389-ds-base

Clone
Source Code
GIT

#50728 Issue 50439 - Update docker integration for Fedora
Closed 3 years ago by spichugi. Opened 4 years ago by mhonek.
mhonek/389-ds-base fix-fedora-dockerfile  into  master

file modified
+3 
@@ -1,3 +1,6 @@ 
 

  

  suse:
 

  	docker build -t 389-ds-suse:master -f docker/389-ds-suse/Dockerfile .
 

+ 

+ fedora:
 

+ 	docker build -t 389-ds-fedora:master -f docker/389-ds-fedora/Dockerfile .

file modified
+34 -29 
@@ -6,41 +6,46 @@ 
 

  # See LICENSE for details.
 

  # --- END COPYRIGHT BLOCK ---
 

  

- FROM fedora:26
 

+ FROM fedora:latest
 

  MAINTAINER 389-devel@lists.fedoraproject.org
 

- EXPOSE 389 636
 

- ENV container docker
 

- 

- RUN mkdir -p /usr/local/src
 

- WORKDIR /usr/local/src
 

+ EXPOSE 3389 3636
 

  

  ADD ./ /usr/local/src/389-ds-base

I followed README.md, navigated to docker/389-ds-fedora and tried to build it. Current pwd doesn't have 389-ds-base sources, so make rpms failed down the line.
How this container build should be executed?

Edited 4 years ago by vashirov 

- 

- RUN dnf upgrade -y && \
 

-     dnf install --setopt=strict=False -y \
 

-         @buildsys-build rpm-build make bzip2 git rsync \
 

-         `grep -E "^(Build)?Requires" 389-ds-base/rpm/389-ds-base.spec.in | grep -v -E '(name|MODULE)' | awk '{ print $2 }' | sed 's/%{python3_pkgversion}/3/g' | grep -v "^/" | grep -v pkgversion | sort | uniq | tr '\n' ' '` && \
 

+ WORKDIR /usr/local/src/389-ds-base
 

+ 

+ # install dependencies
 

+ RUN dnf upgrade -y \
 

+   && dnf install --setopt=strict=False -y @buildsys-build rpm-build make bzip2 git rsync \
 

+   `grep -E "^(Build)?Requires" rpm/389-ds-base.spec.in \
 

+   | grep -v -E '(name|MODULE)' \
 

+   | awk '{ print $2 }' \
 

+   | sed 's/%{python3_pkgversion}/3/g' \
 

+   | grep -v "^/" \
 

+   | grep -v pkgversion \
 

+   | sort | uniq \
 

+   | tr '\n' ' '` \
 

+   && dnf clean all
 

+ 

+ # build
 

+ RUN make -f rpm.mk rpms || sh -c 'echo "build failed, sleeping for some time to allow you debug" ; sleep 3600'
 

+ 

+ RUN dnf install -y dist/rpms/*389*.rpm && \
 

      dnf clean all
 

  

+ # Link some known static locations to point to /data
 

+ RUN mkdir -p /data/config && \
 

+   mkdir -p /data/ssca && \
 

+   mkdir -p /data/run && \
 

+   mkdir -p /var/run/dirsrv && \
 

+   ln -s /data/config /etc/dirsrv/slapd-localhost && \
 

+   ln -s /data/ssca /etc/dirsrv/ssca && \
 

+   ln -s /data/run /var/run/dirsrv
 

  

- ### CHANGE THIS TO A ./configure and build that way.
 

- 

- RUN cd 389-ds-base && \
 

-     PERL_ON=0 RUST_ON=1 make -f rpm.mk rpms
 

- 

- RUN dnf install -y 389-ds-base/dist/rpms/*389*.rpm && \
 

-     dnf clean all
 

- 

- # Create the example setup inf. It's valid for containers!
 

- # Build the instance from the new installer tools.
 

- RUN /usr/sbin/dscreate create-template > /root/ds-setup.inf && /usr/sbin/dscreate -v from-file /root/ds-setup.inf --containerised
 

+ VOLUME /data
 

  

- # Finally add the volumes, they will inherit the contents of these directories.
 

- VOLUME /etc/dirsrv
 

- VOLUME /var/log/dirsrv
 

- VOLUME /var/lib/dirsrv
 

+ #USER dirsrv
 

  

- # Or, run them as dirsrv
 

- USER dirsrv
 

- CMD ["/usr/sbin/ns-slapd", "-d", "0", "-D", "/etc/dirsrv/slapd-localhost", "-i", "/var/run/dirsrv/slapd-localhost.pid"]
 

+ HEALTHCHECK --start-period=5m --timeout=5s --interval=5s --retries=2 \
 

+   CMD /usr/sbin/dscontainer -H
 

  

+ CMD [ "/usr/sbin/dscontainer", "-r" ]

file modified
+1 -1 
@@ -78,7 +78,7 @@ 
 

  	rm -rf dist/$(NAME_VERSION)
 

  	cd dist/sources ; \
 

  	if [ $(BUNDLE_JEMALLOC) -eq 1 ]; then \
 

- 		wget $(JEMALLOC_URL) ; \
 

+ 		curl -LO $(JEMALLOC_URL) ; \
 

  	fi
 

  

  rpmroot:

Bug Description:
Fedora Dockerfile has been unbuildable/broken for sometime.

