Hey there
As I’m new to Docker and want to try out Univention on a public Kubernetes-Cloud, could someone share a .yml -file which is compatible with https://hub.docker.com/r/univention/ucs-master-amd64?
UCS is a little unusual as a Docker container, because it’s by design more of a full fledged VM than a throw-away container. It boots into a state where packages are installed, but the domain has not been joined - an uninitialized (and thus not yet useful) state.
The setup is usually interactive, but can be automated. In any case - it takes a lot of time. (There seems to be a problem with the bind service that I haven’t figured out yet, so it takes 45min for me.)
At the end of the setup you’ll have a updated and joined UCS master, that can be used like a VM. Only then will you want to use it. So you’ll have to wait for it. I wrote a little Dockerfile plus a service to achieve my goal (update the system, install a software, run it, write the result to a volume and shutdown).
Here is the Dockerfile:
FROM univention/ucs-master-amd64:latest
COPY ucs_* /tmp/
RUN mv -v /tmp/ucs_profile /var/cache/univention-system-setup/profile && \
mv -v /tmp/ucs_join.sh /usr/local/sbin/ucs_join.sh && \
mv -v /tmp/ucs_join.service /etc/systemd/system/ucs_join.service && \
chmod -v 755 /usr/local/sbin/ucs_join.sh && \
systemctl enable ucs_join.service
This is ucs_profile:
windows/domain="UCS"
ssl/locality="DE"
locale/default="de_DE.UTF-8:UTF-8"
server/role="domaincontroller_master"
locale="de_DE.UTF-8:UTF-8 en_US.UTF-8:UTF-8"
hostname="master"
ssl/state="DE"
ssl/organization="Uni Test GmbH"
ad/member="False"
domainname="ucs.intranet"
update/system/after/setup="True"
components=""
organization="Uni Test GmbH"
timezone="Europe/Berlin"
ssl/email="ssl@ucs.intranet"
ldap/base="dc=ucs,dc=intranet"
ssl/organizationalunit="Univention Corporate Server"
root_password="univention"
This is ucs_join.service:
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/ucs_join.sh
[Install]
WantedBy=multi-user.target
This is ucs_join.sh:
#!/bin/bash
exec > /var/log/univention/ucs_join.log
exec 2>&1
set +e
set +x
if [ -e /var/www/startup_done ]; then
exit 0
fi
# works for me, but might be different for you:
ucr set nameserver1="$(/sbin/ip route | awk '/default/ { print $3 }')"
# update to "testing"...
# join system
/usr/lib/univention-system-setup/scripts/setup-join.sh
ucr set apache2/startsite='univention/'
for srv in univention-management-console-server univention-management-console-web-server apache2
do
service "$srv" restart
done
# do my stuff...
touch /var/www/startup_done
shutdown
This works for me on a private project (not production-level tested).
I use this in combination with a docker-compose.yml where another container waits for the UCS container to bring up a service and then does its thing (that’s why the status file is in /var/www):
command: sh -c 'while ! wget -q http://ucs/startup_done -O /dev/null &> /dev/null; do echo "`date` zzz..."; sleep 30; done && echo "UCS finished starting." && do-my-thing
I hope you can collect the bits you require from here to get your project going.
If you figure out how to get the bind service to setup quickly, please report it here.
4 Likes
Thank you for sharing troeder!
Are there any plans for future to offer production ready images?
Kind regards
pate
There is work being done to move (more and more) parts of UCS into containers and in the end have no base system “on metal” left. The target env is Kubernetes. But it is a long term project, I have no estimate.
Greetings
Daniel
1 Like
Hello Troeder
Can you help with the setup as I have been stuck with the LDAP? I have created and deleted multiple instances to keep going. Just failed it 