docs

CHANGELOG.md

@@ -2,7 +2,7 @@
 
 ## 1.1.0
 Update to light-baseimage:0.2.1 :
-  - Use *.yaml.setup environment files to keep configuration secrets
+  - Use *.yaml.startup environment files to keep configuration secrets
   - Use cfssl tool to generate tls certs
   - Use log-helper to write leveled log messages
   - Allow copy of /container/service and mounted files to /container/run/service dir usefull for write only filesystems and avoid file permissions problems

README.md

@@ -143,17 +143,19 @@ A simple solution to backup your ldap server, our openldap-backup docker image :
 > [osixia/openldap-backup](https://github.com/osixia/docker-openldap-backup)
 
 ## Default Environment Variables
-Environement variables defaults are set in **image/environment/default.yaml** and **image/environment/default.yaml.setup**.
+Environement variables defaults are set in **image/environment/default.yaml** and **image/environment/default.yaml.startup**.
+
+See how to [set your own environment variables](#set-your-own-environment-variables)
 
 ### default.yaml
-Variables defined in this file are available at any time, anywhere in the container environment.
+Variables defined in this file are available at any time in the container environment.
 
 General container configuration :
 - **LDAP_LOG_LEVEL**: Slap log level. defaults to  `256`. See table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
 
-### default.yaml.setup
-Variables defined in this file are only available during the container **first start** in **startup scripts**.
-This file is deleted right after startup scripts are processed for the first time,
+### default.yaml.startup
+Variables defined in this file are only available during the container **first start** in **startup files**.
+This file is deleted right after startup files are processed for the first time,
 after that all these values will not be available in the container environment.
 
 That helps to keep your container configuration secret. If you don't care all environment variables can be defined in **default.yaml** and everything will work fine :)
@@ -217,12 +219,12 @@ he will be able to read the admin password in clear text from environment variab
 #### Link environment file
 
 	docker run --volume /data/my-env.yaml:/container/environment/01-custom/env.yaml \
-	--volume /data/my-env.yaml.setup:/container/environment/01-custom/env.yaml.setup \
+	--volume /data/my-env.yaml.startup:/container/environment/01-custom/env.yaml.startup \
 	--detach osixia/openldap:1.1.0
 
-Note: the container will try to delete the ***.yaml.setup** file after the first start so the file will also be deleted on the docker host.
+Note: the container will try to delete the ** *.yaml.startup** file after the end of startup files so the file will also be deleted on the docker host.
 
-Use --volume /data/my-env.yaml.setup:/container/environment/01-custom/env.yaml.setup**:ro** to prevent that or set all variables in ***.yaml** file and don't mount ***.yaml.setup** file but all sensitive data will persists in container environment.
+Use --volume /data/my-env.yaml.startup:/container/environment/01-custom/env.yaml.startup**:ro** to prevent that or set all variables in** *.yaml** file and don't mount ** *.yaml.startup** file but all sensitive data will persists in container environment.
 
 #### Make your own image or extend this one
 
@@ -232,7 +234,7 @@ This is the best solution if you have a private registry. Please refer to the [A
 
 ### Extend osixia/openldap:1.1.0 image
 
-If you need to add your custom TLS certificate,   bootstrap config or environment files the easyest way is too extends this image.
+If you need to add your custom TLS certificate, bootstrap config or environment files the easyest way is to extends this image.
 
 Dockerfile example:
 
@@ -281,28 +283,6 @@ More information:
 
 osixia-openldap kubernetes examples are available in **example/kubernetes**
 
-### Debug
-
-The container default log level is **info**.
-Available levels: `none`, `error`, `warning`, `info`, `debug` and `trace`.
-
-Example command to run the container in `debug` mode :
-
-	docker run --detach osixia/openldap:1.1.0 /container/tool/run --loglevel debug
-
-The tool `/container/tool/run` is provided by this image baseimage : osixia/light-baseimage
-
-### osixia/light-baseimage
-
-This image is base on osixia/light-baseimage.
-It uses the following features :
-
-- **cfssl** service to generate tls certificates
-- **log-helper** tool to print log messages based on the log level
-- **run** tool to init the container environment
-
-More info : https://github.com/osixia/docker-light-baseimage
-
 ## Contributing
 
 If you find this image useful here's how you can help:
@@ -311,6 +291,14 @@ If you find this image useful here's how you can help:
 - Help new users with [issues](https://github.com/osixia/docker-openldap/issues) they may encounter
 - Support the development of this image and star this repo ! ;)
 
+## Debug
+
+The container default log level is **info**.
+Available levels: `none`, `error`, `warning`, `info`, `debug` and `trace`.
+
+Example command to run the container in `debug` mode :
+
+	docker run --detach osixia/openldap:1.1.0 --loglevel debug
 
