From 01561a10cf22059bd582306ad3f2cac289e2413e Mon Sep 17 00:00:00 2001 From: William Brown Date: Apr 12 2017 00:02:43 +0000 Subject: Ticket 49207 - Supply docker POC build for DS. Fix Description: Supply a proof of concept docker build file for 389 Directory Server. This container will contain a single instance of directory server with no backends. It should be administered with dsconf / ldif. https://pagure.io/389-ds-base/issue/49207 Author: wibrown Review by: nhosoi, lslebodn (thanks!) --- diff --git a/docker/389ds_poc/Dockerfile b/docker/389ds_poc/Dockerfile new file mode 100644 index 0000000..6e9ebf4 --- /dev/null +++ b/docker/389ds_poc/Dockerfile @@ -0,0 +1,50 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2017 Red Hat, Inc. +# All rights reserved. +# +# License: GPL (version 3 or any later version). +# See LICENSE for details. +# --- END COPYRIGHT BLOCK --- + +FROM centos:7 +MAINTAINER 389-devel@lists.fedoraproject.org +EXPOSE 389 636 +ENV container docker +ARG lib389repository=https://pagure.io/lib389.git +ARG dsrepository=https://pagure.io/389-ds-base.git +ARG lib389branch=master +ARG dsbranch=master + +RUN mkdir -p /usr/local/src +WORKDIR /usr/local/src + +RUN yum upgrade -y && \ + yum install -y @buildsys-build rpm-build make epel-release bzip2 git && \ + yum clean all + +RUN git clone --depth=1 --branch=$lib389branch $lib389repository lib389 && \ + git clone --depth=1 --branch=$dsbranch $dsrepository 389-ds-base + +RUN yum install -y --skip-broken `grep -E "^(Build)?Requires" 389-ds-base/rpm/389-ds-base.spec.in lib389/python-lib389.spec | grep -v -E '(name|MODULE)' | awk '{ print $2 }' | grep -v "^/" | grep -v pkgversion | sort | uniq| tr '\n' ' '` && \ + yum clean all + +RUN make -C lib389/ rpm + +RUN cd 389-ds-base && make -f rpm.mk rpms + +RUN yum install -y 389-ds-base/dist/rpms/389*.rpm lib389/rpmbuild/RPMS/noarch/*lib389* && \ + yum clean all + +# Create the example setup inf. It's valid for containers! +# Build the instance from the new installer tools. +RUN /usr/sbin/dscreate example > /root/ds-setup.inf && /usr/sbin/dscreate -v fromfile /root/ds-setup.inf --IsolemnlyswearthatIamuptonogood --containerised + +# Finally add the volumes, they will inherit the contents of these directories. +VOLUME /etc/dirsrv +VOLUME /var/log/dirsrv +VOLUME /var/lib/dirsrv + +# Or, run them as dirsrv +USER dirsrv +CMD ["/usr/sbin/ns-slapd", "-d", "0", "-D", "/etc/dirsrv/slapd-localhost", "-i", "/var/run/dirsrv/slapd-localhost.pid"] + diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 0000000..70adf2b --- /dev/null +++ b/docker/README.md @@ -0,0 +1,61 @@ + +#### Issue Description +This folder contains proof of concept dockerfiles for 389 Directory Server. This utilises many of our latest +developments for installing instances and configuring them. We have developed native, clean, and powerful container +integration. This container image is usable on CentOS / RHEL / Fedora atomic host, and pure docker implementations. +Please note this image will not currently work in openshift due to a reliance on volume features that openshift does +not support, but we will correct this. + + +#### Using the files +These docker files are designed to be build from docker hub as the will do a remote git fetch during the build process. +They are not currently designed to operate on a local source tree (we may add this later). + +``` +cd docker/389ds_poc; +docker build -t 389ds_poc:latest . +``` + +#### Deploying and using the final product + +``` +docker create -h ldap.example.com 389ds_poc:latest +docker start +docker inspect | grep IPAddress +ldapsearch -H ldap://
-b '' -s base -x + +.... +supportedLDAPVersion: 3 +vendorName: 389 Project +vendorVersion: 389-Directory/1.3.6.3 B2017.093.354 + +``` + +To expose the ports you may consider adding: + +``` +-P +OR +-p 127.0.0.1:$HOSTPORT:$CONTAINERPORT +``` + +You can not currently use a persistent volume with the 389ds_poc image due to an issue with docker volumes. This will be +corrected by https://pagure.io/389-ds-base/issue/49213 + +#### Warnings + +The 389ds_poc container is supplied with a static Directory Manager password. This is HIGHLY INSECURE and should not be +used in production. The password is "directory manager password". + +The 389ds_poc container has some issues with volume over-rides due to our use of a pre-built instance. We are working to +resolve this, but until a solution is derived, you can not override the datavolumes. + +#### Other ideas + +* We could develop a dockerfile that builds and runs DS tests in an isolated environment. +* Make a container image that allows mounting an arbitrary 389-ds repo into it for simple development purposes. + +#### NOTE of 389 DS project support + +This is not a "supported" method of deployment to a production system and may result in data loss. This should be +considered an experimental deployment method until otherwise announced. +