refacto

image/Dockerfile

@@ -0,0 +1,74 @@
+FROM osixia/baseimage:0.10.2
+MAINTAINER Bertrand Gouny <[email protected]>
+
+# Set correct environment variables.
+ENV HOME /root
+
+# Use baseimage-docker's init system.
+CMD ["/sbin/my_init"]
+
+# Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
+RUN groupadd -r openldap && useradd -r -g openldap openldap
+
+# Install OpenLDAP and ldap-utils (with ssl-kit from baseimage), remove default db
+RUN apt-get -y update && /sbin/enable-service ssl-kit
+	&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends slapd ldap-utils
+	&& rm -rf /var/lib/ldap
+
+# Add install script and OpenLDAP assets
+ADD service/install.sh /tmp/install.sh
+ADD service/slapd/assets /osixia/slapd
+
+# Run install script and clean all
+RUN ./tmp/install.sh && rm /tmp/install.sh \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Add default env variables
+ADD env.yml /etc/env.yml
+
+# Add OpenLDAP container start config & daemon
+ADD service/slapd/container-start.sh /etc/my_init.d/1-slapd
+ADD service/slapd/daemon.sh /etc/service/slapd/run
+
+# Set OpenLDAP data and config directories in a data volume
+VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]
+
+# Expose ldap default port
+EXPOSE 389
+
+# Disable SSH
+# RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh
+
+# Enable dnsmasq
+RUN /sbin/enable-service dnsmasq ca-authority
+
+# Use baseimage-docker's init system.
+CMD ["/sbin/my_init"]
+
+# Add Mandriva MDS repository
+RUN echo "deb http://mds.mandriva.org/pub/mds/debian wheezy main" >> /etc/apt/sources.list
+
+# Resynchronize the package index files from their sources
+RUN apt-get -y update
+
+# Install openldap (slapd) and ldap-utils
+RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends slapd ldap-utils  mmc-agent python-mmc-mail
+
+# Expose ldap and mmc-agent default ports
+EXPOSE 389 7080
+
+# Create TLS certificats directory
+RUN mkdir /etc/ldap/ssl
+
+# Add config directory 
+ADD service/slapd/assets/config /etc/ldap/config
+ADD service/mmc-agent/assets /etc/mmc/agent/assets
+
+# Add slapd deamon
+ADD service/slapd/slapd.sh /etc/service/slapd/run
+
+# Add mmc-agent deamon
+ADD service/mmc-agent/mmc-agent.sh /etc/service/mmc-agent/run
+
+# Clear out the local repository of retrieved package files
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

image/env.yml

@@ -0,0 +1,15 @@
+LDAP_ORGANISATION: Example Inc.
+LDAP_DOMAIN: example.org
+LDAP_ADMIN_PASSWORD: toor
+
+SERVER_NAME: ldap.example.com
+
+USE_TLS: true
+SSL_CRT_FILENAME: wordpress.crt
+SSL_KEY_FILENAME: wordpress.key
+SSL_CA_CRT_FILENAME: ca.crt
+
+
+WITH_MMC_AGENT: false
+MMC_AGENT_USER: mmc-docker
+MMC_AGENT_PASSWORD: passw0rd

image/service/install.sh

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+# this script is run during the image build
+
+# Enable access only from docker default network and localhost
+echo "slapd: 172.17.0.0/255.255.0.0 127.0.0.1 : ALLOW" >> /etc/hosts.allow
+echo "slapd: ALL : DENY" >> /etc/hosts.allow

service/mmc-agent/mmc-agent.sh → image/service/mmc-agent/container-start.sh

@@ -83,12 +83,4 @@ if [ "$WITH_MMC_AGENT" = true ]; then
 # Do nothing but needed for runit
 else 
   sleep 1d
-fi
-
-
-
-
-
-
-
-
+fi

