> On 13 Jun 2019, at 00:12, Olivier JUDITH <gnu...@gmail.com> wrote: > > Hi William, > > This is my first release (See attachment). Just a pod for the moment, > statefulset for the future and perhaps helm package afterward.
Sadly I'm not able to open your attachment - could you provide it as tar.xz or zip instead of 7z? > In my configuration i create a secret for directory manager and for > certificates (not used yet) > Your python code is really what i was looking for. Indeed in my previous > attempts, i was stuck because i'm seeking for a way to start DS create > certificate, set SSL configuration before restart the container. > However in order to go futher, i would like to allow to set root password, > root suffix, instance name and certificates from k8s secrets or/and configMap > . To do that we need to change your current dscontainer python script and > read values from variables/files (ie : see /certs folder in the container) Actually, I'd rather read these from environment variables so that docker -e DM_PW=... works as a syntax without needing *another* config file. But yes, the ability to set these from the environment is an open issue on the project, and one I really want to look at. There is no root suffix by default, by design, so that you have to configure one once the container is running. That's how the suffix is handled. Additionally, the instance name is static, and there is actually no benefit to allowing this to be configured, and would actually make container building harder (there are symlinks in the slapd-localhost folder of the docker image, so we assume the instance name). The instance name really really does nothing but allow human seperation, and in our case, docker is our seperation layer! Using certs and secrets from k8s would certainly be something the python tool can work with, and would be good to have these able to do it. A better idea may be to have dscontainer take a set of PEM files and then load them to your certificate store on startup instead rather than the current method of certificate handling. The python source is: https://pagure.io/389-ds-base/blob/master/f/src/lib389/cli/dscontainer > > Waiting for your wiki on lib386 python package. Great! I have just pushed an update to the git master dockerfile: https://pagure.io/389-ds-base/pull-request/50441 I have updated the OBS image at docker pull registry.opensuse.org/home/firstyear/containers/389-ds-container:latest however it appears to require some code changes from master, so this will "start working" later, and we plan to start auto-building these images as network:ldap is updated in SUSE. The wiki page is here, and I'm updating it today to include details about the dscontainer tool. http://www.port389.org/docs/389ds/design/docker.html > > Regards > > Le mer. 12 juin 2019 à 10:19, William Brown <wbr...@suse.de> a écrit : > > > > On 12 Jun 2019, at 01:40, Olivier JUDITH <gnu...@gmail.com> wrote: > > > > Hi, > > > > Thank for the link , > > i tried to run your image but the container fails after few seconds . > > Seems that you forgot to create /var/run/dirsrv folder in Dockerfile . > > There are some other errors in it too which I have found :) > > > > > the server crashes with : > > DEBUG: DEBUG: starting with ['/usr/sbin/ns-slapd', '-D', > > '/etc/dirsrv/slapd-localhost', '-i', '/var/run/dirsrv/slapd-localhost.pid'] > > CRITICAL: Error: Failed to start DS, removing incomplete installation... > > Failed to connect to bus: No such file or directory > > Failed to connect to bus: No such file or directory > > Traceback (most recent call last): > > File "/usr/lib/python3.6/site-packages/lib389/instance/setup.py", line > > 654, in create_from_args > > self._install_ds(general, slapd, backends) > > File "/usr/lib/python3.6/site-packages/lib389/instance/setup.py", line > > 862, in _install_ds > > ds_instance.start(timeout=60) > > File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line 1170, in > > start > > raise ValueError('Failed to start DS') > > ValueError: Failed to start DS > > > > It works fine now, > > I start to write my k8s configuration . > > Fantastic - can you post to me what you are doing with k8s so I can review? > > > If you can just remind me where i can find documentation on lib389 used in > > your dscontainer python script ? > > There is not documentation today as it's designed for system integrators, and > it's still a bit work in progress - I'm actually planning to work on it this > week and I will resolve this issue and others ASAP. > > I can write something for the wiki this week to help :) > > > > > > Keep you informed > > _______________________________________________ > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > <share.7z>_______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
