From 92757c4eef8bf481d6a84b38857a71ac31876e8965d5835da98077439d73fd49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Thu, 12 Sep 2024 10:40:53 +0000 Subject: [PATCH] [info=cc4e7f80bc36af6d5fe0ccc4bb48d0b2] OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/389-ds-container?expand=0&rev=218 --- .gitattributes | 23 ++++++++ .gitignore | 1 + 389-ds-container.changes | 119 +++++++++++++++++++++++++++++++++++++++ Dockerfile | 59 +++++++++++++++++++ README.md | 94 +++++++++++++++++++++++++++++++ _service | 10 ++++ nsswitch.conf | 22 ++++++++ 7 files changed, 328 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 389-ds-container.changes create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 _service create mode 100644 nsswitch.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/389-ds-container.changes b/389-ds-container.changes new file mode 100644 index 0000000..231ab0b --- /dev/null +++ b/389-ds-container.changes @@ -0,0 +1,119 @@ +------------------------------------------------------------------- +Thu Sep 12 10:37:22 UTC 2024 - Dirk Mueller + +- set useobsrepositories explicitly + +------------------------------------------------------------------- +Wed Aug 14 12:30:32 UTC 2024 - Dirk Mueller + +- install packages first + +------------------------------------------------------------------- +Thu Aug 8 19:28:10 UTC 2024 - Dirk Mueller + +- add oci.image.ref.name + +------------------------------------------------------------------- +Thu Aug 8 16:43:43 UTC 2024 - Dirk Mueller + +- remove oci reference annotation again + +------------------------------------------------------------------- +Mon Aug 5 11:38:13 UTC 2024 - Dirk Mueller + +- add OCI reference annotation + +------------------------------------------------------------------- +Sat Aug 3 08:56:51 UTC 2024 - Dirk Mueller + +- set OCI.authors attribute instead of deprecated MAINTAINER + +------------------------------------------------------------------- +Wed Jul 31 12:06:44 UTC 2024 - Dirk Mueller + +- set specific lifecycle url for openSUSE BCI + +------------------------------------------------------------------- +Thu Jul 11 11:11:57 UTC 2024 - Alexandre Vicenzi + +- extend README + +------------------------------------------------------------------- +Tue Jun 18 17:24:16 UTC 2024 - Dirk Mueller + +- use sentence style capitalization in READMEs + +------------------------------------------------------------------- +Mon Jun 10 15:11:25 UTC 2024 - Dirk Mueller + +- update README; reduce unnecessary newlines + +------------------------------------------------------------------- +Wed Jun 5 15:13:27 UTC 2024 - Dirk Mueller + +- Don't add artifacthub labels into labelprefix section + +------------------------------------------------------------------- +Tue Jun 4 12:35:15 UTC 2024 - Alexandre Vicenzi + +- Fix grammar mistake in licensing footer + +------------------------------------------------------------------- +Tue May 7 19:07:24 UTC 2024 - Dirk Mueller + +- extend READMEs; correct eula for application images + +------------------------------------------------------------------- +Fri Apr 12 12:03:53 UTC 2024 - Dirk Mueller + +- Don't wipe everything in /var/log, only remove log files (this omits directories owned by packages) + +------------------------------------------------------------------- +Wed Jan 17 14:29:14 UTC 2024 - Dan Čermák + +- Add initial README stub + +------------------------------------------------------------------- +Tue Jan 2 08:26:58 UTC 2024 - Dirk Mueller + +- update year to 2024 + +------------------------------------------------------------------- +Thu Sep 28 14:29:10 UTC 2023 - Dirk Mueller + +- add copyright and description header + +------------------------------------------------------------------- +Fri Jun 23 15:33:33 UTC 2023 - Dirk Mueller + +- label capitalization and related cleanups + +------------------------------------------------------------------- +Tue May 30 06:52:56 UTC 2023 - Dan Čermák + +- Add release stage and lifecycle url + +------------------------------------------------------------------- +Thu Mar 30 15:12:51 UTC 2023 - Dirk Mueller + +- put VOLUME statements last + +------------------------------------------------------------------- +Fri Mar 3 07:24:36 UTC 2023 - Dan Čermák + +- Add org.opencontainers.image.source label set to %SOURCEURL% + +------------------------------------------------------------------- +Wed Dec 21 14:05:36 UTC 2022 - Dirk Müller + +- BuildTag sorting and consistency fixes + +------------------------------------------------------------------- +Fri Jul 15 11:06:10 UTC 2022 - Dan Čermák + +- Increase compatibility with openSUSE + +------------------------------------------------------------------- +Tue May 3 09:03:44 UTC 2022 - Dan Čermák + +- First version of the 389-ds container diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..1d284d5 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,59 @@ +# SPDX-License-Identifier: MIT + +# Copyright (c) 2024 SUSE LLC + +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. + +# The content of THIS FILE IS AUTOGENERATED and should not be manually modified. +# It is maintained by the BCI team and generated by +# https://github.com/SUSE/BCI-dockerfile-generator + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# You can contact the BCI team via https://github.com/SUSE/bci/discussions + +#!UseOBSRepositories + +#!BuildTag: opensuse/389-ds:%%389ds_version%% +#!BuildTag: opensuse/389-ds:%%389ds_version%%-%RELEASE% +#!BuildTag: opensuse/389-ds:latest + +FROM opensuse/tumbleweed:latest + +RUN set -euo pipefail; zypper -n in --no-recommends 389-ds timezone openssl nss_synth; zypper -n