diff --git a/Dockerfile b/Dockerfile index bfb67cb..6652cda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,4 +31,4 @@ RUN \ ADD init.sh /init.sh ADD domain.sh /domain.sh RUN chmod 755 /init.sh /domain.sh -CMD /init.sh +CMD [ "/init.sh" ] diff --git a/README.md b/README.md index 746cfb8..db134ed 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ A well documented, tried and tested Samba Active Directory Domain Controller tha * `INSECURELDAP` defaults to `false`. When set to true, it removes the secure LDAP requirement. While this is not recommended for production it is required for some LDAP tools. You can remove it later from the smb.conf file stored in the config directory. * `MULTISITE` defaults to `false` and tells the container to connect to an OpenVPN site via an ovpn file with no password. For instance, if you have two locations where you run your domain controllers, they need to be able to interact. The VPN allows them to do that. * `NOCOMPLEXITY` defaults to `false`. When set to `true` it removes password complexity requirements including `complexity, history-length, min-pwd-age, max-pwd-age` +* `LOGLEVEL` can be set to a numeric value (1-10) to override the log level configuration in smb.conf. ## Volumes for quick start * `/etc/localtime:/etc/localtime:ro` - Sets the timezone to match the host diff --git a/arm.Dockerfile b/arm.Dockerfile index 26fdf5b..0a5610e 100644 --- a/arm.Dockerfile +++ b/arm.Dockerfile @@ -28,4 +28,4 @@ RUN \ ADD init.sh /init.sh ADD domain.sh /domain.sh RUN chmod 755 /init.sh /domain.sh -CMD /init.sh setup +CMD [ "/init.sh" ] diff --git a/init.sh b/init.sh index 7425dbd..1889656 100755 --- a/init.sh +++ b/init.sh @@ -16,7 +16,8 @@ appSetup () { INSECURELDAP=${INSECURELDAP:-false} DNSFORWARDER=${DNSFORWARDER:-NONE} HOSTIP=${HOSTIP:-NONE} - DOMAIN_DC=${DOMAIN_DC:-${DOMAIN_DC}} + DOMAIN_DC=${DOMAIN_DC:-"dc=${DOMAIN//./,dc=}"} + LOGLEVEL=${LOGLEVEL:-DEFAULT} LDOMAIN=${DOMAIN,,} UDOMAIN=${DOMAIN^^} @@ -37,6 +38,13 @@ appSetup () { HOSTIP_OPTION="" fi + # Set log level override option + if [[ "$LOGLEVEL" != "DEFAULT" && $LOGLEVEL =~ ^[0-9]+$ ]]; then + LOGLEVEL="--debuglevel=${LOGLEVEL}" + else + LOGLEVEL="" + fi + # Set up samba mv /etc/krb5.conf /etc/krb5.conf.orig echo "[libdefaults]" > /etc/krb5.conf @@ -106,7 +114,7 @@ appSetup () { echo "logfile_maxbytes = 0" >> ${SUP_CONF} echo "loglevel = info" >> ${SUP_CONF} addSupProg "ntpd" "/usr/sbin/ntpd -c /etc/ntpd.conf -n" - addSupProg "samba" "/usr/sbin/samba -i" + addSupProg "samba" "/usr/sbin/samba --interactive --debug-stdout ${LOGLEVEL}" if [[ ${MULTISITE,,} == "true" ]]; then if [[ -n $VPNPID ]]; then kill $VPNPID @@ -178,22 +186,30 @@ schemaIDGUID:: +8nFQ43rpkWTOgbCCcSkqA==" > /tmp/Sshpubkey.class.ldif ldbadd -H /var/lib/samba/private/sam.ldb /var/lib/samba/private/sam.ldb /tmp/Sshpubkey.class.ldif --option="dsdb:schema update allowed"=true } +appPostSetup () { + echo "Checking on Domain Users of gid 3000000 and setting up sshPublicKey" + fixDomainUsersGroup + setupSSH +} + appStart () { - /usr/bin/supervisord -c ${SUP_CONF} > /var/log/supervisor/supervisor.log 2>&1 & - if [ "${1}" = "true" ]; then - echo "Sleeping 10 before checking on Domain Users of gid 3000000 and setting up sshPublicKey" - sleep 10 - fixDomainUsersGroup - setupSSH + if [[ "${1}" == "true" ]]; then + ( sleep 15 ; appPostSetup ) & fi - while [ ! -f /var/log/supervisor/supervisor.log ]; do - echo "Waiting for log files..." - sleep 1 - done - sleep 3 - tail -F /var/log/supervisor/*.log + exec /usr/bin/supervisord -c ${SUP_CONF} +} + +appStop () { + PIDS=$(jobs -p) + echo "" ; echo "Stopping ($PIDS)..." ; echo "" + [[ -n ${PIDS} ]] && kill ${PIDS} } -appSetup +# Listen for stop signals +trap appStop TERM INT + +# Setup & start +appSetup & -exit 0 +# Waiting on procs +wait