Skip to content

Commit

Permalink
Merge branch 'release-1.3.0' into stable
Browse files Browse the repository at this point in the history
  • Loading branch information
BertrandGouny committed Sep 29, 2019
2 parents 5a3bd46 + 8f5ff0a commit fa517c2
Show file tree
Hide file tree
Showing 13 changed files with 214 additions and 74 deletions.
1 change: 0 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,2 @@
/.*
!/.git*
/VOLUMES
106 changes: 106 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
language: bash

services:
- docker
env:
global:
- NAME="osixia/openldap"
- VERSION="${TRAVIS_BRANCH}-dev"
matrix:
- TARGET_ARCH=amd64 QEMU_ARCH=x86_64
- TARGET_ARCH=arm32v7 QEMU_ARCH=arm
- TARGET_ARCH=arm64v8 QEMU_ARCH=aarch64

addons:
apt:
# The docker manifest command was added in docker-ee version 18.x
# So update our current installation and we also have to enable the experimental features.
sources:
- sourceline: "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
key_url: "https://download.docker.com/linux/ubuntu/gpg"
packages:
- docker-ce

before_install:
- docker --version
- mkdir $HOME/.docker
- 'echo "{" > $HOME/.docker/config.json'
- 'echo " \"experimental\": \"enabled\"" >> $HOME/.docker/config.json'
- 'echo "}" >> $HOME/.docker/config.json'
- sudo service docker restart

install:
# For cross buidling our images
# This is necessary because travis-ci.org has only x86_64 machines.
# If travis-ci.org gets native arm builds, probably this step is not
# necessary any more.
- docker run --rm --privileged multiarch/qemu-user-static:register --reset
# Bats is necessary for the UT
- curl -o bats.tar.gz -SL https://github.com/bats-core/bats-core/archive/v1.1.0.tar.gz
- mkdir bats-core && tar -xf bats.tar.gz -C bats-core --strip-components=1
- cd bats-core/
- sudo ./install.sh /usr/local
- cd ..

before_script:
# Set baseimage.
# remove pqchecker if arch is not amd64
- sed -i -e "s/FROM \(.*\)/FROM \1-${TARGET_ARCH}/g" image/Dockerfile;
- if [[ "${TARGET_ARCH}" != 'amd64' ]]; then
sed -i -e "/PQCHECKER/Id" image/Dockerfile;
fi
- cat image/Dockerfile;
# If this is a tag then change the VERSION variable to only have the
# tag name and not also the commit hash.
- if [ -n "$TRAVIS_TAG" ]; then
VERSION=$(echo "${TRAVIS_TAG}" | sed -e 's/\(.*\)[-v]\(.*\)/\1\2/g');
fi

script:
- make build-nocache NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH}
# skip test "ldapsearch existing hdb database and config" if arch != amd64
- if [[ "${TARGET_ARCH}" != 'amd64' ]]; then
sed -i '/@test "ldapsearch existing hdb database and config"/a skip' test/test.bats;
fi
# Run the test and if the test fails mark the build as failed.
- make test NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH}

before_deploy:
- docker run -d --name test_image ${NAME}:${VERSION}-${TARGET_ARCH} sleep 10
- sleep 5
- sudo docker ps | grep -q test_image
# To have `DOCKER_USER` and `DOCKER_PASS`
# use `travis env set`.
- docker login -u "$DOCKER_USER" -p "$DOCKER_PASS";
- make tag NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH}

deploy:
provider: script
on:
all_branches: true
script: make push NAME=${NAME} VERSION=${VERSION}-${TARGET_ARCH}

jobs:
include:
- stage: Manifest creation
install: skip
script: skip
after_deploy:
- docker login -u "$DOCKER_USER" -p "$DOCKER_PASS";
- docker manifest create ${NAME}:${VERSION} ${NAME}:${VERSION}-amd64 ${NAME}:${VERSION}-arm32v7 ${NAME}:${VERSION}-arm64v8;
docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-amd64 --os linux --arch amd64;
docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-arm32v7 --os linux --arch arm --variant v7;
docker manifest annotate ${NAME}:${VERSION} ${NAME}:${VERSION}-arm64v8 --os linux --arch arm64 --variant v8;

