-
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathDockerfile
99 lines (79 loc) · 2.67 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
FROM debian:10 AS ldap
ENV OPENLDAP_CONFIG_ADMIN_DN 'cn=admin,cn=config'
ENV OPENLDAP_CONFIG_ADMIN_PASSWORD config
ENV OPENLDAP_ADMIN_DN 'cn=admin,dc=jenkins-ci,dc=org'
ENV OPENLDAP_ADMIN_PASSWORD 's3cr3t'
ENV OPENLDAP_BACKUP_PATH /var/backups
ENV OPENLDAP_BACKUP_FILE 'backup.latest.ldif'
ENV OPENLDAP_DATABASE 'dc=jenkins-ci,dc=org'
ENV OPENLDAP_DEBUG_LEVEL 256
ENV OPENLDAP_SSL_KEY 'privkey.key'
ENV OPENLDAP_SSL_CRT 'cert.pem'
ENV OPENLDAP_SSL_CA 'ca.crt'
ENV OPENLDAP_SSL_CA_ROOTDIR '/etc/ldap/ssl-ca'
EXPOSE 389 636
RUN \
addgroup --gid 101 openldap && \
useradd -d /var/lib/ldap/ -g openldap -m -u 101 openldap
VOLUME /var/lib/ldap
RUN mkdir /entrypoint
COPY entrypoint/start.sh /entrypoint/start
COPY entrypoint/backup.sh /entrypoint/backup
COPY entrypoint/healthcheck.sh /entrypoint/healthcheck
COPY entrypoint/restore.sh /entrypoint/restore
COPY entrypoint/functions /entrypoint/functions
ARG TARGETARCH
ARG TINI_VERSION=v0.19.0
ADD https://github.com/krallin/tini/releases/download/"${TINI_VERSION}"/tini-"${TARGETARCH}" /sbin/tini
RUN \
chmod 0755 /entrypoint/start && \
chmod 0755 /entrypoint/backup && \
chmod 0755 /entrypoint/healthcheck && \
chmod 0755 /entrypoint/restore && \
chmod 0755 /sbin/tini
# Always install latest version of APT packages
#hadolint ignore=DL3008
RUN \
apt-get --yes update && \
LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --yes \
procps \
ca-certificates \
gnutls-bin \
slapd \
ldap-utils \
libsasl2-modules \
libsasl2-modules-db \
libsasl2-modules-gssapi-mit \
libsasl2-modules-ldap \
libsasl2-modules-otp \
libsasl2-modules-sql \
openssl && \
apt-get clean &&\
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
COPY config/slapd.conf /etc/ldap/slapd.conf
COPY acme/ca.crt /etc/ldap/ssl-ca/ca.crt
RUN \
mkdir /etc/ldap/ssl && \
chmod 700 /var/lib/ldap && \
chown openldap:openldap /var/lib/ldap && \
chown openldap:openldap /var/run/slapd
ENTRYPOINT [ "/sbin/tini","--","/entrypoint/start" ]
FROM ldap AS ldap-cron
ENV OPENLDAP_ENDPOINT ldap.jenkins.io
COPY entrypoint/cron /entrypoint/cron
# Always install latest version of APT packages
#hadolint ignore=DL3008
RUN \
apt-get --yes update && \
apt-get install --no-install-recommends --yes \
curl \
cron && \
apt-get clean &&\
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Backup entrypoint needs to be run as root as it also configure slapd.conf.
# This behaviour must be changed to be run as ldap user but it requires more testing.
COPY crontabs/ldap /etc/cron.d/ldap
RUN \
chmod 0755 /entrypoint/cron && \
chmod 0644 /etc/cron.d/ldap
ENTRYPOINT [ "/sbin/tini","--","/entrypoint/cron" ]