Skip to content

Commit

Permalink
add support to bitnami/openldap 2.6.6, now all openldap instance will…
Browse files Browse the repository at this point in the history 
… gracefully start.
  • Loading branch information
@jp-gouin
jp-gouin committed Jan 22, 2024
1 parent 482f248 commit 8f58ef9
Show file tree
Hide file tree
Showing 3 changed files with 101 additions and 50 deletions.
34 changes: 26 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,10 @@ This version now use the [Bitnami Openldap](https://hub.docker.com/r/bitnami/ope

More detail on the container image can be found [here](https://github.com/bitnami/containers/tree/main/bitnami/openldap)

There are some major changes between the Osixia version and the Bitnami version , ergo the major gap of the chart version.
The chart now support `Bitnami/Openldap 2.6.6`.

- Upgrade may not work fine between `3.x` and `4.x`
- Ldap and Ldaps port are non privileged ports (`1389` and `1636`) internally but are exposed through `global.ldapPort` and `global.sslLdapPort` (389 and 636)
- Replication is now purely setup by configuration. Extra schemas are loaded using `LDAP_EXTRA_SCHEMAS: "cosine,inetorgperson,nis,syncprov,serverid,csyncprov,rep,bsyncprov,brep,acls`. You can add your own schemas via the `customSchemaFiles` option.

A default tree (Root organisation, users and group) is created during startup, this can be skipped using `LDAP_SKIP_DEFAULT_TREE` , however you need to use `customLdifFiles` or `customLdifCm` to create a root organisation.

- This will be improved in a future update.
Due to #115, the chart does not fully support scaling the `openldap` cluster. To scale the cluster please follow [scaling your cluster](#scaling-your-cluster)
- This will be fixed in priority

## Prerequisites Details
* Kubernetes 1.8+
Expand Down Expand Up @@ -239,6 +234,29 @@ $ kubectl delete pvc -l release=${RELEASE-NAME}

`global.existingSecret` can be used to override the default secret.yaml provided

## Scaling your cluster
In order to scale the cluster, first use `helm` to updrgade the number of `replica`
```
helm upgrade -n openldap-ha --set replicaCount=4 openldap-ha .
```
Then connect to the `<openldap>-0` container, under `/opt/bitnami/openldap/etc/schema/`, edit :
1. `serverid.ldif` and remove existing `olcServerID` (only keep the one you added by scaling)
2. `brep.ldif` and remove existing `olcServerID` (only keep the one you added by scaling)
3. Apply your changes

```
ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/serverid.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/brep.ldif
```

Tips : to edit in the container, use :
```
cat <<EOF > /tmp/serverid.ldif
copy
your
line
EOF
```

