-
Notifications
You must be signed in to change notification settings - Fork 978
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'release-1.3.0' into stable
- Loading branch information
Showing
13 changed files
with
214 additions
and
74 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,2 @@ | ||
/.* | ||
!/.git* | ||
/VOLUMES |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
language: bash | ||
|
||
services: | ||
- docker | ||
env: | ||
global: | ||
- NAME="osixia/openldap" | ||
- VERSION="${TRAVIS_BRANCH}-dev" | ||
matrix: | ||
- TARGET_ARCH=amd64 QEMU_ARCH=x86_64 | ||
- TARGET_ARCH=arm32v7 QEMU_ARCH=arm | ||
- TARGET_ARCH=arm64v8 QEMU_ARCH=aarch64 | ||
|
||
addons: | ||
apt: | ||
# The docker manifest command was added in docker-ee version 18.x | ||
# So update our current installation and we also have to enable the experimental features. | ||
sources: | ||
- sourceline: "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | ||
key_url: "https://download.docker.com/linux/ubuntu/gpg" | ||
packages: | ||
- docker-ce | ||
|
||
before_install: | ||
- docker --version | ||
- mkdir $HOME/.docker | ||
- 'echo "{" > $HOME/.docker/config.json' | ||
- 'echo " \"experimental\": \"enabled\"" >> $HOME/.docker/config.json' | ||
- 'echo "}" >> $HOME/.docker/config.json' | ||
- sudo service docker restart | ||
|
||
install: | ||
# For cross buidling our images | ||
# This is necessary because travis-ci.org has only x86_64 machines. | ||
# If travis-ci.org gets native arm builds, probably this step is not | ||
# necessary any more. | ||
- docker run --rm --privileged multiarch/qemu-user-static:register --reset | ||
# Bats is necessary for the UT | ||
- curl -o bats.tar.gz -SL https://github.com/bats-core/bats-core/archive/v1.1.0.tar.gz | ||
- mkdir bats-core && tar -xf bats.tar.gz -C bats-core --strip-components=1 | ||
- cd bats-core/ | ||
- sudo ./install.sh /usr/local | ||
- cd .. | ||
|
||
before_script: | ||
# Set baseimage. | ||
# remove pqchecker if arch is not amd64 | ||
- sed -i -e "s/FROM \(.*\)/FROM \1-${TARGET_ARCH}/g" image/Dockerfile; | ||
- if [[ "${TARGET_ARCH}" != 'amd64' ]]; then | ||
sed -i -e "/PQCHECKER/Id" image/Dockerfile; | ||
fi | ||
- cat image/Dockerfile; | ||
# If this is a tag then change the VERSION variable to only have the | ||
# tag name and not also the commit hash. | ||
- if [ -n "$TRAVIS_TAG" ]; then | ||
VERSION=$(echo "${TRAVIS_TAG}" | sed -e 's/\(.*\)[-v]\(.*\)/\1\2/g'); | ||
fi | ||
|
||
script: | ||
- make build-nocache NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} | ||
# skip test "ldapsearch existing hdb database and config" if arch != amd64 | ||
- if [[ "${TARGET_ARCH}" != 'amd64' ]]; then | ||
sed -i '/@test "ldapsearch existing hdb database and config"/a skip' test/test.bats; | ||
fi | ||
# Run the test and if the test fails mark the build as failed. | ||
- make test NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} | ||
|
||
before_deploy: | ||
- docker run -d --name test_image ${NAME}:${VERSION}-${TARGET_ARCH} sleep 10 | ||
- sleep 5 | ||
- sudo docker ps | grep -q test_image | ||
# To have `DOCKER_USER` and `DOCKER_PASS` | ||
# use `travis env set`. | ||
- docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; | ||
- make tag NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} | ||
|
||
deploy: | ||
provider: script | ||
on: | ||
all_branches: true | ||
script: make push NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH} | ||
|
||
jobs: | ||
include: | ||
- stage: Manifest creation | ||
install: skip | ||
script: skip | ||
after_deploy: | ||
- docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"; | ||
- docker manifest create ${NAME}:${VERSION} ${NAME}:${VERSION}-amd64 ${NAME}:${VERSION}-arm32v7 ${NAME}:${VERSION}-arm64v8; | ||
docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-amd64 --os linux --arch amd64; | ||
docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-arm32v7 --os linux --arch arm --variant v7; | ||
docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-arm64v8 --os linux --arch arm64 --variant v8; | ||