clean; rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2} + +# Define labels according to https://en.opensuse.org/Building_derived_containers +# labelprefix=org.opensuse.application.389-ds +LABEL org.opencontainers.image.authors="william.brown@suse.com" +LABEL org.opencontainers.image.title="openSUSE Tumbleweed 389 Directory Server" +LABEL org.opencontainers.image.description="389 Directory Server container based on the openSUSE Tumbleweed Base Container Image." +LABEL org.opencontainers.image.version="%%389ds_version%%" +LABEL org.opencontainers.image.url="https://www.opensuse.org" +LABEL org.opencontainers.image.created="%BUILDTIME%" +LABEL org.opencontainers.image.vendor="openSUSE Project" +LABEL org.opencontainers.image.source="%SOURCEURL%" +LABEL org.opencontainers.image.ref.name="%%389ds_version%%-%RELEASE%" +LABEL org.opensuse.reference="registry.opensuse.org/opensuse/389-ds:%%389ds_version%%-%RELEASE%" +LABEL org.openbuildservice.disturl="%DISTURL%" +LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI" +LABEL org.opensuse.release-stage="released" +# endlabelprefix +LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/389-ds-container/README.md" +CMD ["/usr/lib/dirsrv/dscontainer", "-r"] +EXPOSE 3389 3636 + +COPY nsswitch.conf /etc/nsswitch.conf + +RUN set -euo pipefail; mkdir -p /data/config; \ + mkdir -p /data/ssca; \ + mkdir -p /data/run; \ + mkdir -p /var/run/dirsrv; \ + ln -s /data/config /etc/dirsrv/slapd-localhost; \ + ln -s /data/ssca /etc/dirsrv/ssca; \ + ln -s /data/run /var/run/dirsrv + +HEALTHCHECK --start-period=5m --timeout=5s --interval=5s --retries=2 \ + CMD /usr/lib/dirsrv/dscontainer -H + +VOLUME /data diff --git a/README.md b/README.md new file mode 100644 index 0000000..1b56782 --- /dev/null +++ b/README.md @@ -0,0 +1,94 @@ +# 389 Directory Server container image + +## Description + +[389 Directory Server](https://www.port389.org/) is a highly usable, fully +featured, reliable and secure LDAP server implementation. + +## Usage + +By default, the image launches 389 Directory Server with the same +configuration that comes with the SUSE Linux Enterprise Server. However there +is also included a pre-configured Name Service Switch (NSS) configuration +file (`/etc/nsswitch.conf`). + +```ShellSession +$ podman run -it --rm -p 3389:3389 -p 3636:3636 registry.opensuse.org/opensuse/389-ds:%%389ds_version%% +``` + +## Volumes + +The database is stored in the volume mounted as directory `/data`. A new +empty database is created during container startup, unless an existing +database is already present in `/data`. + +To mount a host directory as a volume for your database, run the following +command: + +```ShellSession +$ podman run -it --rm -v /my/own/datadir:/data:Z -p 3389:3389 -p 3636:3636 registry.opensuse.org/opensuse/389-ds:%%389ds_version%% +``` + +## Certificates + +By default, the container uses a self-signed CA certificate and a server +certificate signed by that CA. + +Place a custom TLS certificate in PEM format in `/data/tls/server.crt` and +the key in and `/data/tls/server.key`. Place the CA certificates (each as a +separate file) to `/data/tls/ca/`, for example, `/data/tls/ca/ca1.crt` and +`/data/tls/ca/ca2.crt`. + +## Environment variables + +### DS_ERRORLOG_LEVEL + +Use this optional environment variable to set the log level for +`ns-slapd` (default is `266354688`). + +### DS_DM_PASSWORD + +Use this optional environment variable to set the `cn=Directory Manager` +password (a default password is generated randomly). The default randomly +generated password can be viewed in the setup log. + +### DS_MEMORY_PERCENTAGE + +Use this optional environment variable to set the LDBM autotune +percentage (`nsslapd-cache-autosize`) (default is unset). + +### DS_REINDEX + +Use this optional environment variable to run a database re-index task. Set +the value to `1` to enable the task (default is disabled). + +### DS_SUFFIX_NAME + +Use this optional environment variable to set the default database +suffix name for `basedn` (default one is derived from the hostname). + +### DS_STARTUP_TIMEOUT + +Use this optional environment variable to change the time to wait for the +instance to start (default is `60` seconds). + +### DS_STOP_TIMEOUT + +Use this optional environment variable to change the time to wait for the +instance to stop (default is `60` seconds). + +## Health, liveness, and readiness + +The container image includes one explicit health check. This check will +verify if the service is misconfigured, `ns-slapd` is running, and if the +LDAPI is functional. + +## Licensing + +`SPDX-License-Identifier: MIT` + +This documentation and the build recipe are licensed as MIT. +The container itself contains various software components under various open source licenses listed in the associated +Software Bill of Materials (SBOM). + +This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/). diff --git a/_service b/_service new file mode 100644 index 0000000..22439fb --- /dev/null +++ b/_service @@ -0,0 +1,10 @@ + + + + + Dockerfile + %%389ds_version%% + 389-ds + minor + + \ No newline at end of file diff --git a/nsswitch.conf b/nsswitch.conf new file mode 100644 index 0000000..879196b --- /dev/null +++ b/nsswitch.conf @@ -0,0 +1,22 @@ +passwd: compat synth +group: compat synth +shadow: compat +# Allow initgroups to default to the setting for group. +# initgroups: compat + +hosts: files dns +networks: files dns + +aliases: files usrfiles +ethers: files usrfiles +gshadow: files usrfiles +netgroup: files nis +protocols: files usrfiles +publickey: files +rpc: files usrfiles +services: files usrfiles + +automount: files nis +bootparams: files +netmasks: files +