Hi william , here is a tgz
cdlt Le jeu. 13 juin 2019 à 10:43, William Brown <wbr...@suse.de> a écrit : > > > > On 13 Jun 2019, at 00:12, Olivier JUDITH <gnu...@gmail.com> wrote: > > > > Hi William, > > > > This is my first release (See attachment). Just a pod for the moment, > statefulset for the future and perhaps helm package afterward. > > Sadly I'm not able to open your attachment - could you provide it as > tar.xz or zip instead of 7z? > > > In my configuration i create a secret for directory manager and for > certificates (not used yet) > > Your python code is really what i was looking for. Indeed in my previous > attempts, i was stuck because i'm seeking for a way to start DS create > certificate, set SSL configuration before restart the container. > > However in order to go futher, i would like to allow to set root > password, root suffix, instance name and certificates from k8s secrets > or/and configMap . To do that we need to change your current dscontainer > python script and read values from variables/files (ie : see /certs folder > in the container) > > Actually, I'd rather read these from environment variables so that docker > -e DM_PW=... works as a syntax without needing *another* config file. But > yes, the ability to set these from the environment is an open issue on the > project, and one I really want to look at. > > There is no root suffix by default, by design, so that you have to > configure one once the container is running. That's how the suffix is > handled. Additionally, the instance name is static, and there is actually > no benefit to allowing this to be configured, and would actually make > container building harder (there are symlinks in the slapd-localhost folder > of the docker image, so we assume the instance name). The instance name > really really does nothing but allow human seperation, and in our case, > docker is our seperation layer! > > Using certs and secrets from k8s would certainly be something the python > tool can work with, and would be good to have these able to do it. A better > idea may be to have dscontainer take a set of PEM files and then load them > to your certificate store on startup instead rather than the current method > of certificate handling. > > The python source is: > https://pagure.io/389-ds-base/blob/master/f/src/lib389/cli/dscontainer > > > > > Waiting for your wiki on lib386 python package. > > Great! I have just pushed an update to the git master dockerfile: > > https://pagure.io/389-ds-base/pull-request/50441 > > I have updated the OBS image at docker pull > registry.opensuse.org/home/firstyear/containers/389-ds-container:latest > however it appears to require some code changes from master, so this will > "start working" later, and we plan to start auto-building these images as > network:ldap is updated in SUSE. > > The wiki page is here, and I'm updating it today to include details about > the dscontainer tool. > > http://www.port389.org/docs/389ds/design/docker.html > > > > > > > Regards > > > > Le mer. 12 juin 2019 à 10:19, William Brown <wbr...@suse.de> a écrit : > > > > > > > On 12 Jun 2019, at 01:40, Olivier JUDITH <gnu...@gmail.com> wrote: > > > > > > Hi, > > > > > > Thank for the link , > > > i tried to run your image but the container fails after few seconds . > > > Seems that you forgot to create /var/run/dirsrv folder in Dockerfile . > > > > There are some other errors in it too which I have found :) > > > > > > > > the server crashes with : > > > DEBUG: DEBUG: starting with ['/usr/sbin/ns-slapd', '-D', > '/etc/dirsrv/slapd-localhost', '-i', '/var/run/dirsrv/slapd-localhost.pid'] > > > CRITICAL: Error: Failed to start DS, removing incomplete > installation... > > > Failed to connect to bus: No such file or directory > > > Failed to connect to bus: No such file or directory > > > Traceback (most recent call last): > > > File "/usr/lib/python3.6/site-packages/lib389/instance/setup.py", > line 654, in create_from_args > > > self._install_ds(general, slapd, backends) > > > File "/usr/lib/python3.6/site-packages/lib389/instance/setup.py", > line 862, in _install_ds > > > ds_instance.start(timeout=60) > > > File "/usr/lib/python3.6/site-packages/lib389/__init__.py", line > 1170, in start > > > raise ValueError('Failed to start DS') > > > ValueError: Failed to start DS > > > > > > It works fine now, > > > I start to write my k8s configuration . > > > > Fantastic - can you post to me what you are doing with k8s so I can > review? > > > > > If you can just remind me where i can find documentation on lib389 > used in your dscontainer python script ? > > > > There is not documentation today as it's designed for system > integrators, and it's still a bit work in progress - I'm actually planning > to work on it this week and I will resolve this issue and others ASAP. > > > > I can write something for the wiki this week to help :) > > > > > > > > > > Keep you informed > > > _______________________________________________ > > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > > To unsubscribe send an email to > 389-users-le...@lists.fedoraproject.org > > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > > > > — > > Sincerely, > > > > William Brown > > > > Senior Software Engineer, 389 Directory Server > > SUSE Labs > > _______________________________________________ > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > > <share.7z>_______________________________________________ > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >
share.tgz
Description: application/compressed-tar
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org