Fix Description:
Update the Dockerfile to make it work while mimicking ideas from the
SUSE's counterpart.

Additionaly, changing wget to curl in rpm.mk since wget does not seem to
be available in the minimal image.

Relates https://pagure.io/389-ds-base/issue/50439
Relates https://pagure.io/389-ds-base/pull-request/50441#comment-88961

Author: Matus Honek mhonek@redhat.com

Review by: ???

All seems reasonable to me, but maybe someone who uses fedora more these days wants to check :)

I followed README.md, navigated to docker/389-ds-fedora and tried to build it. Current pwd doesn't have 389-ds-base sources, so make rpms failed down the line.
How this container build should be executed?
Edited 4 years ago by vashirov

@vashirov Ah, README seems to be fairly outdated, too. You need to build from the git root, like docker build -f docker/389-ds-fedora/Dockerfile .. I would rather address this in a follow-up ticket, if that's ok.

Ok, this way build worked (after fixing npm issues).

Now I'm trying to run this and have the following error:

DEBUG: READY: Beginning installation for localhost...                                                                              
DEBUG: ACTION: Creating dse.ldif                                                                                                   
DEBUG: ACTION: creating /data/bak                                                                                                  
DEBUG: ACTION: creating /etc/dirsrv/slapd-localhost                                                                                
DEBUG: ACTION: creating /data/db                                                                                                   
DEBUG: ACTION: creating /data/ldif
DEBUG: ACTION: creating /data/run/lock
DEBUG: ACTION: creating /data/logs
DEBUG: ACTION: creating /data/run
Traceback (most recent call last):
  File "/usr/sbin/dscontainer", line 332, in <module>
    begin_magic()
  File "/usr/sbin/dscontainer", line 193, in begin_magic
    if not sds.create_from_args(g2b.collect(), s2b.collect()):
  File "/usr/lib/python3.7/site-packages/lib389/instance/setup.py", line 654, in create_from_args
    self._install_ds(general, slapd, backends)
  File "/usr/lib/python3.7/site-packages/lib389/instance/setup.py", line 770, in _install_ds
    shutil.copy2(srcfile, dstfile)
  File "/usr/lib64/python3.7/shutil.py", line 267, in copy2
    copystat(src, dst, follow_symlinks=follow_symlinks)
  File "/usr/lib64/python3.7/shutil.py", line 209, in copystat
    _copyxattr(src, dst, follow_symlinks=follow)
  File "/usr/lib64/python3.7/shutil.py", line 165, in _copyxattr
    os.setxattr(dst, name, value, follow_symlinks=follow_symlinks)
PermissionError: [Errno 13] Permission denied: '/etc/dirsrv/slapd-localhost/slapd-collations.conf'

I see the following SELinux denials on the host system:

----
time->Wed Nov 20 11:58:31 2019
type=AVC msg=audit(1574247511.026:25023): avc:  denied  { relabelto } for  pid=2941395 comm="dscontainer" name="99user.ldif" dev="dm-1" ino=14168269 scontext=system_u:system_r:container_t:s0:c44,c359 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 11:58:31 2019
type=AVC msg=audit(1574247511.026:25024): avc:  denied  { relabelto } for  pid=2941395 comm="dscontainer" name="slapd-collations.conf" dev="dm-1" ino=14168270 scontext=system_u:system_r:container_t:s0:c44,c359 tcontext=system_u:object_r:fusefs_t:s0 tclass=file permissive=0

It doesn't happen if /etc/dirsrv/slapd-localhost is not symlinked to a mounted /data/config/.
Is this expected?

I use podman on my F31 system, since docker doesn't support cgroups v2.
Apparently there are some differences and podman is more strict. Let's merge this as it is, and later we can address podman issues.

rebased onto 957e2ae
4 years ago

I've rebased including an addition of a fedora target in docker.mk, per Viktor's suggestion.

FTR: my use cases are such that selinux is not an issue (unconfined) for me when it comes to volumes (it's all within the /home partition of mine, even the default docker's volumes' location). The issues mentioned here should be of course solved but reasoning and solving them is going to be non-trivial, so deferring this into future.

Thanks.

Pull-Request has been merged by mhonek
4 years ago

README changes ticket: #50732

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3783

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 3
+3 -0
file changed
docker.mk
+34 -29
file changed
docker/389-ds-fedora/Dockerfile
+1 -1
file changed
rpm.mk
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.