Merge branch 'hotfix-1.1.6' into stable

Author: BertrandGouny

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 1.1.6
+Fix :
+  - Upgrade to 1.1.5 startup issues with cfssl-helper #73
+
+Update to light-baseimage:0.2.5
+
 ## 1.1.5
 Fix :
   - Restarting container with new environment #44
@@ -45,7 +51,7 @@ Update to light-baseimage:0.2.2
 
 ## 1.1.0
 Update to light-baseimage:0.2.1 :
-  - Use \*.yaml.startup environment files to keep configuration secrets
+  - Use \*.startup.yaml environment files to keep configuration secrets
   - Use cfssl tool to generate tls certs
   - Use log-helper to write leveled log messages
   - Allow copy of /container/service and mounted files to /container/run/service dir usefull for write only filesystems and avoid file permissions problems

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/openldap
-VERSION = 1.1.5
+VERSION = 1.1.6
 
 .PHONY: all build build-nocache test tag_latest release
 
@@ -15,7 +15,7 @@ test:
 	env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats
 
 tag_latest:
-	docker tag -f $(NAME):$(VERSION) $(NAME):latest
+	docker tag $(NAME):$(VERSION) $(NAME):latest
 
 release: build test tag_latest
 	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi

README.md

@@ -5,9 +5,11 @@
 
 [hub]: https://hub.docker.com/r/osixia/openldap/
 
-Latest release: 1.1.5 - OpenLDAP 2.4.40 -  [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 
+Latest release: 1.1.6 - OpenLDAP 2.4.40 -  [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 
 
-A docker image to run OpenLDAP.
+**A docker image to run OpenLDAP.**
+
+**Note: in the latest release 1.1.6 files `*.yaml.startup` have been renamed to `*.startup.yaml`**
 
 > OpenLDAP website : [www.openldap.org](http://www.openldap.org/)
 
@@ -29,13 +31,13 @@ A docker image to run OpenLDAP.
 	- [Debug](#debug)
 - [Environment Variables](#environment-variables)
 	- [Default.yaml](#defaultyaml)
-	- [Default.yaml.startup](#defaultyamlstartup)
+	- [Default.startup.yaml](#defaultyamlstartup)
 	- [Set your own environment variables](#set-your-own-environment-variables)
 		- [Use command line argument](#use-command-line-argument)
 		- [Link environment file](#link-environment-file)
 		- [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)
 - [Advanced User Guide](#advanced-user-guide)
-	- [Extend osixia/openldap:1.1.5 image](#extend-osixiaopenldap115-image)
+	- [Extend osixia/openldap:1.1.6 image](#extend-osixiaopenldap116-image)
 	- [Make your own openldap image](#make-your-own-openldap-image)
 	- [Tests](#tests)
 	- [Kubernetes](#kubernetes)
@@ -53,7 +55,7 @@ If you find this image useful here's how you can help:
 ## Quick Start
 Run OpenLDAP docker image:
 
-	docker run --name my-openldap-container --detach osixia/openldap:1.1.5
+	docker run --name my-openldap-container --detach osixia/openldap:1.1.6
 
 This start a new container with OpenLDAP running inside. Let's make the first search in our LDAP container:
 
@@ -89,7 +91,7 @@ It will create an empty ldap for the company **Example Inc.** and the domain **e
 By default the admin has the password **admin**. All those default settings can be changed at the docker command line, for example:
 
 	docker run --env LDAP_ORGANISATION="My Company" --env LDAP_DOMAIN="my-company.com" \
-	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.5
+	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.6
 
 #### Data persistence
 
@@ -114,7 +116,7 @@ simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slap
 
 	docker run --volume /data/slapd/database:/var/lib/ldap \
 	--volume /data/slapd/config:/etc/ldap/slapd.d
-	--detach osixia/openldap:1.1.5
+	--detach osixia/openldap:1.1.6
 
 You can also use data volume containers. Please refer to:
 > [https://docs.docker.com/userguide/dockervolumes/](https://docs.docker.com/userguide/dockervolumes/)
@@ -134,7 +136,7 @@ If you are looking for a simple solution to administrate your ldap server you ca
 #### Use auto-generated certificate
 By default TLS is enable, a certificate is created with the container hostname (it can be set by docker run --hostname option eg: ldap.example.org).
 
