From e520b151293260456a3678a6b40495390d43833e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Luginb=C3=BChl?= Date: Wed, 11 Mar 2015 23:35:56 +0100 Subject: [PATCH] Simplified saving the configuration as own VOLUME and so removed symlink hack --- Dockerfile | 4 +++- README.md | 16 ++++++++-------- entrypoint.sh | 20 ++++++++++---------- 3 files changed, 21 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1ecdf30..2a24602 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,9 +12,11 @@ RUN apt-get update && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* +RUN mv /etc/ldap /etc/ldap.dist + EXPOSE 389 -VOLUME ["/var/lib/ldap"] +VOLUME ["/etc/ldap", "/var/lib/ldap"] COPY entrypoint.sh /entrypoint.sh diff --git a/README.md b/README.md index b2f3066..0e4f510 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ in the configuration. NOTE: On purpose, there is no secured channel (TLS/SSL), because I believe that this service should never be exposed to the internet, but only be used directly -by Docker containers using the `--link` option. +by other Docker containers using the `--link` option. Usage ----- The most simple form would be to start the application like so (however this is -not the recommended way - see above): +not the recommended way - see below): docker run -d -p 389:389 -e SLAPD_PASSWORD=mysecretpassword -e SLAPD_DOMAIN=ldap.example.org dinkel/openldap @@ -34,7 +34,7 @@ OpenLDAP daemon is listening to (the port is the default port `389`). Configuration (environment variables) ------------------------------------- -For the first run one has to set at least two envrironment variables. The first +For the first run, one has to set at least two environment variables. The first SLAPD_PASSWORD @@ -77,8 +77,8 @@ envirnonment variables are not evaluated anymore. Data persistence ---------------- -The image exposes one directory (`VOLUME ["/var/lib/ldap"]`). It both holds the -database and the configuration (which is symlinked in a pretty hacky way - see -the `entrypoint.sh` file if interested). Please make sure that this directory is -saved (in a data-only container or alike) in order to make sure that everything -is restored after a new restart of the container. +The image exposes two directories (`VOLUME ["/etc/ldap", "/var/lib/ldap"]`). +The first holds the "static" configurationm while the second holds the actual +database. Please make sure that these two directories are saved (in a data-only +container or alike) in order to make sure that everything is restored after a +restart of the container. diff --git a/entrypoint.sh b/entrypoint.sh index 7f7d00f..4ec0b8c 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,27 +3,24 @@ set -e chown openldap:openldap /var/lib/ldap/ -if [[ -d /var/lib/ldap/config ]]; then - - rm -rf /etc/ldap - ln -s /var/lib/ldap/config /etc/ldap - -else +if [[ ! -d /etc/ldap/slapd.d ]]; then if [[ -z "$SLAPD_PASSWORD" ]]; then - echo >&2 "Error: slapd not configured and SLAPD_PASSWORD not set" + echo -n >&2 "Error: Container not configured and SLAPD_PASSWORD not set. " echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?" exit 1 fi if [[ -z "$SLAPD_DOMAIN" ]]; then - echo >&2 "Error: slapd not configured and SLAPD_DOMAIN not set" + echo -n >&2 "Error: Container not configured and SLAPD_DOMAIN not set. " echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?" exit 1 fi SLAPD_ORGANIZATION="${SLAPD_ORGANIZATION:-${SLAPD_DOMAIN}}" + cp -a /etc/ldap.dist/* /etc/ldap + cat <<-EOF | debconf-set-selections slapd slapd/no_configuration boolean false slapd slapd/password1 password $SLAPD_PASSWORD @@ -68,9 +65,12 @@ EOF slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/schema/${schema}.ldif" >/dev/null 2>&1 done fi +else + slapd_configs_in_env=`env | grep 'SLAPD_'` - mv /etc/ldap /var/lib/ldap/config - ln -s /var/lib/ldap/config /etc/ldap + if [ -n "${slapd_configs_in_env:+x}" ]; then + echo "Info: Container already configured, therefore ignoring SLAPD_xxx environment variables" + fi fi exec "$@"