|
||
# The latest tag is coming from the stable branch of the repo | ||
- if [ "${TRAVIS_BRANCH}" == 'stable' ]; then | ||
docker manifest create ${NAME}:latest ${NAME}:${VERSION}-amd64 ${NAME}:${VERSION}-arm32v7 ${NAME}:${VERSION}-arm64v8; | ||
docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-amd64 --os linux --arch amd64; | ||
docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm32v7 --os linux --arch arm --variant v7; | ||
docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm64v8 --os linux --arch arm64 --variant v8; | ||
fi | ||
|
||
- docker manifest push ${NAME}:${VERSION}; | ||
if [ "${TRAVIS_BRANCH}" == 'stable' ]; then | ||
docker manifest push ${NAME}:latest; | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,48 +4,48 @@ | |
![Docker Stars](https://img.shields.io/docker/stars/osixia/openldap.svg) | ||
![](https://images.microbadger.com/badges/image/osixia/openldap.svg) | ||
|
||
Latest release: 1.2.5 - OpenLDAP 2.4.47 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) | ||
Latest release: 1.3.0 - OpenLDAP 2.4.48 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) | ||
|
||
**A docker image to run OpenLDAP.** | ||
|
||
> OpenLDAP website : [www.openldap.org](http://www.openldap.org/) | ||
|
||
- [osixia/openldap](#osixiaopenldap) | ||
- [Contributing](#Contributing) | ||
- [Quick Start](#Quick-Start) | ||
- [Beginner Guide](#Beginner-Guide) | ||
- [Create new ldap server](#Create-new-ldap-server) | ||
- [Data persistence](#Data-persistence) | ||
- [Edit your server configuration](#Edit-your-server-configuration) | ||
- [Seed ldap database with ldif](#Seed-ldap-database-with-ldif) | ||
- [Use an existing ldap database](#Use-an-existing-ldap-database) | ||
- [Backup](#Backup) | ||
- [Administrate your ldap server](#Administrate-your-ldap-server) | ||
- [TLS](#TLS) | ||
- [Use auto-generated certificate](#Use-auto-generated-certificate) | ||
- [Use your own certificate](#Use-your-own-certificate) | ||
- [Disable TLS](#Disable-TLS) | ||
- [Multi master replication](#Multi-master-replication) | ||
- [Fix docker mounted file problems](#Fix-docker-mounted-file-problems) | ||
- [Debug](#Debug) | ||
- [Environment Variables](#Environment-Variables) | ||
- [Default.yaml](#Defaultyaml) | ||
- [Default.startup.yaml](#Defaultstartupyaml) | ||
- [Set your own environment variables](#Set-your-own-environment-variables) | ||
- [Use command line argument](#Use-command-line-argument) | ||
- [Link environment file](#Link-environment-file) | ||
- [Docker Secrets](#Docker-Secrets) | ||
- [Make your own image or extend this image](#Make-your-own-image-or-extend-this-image) | ||
- [Advanced User Guide](#Advanced-User-Guide) | ||
- [Extend osixia/openldap:1.2.5 image](#Extend-osixiaopenldap125-dev-image) | ||
- [Make your own openldap image](#Make-your-own-openldap-image) | ||
- [Tests](#Tests) | ||
- [Kubernetes](#Kubernetes) | ||
- [Under the hood: osixia/light-baseimage](#Under-the-hood-osixialight-baseimage) | ||
- [Security](#Security) | ||
- [Known security issues](#Known-security-issues) | ||
- [Changelog](#Changelog) | ||
- [Contributing](#contributing) | ||
- [Quick Start](#quick-start) | ||
- [Beginner Guide](#beginner-guide) | ||
- [Create new ldap server](#create-new-ldap-server) | ||
- [Data persistence](#data-persistence) | ||
- [Edit your server configuration](#edit-your-server-configuration) | ||
- [Seed ldap database with ldif](#seed-ldap-database-with-ldif) | ||
- [Use an existing ldap database](#use-an-existing-ldap-database) | ||
- [Backup](#backup) | ||
- [Administrate your ldap server](#administrate-your-ldap-server) | ||
- [TLS](#tls) | ||
- [Use auto-generated certificate](#use-auto-generated-certificate) | ||
- [Use your own certificate](#use-your-own-certificate) | ||
- [Disable TLS](#disable-tls) | ||
- [Multi master replication](#multi-master-replication) | ||
- [Fix docker mounted file problems](#fix-docker-mounted-file-problems) | ||
- [Debug](#debug) | ||
- [Environment Variables](#environment-variables) | ||
- [Default.yaml](#defaultyaml) | ||
- [Default.startup.yaml](#defaultstartupyaml) | ||
