Go to Qiita Advent Calendar 2024 Top
LoginSignup
6
7

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@mykysyk@github

Ubuntu14.04 DockerfileでLDAP初期設定済Ubuntu14.04コンテナを作成

Last updated at Posted at 2014-10-06

##設定時のネットワーク環境

ネットワーク空間 192.168.0.0/24
ゲートウェイ 192.168.0.1
ホストOS 192.168.0.10
作業PC 192.168.0.2
ldapサーバー 192.168.0.11

##事前作業(環境構築)

  • ldapサーバーはこちらで構築済
  • CentOS5.10のKVM上にUbuntu14.04の仮想ホストを立てる → 構築済
  • KVM上の仮想ホストUbuntu14.04にdockerをインストール → apt-get install lxc-docker で構築済

##概要

  • Ubuntu14.04のDocker1.2.0上にUbuntu14.04のコンテナを作成する
  • 作成するUbuntu14.04のコンテナのイメージはDockerfileを用いて作成する
  • Ubuntu14.04のコンテナは下記条件を満たす
  1. monitでデーモン化させる
  2. ldapクライアント設定しssh接続可能な状態

##Dockerfileの作成

shell
vi Dockerfile
Dockerfile
#----------------------------------------------------------
# DockFile
#----------------------------------------------------------
FROM ubuntu:14.04
>
MAINTAINER mykysyk
>
ENV USER_NAME docker-user
ENV USER_PASSWORD docker-user-password
ENV MONIT_ALLOW_IP 192.168.0.0/24
ENV LDAP_SEREVER 192.168.0.11
ENV LDAP_BASE_DN dc=example,dc=com
>
RUN apt-get update
RUN apt-get -y upgrade
>
#----------------------------------------------------------
#--- SSH
#----------------------------------------------------------
RUN apt-get install -y sudo passwd openssh-server
RUN sed -ri 's/^#PermitRootLogin yes$/PermitRootLogin no/' /etc/ssh/sshd_config
>
#----------------------------------------------------------
#--- LOGIN USER
#----------------------------------------------------------
#--- SSH
RUN useradd $USER_NAME
RUN echo "$USER_NAME:$USER_PASSWORD" | chpasswd
RUN echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/$USER_NAME
#-- LDAP
RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq libnss-ldap libpam-ldap ldap-utils
ADD ldap-auth-config /etc/auth-client-config/profile.d/ldap-auth-config
RUN echo "base $LDAP_BASE_DN"                   > /etc/ldap.conf ;\
    echo "uri ldap://$LDAP_SEREVER/"           >> /etc/ldap.conf ;\
    echo "ldap_version 2"                      >> /etc/ldap.conf ;\
    echo "rootbinddn cn=manager,$LDAP_BASE_DN" >> /etc/ldap.conf ;\
    echo "pam_password md5"                    >> /etc/ldap.conf ;\
    echo "nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,list,lp,mail,man,news,proxy,root,sshd,sync,sys,syslog,uucp,www-data" >> /etc/ldap.conf
>
RUN /usr/sbin/auth-client-config -a -p lac_ldap
>
#----------------------------------------------------------
#--- MONIT ---
#----------------------------------------------------------
RUN apt-get install -y monit
RUN mkdir -p /var/monit/
#--- /etc/monit/monitrc
RUN cp -a /etc/monit/monitrc /etc/monit/monitrc.org
RUN echo 'set daemon  60'                       > /etc/monit/monitrc ;\
    echo '    with start delay 1'              >> /etc/monit/monitrc ;\
    echo 'set logfile /var/log/monit.log'      >> /etc/monit/monitrc ;\
    echo 'set idfile /var/lib/monit/id'        >> /etc/monit/monitrc ;\
    echo 'set statefile /var/lib/monit/state'  >> /etc/monit/monitrc ;\
    echo 'set eventqueue'                      >> /etc/monit/monitrc ;\
    echo '    basedir /var/lib/monit/events'   >> /etc/monit/monitrc ;\
    echo '    slots 100'                       >> /etc/monit/monitrc ;\
    echo 'set httpd port 2812 and'             >> /etc/monit/monitrc ;\
    echo '    allow localhost'                 >> /etc/monit/monitrc ;\
    echo "    allow $MONIT_ALLOW_IP"           >> /etc/monit/monitrc ;\
    echo "    allow $USER_NAME:$USER_PASSWORD" >> /etc/monit/monitrc ;\
    echo 'include /etc/monit/conf.d/*.rc'      >> /etc/monit/monitrc
>
#---/etc/monit.d/services.rc
RUN echo 'check process sshd with pidfile /var/run/sshd.pid'  > /etc/monit/conf.d/services.rc ;\
    echo '    start program = "/usr/sbin/service ssh start"' >> /etc/monit/conf.d/services.rc ;\
    echo '    stop  program = "/usr/sbin/service ssh stop"'  >> /etc/monit/conf.d/services.rc
>
#----------------------------------------------------------
#--- START SERVICE ---
#----------------------------------------------------------
EXPOSE 22 2812
CMD /usr/bin/monit -I
shell
vi ldap-auth-config
ldap-auth-config
[lac_ldap]
nss_passwd=passwd: files ldap
nss_group=group: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: nis
>
pam_account=
    account  [success=2  new_authtok_reqd=done default=ignore] pam_unix.so
    account  [success=1  default=ignore] pam_ldap.so
    account  requisite   pam_deny.so
    account  required    pam_permit.so
pam_auth=
    auth     [success=2 default=ignore] pam_unix.so nullok_secure
    auth     [success=1 default=ignore] pam_ldap.so use_first_pass
    auth     requisite   pam_deny.so
    auth     required    pam_permit.so
    auth     optional    pam_cap.so
pam_password=
    password [success=2 default=ignore] pam_unix.so obscure sha512
    password [success=1  user_unknown=ignore default=die] pam_ldap.so try_first_pass
    password requisite   pam_deny.so
    password required    pam_permit.so
pam_session=
    session  [default=1] pam_permit.so
    session  requisite   pam_deny.so
    session  required    pam_permit.so
    session  optional    pam_umask.so
    session  required    pam_unix.so
    session  optional    pam_ldap.so
    session  optional    pam_mkhomedir.so skel=/etc/skel umask=077

コンテナイメージを作成

↑でつくったDockerfileと同じ階層で実行

shell
docker build --no-cache --rm -t ubuntu1404:test .
6
7
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
6
7

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?