## Troubleshoot

Expand Down
113 changes: 73 additions & 40 deletions templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,67 @@ spec:
{{- end }}
spec:
initContainers:
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
- name: init-schema
image: debian
imagePullPolicy: {{ .Values.initTLSSecret.image.pullPolicy | quote }}
command:
- sh
- -c
- |
host=$(hostname)
if [ "$host" = "{{ template "openldap.fullname" . }}-0" ]
then
echo "This is the main openldap so let's init all additional schemas and ldifs here"
cp -p -f /cm-schemas-acls/*.ldif /custom_config/
if [ -d /cm-schemas ]; then
cp -p -f /cm-schemas/*.ldif /custom-schemas/
fi
if [ -d /cm-ldifs ]; then
cp -p -f /cm-ldifs/*.ldif /custom-ldifs/
fi
else
cp -p -f /cm-schemas-acls/*.ldif /custom_config/
rm -rf /custom_config/acls.ldif
echo "let the replication takes care of everything :)"
fi
{{- if .Values.global.existingSecret }}
sed -i -e "s/%%CONFIG_PASSWORD%%/${LDAP_CONFIG_ADMIN_PASSWORD}/g" /custom_config/*
sed -i -e "s/%%ADMIN_PASSWORD%%/${LDAP_ADMIN_PASSWORD}/g" /custom_config/*
{{- end }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.initTLSSecret.resources }}
resources: {{- toYaml .Values.initTLSSecret.resources | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.customSchemaFiles }}
{{- range $file := (include "openldap.customSchemaFiles" . | split ",") }}
- name: cm-custom-schema-files
mountPath: /cm-schemas/{{ $file }}.ldif
subPath: {{ $file }}.ldif
- name: custom-schema-files
mountPath: /custom-schemas/
{{- end }}
{{- end }}
{{- if or (.Values.customLdifFiles) (.Values.customLdifCm) }}
- name: cm-custom-ldif-files
mountPath: /cm-ldifs/
- name: custom-ldif-files
mountPath: /custom-ldifs/
{{- end }}
- name: cm-replication-acls
mountPath: "/cm-schemas-acls"
- name: replication-acls
mountPath: "/custom_config"
{{- if .Values.global.existingSecret }}
envFrom:
- secretRef:
name: {{ template "openldap.secretName" . }}
{{- end }}
{{- if .Values.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
- name: init-tls-secret
image: {{ include "openldap.initTLSSecretImage" . }}
imagePullPolicy: {{ .Values.initTLSSecret.image.pullPolicy | quote }}
Expand Down Expand Up @@ -84,35 +142,6 @@ spec:
- name: foo
mountPath: bar
{{- end }}
{{- if .Values.global.existingSecret }}
- name: update-replication
image: {{ include "openldap.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- |
ls -al /cm-schemas-acls /custom_config
cp -p /cm-schemas-acls/*.ldif /custom_config/
ls -al /custom_config
sed -i -e "s/%%CONFIG_PASSWORD%%/${LDAP_CONFIG_ADMIN_PASSWORD}/g" /custom_config/*
sed -i -e "s/%%ADMIN_PASSWORD%%/${LDAP_ADMIN_PASSWORD}/g" /custom_config/*
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.updateReplication.resources }}
resources: {{- toYaml .Values.updateReplication.resources | nindent 12 }}
{{- end }}
volumeMounts:
- name: cm-replication-acls
mountPath: "/cm-schemas-acls"
- name: replication-acls
mountPath: "/custom_config"
envFrom:
- secretRef:
name: {{ template "openldap.secretName" . }}
{{- end }}

{{- /*
serviceAccountName: {{ template "openldap.serviceAccountName" . }}
*/ -}}
Expand Down Expand Up @@ -258,31 +287,35 @@ spec:
claimName: {{ .Values.persistence.existingClaim }}
{{- end }}
{{- end }}
{{- if .Values.global.existingSecret }}
- name: cm-replication-acls
configMap:
name: {{ template "openldap.fullname" . }}-replication-acls
- name: replication-acls
emptyDir:
medium: Memory
{{- else }}
- name: replication-acls
configMap:
name: {{ template "openldap.fullname" . }}-replication-acls
{{- end }}

{{- if .Values.customLdifFiles }}
- name: custom-ldif-files
- name: cm-custom-ldif-files
configMap:
name: {{ template "openldap.fullname" . }}-customldif
{{- else if .Values.customLdifCm }}
- name: custom-ldif-files
emptyDir:
medium: Memory
{{- else if .Values.customLdifCm }}
- name: cm-custom-ldif-files
configMap:
name: {{ .Values.customLdifCm }}
- name: custom-ldif-files
emptyDir:
medium: Memory
{{- end }}
{{- if .Values.customSchemaFiles }}
- name: custom-schema-files
- name: cm-custom-schema-files
configMap:
name: {{ template "openldap.fullname" . }}-customschema
- name: custom-schema-files
emptyDir:
medium: Memory
{{- end }}
- name: certs
emptyDir:
Expand Down
4 changes: 2 additions & 2 deletions values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ image:
#repository: bitnami/openldap
#tag: 2.6.3
# Temporary fix
repository: jpgouin/openldap
tag: 2.6.6-fix
repository: bitnami/openldap
tag: 2.6.6
pullPolicy: Always
pullSecrets: []

Expand Down

0 comments on commit 8f58ef9

Please sign in to comment.