# The latest tag is coming from the stable branch of the repo
- if [ "${TRAVIS_BRANCH}" == 'stable' ]; then
docker manifest create ${NAME}:latest ${NAME}:${VERSION}-amd64 ${NAME}:${VERSION}-arm32v7 ${NAME}:${VERSION}-arm64v8;
docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-amd64 --os linux --arch amd64;
docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm32v7 --os linux --arch arm --variant v7;
docker manifest annotate ${NAME}:latest ${NAME}:${VERSION}-arm64v8 --os linux --arch arm64 --variant v8;
fi

- docker manifest push ${NAME}:${VERSION};
if [ "${TRAVIS_BRANCH}" == 'stable' ]; then
docker manifest push ${NAME}:latest;
fi
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [1.3.0] - 2019-09-29
## Added
- Multiarch support

## Changes
- Update openldap 2.4.47 to 2.4.48 #247
- Upgrade baseimage to light-baseimage:1.2.0 (debian buster)

## [1.2.5] - 2019-08-16
## Added
- Support for docker secrets #325. Thanks to @anagno !
Expand Down
5 changes: 4 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
NAME = osixia/openldap
VERSION = 1.2.5
VERSION = 1.3.0

.PHONY: build build-nocache test tag-latest push push-latest release git-tag-version

Expand All @@ -12,6 +12,9 @@ build-nocache:
test:
env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats

tag:
docker tag $(NAME):$(VERSION) $(NAME):$(VERSION)

tag-latest:
docker tag $(NAME):$(VERSION) $(NAME):latest

Expand Down
110 changes: 55 additions & 55 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,48 +4,48 @@
![Docker Stars](https://img.shields.io/docker/stars/osixia/openldap.svg)
![](https://images.microbadger.com/badges/image/osixia/openldap.svg)

Latest release: 1.2.5 - OpenLDAP 2.4.47 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 
Latest release: 1.3.0 - OpenLDAP 2.4.48 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 

**A docker image to run OpenLDAP.**

> OpenLDAP website : [www.openldap.org](http://www.openldap.org/)

- [osixia/openldap](#osixiaopenldap)
- [Contributing](#Contributing)
- [Quick Start](#Quick-Start)
- [Beginner Guide](#Beginner-Guide)
- [Create new ldap server](#Create-new-ldap-server)
- [Data persistence](#Data-persistence)
- [Edit your server configuration](#Edit-your-server-configuration)
- [Seed ldap database with ldif](#Seed-ldap-database-with-ldif)
- [Use an existing ldap database](#Use-an-existing-ldap-database)
- [Backup](#Backup)
- [Administrate your ldap server](#Administrate-your-ldap-server)
- [TLS](#TLS)
- [Use auto-generated certificate](#Use-auto-generated-certificate)
- [Use your own certificate](#Use-your-own-certificate)
- [Disable TLS](#Disable-TLS)
- [Multi master replication](#Multi-master-replication)
- [Fix docker mounted file problems](#Fix-docker-mounted-file-problems)
- [Debug](#Debug)
- [Environment Variables](#Environment-Variables)
- [Default.yaml](#Defaultyaml)
- [Default.startup.yaml](#Defaultstartupyaml)
- [Set your own environment variables](#Set-your-own-environment-variables)
- [Use command line argument](#Use-command-line-argument)
- [Link environment file](#Link-environment-file)
- [Docker Secrets](#Docker-Secrets)
- [Make your own image or extend this image](#Make-your-own-image-or-extend-this-image)
- [Advanced User Guide](#Advanced-User-Guide)
- [Extend osixia/openldap:1.2.5 image](#Extend-osixiaopenldap125-dev-image)
- [Make your own openldap image](#Make-your-own-openldap-image)
- [Tests](#Tests)
- [Kubernetes](#Kubernetes)
- [Under the hood: osixia/light-baseimage](#Under-the-hood-osixialight-baseimage)
- [Security](#Security)
- [Known security issues](#Known-security-issues)
- [Changelog](#Changelog)
- [Contributing](#contributing)
- [Quick Start](#quick-start)
- [Beginner Guide](#beginner-guide)
- [Create new ldap server](#create-new-ldap-server)
- [Data persistence](#data-persistence)
- [Edit your server configuration](#edit-your-server-configuration)
- [Seed ldap database with ldif](#seed-ldap-database-with-ldif)
- [Use an existing ldap database](#use-an-existing-ldap-database)
- [Backup](#backup)
- [Administrate your ldap server](#administrate-your-ldap-server)
- [TLS](#tls)
- [Use auto-generated certificate](#use-auto-generated-certificate)
- [Use your own certificate](#use-your-own-certificate)
- [Disable TLS](#disable-tls)
- [Multi master replication](#multi-master-replication)
- [Fix docker mounted file problems](#fix-docker-mounted-file-problems)
- [Debug](#debug)
- [Environment Variables](#environment-variables)
- [Default.yaml](#defaultyaml)
- [Default.startup.yaml](#defaultstartupyaml)
- [Set your own environment variables](#set-your-own-environment-variables)
- [Use command line argument](#use-command-line-argument)
- [Link environment file](#link-environment-file)
- [Docker Secrets](#docker-secrets)
- [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)
- [Advanced User Guide](#advanced-user-guide)
- [Extend osixia/openldap:1.3.0 image](#extend-osixiaopenldap130-image)
- [Make your own openldap image](#make-your-own-openldap-image)
- [Tests](#tests)
- [Kubernetes](#kubernetes)
- [Under the hood: osixia/light-baseimage](#under-the-hood-osixialight-baseimage)
- [Security](#security)
- [Known security issues](#known-security-issues)
- [Changelog](#changelog)

## Contributing

Expand All @@ -58,11 +58,11 @@ If you find this image useful here's how you can help:
## Quick Start
Run OpenLDAP docker image:

docker run --name my-openldap-container --detach osixia/openldap:1.2.5
docker run --name my-openldap-container --detach osixia/openldap:1.3.0

Do not forget to add the port mapping for both port 389 and 636 if you wish to access the ldap server from another machine.

docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.2.5
docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.3.0

Either command starts a new container with OpenLDAP running inside. Let's make the first search in our LDAP container:

Expand Down Expand Up @@ -98,7 +98,7 @@ It will create an empty ldap for the company **Example Inc.** and the domain **e
By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example:

docker run --env LDAP_ORGANISATION="My Company" --env LDAP_DOMAIN="my-company.com" \
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.5
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.3.0

#### Data persistence

Expand Down Expand Up @@ -149,12 +149,12 @@ argument to entrypoint if you don't want to overwrite them.
# single file example:
docker run \
--volume ./bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif \
osixia/openldap:1.2.5 --copy-service
osixia/openldap:1.3.0 --copy-service

#directory example:
docker run \
--volume ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom \
osixia/openldap:1.2.5 --copy-service
osixia/openldap:1.3.0 --copy-service

### Use an existing ldap database

Expand All @@ -165,7 +165,7 @@ simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slap

docker run --volume /data/slapd/database:/var/lib/ldap \
--volume /data/slapd/config:/etc/ldap/slapd.d \
--detach osixia/openldap:1.2.5
--detach osixia/openldap:1.3.0

You can also use data volume containers. Please refer to:
> [https://docs.docker.com/engine/tutorials/dockervolumes/](https://docs.docker.com/engine/tutorials/dockervolumes/)
Expand All @@ -185,7 +185,7 @@ If you are looking for a simple solution to administrate your ldap server you ca
#### Use auto-generated certificate
By default, TLS is already configured and enabled, certificate is created using container hostname (it can be set by docker run --hostname option eg: ldap.example.org).

