Configure Autoheal

To configure automatic restart of the Connector Server, first, set up the general Autoheal service. When you have the general service up and running, continue with this howto.

Set up automatic restart of the connector-server

  1. Find the UUID of the connector-server in the IdM.

    • In IDM, open the connector server page in Connected systems → Connector servers. After opening the connector server details, its identifier will be visible in the URL. Write it down, as you will need it in following steps.

    • The URL will look like this (the identifier we are interested in is marked in bold):

      https://appliance.tld/idm/#/remote-servers/d165fc9b-1c77-41d3-ad6e-4fe2659ab7db/detail

  2. Create a user in IDM

    • In IDM, create a new identity named IAM_connector_server_status. This identity will be used to log in for the healthcheck of the connector server.

  3. Create a role in IDM

    • In IDM, create a new role named IAM_connector_server_status, which grants permission to read connector servers:

      • Agenda: Connector servers (SysRemoteServer)

      • Permission: Read

      • Evaluation type: BasePermissionEvaluator

  4. Assign the role to the user

    • Assign the IAM_connector_server_status role to the IAM_connector_server_status user.

  5. Generate a token for the user

    • Generate an access token for the IAM_connector_server_status user in IDM on the Settings → Tokens page. DO NOT set an expiration for the token.

    • Save the generated token in the IAM Appliance to the new file /data/volumes/connector-server/secrets/token.

  6. Configure the docker-compose-connector-server.yml file.

    • Open the file /data/registry/node-active-config/docker-compose-connector-server.yml and uncomment all the options you see in the example below:

        - DOCKER_CONNECTOR_SRV_IDM_UUID=d165fc9b-1c77-41d3-ad6e-4fe2659ab7db
  - DOCKER_CONNECTOR_SRV_IDM_USERTOKEN=/run/secrets/token

    ... abbreviated ...

  - type: bind
    source: /data/volumes/connector-server/secrets/token
    target: /run/secrets/token
    read_only: true
healthcheck:
  test: |
    curl -sSf -o /dev/null --connect-timeout 1 --max-time 2 \
    -X GET http://czechidm:8080/idm/api/v1/remote-servers/$$DOCKER_CONNECTOR_SRV_IDM_UUID/frameworks \
    -H "CIDMST: $(cat $$DOCKER_CONNECTOR_SRV_IDM_USERTOKEN)" && exit 0 || exit 1
  interval: 15s
  timeout: 3s
  retries: 2
  start_period: 15s
labels:
  autoheal: enabled
  autoheal.service.name: iam-connector-server

    • Insert the connector-server UUID you found in step 2 into the DOCKER_CONNECTOR_SRV_IDM_UUID variable.

    • Save the file.

  7. Restart the connector-server

    • systemctl restart iam-connector-server

  8. Verify that the docker container status changed to healthy

    • Wait about 30 seconds and run docker ps. The STATUS column should display (healthy).

      CONTAINER ID   IMAGE                                                       COMMAND                  CREATED        STATUS                PORTS      NAMES
be73db6f36f7   repo.iamappliance.com:8443/bcv-connector-server:1.1-r0      "/bin/bash -c $RUNSC…"   6 weeks ago    Up 6 days (healthy)   8759/tcp   connector-server

    • If the status is (healthy), the configuration is complete. If not, there is a configuration error, and you must verify whether you made a mistake in the previous procedure.