- [Set your own environment variables](#set-your-own-environment-variables) | ||
- [Use command line argument](#use-command-line-argument) | ||
- [Link environment file](#link-environment-file) | ||
- [Docker Secrets](#docker-secrets) | ||
- [Make your own image or extend this image](#make-your-own-image-or-extend-this-image) | ||
- [Advanced User Guide](#advanced-user-guide) | ||
- [Extend osixia/openldap:1.3.0 image](#extend-osixiaopenldap130-image) | ||
- [Make your own openldap image](#make-your-own-openldap-image) | ||
- [Tests](#tests) | ||
- [Kubernetes](#kubernetes) | ||
- [Under the hood: osixia/light-baseimage](#under-the-hood-osixialight-baseimage) | ||
- [Security](#security) | ||
- [Known security issues](#known-security-issues) | ||
- [Changelog](#changelog) | ||
|
||
## Contributing | ||
|
||
|
@@ -58,11 +58,11 @@ If you find this image useful here's how you can help: | |
## Quick Start | ||
Run OpenLDAP docker image: | ||
|
||
docker run --name my-openldap-container --detach osixia/openldap:1.2.5 | ||
docker run --name my-openldap-container --detach osixia/openldap:1.3.0 | ||
|
||
Do not forget to add the port mapping for both port 389 and 636 if you wish to access the ldap server from another machine. | ||
|
||
docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.2.5 | ||
docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.3.0 | ||
|
||
Either command starts a new container with OpenLDAP running inside. Let's make the first search in our LDAP container: | ||
|
||
|
@@ -98,7 +98,7 @@ It will create an empty ldap for the company **Example Inc.** and the domain **e | |
By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example: | ||
|
||
docker run --env LDAP_ORGANISATION="My Company" --env LDAP_DOMAIN="my-company.com" \ | ||
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.5 | ||
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.3.0 | ||
|
||
#### Data persistence | ||
|
||
|
@@ -149,12 +149,12 @@ argument to entrypoint if you don't want to overwrite them. | |
# single file example: | ||
docker run \ | ||
--volume ./bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif \ | ||
osixia/openldap:1.2.5 --copy-service | ||
osixia/openldap:1.3.0 --copy-service | ||
|
||
#directory example: | ||
docker run \ | ||
--volume ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom \ | ||
osixia/openldap:1.2.5 --copy-service | ||
osixia/openldap:1.3.0 --copy-service | ||
|
||
### Use an existing ldap database | ||
|
||
|
@@ -165,7 +165,7 @@ simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slap | |
|
||
docker run --volume /data/slapd/database:/var/lib/ldap \ | ||
--volume /data/slapd/config:/etc/ldap/slapd.d \ | ||
--detach osixia/openldap:1.2.5 | ||
--detach osixia/openldap:1.3.0 | ||
|
||
You can also use data volume containers. Please refer to: | ||
> [https://docs.docker.com/engine/tutorials/dockervolumes/](https://docs.docker.com/engine/tutorials/dockervolumes/) | ||
|
@@ -185,7 +185,7 @@ If you are looking for a simple solution to administrate your ldap server you ca | |
#### Use auto-generated certificate | ||
By default, TLS is already configured and enabled, certificate is created using container hostname (it can be set by docker run --hostname option eg: ldap.example.org). | ||
|
||
docker run --hostname ldap.my-company.com --detach osixia/openldap:1.2.5 | ||
docker run --hostname ldap.my-company.com --detach osixia/openldap:1.3.0 | ||
|
||
#### Use your own certificate | ||
|
||
|
@@ -195,24 +195,24 @@ You can set your custom certificate at run time, by mounting a directory contain | |
--env LDAP_TLS_CRT_FILENAME=my-ldap.crt \ | ||
--env LDAP_TLS_KEY_FILENAME=my-ldap.key \ | ||
--env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \ | ||
--detach osixia/openldap:1.2.5 | ||
--detach osixia/openldap:1.3.0 | ||
|
||
Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide) | ||
|
||
#### Disable TLS | ||
Add --env LDAP_TLS=false to the run command: | ||
|
||
docker run --env LDAP_TLS=false --detach osixia/openldap:1.2.5 | ||