-	docker run --hostname ldap.my-company.com --detach osixia/openldap:1.1.5
+	docker run --hostname ldap.my-company.com --detach osixia/openldap:1.1.6
 
 #### Use your own certificate
 
@@ -144,24 +146,24 @@ You can set your custom certificate at run time, by mounting a directory contain
 	--env LDAP_TLS_CRT_FILENAME=my-ldap.crt \
 	--env LDAP_TLS_KEY_FILENAME=my-ldap.key \
 	--env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \
-	--detach osixia/openldap:1.1.5
+	--detach osixia/openldap:1.1.6
 
 Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)
 
 #### Disable TLS
 Add --env LDAP_TLS=false to the run command:
 
-	docker run --env LDAP_TLS=false --detach osixia/openldap:1.1.5
+	docker run --env LDAP_TLS=false --detach osixia/openldap:1.1.6
 
 ### Multi master replication
 Quick example, with the default config.
 
 	#Create the first ldap server, save the container id in LDAP_CID and get its IP:
-	LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.5)
+	LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.6)
 	LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
 
 	#Create the second ldap server, save the container id in LDAP2_CID and get its IP:
-	LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.5)
+	LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.1.6)
 	LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)
 
 	#Add the pair "ip hostname" to /etc/hosts on each containers,
@@ -197,7 +199,7 @@ You may have some problems with mounted files on some systems. The startup scrip
 
 To fix that run the container with `--copy-service` argument :
 
-		docker run [your options] osixia/openldap:1.1.5 --copy-service
+		docker run [your options] osixia/openldap:1.1.6 --copy-service
 
 ### Debug
 
@@ -206,15 +208,15 @@ Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.
 
 Example command to run the container in `debug` mode:
 
-	docker run --detach osixia/openldap:1.1.5 --loglevel debug
+	docker run --detach osixia/openldap:1.1.6 --loglevel debug
 
 See all command line options:
 
-	docker run osixia/openldap:1.1.5 --help
+	docker run osixia/openldap:1.1.6 --help
 
 
 ## Environment Variables
-Environment variables defaults are set in **image/environment/default.yaml** and **image/environment/default.yaml.startup**.
+Environment variables defaults are set in **image/environment/default.yaml** and **image/environment/default.startup.yaml**.
 
 See how to [set your own environment variables](#set-your-own-environment-variables)
 
@@ -224,7 +226,7 @@ Variables defined in this file are available at anytime in the container environ
 General container configuration:
 - **LDAP_LOG_LEVEL**: Slap log level. defaults to  `256`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
 
-### Default.yaml.startup
+### Default.startup.yaml
 Variables defined in this file are only available during the container **first start** in **startup files**.
 This file is deleted right after startup files are processed for the first time,
 then all of these values will not be available in the container environment.
@@ -273,13 +275,13 @@ Replication options:
 
 	If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:
 
-		docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.1.5
+		docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.1.6
 
 	To convert yaml to python online: http://yaml-online-parser.appspot.com/
 
 Other environment variables:
 - **LDAP_REMOVE_CONFIG_AFTER_SETUP**: delete config folder after setup. Defaults to `true`
-- **LDAP_CFSSL_PREFIX**: cfssl environment variables prefix. Defaults to `ldap`, cfssl-helper first search config from LDAP_CFSSL_* variables, before CFSSL_* variables.
+- **LDAP_SSL_HELPER_PREFIX**: ssl-helper environment variables prefix. Defaults to `ldap`, ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
 
 
 ### Set your own environment variables
@@ -288,39 +290,39 @@ Other environment variables:
 Environment variables can be set by adding the --env argument in the command line, for example:
 
 	docker run --env LDAP_ORGANISATION="My company" --env LDAP_DOMAIN="my-company.com" \
-	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.5
+	--env LDAP_ADMIN_PASSWORD="JonSn0w" --detach osixia/openldap:1.1.6
 
 Be aware that environment variable added in command line will be available at any time
 in the container. In this example if someone manage to open a terminal in this container
 he will be able to read the admin password in clear text from environment variables.
 
 #### Link environment file
 
-For example if your environment files **my-env.yaml** and **my-env.yaml.startup** are in /data/ldap/environment
+For example if your environment files **my-env.yaml** and **my-env.startup.yaml** are in /data/ldap/environment
 
 	docker run --volume /data/ldap/environment:/container/environment/01-custom \
-	--detach osixia/openldap:1.1.5
+	--detach osixia/openldap:1.1.6
 
 Take care to link your environment files folder to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not  directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
 
-Note: the container will try to delete the **\*.yaml.startup** file after the end of startup files so the file will also be deleted on the docker host. To prevent that : use --volume /data/ldap/environment:/container/environment/01-custom**:ro** or set all variables in **\*.yaml** file and don't use **\*.yaml.startup**:
+Note: the container will try to delete the **\*.startup.yaml** file after the end of startup files so the file will also be deleted on the docker host. To prevent that : use --volume /data/ldap/environment:/container/environment/01-custom**:ro** or set all variables in **\*.yaml** file and don't use **\*.startup.yaml**:
 
 	docker run --volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
-	--detach osixia/openldap:1.1.5
+	--detach osixia/openldap:1.1.6
 
 #### Make your own image or extend this image
 
 This is the best solution if you have a private registry. Please refer to the [Advanced User Guide](#advanced-user-guide) just below.
 
