-
Notifications
You must be signed in to change notification settings - Fork 148
Deploying DS on Podman
Endi S. Dewata edited this page Apr 18, 2023
·
2 revisions
This page describes the process to prepare a containerized DS instance for PKI server. The container image is available at quay.io/389ds/dirsrv.
Create a network for the container, for example:
$ podman network create example
Alternatively, use an existing network.
$ podman volume create ds-data
Run the container with the following command:
$ podman run \
--name=ds \
--hostname=ds.example.com \
--network=example \
--network-alias=ds.example.com \
-v ds-data:/data \
-e DS_DM_PASSWORD=Secret.123 \
-p 3389:3389 \
-p 3636:3636 \
-d \
quay.io/389ds/dirsrv
Wait until the container is started:
$ podman logs -f ds
$ podman exec ds dsconf localhost backend create \
--suffix dc=example,dc=com \
--be-name userRoot
$ podman exec -i ds ldapadd \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-x << EOF
dn: dc=example,dc=com
objectClass: domain
dc: example
dn: dc=pki,dc=example,dc=com
objectClass: domain
dc: pki
EOF
$ podman exec ds ldapsearch \
-H ldap://ds.example.com:3389 \
-D "cn=Directory Manager" \
-w Secret.123 \
-x \
-b "dc=example,dc=com"
To install SSL certificate, copy the server certificate, server key, and CA certificate as follows:
$ podman exec ds mkdir -p /data/tls/ca $ podman cp ca.crt ds:/data/tls/ca $ podman cp server.crt ds:/data/tls $ podman cp server.key ds:/data/tls
If the DS container is no longer needed, it can be removed with the following commands:
$ podman rm -f ds $ podman volume rm ds-data $ podman network rm example
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |