Update to debian jessie

* Move most envvars into scripts * Generate snake oil certificate on container build
2016-02-04 10:07:30 +01:00 · 2016-02-04 10:07:30 +01:00 · 2b0cd76506
--- a/25
+++ b/25
@ -1,21 +1,18 @@
-FROM debian:7
+FROM debian:jessie
 MAINTAINER Rafael Römhild <rafael@roemhild.de>

-ENV DEBUG_LEVEL 256
-ENV LDAP_DOMAIN planetexpress.com
-ENV LDAP_ADMIN_SECRET GoodNewsEveryone
-ENV LDAP_ORGANISATION Planet Express, Inc.
-ENV DEBIAN_FRONTEND noninteractive
-
 # Install slapd and requirements
 RUN apt-get update \
-    && apt-get -y --no-install-recommends install \
-        slapd \
-        ldap-utils \
-        openssl \
-        ca-certificates \
+    && DEBIAN_FRONTEND=noninteractive apt-get \
+        install -y --no-install-recommends \
+            slapd \
+            ldap-utils \
+            openssl \
+            ca-certificates \
    && rm -rf /var/lib/apt/lists/*

+ENV LDAP_DEBUG_LEVEL=256
+
 # Create TLS certificate and bootstrap directory
 RUN mkdir /etc/ldap/ssl /bootstrap

@ -33,5 +30,5 @@ VOLUME ["/etc/ldap/slapd.d", "/etc/ldap/ssl", "/var/lib/ldap", "/run/slapd"]
 EXPOSE 389
 EXPOSE 636

-CMD []
-ENTRYPOINT ["/bin/bash", "/run.sh"]
+CMD ["/bin/bash", "/run.sh"]
+ENTRYPOINT []
--- a/README.md
+++ b/README.md
@ -14,8 +14,7 @@ The Flask extension [flask-ldapconn][flaskldapconn] use this image for unit test

 ## Features

-* Support for TLS
-* Autogenerated snake oil cert
+* Support for TLS (snake oil cert on build)
 * Initialized with data from Futurama
 * ~180MB Images size

@ -30,7 +29,7 @@ docker run --privileged -d -p 389:389 rroemhild/test-openldap
 ## Exposed ports

 * 389
-
+* 636

 ## Exposed volumes

@ -155,4 +154,3 @@ docker run --privileged -d -p 389:389 rroemhild/test-openldap
 | ou               | Delivering Crew |
 | uid              | bender |
 | userPassword     | bender |
-
--- a/bootstrap/config/tls.ldif
+++ b/bootstrap/config/tls.ldif
@ -8,4 +8,3 @@ olcTLSCertificateKeyFile: /etc/ldap/ssl/ldap.key
 -
 replace: olcTLSVerifyClient
 olcTLSVerifyClient: never
-
--- a/bootstrap/slapd-init.sh
+++ b/bootstrap/slapd-init.sh
@ -4,23 +4,22 @@ set -eu
 readonly DATA_DIR="/bootstrap/data"
 readonly CONFIG_DIR="/bootstrap/config"

+readonly LDAP_DOMAIN=planetexpress.com
+readonly LDAP_ORGANISATION="Planet Express, Inc."
 readonly LDAP_BINDDN="cn=admin,dc=planetexpress,dc=com"
+readonly LDAP_SECRET=GoodNewsEveryone

-
-file_exist() {
-    local file=$1
-
-    [[ -e $file ]]
-}
+readonly LDAP_SSL_KEY="/etc/ldap/ssl/ldap.key"
+readonly LDAP_SSL_CERT="/etc/ldap/ssl/ldap.crt"


 reconfigure_slapd() {
    echo "Reconfigure slapd..."
    cat <<EOL | debconf-set-selections
-slapd slapd/internal/generated_adminpw password ${LDAP_ADMIN_SECRET}
-slapd slapd/internal/adminpw password ${LDAP_ADMIN_SECRET}
-slapd slapd/password2 password ${LDAP_ADMIN_SECRET}
-slapd slapd/password1 password ${LDAP_ADMIN_SECRET}
+slapd slapd/internal/generated_adminpw password ${LDAP_SECRET}
+slapd slapd/internal/adminpw password ${LDAP_SECRET}
+slapd slapd/password2 password ${LDAP_SECRET}
+slapd slapd/password1 password ${LDAP_SECRET}
 slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
 slapd slapd/domain string ${LDAP_DOMAIN}
 slapd shared/organization string ${LDAP_ORGANISATION}
@ -32,7 +31,22 @@ slapd slapd/no_configuration boolean false
 slapd slapd/dump_database select when needed
 EOL

-    dpkg-reconfigure slapd
+    DEBIAN_FRONTEND=noninteractive dpkg-reconfigure slapd
+}
+
+
+make_snakeoil_certificate() {
+    echo "Make snakeoil certificate for ${LDAP_DOMAIN}..."
+    openssl req -subj "/CN=${LDAP_DOMAIN}" \
+                -new \
+                -newkey rsa:2048 \
+                -days 365 \
+                -nodes \
+                -x509 \
+                -keyout ${LDAP_SSL_KEY} \
+                -out ${LDAP_SSL_CERT}
+
+    chmod 600 ${LDAP_SSL_KEY}
 }


@ -55,7 +69,7 @@ load_initial_data() {
        echo "Processing file ${ldif}..."
        ldapadd -x -H ldapi:/// \
          -D ${LDAP_BINDDN} \
-          -w ${LDAP_ADMIN_SECRET} \
+          -w ${LDAP_SECRET} \
          -f ${ldif}
    done
 }
@ -64,7 +78,7 @@ load_initial_data() {
 ## Init

 reconfigure_slapd
-
+make_snakeoil_certificate
 chown -R openldap:openldap /etc/ldap
 slapd -h "ldapi:///" -u openldap -g openldap

@ -75,4 +89,3 @@ load_initial_data
 kill -INT `cat /run/slapd/slapd.pid`

 exit 0
-
--- a/run.sh
+++ b/run.sh
@ -1,31 +1,9 @@
 #!/bin/sh
 set -e

-readonly LDAP_SSL_KEY="/etc/ldap/ssl/ldap.key"
-readonly LDAP_SSL_CERT="/etc/ldap/ssl/ldap.crt"
-
-
-make_snakeoil_certificate() {
-    echo "Make snakeoil certificate for ${LDAP_DOMAIN}..."
-    openssl req -subj "/CN=${LDAP_DOMAIN}" \
-                -new \
-                -newkey rsa:2048 \
-                -days 365 \
-                -nodes \
-                -x509 \
-                -keyout ${LDAP_SSL_KEY} \
-                -out ${LDAP_SSL_CERT}
-
-    chmod 600 ${LDAP_SSL_KEY}
-}
-
-
-file_exist ${LDAP_SSL_CERT} \
-  || make_snakeoil_certificate
-
 echo "starting slapd on port 389 and 636..."
 chown -R openldap:openldap /etc/ldap
 exec /usr/sbin/slapd -h "ldap:/// ldapi:/// ldaps:///" \
  -u openldap \
  -g openldap \
-  -d ${DEBUG_LEVEL}
+  -d ${LDAP_DEBUG_LEVEL}