Deployment with packages
IAM can be deployed from packages on the RHEL 8 and 9 platforms. The RPMs are hosted on the INDIGO IAM package stable repository.
Warning
We no longer maintain packages for the CENTOS 7 and Ubuntu platform.Installation
Since INDIGO IAM v1.14.0 we release signed RPMs.
- Install the INDIGO IAM release key:
sudo rpm --import https://indigo-iam.github.io/repo/gpgkeys/indigo-iam-release.pub.gpg
On AlmaLinux 8
- Install the repo file:
sudo curl -L \
-o /etc/yum.repos.d/indigoiam-stable-el8.repo \
https://indigo-iam.github.io/repo/repofiles/rhel/indigoiam-stable-el8.repo
- Clear the package manager cache and install
iam-login-servicewith:
sudo dnf makecache
sudo dnf install -y iam-login-service
On AlmaLinux 9
- Install the repo file:
sudo curl -L \
-o /etc/yum.repos.d/indigoiam-stable-el9.repo \
https://indigo-iam.github.io/repo/repofiles/rhel/indigoiam-stable-el9.repo
- Clear the package manager cache and install
iam-login-servicewith:
sudo dnf makecache
sudo dnf install -y iam-login-service
IAM service configuration
The IAM service is configured via a configuration file named iam-login-service
which holds the settings for the environment variables that drive its
configuration (as described in the configuration reference
section).
The file is located in the following path:
/etc/sysconfig/iam-login-service
Run the service
The IAM login service is managed by systemd.
To enable the service use the following command:
sudo systemctl enable iam-login-service
To start the service use the following command:
sudo systemctl start iam-login-service
To access the service logs, use the following command:
sudo journalctl -fu iam-login-service
Deployment Tips
In headless servers, running haveged daemon is recommended to generate more entropy.
Before running the IAM login service, check the available entropy with:
cat /proc/sys/kernel/random/entropy_avail
If the obtained value is less than 1000, then haveged daemon is mandatory.
Install EPEL repository:
sudo dnf install -y epel-release
Install Haveged:
sudo dnf install -y haveged
Enable and run the haveged daemon with:
sudo systemctl enable haveged
sudo systemctl start haveged