Question about InterSystems API (IAM) install from tar file with IRIS running locally

Question

Question

Scott Roth · Apr 11

#InterSystems API Manager (IAM) #Health Connect #InterSystems IRIS #InterSystems IRIS for Health

I downloaded IAM-3.4.2.0-5604.tar.gz from the Online Distribution site this morning, it the implementation to install it on our Development environment to see if it is a viable solution. Following the instructions, I have ran into an issue trying to make sure I am entering the information into the prompts correctly.

I have IRIS HealthShare Health Connect 2024.1 running locally using a Local Web Server, so when prompted I have entered the IP Address and port 443 is that correct?

:>iam-setup.sh
Welcome to the InterSystems IRIS and InterSystems API Manager (IAM) setup script.
This script sets the ISC_IRIS_URL environment variable that is used by the IAM container to get the IAM license key from InterSystems IRIS.
Enter the full image repository, name and tag for your IAM docker image:
intersystems/iam:3.4.1.0
Enter the IP address for your InterSystems IRIS instance. The IP address has to be accessible from within the IAM container, therefore, do not use "localhost" or "127.0.0.1" if IRIS is running on your local machine. Instead use the IP address of your local machine. If IRIS is running in a container, use the IP address of the host environment, not the IP address of the IRIS container:
xxx.xxx.xxx.xxx
Enter the web server port for your InterSystems IRIS instance:
443
Enter the password for the IAM user for your InterSystems IRIS instance:
Re-enter your password:
If local policy requires that HTTPS be used for communication, please provide the full path to your CA Certificate file now. Otherwise hit "Return":
/etc/pki/ca-trust/source/anchors/OSUWMC_CA.pem
If your InterSystems IRIS instance is only accessible via its CSPConfigName URL prefix, please provide the prefix with a trailing slash (/) now. Otherwise hit "Return":

Your inputs are:
Full image repository, name and tag for your IAM docker image: intersystems/iam:3.4.1.0
IP address for your InterSystems IRIS instance: xxx.xxx.xxx.xxx
Web server port for your InterSystems IRIS instance: 443
CA Certificate for HTTPS: /etc/pki/ca-trust/source/anchors/OSUWMC_CA.pem
CSPConfigName URL prefix:
Would you like to continue with these inputs (y/n)?
y
Getting IAM license using your inputs...
Couldn't reach InterSystems IRIS at xxx.xxx.xxx.xxx:443. One or both of your IP and Port are incorrect.

I have verified that...

IAM user is enabled
/api/iam is enabled

What port should be specified if you are running a Local Web Server/Web Gateway?

Thanks

Scott

$ZV: IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2024.1 (Build 264_1U) Thu Apr 4 2024 14:54:11 EDT U

Discussion (8)2

Log in or sign up to continue

Alexander Koblov · Apr 11

Scott,

take a look inside iam-setup.sh

Based on the inputs it constructs a URL and then tries to 'curl' it.

And fails for some reason. Check which URL it constructs and check if curl indeed works fine for that URL

The URL should look like:

https://IAM:
@xxx.xxx.xxx.xxx:443/api/iam/license

Check if you can access it from the bash

0 0

Bob Kuszewski · Apr 12

The URL that you're generating is the one to the webgateway. Do you have the webgateway running on port 443 of the same IP address as your IRIS server?

0 0

score 0 · Answer 1 · 2024-04-11T11:11:48-04:00

I verified that /api/iam is enabled, but using CURL or POSTMAN, I keep getting a 404 - Not Found error. I thought it might be because the script is looking for /api/iam/license so I shorted it to /api/iam to see if I could get a response but still getting the 404 error.

I even tried unauthenticated on /api/iam

score 0 · Answer 2 · 2024-04-15T03:27:11-04:00

Alexander Koblov · Apr 15

Does the webserver pass "/api/iam" to the Web Gateway?

0 0

score 0 · Answer 3 · 2024-04-15T08:10:25-04:00

my httpd.conf is setup to send / to CSP.#

### BEGIN-ApacheCSP-SECTION ####
LoadModule csp_module_sa "/opt/webgateway/bin/CSPa24.so"
CSPModulePath "/opt/webgateway/bin/"
CSPConfigPath "/opt/webgateway/bin/"
CSPFileTypes csp cls zen cxw
Alias /csp/ /opt/webgateway/bin/
<Location />
        CSP On
</Location>
<Location "/csp/">
        CSP On
</Location>
<Location "/api/">
        CSP On
</Location>
<Location "/oauth2/">
        CSP On
</Location>
<Location "/isc/">
        CSP On
</Location>
<Location "/ui/">
        CSP On
</Location>

<Directory "/opt/webgateway/bin/">
        AllowOverride None
        Options MultiViews FollowSymLinks ExecCGI
        Require all granted
        <FilesMatch "\.(log|ini|pid|exe)$">
                Require all denied
        </FilesMatch>
</Directory>

score 0 · Answer 4 · 2024-04-15T10:48:12-04:00

Hm, check also Protect event in the Audit -- ensure that the Audit and logging of Protect events are enabled, then reproduce the problem and see if anything is logged in the Audit

score 0 · Answer 5 · 2024-04-12T08:12:03-04:00

I played around with the iam-setup.sh script, and found when I ran the script without a CA and port it was able to connect to the IRIS instance. Next step is that the docker will not start, I need to dig into that more.

score 0 · Answer 6 · 2024-04-15T15:03:21-04:00

I was able to get past the iam-setup.sh but now when I run podman-compose up -d I am getting the follwing error...

:>sudo podman-compose up -d
podman-compose version: 1.0.6
['podman', '--version', '']
using podman version: 4.6.1
** excluding: set()
['podman', 'ps', '--filter', 'label=io.podman.compose.project=scripts', '-a', '--format', '{{ index .Labels "io.podman.compose.config-hash"}}']
podman volume inspect scripts_pgdata14 || podman volume create scripts_pgdata14
['podman', 'volume', 'inspect', 'scripts_pgdata14']
['podman', 'network', 'exists', 'scripts_default']
podman run --name=scripts_db_1 -d --label io.podman.compose.config-hash=0b8c4491a1820337de3b759d5b1067ea78426dafeaec513283d14bd1ac5c3e8b --label io.podman.compose.project=scripts --label io.podman.compose.version=1.0.6 --label PODMAN_SYSTEMD_UNIT=podman-compose@scripts.service --label com.docker.compose.project=scripts --label com.docker.compose.project.working_dir=/ensemble/tmp/IAM/scripts --label com.docker.compose.project.config_files=docker-compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=db -e POSTGRES_DB=iam -e POSTGRES_PASSWORD=iam -e POSTGRES_USER=iam -v scripts_pgdata14:/var/lib/postgresql/data --net scripts_default --network-alias db -i --restart on-failure --healthcheck-command /bin/sh -c pg_isready' '-U' 'iam --healthcheck-interval 30s --healthcheck-timeout 30s --healthcheck-retries 3 postgres:14.5
7db3dff8488e4115cd7d65d4ea61be9de185e68dfdbcf1744ec913b02314645c
exit code: 0
['podman', 'network', 'exists', 'scripts_default']
podman run --name=scripts_iam-migrations_1 -d --requires=scripts_db_1 --label io.podman.compose.config-hash=0b8c4491a1820337de3b759d5b1067ea78426dafeaec513283d14bd1ac5c3e8b --label io.podman.compose.project=scripts --label io.podman.compose.version=1.0.6 --label PODMAN_SYSTEMD_UNIT=podman-compose@scripts.service --label com.docker.compose.project=scripts --label com.docker.compose.project.working_dir=/ensemble/tmp/IAM/scripts --label com.docker.compose.project.config_files=docker-compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=iam-migrations -e KONG_DATABASE=postgres -e KONG_PG_DATABASE=iam -e KONG_PG_HOST=db -e KONG_PG_PASSWORD=iam -e KONG_PG_USER=iam -e KONG_CASSANDRA_CONTACT_POINTS=db -e ISC_IRIS_URL= -e ISC_CA_CERT= --net scripts_default --network-alias iam-migrations --restart on-failure bash -c kong migrations bootstrap; kong migrations up; kong migrations finish
Error: repository name must have at least one component
exit code: 125
podman start scripts_iam-migrations_1
Error: no container with name or ID "scripts_iam-migrations_1" found: no such container
exit code: 125
['podman', 'network', 'exists', 'scripts_default']
podman run --name=scripts_iam_1 -d --requires=scripts_db_1 --label io.podman.compose.config-hash=0b8c4491a1820337de3b759d5b1067ea78426dafeaec513283d14bd1ac5c3e8b --label io.podman.compose.project=scripts --label io.podman.compose.version=1.0.6 --label PODMAN_SYSTEMD_UNIT=podman-compose@scripts.service --label com.docker.compose.project=scripts --label com.docker.compose.project.working_dir=/ensemble/tmp/IAM/scripts --label com.docker.compose.project.config_files=docker-compose.yml --label com.docker.compose.container-number=1 --label com.docker.compose.service=iam -e KONG_ADMIN_ACCESS_LOG=/dev/stdout -e KONG_ADMIN_ERROR_LOG=/dev/stderr -e KONG_ADMIN_LISTEN=0.0.0.0:8001 -e KONG_ANONYMOUS_REPORTS=off -e KONG_CASSANDRA_CONTACT_POINTS=db -e KONG_DATABASE=postgres -e KONG_PG_DATABASE=iam -e KONG_PG_HOST=db -e KONG_PG_PASSWORD=iam -e KONG_PG_USER=iam -e KONG_PROXY_ACCESS_LOG=/dev/stdout -e KONG_PROXY_ERROR_LOG=/dev/stderr -e KONG_PORTAL=on -e KONG_PORTAL_GUI_PROTOCOL=http -e KONG_PORTAL_GUI_HOST=127.0.0.1:8003 -e KONG_ADMIN_GUI_URL=http://localhost:8002 -e ISC_IRIS_URL= -e ISC_CA_CERT= --net scripts_default --network-alias iam -p 8000:8000 -p 8001:8001 -p 8002:8002 -p 8003:8003 -p 8004:8004 -p 8443:8443 -p 8444:8444 -p 8445:8445 --restart on-failure
Error: repository name must have at least one component
exit code: 125
podman start scripts_iam_1
Error: no container with name or ID "scripts_iam_1" found: no such container
exit code: 125