service/slapd/slapd.sh → image/service/slapd/container-start.sh

@@ -1,3 +1,60 @@
+#!/bin/bash -e
+
+FIRST_START_DONE="/etc/docker-openldap-first-start-done"
+
+# container first start
+if [ ! -e "$FIRST_START_DONE" ]; then
+
+  # database is uninitialized
+  if [ -z "$(ls -A /var/lib/ldap)" ]; then
+
+    cat <<EOF | debconf-set-selections
+slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PASSWORD}
+slapd slapd/internal/adminpw password ${LDAP_ADMIN_PASSWORD}
+slapd slapd/password2 password ${LDAP_ADMIN_PASSWORD}
+slapd slapd/password1 password ${LDAP_ADMIN_PASSWORD}
+slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
+slapd slapd/domain string ${LDAP_DOMAIN}
+slapd shared/organization string ${LDAP_ORGANISATION}
+slapd slapd/backend string HDB
+slapd slapd/purge_database boolean true
+slapd slapd/move_old_database boolean true
+slapd slapd/allow_ldap_v2 boolean false
+slapd slapd/no_configuration boolean false
+slapd slapd/dump_database select when needed
+EOF
+
+    dpkg-reconfigure -f noninteractive slapd
+  fi
+
+  #fix file permissions
+  chown -R openldap:openldap /var/lib/ldap 
+  chown -R openldap:openldap /etc/ldap
+
+  # start OpenLDAP
+  slapd -h "ldapi:///" -u openldap -g openldap 
+
+  # TLS config
+  if [ "${USE_TLS,,}" == "true" ]; then
+
+    # check certificat and key or create it
+    /sbin/ssl-kit "/osixia/slapd/$SSL_CRT_FILENAME" "/osixia/slapd/$SSL_KEY_FILENAME" --ca-crt=/osixia/slapd/$SSL_CA_CRT_FILENAME --gnutls
+    chown openldap:openldap -R /osixia/slapd
+
+
+  fi
+
+  # stop OpenLDAP
+  kill -INT `cat /run/slapd/slapd.pid`
+
+  touch $FIRST_START_DONE
+fi
+
+exit 0
+
+
+
+
 #!/bin/sh
 
 set -eu
@@ -18,27 +75,9 @@ set -x
 if [ ! -e /var/lib/ldap/docker_bootstrapped ]; then
   status "configuring slapd database"
 
-  cat <<EOF | debconf-set-selections
-slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_PWD}
-slapd slapd/internal/adminpw password ${LDAP_ADMIN_PWD}
-slapd slapd/password2 password ${LDAP_ADMIN_PWD}
-slapd slapd/password1 password ${LDAP_ADMIN_PWD}
-slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
-slapd slapd/domain string ${LDAP_DOMAIN}
-slapd shared/organization string ${LDAP_ORGANISATION}
-slapd slapd/backend string HDB
-slapd slapd/purge_database boolean true
-slapd slapd/move_old_database boolean true
-slapd slapd/allow_ldap_v2 boolean false
-slapd slapd/no_configuration boolean false
-slapd slapd/dump_database select when needed
-EOF
 
-  dpkg-reconfigure -f noninteractive slapd
 
-  # Enable access only from docker default network and localhost
-  echo "slapd: 172.17.0.0/255.255.0.0 127.0.0.1 : ALLOW" >> /etc/hosts.allow
-  echo "slapd: ALL : DENY" >> /etc/hosts.allow
+
 
   touch /var/lib/ldap/docker_bootstrapped
 
@@ -126,4 +165,3 @@ fi
 status "starting slapd on default port 389"
 set -x
 
-exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d -1

image/service/slapd/daemon.sh

@@ -0,0 +1,2 @@
+#!/bin/bash -e
+exec /usr/sbin/slapd -h "ldap:///" -u openldap -g openldap -d -1

test-repository.sh

@@ -1,15 +0,0 @@
-#!/bin/sh
-
-# Usage
-# sudo ./test.sh 
-# add -v for verbose mode (or type whatever you like !) :p
-
-. test/config-repository
-. test/tools/run.sh
-
-run_test simple.sh "dn: dc=example,dc=com"
-run_test tls.sh "dn: dc=example,dc=com"
-run_test db.sh "dn: dc=otherdomain,dc=com"
-
-. test/tools/end.sh
-

test.sh

@@ -1,16 +0,0 @@
-#!/bin/sh
-
-# Usage
-# sudo ./test.sh 
-# add -v for verbose mode (or type whatever you like !) :p
-
-. test/config
-. test/tools/run.sh
-
-run_test tools/build-container.sh "Successfully built"
-run_test simple.sh "dn: dc=example,dc=com"
-run_test tls.sh "dn: dc=example,dc=com"
-run_test db.sh "dn: dc=otherdomain,dc=com"
-
-. test/tools/end.sh
-