How to load LDAP docker container data on startup

Asked 17/9, 2015 at 6:1 Answered 26/9, 2015 at 9:21

I want to have a LDAP server on a docker container, I already used dinkel/openldap, osixia/openldap and muzili/ldap docker images and so far connection and first configuration is ok.

My problem is: although I mounted container's /var/lib/ldap & /etc/ldap, there is always a backup needed before stoping, killing or removing(safe removing, docker rm without -v) the ldap container or there would be data loss. And it doesn't seem to go through all config files because it also need a data import at start.

I think I may going through some problem with docker container and their volume mounting but every else container mounting is a success and it only seem to have a problem with ldap containers.

Is there any solution to make it work?(config at startup by reading from mounted folders and not losing data?)

Velites answered 17/9, 2015 at 6:1 Comment(0)

you can start another container to backup the folders first.

Suppose the ldap container named ldap, it has two volumes: /var/lib/ldap & /etc/ldap, with below command, you can backup them easily.

docker run --volumes-from ldap -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar  /var/lib/ldap  /etc/ldap

If you need input some config when run a new container, think to update Dockerfile with `ONBUILD` command, such as:

ONBUILD cp . /etc/ldap
ONBUILD COMMAND you'd like to run

With above code, your image can be stay as same (no re-build required), but when you start up the container, it will input the setting to /etc/ldap when start the container, and get some commands run after that.

Refer:

Managing data in containers

Dockerfile reference

Atheling answered 17/9, 2015 at 8:13 Comment(0)

(Solved!)
To clear the solution:
Like answered by BMW ldap container has 2 volumes, which was removed when mounted to empty folder in mounting section of ansible role docker module.
So I first run a non-mounted ldap container and backup it's volumes as suggested by BMW. Then kill and remove it and run a whole new container on backed up data. Then for user data configuration I run another ldap container(from same image) which only has to register users' data from a config file.

Final Ansible role code:

- name: run temporary ldap container
  docker:
    image: muzili/ldap
    name: temporary-ldap
    hostname: temporary-ldap
    state: restarted
    ports: 389:389
    env:
      SLAPD_PASSWORD: ******
      SLAPD_DOMAIN: dev.domain.com
- name: ldap data copy container
  docker:
    image: ubuntu
    name: backup_agent
    state: started
    volumes:
    - /backup
    volumes_from:
    - temporary-ldap
    command: tar cvf /backup/backup.tar  /var/lib/ldap  /etc/ldap
- name: copy compressed data from backup_agent
  command: /usr/bin/docker cp backup_agent:/backup/backup.tar "{{base_dir}}/ldap/import"
- name: extract ldap configuration data
  unarchive:
    copy: "no"
    src: "{{base_dir}}/ldap/import/backup.tar"
    dest: "{{base_dir}}/ldap"
- name: kill temporary ldap container
  docker:
    image: muzili/ldap
    name: temporary-ldap
    state: absent
- name: run main ldap container
  docker:
    image: muzili/ldap
    name: ldap-server
    hostname: ldap-server
    state: running
    ports: 389:389
    env:
      SLAPD_PASSWORD: ******
      SLAPD_DOMAIN: dev.domain.com
    volumes:
    - "{{base_dir}}/ldap/etc/ldap:/etc/ldap"
    - "{{base_dir}}/ldap/var/lib/ldap:/var/lib/ldap"
- name: wait for container to start
  wait_for:
    port: 389
    delay: 5
- name: copy ldap data configuration file
  copy:
    src: conf/
    dest: "{{base_dir}}/ldap/import/conf"
- name: run ldap-importer container
  docker:
    image: muzili/ldap
    name: ldap-importer
    hostname: ldap-importer
    state: started
    volumes:
    - "{{base_dir}}/ldap/import/conf:/etc/ldap/conf"
    command: "ldapadd -h ldap-server -c -x -D \"cn=admin,dc=dev,dc=domain,dc=com\" -w ****** -f /etc/ldap/conf/data.ldif"
    links:
    - "ldap-server"

Velites answered 26/9, 2015 at 9:21 Comment(1)

Good news. The Ansible solution looks fantastic. – Atheling 27/9, 2015 at 1:56

you can start another container to backup the folders first.

Suppose the ldap container named ldap, it has two volumes: /var/lib/ldap & /etc/ldap, with below command, you can backup them easily.

docker run --volumes-from ldap -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar  /var/lib/ldap  /etc/ldap

If you need input some config when run a new container, think to update Dockerfile with `ONBUILD` command, such as:

ONBUILD cp . /etc/ldap
ONBUILD COMMAND you'd like to run

Refer:

Managing data in containers

Dockerfile reference

Atheling answered 17/9, 2015 at 8:13 Comment(0)

you can start another container to backup the folders first.

If you need input some config when run a new container, think to update Dockerfile with `ONBUILD` command, such as:

you can start another container to backup the folders first.

If you need input some config when run a new container, think to update Dockerfile with `ONBUILD` command, such as:

Recommended topics

Hot tags

you can start another container to backup the folders first.

If you need input some config when run a new container, think to update Dockerfile with ONBUILD command, such as:

you can start another container to backup the folders first.

If you need input some config when run a new container, think to update Dockerfile with ONBUILD command, such as:

Recommended topics

Hot tags

If you need input some config when run a new container, think to update Dockerfile with `ONBUILD` command, such as:

If you need input some config when run a new container, think to update Dockerfile with `ONBUILD` command, such as: