mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Revert to opensuse based radius container. (#1878)

Browse source
This commit is contained in:
Firstyear 2023-07-19 11:41:57 +10:00 committed by GitHub
parent e5748fdebb
commit 4f3f7e2708
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 36 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
rlm_python/Dockerfile
View file

@ -1,22 +1,38 @@
FROM freeradius/freeradius-server:latest ARG BASE_IMAGE=opensuse/tumbleweed:latest
EXPOSE 1812 1813 FROM ${BASE_IMAGE} AS repos
ARG RADIUS_USER=freerad RUN \
ARG TZ=Etc/UTC --mount=type=cache,id=zypp,target=/var/cache/zypp \
ENV TZ=$TZ zypper mr -k repo-oss; \
# These all need to be on one line else the cache ends up in the layers. zypper mr -k repo-non-oss; \
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone zypper mr -k repo-update; \
zypper ref --force; \
zypper -v dup -y
RUN apt-get update && apt-get install -y \ # ======================
freeradius-utils \ FROM repos
EXPOSE 1812 1813
ARG RADIUS_USER=radiusd
RUN \
--mount=type=cache,id=zypp,target=/var/cache/zypp \
zypper install -y \
freeradius-client \
freeradius-server \
freeradius-server-python3 \
freeradius-server-utils \
hostname \ hostname \
python3 \ python3 \
python3-devel \
python3-pip \ python3-pip \
python-is-python3 \ timezone \
tzdata \
iproute2 \ iproute2 \
iputils-ping iputils-tracepath \ iputils \
openssl \ openssl \
curl && apt-get clean curl
# Don't put in the TZ at build time - it needs to be bind mounted at runtime
# else we are forcing things on people.
# RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
ADD rlm_python/mods-available/ /etc/raddb/mods-available/ ADD rlm_python/mods-available/ /etc/raddb/mods-available/
COPY rlm_python/sites-available/ /etc/raddb/sites-available/ COPY rlm_python/sites-available/ /etc/raddb/sites-available/
@ -29,9 +45,8 @@ RUN ln -s /etc/raddb/mods-available/python3 /etc/raddb/mods-enabled/python3 && \
ln -s /etc/raddb/sites-available/check-eap-tls /etc/raddb/sites-enabled/check-eap-tls ln -s /etc/raddb/sites-available/check-eap-tls /etc/raddb/sites-enabled/check-eap-tls
# disable auth via methods we don't support! # disable auth via methods we don't support!
# RUN rm /etc/raddb/mods-available/sql && \ RUN rm /etc/raddb/mods-available/sql && \
# rm /etc/raddb/mods-enabled/{passwd,totp} rm /etc/raddb/mods-enabled/{passwd,totp}
# Allows the radiusd user to write to the directory # Allows the radiusd user to write to the directory
RUN chown -R $RADIUS_USER. /etc/raddb/ && \ RUN chown -R $RADIUS_USER. /etc/raddb/ && \
@ -42,8 +57,7 @@ RUN mkdir -p /pkg/pykanidm/
COPY pykanidm/ /pkg/pykanidm/ COPY pykanidm/ /pkg/pykanidm/
# install the package and its dependencies # install the package and its dependencies
RUN python3 -m pip install --no-cache-dir --no-warn-script-location /pkg/pykanidm && \ RUN python3 -m pip install --no-cache-dir --no-warn-script-location /pkg/pykanidm
rm -rf /pkg/*
COPY rlm_python/radius_entrypoint.py /radius_entrypoint.py COPY rlm_python/radius_entrypoint.py /radius_entrypoint.py

3
server/Dockerfile
View file

@ -6,7 +6,8 @@ RUN \
zypper mr -k repo-oss; \ zypper mr -k repo-oss; \
zypper mr -k repo-non-oss; \ zypper mr -k repo-non-oss; \
zypper mr -k repo-update; \ zypper mr -k repo-update; \
zypper dup -y zypper ref --force ; \
zypper -v dup -y
# ====================== # ======================
FROM repos AS builder FROM repos AS builder

3
tools/Dockerfile
View file

@ -6,7 +6,8 @@ RUN \
zypper mr -k repo-oss; \ zypper mr -k repo-oss; \
zypper mr -k repo-non-oss; \ zypper mr -k repo-non-oss; \
zypper mr -k repo-update; \ zypper mr -k repo-update; \
zypper dup -y zypper ref --force; \
zypper -v dup -y
FROM repos AS builder FROM repos AS builder
ARG KANIDM_FEATURES ARG KANIDM_FEATURES