Merge pull request #651 from ericchiang/dev-remove-openldap-container

contrib/openldap: remove OpenLDAP container
This commit is contained in:
Eric Chiang 2016-10-31 15:19:05 -07:00 committed by GitHub
commit 651b406cfd
9 changed files with 0 additions and 198 deletions

View File

@ -1,2 +0,0 @@
assets/*.docker
assets/*.aci

View File

@ -1 +0,0 @@
assets

View File

@ -1,25 +0,0 @@
FROM alpine
MAINTAINER eric.chiang@coreos.com
# groll installs soelim, which is required by the build.
RUN apk add --update alpine-sdk openssl-dev db-dev groff
ADD assets/openldap-2.4.44 /openldap-2.4.44
WORKDIR /openldap-2.4.44
RUN ./configure
RUN make depend
RUN make
RUN make install
RUN apk del groff alpine-sdk
ADD scripts/entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

View File

@ -1,36 +0,0 @@
image=quay.io/coreos/openldap:2.4.44
image_file=assets/openldap_2_4_44.docker
aci_file=quay.io-coreos-openldap-2.4.44.aci
$(shell mkdir -p assets)
user=$(shell id -u -n)
group=$(shell id -g -n)
.PHONY: build
build: $(image_file)
$(image_file): assets/openldap-2.4.44.tgz Dockerfile scripts/entrypoint.sh
sudo docker build -t $(image) .
sudo docker save -o $(image_file) $(image)
# Change ownership of the container.
sudo chown $(user):$(group) $(image_file)
assets/openldap-2.4.44.tgz: scripts/download.sh
./scripts/download.sh
$(aci_file): $(image_file)
docker2aci $(image_file)
mv $(aci_file) assets/$(aci_file)
.PHONY: import-aci
import-aci: $(aci_file)
sudo rkt fetch --insecure-options=image ./assets/quay.io-coreos-openldap-2.4.44.aci
clean:
rm -rf assets/*
.PHONY: push
push:
sudo docker push quay.io/coreos/openldap:2.4.44

View File

@ -1,63 +0,0 @@
# An OpenLDAP container
## Running with rkt
First be sure to clean any existing containers and turn SELinux to Permissive (this is due to a known issue in rkt).
sudo setenforce Permissive
sudo rkt gc --grace-period=0s
Run the OpenLDAP container at a predefined IP, this will set some initial values.
sudo rkt run --net=default:IP=172.16.28.25 quay.io/coreos/openldap:2.4.44
OpenLDAP will then be available on port 389. To work with the container's examples install the openldap client programs on your host.
sudo dnf install -y openldap-clients
`ldapadd` can be used to add new entries to the directory.
ldapadd \
-h 172.16.28.25 \
-D "cn=Manager,dc=example,dc=com" \
-w "secret" \
-f examples/example.ldif
The created entries can be searched with the `ldapsearch` command.
ldapsearch \
-h 172.16.28.25 \
-D "cn=Manager,dc=example,dc=com" \
-w "secret" \
-b "dc=example,dc=com" \
'(objectClass=*)'
## Customizing the created directory
The container uses environment variables defined in the `scripts/entrypoint.sh` bash file for initial configuration. Overriding these values will cause the
sudo rkt run \
--set-env=LDAP_DOMAIN="dc=dex,dc=coreos,dc=com" \
--set-env=LDAP_ROOT_CN="cn=admin" \
--set-env=LDAP_ROOT_PW="password" \
--net=default:IP=172.16.28.25 \
quay.io/coreos/openldap:2.4.44
## Development
The `Makefile` can be used to build the container using Docker. This will download OpenLDAP, compile it in a container, then add the entrypoint script.
make
General development looks like.
vim scripts/entrypoint.sh
make
sudo docker run -it --rm --entrypoint=/bin/sh quay.io/coreos/openldap:2.4.44
# poke around or run /entrypoint.sh manually
## TODO
* TLS support.
* Seed with initial data through mounted volume.
* Better `objectClass` schemas that match other LDAP deployments.

View File

@ -1,9 +0,0 @@
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example
dn: cn=Manager,dc=example,dc=com
objectclass: organizationalRole
cn: Manager

View File

@ -1,7 +0,0 @@
#!/bin/bash -e
# USAGE: scripts/download.sh
wget -O /tmp/openldap-2.4.44.tgz ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.44.tgz
sha512sum -c scripts/openldap-2.4.44.tgz.sha512
mv /tmp/openldap-2.4.44.tgz assets/openldap-2.4.44.tgz
tar -zxvf assets/openldap-2.4.44.tgz -C assets

View File

@ -1,53 +0,0 @@
#!/bin/sh -e
# Provide sane defaults for these values.
DOMAIN=${LDAP_DOMAIN:-"dc=example,dc=com"}
ROOT_CN=${LDAP_ROOT_CN:-"cn=Manager"}
ROOT_PW=${LDAP_ROOT_PW:-"secret"}
LOG_LEVEL=${LDAP_LOG_LEVEL:-"any"}
ROOT_DN="$ROOT_CN,$DOMAIN"
cat <<EOF > /usr/local/etc/openldap/slapd.ldif
# Global config
dn: cn=config
objectClass: olcGlobal
cn: config
# Schema definition
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///usr/local/etc/openldap/schema/core.ldif
# Default frontend configuration.
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
# Template in RootDN values and RootPW.
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
OlcDbMaxSize: 1073741824
olcSuffix: $DOMAIN
olcRootDN: $ROOT_DN
olcRootPW: $ROOT_PW
olcDbDirectory: /usr/local/var/openldap-data
olcDbIndex: objectClass eq
EOF
mkdir -p /usr/local/etc/cn=config
/usr/local/sbin/slapadd \
-n 0 \
-F /usr/local/etc/cn=config \
-l /usr/local/etc/openldap/slapd.ldif
# Begin slapd with `-d` so it attaches rather than running it as a daemon process.
/usr/local/libexec/slapd \
-d $LOG_LEVEL \
-F /usr/local/etc/cn=config

View File

@ -1,2 +0,0 @@
# Computed
132eb81798f59a364c9246d08697e1c7ebb6c2c3b983f786b14ec0233df09696cbad33a1f35f3076348b5efb77665a076ab854a24122c31e8b58310b7c7fd136 /tmp/openldap-2.4.44.tgz