Re: Docker official image

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On 13 Jun 2019, at 00:12, Olivier JUDITH <gnulux@xxxxxxxxx> wrote:
> 
> Hi William, 
> 
> This is my first release (See attachment). Just a pod for the moment, statefulset for the future and perhaps helm package afterward. 

Sadly I'm not able to open your attachment - could you provide it as tar.xz or zip instead of 7z? 

> In my configuration i create a secret for directory manager and for certificates (not used yet) 
> Your python code is really what i was looking for. Indeed in my previous attempts, i was stuck because i'm seeking for a way to start DS create certificate, set SSL configuration before restart the container. 
> However in order to go futher, i would like to allow to set root password, root suffix, instance name and certificates from k8s secrets or/and configMap . To do that we need to change your current dscontainer python script and read values from variables/files (ie : see /certs folder in the container)

Actually, I'd rather read these from environment variables so that docker -e DM_PW=... works as a syntax without needing *another* config file. But yes, the ability to set these from the environment is an open issue on the project, and one I really want to look at.

There is no root suffix by default, by design, so that you have to configure one once the container is running. That's how the suffix is handled. Additionally, the instance name is static, and there is actually no benefit to allowing this to be configured, and would actually make container building harder (there are symlinks in the slapd-localhost folder of the docker image, so we assume the instance name). The instance name really really does nothing but allow human seperation, and in our case, docker is our seperation layer! 

Using certs and secrets from k8s would certainly be something the python tool can work with, and would be good to have these able to do it. A better idea may be to have dscontainer take a set of PEM files and then load them to your certificate store on startup instead rather than the current method of certificate handling.

The python source is: https://pagure.io/389-ds-base/blob/master/f/src/lib389/cli/dscontainer

> 
> Waiting for your wiki on lib386 python package.

Great! I have just pushed an update to the git master dockerfile:

https://pagure.io/389-ds-base/pull-request/50441

I have updated the OBS image at docker pull registry.opensuse.org/home/firstyear/containers/389-ds-container:latest however it appears to require some code changes from master, so this will "start working" later, and we plan to start auto-building these images as network:ldap is updated in SUSE.

The wiki page is here, and I'm updating it today to include details about the dscontainer tool.

http://www.port389.org/docs/389ds/design/docker.html



> 
> Regards  
> 
> Le mer. 12 juin 2019 à 10:19, William Brown <wbrown@xxxxxxx> a écrit :
> 
> 
> > On 12 Jun 2019, at 01:40, Olivier JUDITH <gnulux@xxxxxxxxx> wrote:
> > 
> > Hi, 
> > 
> > Thank for the link , 
> > i tried to run your image but the container fails after few seconds . 
> > Seems that you forgot to create /var/run/dirsrv folder in Dockerfile .
> 
> There are some other errors in it too which I have found :) 
> 
> > 
> > the server crashes with :
> > DEBUG: DEBUG: starting with ['/usr/sbin/ns-slapd', '-D', '/etc/dirsrv/slapd-localhost', '-i', '/var/run/dirsrv/slapd-localhost.pid']
> > CRITICAL: Error: Failed to start DS, removing incomplete installation...
> > Failed to connect to bus: No such file or directory
> > Failed to connect to bus: No such file or directory
> > Traceback (most recent call last):
> >  File "/usr/lib/python3.6/site-packages/lib389/instance/setup.py", line 654, in create_from_args
> >    self._install_ds(general, slapd, backends)
> >  File "/usr/lib/python3.6/site-packages/lib389/instance/setup.py", line 862, in _install_ds
> >    ds_instance.start(timeout=60)
> >  File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 1170, in start
> >    raise ValueError('Failed to start DS')
> > ValueError: Failed to start DS
> > 
> > It works fine now, 
> > I start to write my k8s configuration . 
> 
> Fantastic - can you post to me what you are doing with k8s so I can review? 
> 
> > If you can just remind me where i can find documentation on lib389 used in your dscontainer python script ? 
> 
> There is not documentation today as it's designed for system integrators, and it's still a bit work in progress - I'm actually planning to work on it this week and I will resolve this issue and others ASAP.
> 
> I can write something for the wiki this week to help :) 
> 
> 
> > 
> > Keep you informed  
> > _______________________________________________
> > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> 
>
> Sincerely,
> 
> William Brown
> 
> Senior Software Engineer, 389 Directory Server
> SUSE Labs
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> <share.7z>_______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux