From fe9f7c872c1eee41e81673754b9eea2a7d5f59c1 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 25 Jun 2019 15:43:25 +0300
Subject: [PATCH] Improvements to the ldap-account-manager Docker image.
- Use a patch to change the configuration files (instead of fiddling
with sed).
- Don't log the healthcheck requests.
---
docker-compose.yml | 71 ++++++++++++++++-----------------
ldap-account-manager/Dockerfile | 13 ++++--
ldap-account-manager/patch.diff | 28 +++++++++++++
3 files changed, 71 insertions(+), 41 deletions(-)
create mode 100644 ldap-account-manager/patch.diff
diff --git a/docker-compose.yml b/docker-compose.yml
index fbce152..855a240 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,46 +1,43 @@
+# vim:ff=unix:ts=2:sw=2:ai:expandtab
---
version: '3.5'
services:
- slapd:
- build:
- context: slapd/
- volumes:
- - _run_ldap:/run/slapd
- - ldap:/var/lib/ldap
- environment:
- LDAP_ROOTPASS: foo
- LDAP_DOMAIN: nowhere.com
- LDAP_ORGANIZATION: none
- networks: &networks
- - shore
+ slapd:
+ build:
+ context: slapd/
+ volumes:
+ - _run_ldap:/run/slapd
+ - ldap:/var/lib/ldap
+ environment:
+ LDAP_ROOTPASS: foo
+ LDAP_DOMAIN: nowhere.com
+ LDAP_ORGANIZATION: none
- nss-pam-ldapd:
- build:
- context: nss-pam-ldapd/
- command: /usr/sbin/nslcd --debug --nofork
- environment:
- LDAP_BASE_DN: 'dc=nowhere,dc=com'
- volumes:
- - _run_ldap:/run/slapd
- networks: *networks
+ nss-pam-ldapd:
+ build:
+ context: nss-pam-ldapd/
+ command: /usr/sbin/nslcd --debug --nofork
+ environment:
+ LDAP_BASE_DN: 'dc=nowhere,dc=com'
+ volumes:
+ - _run_ldap:/run/slapd
- ldap-account-manager:
- build:
- context: ldap-account-manager/
- links:
- - slapd
- volumes:
- - _run_ldap:/run/slapd
- - ldap-account-manager:/var/lib/ldap-account-manager
- ports:
- - 80:80
- networks: *networks
+ ldap-account-manager:
+ build:
+ context: ldap-account-manager/
+ links:
+ - slapd
+ volumes:
+ - _run_ldap:/run/slapd
+ - ldap-account-manager:/var/lib/ldap-account-manager
+ ports:
+ - 80:80
volumes:
- _run_ldap:
- ldap:
- ldap-account-manager:
+ _run_ldap:
+ ldap:
+ ldap-account-manager:
networks:
- shore:
- name: shore
+ default:
+ name: shore
diff --git a/ldap-account-manager/Dockerfile b/ldap-account-manager/Dockerfile
index 0f5efd6..3217dfd 100644
--- a/ldap-account-manager/Dockerfile
+++ b/ldap-account-manager/Dockerfile
@@ -1,27 +1,32 @@
FROM debian:sid-slim
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+ ca-certificates \
ldap-account-manager\
+ patch \
wget \
&& \
+ chmod 755 /var/log/apache2 && \
ln -sf /dev/stdout /var/log/apache2/access.log && \
ln -sf /dev/stderr /var/log/apache2/error.log && \
ln -sf /dev/stdout /var/log/apache2/lam.log && \
+ ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log && \
mv /etc/ldap-account-manager/config.cfg /var/lib/ldap-account-manager/config/config.cfg && \
ln -sf /var/lib/ldap-account-manager/config/config.cfg /etc/ldap-account-manager/config.cfg && \
mv /var/lib/ldap-account-manager /var/lib/ldap-account-manager.orig && \
mkdir -m 755 /var/lib/ldap-account-manager && \
- sed -i 's@SYSLOG@/var/log/apache2/lam.log@' /var/lib/ldap-account-manager.orig/config/config.cfg && \
- sed -i '/<\/VirtualHost>/i RedirectMatch permanent "^/$" "/lam"' /etc/apache2/sites-enabled/000-default.conf && \
rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
-COPY --chown=root:root entrypoint /entrypoint
ENV APACHE_RUN_DIR=/run/apache2 \
APACHE_LOG_DIR=/var/log/apache2 \
APACHE_RUN_USER=www-data \
APACHE_RUN_GROUP=www-data \
APACHE_PID_FILE=/run/apache2/apache2.pid
+COPY --chown=root:root patch.diff /root/
+COPY --chown=root:root entrypoint /entrypoint
+RUN patch --strip 0 --verbose --directory / --input /root/patch.diff && \
+ apache2 -t
EXPOSE 80
VOLUME /var/lib/ldap-account-manager
ENTRYPOINT [ "/entrypoint" ]
CMD [ "apache2", "-DFOREGROUND" ]
-HEALTHCHECK CMD wget --spider --quiet http://localhost/lam || exit 1
+HEALTHCHECK CMD wget --spider --quiet http://localhost/lam/ --user-agent 'Healthcheck' || exit 1
diff --git a/ldap-account-manager/patch.diff b/ldap-account-manager/patch.diff
new file mode 100644
index 0000000..6b47723
--- /dev/null
+++ b/ldap-account-manager/patch.diff
@@ -0,0 +1,28 @@
+--- /var/lib/ldap-account-manager.orig/config/config.cfg 2019-03-25 18:21:36.000000000 +0200
++++ /var/lib/ldap-account-manager.orig/config/config.cfg 2019-06-25 14:18:51.906120546 +0300
+@@ -9,4 +9,4 @@
+ logLevel: 4
+
+ # log destination
+-logDestination: SYSLOG
++logDestination: /var/log/apache2/lam.log
+--- /etc/apache2/sites-available/000-default.conf 2018-11-03 13:34:33.000000000 +0200
++++ /etc/apache2/sites-available/000-default.conf 2019-06-25 14:55:43.956626591 +0300
+@@ -18,7 +18,7 @@
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+- CustomLog ${APACHE_LOG_DIR}/access.log combined
++ CustomLog ${APACHE_LOG_DIR}/access.log combined expr=!(%{REMOTE_HOST}=='127.0.0.1'&&%{HTTP_USER_AGENT}=='Healthcheck')
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+@@ -26,6 +26,8 @@
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
++
++ RedirectMatch permanent "^/$" "/lam"
+ </VirtualHost>
+
+ # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--
GitLab