How to load LDAP docker container data on startup
(Solved!)
To clear the solution:
Like answered by BMW ldap container has 2 volumes, which was removed when mounted to empty folder in mounting section of ansible role docker module.
So I first run a non-mounted ldap container and backup it's volumes as suggested by BMW. Then kill and remove it and run a whole new container on backed up data. Then for user data configuration I run another ldap container(from same image) which only has to register users' data from a config file.
Final Ansible role code:
- name: run temporary ldap container
docker:
image: muzili/ldap
name: temporary-ldap
hostname: temporary-ldap
state: restarted
ports: 389:389
env:
SLAPD_PASSWORD: ******
SLAPD_DOMAIN: dev.domain.com
- name: ldap data copy container
docker:
image: ubuntu
name: backup_agent
state: started
volumes:
- /backup
volumes_from:
- temporary-ldap
command: tar cvf /backup/backup.tar /var/lib/ldap /etc/ldap
- name: copy compressed data from backup_agent
command: /usr/bin/docker cp backup_agent:/backup/backup.tar "{{base_dir}}/ldap/import"
- name: extract ldap configuration data
unarchive:
copy: "no"
src: "{{base_dir}}/ldap/import/backup.tar"
dest: "{{base_dir}}/ldap"
- name: kill temporary ldap container
docker:
image: muzili/ldap
name: temporary-ldap
state: absent
- name: run main ldap container
docker:
image: muzili/ldap
name: ldap-server
hostname: ldap-server
state: running
ports: 389:389
env:
SLAPD_PASSWORD: ******
SLAPD_DOMAIN: dev.domain.com
volumes:
- "{{base_dir}}/ldap/etc/ldap:/etc/ldap"
- "{{base_dir}}/ldap/var/lib/ldap:/var/lib/ldap"
- name: wait for container to start
wait_for:
port: 389
delay: 5
- name: copy ldap data configuration file
copy:
src: conf/
dest: "{{base_dir}}/ldap/import/conf"
- name: run ldap-importer container
docker:
image: muzili/ldap
name: ldap-importer
hostname: ldap-importer
state: started
volumes:
- "{{base_dir}}/ldap/import/conf:/etc/ldap/conf"
command: "ldapadd -h ldap-server -c -x -D \"cn=admin,dc=dev,dc=domain,dc=com\" -w ****** -f /etc/ldap/conf/data.ldif"
links:
- "ldap-server"
you can start another container to backup the folders first.
Suppose the ldap container named ldap
, it has two volumes: /var/lib/ldap & /etc/ldap
, with below command, you can backup them easily.
docker run --volumes-from ldap -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /var/lib/ldap /etc/ldap
If you need input some config when run a new container, think to update Dockerfile with ONBUILD
command, such as:
ONBUILD cp . /etc/ldap
ONBUILD COMMAND you'd like to run
With above code, your image can be stay as same (no re-build required), but when you start up the container, it will input the setting to /etc/ldap when start the container, and get some commands run after that.
Refer:
Managing data in containers
Dockerfile reference