docker run --hostname ldap.my-company.com --detach osixia/openldap:1.2.5
docker run --hostname ldap.my-company.com --detach osixia/openldap:1.3.0

#### Use your own certificate

Expand All @@ -195,24 +195,24 @@ You can set your custom certificate at run time, by mounting a directory contain
--env LDAP_TLS_CRT_FILENAME=my-ldap.crt \
--env LDAP_TLS_KEY_FILENAME=my-ldap.key \
--env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \
--detach osixia/openldap:1.2.5
--detach osixia/openldap:1.3.0

Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)

#### Disable TLS
Add --env LDAP_TLS=false to the run command:

docker run --env LDAP_TLS=false --detach osixia/openldap:1.2.5
docker run --env LDAP_TLS=false --detach osixia/openldap:1.3.0

### Multi master replication
Quick example, with the default config.

#Create the first ldap server, save the container id in LDAP_CID and get its IP:
LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.2.5)
LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.3.0)
LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)

#Create the second ldap server, save the container id in LDAP2_CID and get its IP:
LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.2.5)
LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.3.0)
LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)

#Add the pair "ip hostname" to /etc/hosts on each containers,
Expand Down Expand Up @@ -248,7 +248,7 @@ You may have some problems with mounted files on some systems. The startup scrip

To fix that run the container with `--copy-service` argument :

docker run [your options] osixia/openldap:1.2.5 --copy-service
docker run [your options] osixia/openldap:1.3.0 --copy-service

### Debug

Expand All @@ -257,11 +257,11 @@ Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.

Example command to run the container in `debug` mode:

docker run --detach osixia/openldap:1.2.5 --loglevel debug
docker run --detach osixia/openldap:1.3.0 --loglevel debug

See all command line options:

docker run osixia/openldap:1.2.5 --help
docker run osixia/openldap:1.3.0 --help


## Environment Variables
Expand Down Expand Up @@ -327,7 +327,7 @@ Replication options:

If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:

docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.2.5
docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.3.0

To convert yaml to python online: http://yaml-online-parser.appspot.com/

Expand All @@ -348,7 +348,7 @@ Other environment variables:
Environment variables can be set by adding the --env argument in the command line, for example:

docker run --env LDAP_ORGANISATION="My company" --env LDAP_DOMAIN="my-company.com" \
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.2.5
--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.3.0

Be aware that environment variable added in command line will be available at any time
in the container. In this example if someone manage to open a terminal in this container
Expand All @@ -359,14 +359,14 @@ he will be able to read the admin password in clear text from environment variab
For example if your environment files **my-env.yaml** and **my-env.startup.yaml** are in /data/ldap/environment

docker run --volume /data/ldap/environment:/container/environment/01-custom \
--detach osixia/openldap:1.2.5
--detach osixia/openldap:1.3.0

Take care to link your environment files folder to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).

Note: the container will try to delete the **\*.startup.yaml** file after the end of startup files so the file will also be deleted on the docker host. To prevent that : use --volume /data/ldap/environment:/container/environment/01-custom**:ro** or set all variables in **\*.yaml** file and don't use **\*.startup.yaml**:

docker run --volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
--detach osixia/openldap:1.2.5
--detach osixia/openldap:1.3.0

#### Docker Secrets

Expand All @@ -385,13 +385,13 @@ This is the best solution if you have a private registry. Please refer to the [A

## Advanced User Guide

### Extend osixia/openldap:1.2.5 image
### Extend osixia/openldap:1.3.0 image

If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.

Dockerfile example:

FROM osixia/openldap:1.2.5
FROM osixia/openldap:1.3.0
MAINTAINER Your Name <[email protected]>

ADD bootstrap /container/service/slapd/assets/config/bootstrap
Expand Down
2 changes: 1 addition & 1 deletion example/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
version: '2'
services:
openldap:
image: osixia/openldap:1.2.5
image: osixia/openldap:1.3.0
container_name: openldap
environment:
LDAP_LOG_LEVEL: "256"
Expand Down
Loading

0 comments on commit fa517c2

Please sign in to comment.