofcourse we need to do at least server failover:)
14:33 abyss but ofcourse I did openam with tutorial provided by someone who did proof of concept so I'm not even sure what I did (click) in openam but it works;)
14:34 abyss MegaMatt: but "sounds like a pretty simple installation then" sound good for me;)
14:34 abyss *sounds
14:36 MegaMatt I’d just put both servers into the cluster, and then point to whatever one is up and running
14:37 abyss MegaMatt: I'd like to use load balancer to point on running server
14:37 abyss something like:
14:38 abyss LB -> openam1 <--- i don't know replication or so? ----> openam2 -> LB -> opendj1 <--- replicaction -->opendj2
14:39 MegaMatt Your diagram stinks ;)
14:39 abyss so in openam I would point LB address for opendj servers to choose the living server (if both are living then use only one), and in application the same for openam
14:39 MegaMatt https://backstage.forgerock.com/#!/docs/openam/13/deployment-planning#figure-site-deployment-single-lb
14:42 abyss MegaMatt: ok, I have a concept now I have to do it. Tommorow I will try to start install openam then opendj, then I will try to configure openam with that opendj
14:42 MegaMatt Good luck. Follow the docs. Use Openam 13.5 if you can, imo
14:42 abyss next I will try to set up another openam and opendj and for opendj do replication and for openam everything that is necessary to work together;)
14:43 abyss No, I can't :( We have 12.x I guess :(
14:43 MegaMatt Ok, that works too
14:43 abyss MegaMatt: it is possible for your support tommorow?
14:44 MegaMatt I might be around, but probably busy
14:44 abyss OK,  thank you for your today's help :)
14:45 MegaMatt I’m probably not the best person to ask things anyhow
14:45 abyss hmmm aldaris gone... But thank for him as well:)
14:45 MegaMatt He’ll read the log, I’m sure
14:45 abyss MegaMatt: we will see :D
14:45 abyss I will just ask and hope for answer tommorow :) Thank you for both of you
14:46 MegaMatt Go back to your higher ups again and beg for training classes
14:46 MegaMatt They’ll be worth it.
14:47 abyss it is long story... But I have so little time because we are going to production :D
14:47 MegaMatt ALl the more justification for training ! :)
14:48 abyss yeah, but only 4 days, ofcourse not all 4 days because of meetings and other commitments :/ So, for them there's no space for trainings;)
14:49 abyss ok, I complained a little, so now I can go home;) Tommorow is another busy day;) Cyu soon :)
15:04 daveloper joined #openam
16:00 daveloper joined #openam
17:29 aldaris joined #openam
17:55 aldaris joined #openam
18:17 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary