From b2c02e7a37057316d06d0cbd9d998ec766eedba6 Mon Sep 17 00:00:00 2001 From: Dave Conroy Date: Sat, 8 May 2021 09:44:51 -0700 Subject: [PATCH] Release 7.1.16 - See CHANGELOG.md --- CHANGELOG.md | 6 ++++ README.md | 21 ++++++++--- install/assets/defaults/10-openldap | 1 + install/assets/functions/10-openldap | 52 +++++++++++++++------------- 4 files changed, 50 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f263ceb..5952344 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 7.1.16 2021-05-08 + + ### Added + - Introduce `REPLICATION_SAFETY_CHECK` variable to bypass DNS checking of replication hosts + + ## 7.1.15 2021-04-20 ### Added diff --git a/README.md b/README.md index 23868e4..4dca96a 100755 --- a/README.md +++ b/README.md @@ -32,12 +32,16 @@ Upon starting this image it will give you a ready to run server with many config ### Table of Contents -- [Prerequisites](#prerequisites) +- [Prerequisites and Assumptions](#prerequisites-and-assumptions) - [Installation](#installation) - - [Quick Start](#quick-start) + - [Build from Source](#build-from-source) + - [Prebuilt Images](#prebuilt-images) + - [Multi Archictecture](#multi-archictecture) - [Configuration](#configuration) - - [Data-Volumes](#data-volumes) - - [Environment Varables](#environment-varables) + - [Quick Start](#quick-start) + - [Persistent Storage](#persistent-storage) + - [Environment Variables](#environment-variables) + - [Base Images used](#base-images-used) - [Required for new setup](#required-for-new-setup) - [Logging Options](#logging-options) - [Backup Options:](#backup-options) @@ -49,6 +53,12 @@ Upon starting this image it will give you a ready to run server with many config - [Networking](#networking) - [Maintenance](#maintenance) - [Shell Access](#shell-access) +- [Support](#support) + - [Usage](#usage) + - [Bugfixes](#bugfixes) + - [Feature Requests](#feature-requests) + - [Updates](#updates) +- [License](#license) - [References](#references) ## Prerequisites and Assumptions @@ -65,7 +75,7 @@ Builds of the image are available on [Docker Hub](https://hub.docker.com/r/tired ```bash docker pull tiredofit/openldap:(imagetag) ``` -The following image tags are available along with their taged release based on what's written in the [Changelog](CHANGELOG.md): +The following image tags are available along with their tagged release based on what's written in the [Changelog](CHANGELOG.md): | Version | Container OS | Tag | | ------- | ------------ | --------- | @@ -218,6 +228,7 @@ If you already have a check_password.conf or ppm.conf in /etc/openldap/ the foll | `REPLICATION_CONFIG_SYNCPROV` | olcSyncRepl options used for the config database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=config" bindmethod=simple credentials=$CONFIG_PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 filter="(!(objectclass=olcGlobal))"` | | `REPLICATION_DB_SYNCPROV` | olcSyncRepl options used for the database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=admin,$BASE_DN" bindmethod=simple credentials=$ADMIN_PASS searchbase="$BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1` | | `REPLICATION_HOSTS` | list of replication hosts seperated by a space, must contain the current container hostname set by --hostname on docker run command. If replicating all hosts must be set in the same order. Example - `ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com` | +| `REPLICATION_SAFETY_CHECK` | Check to see if all hosts resolve before starting replication - Introduced as a safety measure to avoid