docker run --env LDAP_TLS=false --detach osixia/openldap:1.3.0 | ||
|
||
### Multi master replication | ||
Quick example, with the default config. | ||
|
||
#Create the first ldap server, save the container id in LDAP_CID and get its IP: | ||
LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.2.5) | ||
LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.3.0) | ||
LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID) | ||
|
||
#Create the second ldap server, save the container id in LDAP2_CID and get its IP: | ||
LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.2.5) | ||
LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.3.0) | ||
LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID) | ||
|
||
#Add the pair "ip hostname" to /etc/hosts on each containers, | ||
|
@@ -248,7 +248,7 @@ You may have some problems with mounted files on some systems. The startup scrip | |
|
||
To fix that run the container with `--copy-service` argument : | ||
|
||
docker run [your options] osixia/openldap:1.2.5 --copy-service | ||
docker run [your options] osixia/openldap:1.3.0 --copy-service | ||
|
||
### Debug | ||
|
||
|
@@ -257,11 +257,11 @@ Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`. | |
|
||
Example command to run the container in `debug` mode: | ||
|
||
docker run --detach osixia/openldap:1.2.5 --loglevel debug | ||
docker run --detach osixia/openldap:1.3.0 --loglevel debug | ||
|
||
See all command line options: | ||
|
||
docker run osixia/openldap:1.2.5 --help | ||
docker run osixia/openldap:1.3.0 --help | ||
|
||
|
||
## Environment Variables | ||
|
@@ -327,7 +327,7 @@ Replication options: | |
|
||
If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python: | ||
|
||
docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.2.5 | ||
docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.3.0 | ||
|
||
To convert yaml to python online: http://yaml-online-parser.appspot.com/ | ||
|
||
|
@@ -348,7 +348,7 @@ Other environment variables: | |
Environment variables can be set by adding the --env argument in the command line, for example: | ||
|
||
docker run --env LDAP_ORGANISATION="My company" --env LDAP_DOMAIN="my-company.com" \ | ||
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.5 | ||
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.3.0 | ||
|
||
Be aware that environment variable added in command line will be available at any time | ||
in the container. In this example if someone manage to open a terminal in this container | ||
|
@@ -359,14 +359,14 @@ he will be able to read the admin password in clear text from environment variab | |
For example if your environment files **my-env.yaml** and **my-env.startup.yaml** are in /data/ldap/environment | ||
|
||
docker run --volume /data/ldap/environment:/container/environment/01-custom \ | ||
--detach osixia/openldap:1.2.5 | ||
--detach osixia/openldap:1.3.0 | ||
|
||
Take care to link your environment files folder to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE). | ||
|
||
Note: the container will try to delete the **\*.startup.yaml** file after the end of startup files so the file will also be deleted on the docker host. To prevent that : use --volume /data/ldap/environment:/container/environment/01-custom**:ro** or set all variables in **\*.yaml** file and don't use **\*.startup.yaml**: | ||
|
||
docker run --volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \ | ||
--detach osixia/openldap:1.2.5 | ||
--detach osixia/openldap:1.3.0 | ||
|
||
#### Docker Secrets | ||
|
||
|
@@ -385,13 +385,13 @@ This is the best solution if you have a private registry. Please refer to the [A | |
|
||
## Advanced User Guide | ||
|
||
### Extend osixia/openldap:1.2.5 image | ||
### Extend osixia/openldap:1.3.0 image | ||
|
||
If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image. | ||
|
||
Dockerfile example: | ||
|
||
FROM osixia/openldap:1.2.5 | ||
FROM osixia/openldap:1.3.0 | ||
MAINTAINER Your Name <[email protected]> | ||
|
||
ADD bootstrap /container/service/slapd/assets/config/bootstrap | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.