 ## Advanced User Guide
 
-### Extend osixia/openldap:1.1.5 image
+### Extend osixia/openldap:1.1.6 image
 
 If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.
 
 Dockerfile example:
 
-	FROM osixia/openldap:1.1.5
+	FROM osixia/openldap:1.1.6
 	MAINTAINER Your Name <[email protected]>
 
 	ADD bootstrap /container/service/slapd/assets/config/bootstrap
@@ -342,7 +344,7 @@ Clone this project:
 Adapt Makefile, set your image NAME and VERSION, for example:
 
 	NAME = osixia/openldap
-	VERSION = 1.1.5
+	VERSION = 1.1.6
 
 	become:
 	NAME = cool-guy/openldap
@@ -383,7 +385,7 @@ osixia-openldap kubernetes examples are available in **example/kubernetes**
 This image is based on osixia/light-baseimage.
 It uses the following features:
 
-- **cfssl** service to generate tls certificates
+- **ssl-tools** service to generate tls certificates
 - **log-helper** tool to print log messages based on the log level
 - **run** tool as entrypoint to init the container environment
 

example/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '2'
 services:
   openldap:
-    image: osixia/openldap:1.1.5
+    image: osixia/openldap:1.1.6
     container_name: openldap
     environment:
       LDAP_LOG_LEVEL: "256"
@@ -27,7 +27,7 @@ services:
       #LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical"
       #LDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
       LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
-      LDAP_CFSSL_PREFIX: "ldap"
+      LDAP_SSL_HELPER_PREFIX: "ldap"
     tty: true
     stdin_open: true
     volumes:

example/extend-osixia-openldap/Dockerfile

@@ -1,4 +1,4 @@
-FROM osixia/openldap:1.1.5
+FROM osixia/openldap:1.1.6
 MAINTAINER Your Name <[email protected]>
 
 ADD bootstrap /container/service/slapd/assets/config/bootstrap

example/extend-osixia-openldap/environment/my-env.yaml.startup renamed to example/extend-osixia-openldap/environment/my-env.startup.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: ldap
-          image: osixia/openldap:1.1.5
+          image: osixia/openldap:1.1.6
           volumeMounts:
             - name: ldap-data
               mountPath: /var/lib/ldap
@@ -69,10 +69,10 @@ spec:
               value: "#PYTHON2BASH:['ldap://ldap-one-service', 'ldap://ldap-two-service']"
             - name: LDAP_REMOVE_CONFIG_AFTER_SETUP
               value: "true"
-            - name: LDAP_CFSSL_PREFIX
+            - name: LDAP_SSL_HELPER_PREFIX
               value: "ldap"
         - name: ldap-backup
-          image: osixia/openldap-backup:0.1.8
+          image: osixia/openldap-backup:0.1.11
           volumeMounts:
             - name: ldap-data
               mountPath: /var/lib/ldap

example/kubernetes/simple/ldap-rc.yaml

@@ -49,5 +49,5 @@ LDAP_REPLICATION_HOSTS:
 # Remove config after setup
 LDAP_REMOVE_CONFIG_AFTER_SETUP: true
 
-# cfssl environment variables prefix
-LDAP_CFSSL_PREFIX: ldap # cfssl-helper first search config from LDAP_CFSSL_* variables, before CFSSL_* variables.
+# ssl-helper environment variables prefix
+LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.

example/kubernetes/using-secrets/environment/my-env.yaml.startup renamed to example/kubernetes/using-secrets/environment/my-env.startup.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: ldap
-          image: osixia/openldap:1.1.5
+          image: osixia/openldap:1.1.6
           args: ["--copy-service"]
           volumeMounts:
             - name: ldap-data
@@ -32,7 +32,7 @@ spec:
             - containerPort: 389
               name: openldap
         - name: ldap-backup
-          image: osixia/openldap-backup:0.1.8
+          image: osixia/openldap-backup:0.1.11
           volumeMounts:
             - name: ldap-data
               mountPath: /var/lib/ldap