slapd not starting. | `TRUE` | | `WAIT_FOR_REPLICAS` | should we wait for configured replicas to come online (respond to ping) before startup? | `false` | #### Other environment variables diff --git a/install/assets/defaults/10-openldap b/install/assets/defaults/10-openldap index f215c13..950c665 100755 --- a/install/assets/defaults/10-openldap +++ b/install/assets/defaults/10-openldap @@ -38,6 +38,7 @@ PPOLICY_MIN_UPPER=${PPOLICY_MIN_UPPER:-0} PPOLICY_USE_CRACKLIB=${PPOLICY_USE_CRACKLIB:-1} READONLY_USER_PASS=${READONLY_USER_PASS:-"readonly"} READONLY_USER_USER=${READONLY_USER_USER:-"readonly"} +REPLICATION_SAFETY_CHECK=${REPLICATION_SAFETY_CHECK:-"TRUE"} SCHEMA_TYPE=${SCHEMA_TYPE:-"nis"} SLAPD_ARGS=${SLAPD_ARGS:-""} SLAPD_HOSTS=${SLAPD_HOSTS:-"ldap://$HOSTNAME ldaps://$HOSTNAME ldapi:///"} diff --git a/install/assets/functions/10-openldap b/install/assets/functions/10-openldap index 8e94338..927c2c5 100755 --- a/install/assets/functions/10-openldap +++ b/install/assets/functions/10-openldap @@ -366,33 +366,35 @@ EOF ### Replication Sanity Tester if [ -e "$was_started_with_replication" ]; then - set +e - replhosts_sanity=$(grep -o -h "provider=ldap.*//.*." ${CONFIG_PATH}slapd.d/cn\=config/olcDatabase*.ldif | awk -F '[//]' '{ print $3 }' | awk -F 'binddn' '{ print $1 }' | awk '!a[$0]++' | tr '\n' ' ' | awk '!a[$0]++' | sed 's/ / /g') - if [ ! -z "$replhosts_sanity" ]; then - for sanity_host in $replhosts_sanity; do - if var_true "$WAIT_FOR_REPLICAS"; then - print_debug "Waiting for $sanity_host to come online" - while ! silent ping -c1 -W1 $sanity_host; do - silent echo -n . - done - elif [[ $sanity_host =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - sanity_ip=$sanity_host - if [ -z "$sanity_ip" ]; then - print_error "It looks as if you have a malformed IP address for replication host "$sanity_host" in your schema configuration. Startup will fail!" - exit 1 - fi - else - sanity_ip=$(getent hosts $sanity_host | awk '{ print $1 }') - valid_ip=$(echo $sanity_ip | awk -F'.' '$1 <=255 && $2 <= 255 && $3 <= 255 && $4 <= 255') + if var_true "${REPLICATION_SAFETY_CHECK}" ; then + set +e + replhosts_sanity=$(grep -o -h "provider=ldap.*//.*." ${CONFIG_PATH}slapd.d/cn\=config/olcDatabase*.ldif | awk -F '[//]' '{ print $3 }' | awk -F 'binddn' '{ print $1 }' | awk '!a[$0]++' | tr '\n' ' ' | awk '!a[$0]++' | sed 's/ / /g') + if [ ! -z "$replhosts_sanity" ]; then + for sanity_host in $replhosts_sanity; do + if var_true "$WAIT_FOR_REPLICAS"; then + print_debug "Waiting for $sanity_host to come online" + while ! silent ping -c1 -W1 $sanity_host; do + silent echo -n . + done + elif [[ $sanity_host =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + sanity_ip=$sanity_host + if [ -z "$sanity_ip" ]; then + print_error "It looks as if you have a malformed IP address for replication host "$sanity_host" in your schema configuration. Startup will fail!" + exit 1 + fi + else + sanity_ip=$(getent hosts $sanity_host | awk '{ print $1 }') + valid_ip=$(echo $sanity_ip | awk -F'.' '$1 <=255 && $2 <= 255 && $3 <= 255 && $4 <= 255') + + if [ -z "$valid_ip" ] || [ -z "$sanity_ip" ]; then + print_error "It looks as if you have no DNS entry for replication host "$sanity_host" in your schema configuration. Startup will fail!" + exit 1 + fi - if [ -z "$valid_ip" ] || [ -z "$sanity_ip" ]; then - print_error "It looks as if you have no DNS entry for replication host "$sanity_host" in your schema configuration. Startup will fail!" - exit 1 fi - - fi - done - set -e + done + set -e + fi fi fi