Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
Help us understand the problem. What is going on with this article?

Ubuntu14.04 DockerfileでLDAP初期設定済Ubuntu14.04コンテナを作成

More than 5 years have passed since last update.

設定時のネットワーク環境

ネットワーク空間 192.168.0.0/24
ゲートウェイ 192.168.0.1
ホストOS 192.168.0.10
作業PC 192.168.0.2
ldapサーバー 192.168.0.11

事前作業(環境構築)

  • ldapサーバーはこちらで構築済
  • CentOS5.10のKVM上にUbuntu14.04の仮想ホストを立てる → 構築済
  • KVM上の仮想ホストUbuntu14.04にdockerをインストール → apt-get install lxc-docker で構築済

概要

  • Ubuntu14.04のDocker1.2.0上にUbuntu14.04のコンテナを作成する
  • 作成するUbuntu14.04のコンテナのイメージはDockerfileを用いて作成する
  • Ubuntu14.04のコンテナは下記条件を満たす
  1. monitでデーモン化させる
  2. ldapクライアント設定しssh接続可能な状態

Dockerfileの作成

shell
vi Dockerfile
Dockerfile
#----------------------------------------------------------
# DockFile
#----------------------------------------------------------
FROM ubuntu:14.04

MAINTAINER mykysyk

ENV USER_NAME docker-user
ENV USER_PASSWORD docker-user-password
ENV MONIT_ALLOW_IP 192.168.0.0/24
ENV LDAP_SEREVER 192.168.0.11
ENV LDAP_BASE_DN dc=example,dc=com

RUN apt-get update
RUN apt-get -y upgrade

#----------------------------------------------------------
#--- SSH
#----------------------------------------------------------
RUN apt-get install -y sudo passwd openssh-server
RUN sed -ri 's/^#PermitRootLogin yes$/PermitRootLogin no/' /etc/ssh/sshd_config

#----------------------------------------------------------
#--- LOGIN USER
#----------------------------------------------------------
#--- SSH
RUN useradd $USER_NAME
RUN echo "$USER_NAME:$USER_PASSWORD" | chpasswd
RUN echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/$USER_NAME
#-- LDAP
RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq libnss-ldap libpam-ldap ldap-utils
ADD ldap-auth-config /etc/auth-client-config/profile.d/ldap-auth-config
RUN echo "base $LDAP_BASE_DN"                   > /etc/ldap.conf ;\
    echo "uri ldap://$LDAP_SEREVER/"           >> /etc/ldap.conf ;\
    echo "ldap_version 2"                      >> /etc/ldap.conf ;\
    echo "rootbinddn cn=manager,$LDAP_BASE_DN" >> /etc/ldap.conf ;\
    echo "pam_password md5"                    >> /etc/ldap.conf ;\
    echo "nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,list,lp,mail,man,news,proxy,root,sshd,sync,sys,syslog,uucp,www-data" >> /etc/ldap.conf

RUN /usr/sbin/auth-client-config -a -p lac_ldap

#----------------------------------------------------------
#--- MONIT ---
#----------------------------------------------------------
RUN apt-get install -y monit
RUN mkdir -p /var/monit/
#--- /etc/monit/monitrc
RUN cp -a /etc/monit/monitrc /etc/monit/monitrc.org
RUN echo 'set daemon  60'                       > /etc/monit/monitrc ;\
    echo '    with start delay 1'              >> /etc/monit/monitrc ;\
    echo 'set logfile /var/log/monit.log'      >> /etc/monit/monitrc ;\
    echo 'set idfile /var/lib/monit/id'        >> /etc/monit/monitrc ;\
    echo 'set statefile /var/lib/monit/state'  >> /etc/monit/monitrc ;\
    echo 'set eventqueue'                      >> /etc/monit/monitrc ;\
    echo '    basedir /var/lib/monit/events'   >> /etc/monit/monitrc ;\
    echo '    slots 100'                       >> /etc/monit/monitrc ;\
    echo 'set httpd port 2812 and'             >> /etc/monit/monitrc ;\
    echo '    allow localhost'                 >> /etc/monit/monitrc ;\
    echo "    allow $MONIT_ALLOW_IP"           >> /etc/monit/monitrc ;\
    echo "    allow $USER_NAME:$USER_PASSWORD" >> /etc/monit/monitrc ;\
    echo 'include /etc/monit/conf.d/*.rc'      >> /etc/monit/monitrc

#---/etc/monit.d/services.rc
RUN echo 'check process sshd with pidfile /var/run/sshd.pid'  > /etc/monit/conf.d/services.rc ;\
    echo '    start program = "/usr/sbin/service ssh start"' >> /etc/monit/conf.d/services.rc ;\
    echo '    stop  program = "/usr/sbin/service ssh stop"'  >> /etc/monit/conf.d/services.rc

#----------------------------------------------------------
#--- START SERVICE ---
#----------------------------------------------------------
EXPOSE 22 2812
CMD /usr/bin/monit -I
shell
vi ldap-auth-config
ldap-auth-config
[lac_ldap]
nss_passwd=passwd: files ldap
nss_group=group: files ldap
nss_shadow=shadow: files ldap
nss_netgroup=netgroup: nis

pam_account=
    account  [success=2  new_authtok_reqd=done default=ignore] pam_unix.so
    account  [success=1  default=ignore] pam_ldap.so
    account  requisite   pam_deny.so
    account  required    pam_permit.so
pam_auth=
    auth     [success=2 default=ignore] pam_unix.so nullok_secure
    auth     [success=1 default=ignore] pam_ldap.so use_first_pass
    auth     requisite   pam_deny.so
    auth     required    pam_permit.so
    auth     optional    pam_cap.so
pam_password=
    password [success=2 default=ignore] pam_unix.so obscure sha512
    password [success=1  user_unknown=ignore default=die] pam_ldap.so try_first_pass
    password requisite   pam_deny.so
    password required    pam_permit.so
pam_session=
    session  [default=1] pam_permit.so
    session  requisite   pam_deny.so
    session  required    pam_permit.so
    session  optional    pam_umask.so
    session  required    pam_unix.so
    session  optional    pam_ldap.so
    session  optional    pam_mkhomedir.so skel=/etc/skel umask=077

コンテナイメージを作成

↑でつくったDockerfileと同じ階層で実行

shell
docker build --no-cache --rm -t ubuntu1404:test .
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away