search

dchidell / docker-tacacs

Basic lightweight tacacs+ container for testing Cisco devices
11 stars 4 forks source link

Perl is missing from the image. #1

Open gillham opened 3 years ago

gillham commented 3 years ago

The Dockerfile installs perl in the build image, but does not install it in the base image. It does add some perl modules, but those don't seem to pull in perl via dependency. As a result the container doesn't work with mavis. With a mavis ldap configuration added that depends on a perl script:

mavis module = external {
    setenv LDAP_SERVER_TYPE = "generic"
    ...[elided]...
    exec = /tacacs/lib/mavis/mavis_tacplus_ldap.pl
}

login backend = mavis
user backend = mavis
pap backend = mavis

By default the mavis_tacplus_ldap.pl script doesn't launch as it depends on perl.

Default image:

/ # ps aux
PID   USER     TIME  COMMAND
    1 root      0:00 tac_plus: 0 connections, accepting up to 600 more
   11 root      0:00 tac_plus: 0 connections
   13 root      0:00 /bin/sh
   20 root      0:00 ps aux

After 'apk add perl':

/ # ps aux
PID   USER     TIME  COMMAND
    1 root      0:00 tac_plus: 0 connections, accepting up to 600 more
   11 root      0:00 tac_plus: 0 connections
   13 root      0:00 /bin/sh
   56 root      0:00 perl /tacacs/lib/mavis/mavis_tacplus_ldap.pl
   57 root      0:00 ps aux

Once perl is added it is able to exec the script and ldap works. I've tested from Arista EOS & Cisco NXOS to this container for authentication and authorization. It works well. With the mavis ldap backend I've tested with a FreeIPA server and it works well with group support also.

gillham commented 3 years ago

I should clarify that using 'docker build .' on Docker 19.03.13 does seem to build this correctly and the newer alpine image seems to pull perl in via dependency. So really it is just the image in the registry that is out of date and might just need rebuilding / pushing with a newer docker.

dchidell commented 3 years ago

Would you mind re-testing the image?