Amster

Amster usage examples

In this section, you can find examples of tasks you can do with Amster.

For Amster examples in Docker and Kubernetes deployments, see the ForgeRock DevOps (ForgeOps) documentation.

Clone an Access Management instance

This example shows the high-level steps required to clone an AM instance, from exporting the configuration of the original instance, to installing the new instance and importing the configuration into it.

Follow these steps to clone an AM instance using Amster:

  1. Create a transport key in the original AM instance, if one does not exist already. For more information, refer to Create transport keys to export configuration data.

  2. Keep the transport key safe by exporting it to another keystore. The key is required to import the configuration into the new AM instance. For more information, see Duplicate and install a transport key.

  3. Connect to the original AM instance using the amster command. For more information, refer to Connect to AM.

  4. Export all the configuration of the original AM instance using the export-config command. For more information, refer to Export configuration data.

  5. Take note of the value of the Password Encryption Key field on the original AM, for example, O6QWwHPO4os+zEz3Nqn/2daAYWyiFE32.

    To locate it, log in to the original AM instance, and navigate to Deployment > Servers > Server Name > Security > Encryption.

  6. In the new server, deploy the AM .war file in a web container, but do not configure it.

  7. Install the new AM instance using the install-openam command, specifying the original AM password encryption key with the --pwdEncKey option. For example:

    am> install-openam \
     --serverUrl https://openam.example.com:8443/openam \
     --adminPwd forgerock \
     --pwdEncKey O6QWwHPO4os+zEz3Nqn/2daAYWyiFE32 \
     --acceptLicense

    For more information, refer to Install AM with Amster.

  8. Import the transport key of the original AM instance into the keystore of the new AM instance. For more information, see Duplicate and install a transport key.

  9. Connect to the new AM instance using the amster command. For more information, refer to Connect to AM.

  10. Import the configuration of the original AM instance using the import-config command. For more information, refer to Import configuration data.

Amster sample scripts

This section covers sample scripts and files found in the /path/to/amster/samples directory:

transport-key.sh

Shell script to manage transport keys. You can use it as a template for your own scripts to create, delete, and export the key to another keystore.

Invoke the script’s help for a list of possible actions:

$ ./transport-key.sh help

For more information about the transport key, refer to Create transport keys to export configuration data.

realm.amster

Amster script containing an example of different operations that can be done at realm level, such as creating a data store, displaying its configuration, modifying it, and deleting it.

For more information about writing scripts for Amster, see Scripts.

import-example.amster

Amster script containing an example of the import-config command.

For more information about writing scripts for Amster, see Scripts.

export-example.amster

Amster script containing an example of the export-config command.