 ## Tests
 
@@ -321,3 +309,15 @@ We use **Bats** (Bash Automated Testing System) to test this image:
 Install Bats, and in this project directory run :
 
 	make test
+
+### Under the hood : osixia/light-baseimage
+
+This image is base on osixia/light-baseimage.
+It uses the following features :
+
+- **cfssl** service to generate tls certificates
+- **log-helper** tool to print log messages based on the log level
+- **run** tool as entrypoint to init the container environment
+
+To fully understand how this image works take a look at :
+https://github.com/osixia/docker-light-baseimage

example/kubernetes/simple/ldap-rc.yaml

@@ -28,7 +28,7 @@ spec:
               name: openldap
           env:
             - name: LDAP_LOG_LEVEL
-              value: "0"
+              value: "256"
             - name: LDAP_ORGANISATION
               value: "Example Inc."
             - name: LDAP_DOMAIN

image/Dockerfile

@@ -1,16 +1,14 @@
+# Use osixia/light-baseimage
+# sources: https://github.com/osixia/docker-light-baseimage
 FROM osixia/light-baseimage:0.2.1-dev
 MAINTAINER Bertrand Gouny <[email protected]>
 
-# Use baseimage's init system.
-# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/run
-# ENTRYPOINT ["/container/tool/run"]
-
 # Add openldap user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
 RUN groupadd -r openldap && useradd -r -g openldap openldap
 
 # Install OpenLDAP, ldap-utils and cfssl from baseimage and remove default ldap db
-# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service-available
-# https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/.cfssl
+# sources: https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service-available
+#          https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/.cfssl/install.sh
 RUN apt-get -y update \
     && /container/tool/install-service-available cfssl \
 	  && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \
@@ -30,5 +28,5 @@ ADD environment /container/environment/99-default
 # Set OpenLDAP data and config directories in a data volume
 VOLUME ["/var/lib/ldap", "/etc/ldap/slapd.d"]
 
-# Expose default ports for ldap and ldaps
+# Expose default ldap and ldaps ports
 EXPOSE 389 636

image/service/slapd/startup.sh

@@ -14,13 +14,14 @@ ulimit -n 1024
 chown -R openldap:openldap /var/lib/ldap
 chown -R openldap:openldap /etc/ldap
 chown -R openldap:openldap ${CONTAINER_SERVICE_DIR}/slapd
-# the SERVICE_DIR variable is set by /container/tool/run
-# more info: https://github.com/osixia/docker-light-baseimage
 
 FIRST_START_DONE="${CONTAINER_STATE_DIR}/slapd-first-start-setup-done"
 WAS_STARTED_WITH_TLS="/etc/ldap/slapd.d/docker-openldap-was-started-with-tls"
 WAS_STARTED_WITH_REPLICATION="/etc/ldap/slapd.d/docker-openldap-was-started-with-replication"
 
+# CONTAINER_SERVICE_DIR and CONTAINER_STATE_DIR variables are set by
+# the baseimage run tool more info : https://github.com/osixia/docker-light-baseimage
+
 # container first start
 if [ ! -e "$FIRST_START_DONE" ]; then
 
@@ -165,7 +166,7 @@ EOF
     done
     ${CONTAINER_SERVICE_DIR}/slapd/assets/schema-to-ldif.sh "$SCHEMAS"
 
-    # add schemas
+    # add converted schemas
     for f in $(find ${CONTAINER_SERVICE_DIR}/slapd/assets/config/bootstrap/schema -name \*.ldif -type f); do
       log-helper debug "Processing file ${f}"
       # add schema if not already exists
@@ -186,7 +187,7 @@ EOF
     get_ldap_base_dn
     sed -i --follow-symlinks "s|{{ LDAP_BASE_DN }}|${LDAP_BASE_DN}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/bootstrap/ldif/02-security.ldif
 
-    # process config files in bootstrap directory (do no process files in subdirectories)
+    # process config files (*.ldif) in bootstrap directory (do no process files in subdirectories)
     log-helper info "Add bootstrap ldif..."
     for f in $(find ${CONTAINER_SERVICE_DIR}/slapd/assets/config/bootstrap/ldif -mindepth 1 -maxdepth 1 -type f -name \*.ldif  | sort); do
       log-helper debug "Processing file ${f}"
@@ -247,7 +248,6 @@ EOF
     echo "export PREVIOUS_LDAP_TLS_CRT_PATH=${LDAP_TLS_CRT_PATH}" >> $WAS_STARTED_WITH_TLS
     echo "export PREVIOUS_LDAP_TLS_KEY_PATH=${LDAP_TLS_KEY_PATH}" >> $WAS_STARTED_WITH_TLS
     echo "export PREVIOUS_LDAP_TLS_DH_PARAM_PATH=${LDAP_TLS_DH_PARAM_PATH}" >> $WAS_STARTED_WITH_TLS
-    chmod +x $WAS_STARTED_WITH_TLS
 
     # ldap client config
     sed -i --follow-symlinks "s,TLS_CACERT.*,TLS_CACERT ${LDAP_TLS_CA_CRT_PATH},g" /etc/ldap/ldap.conf
@@ -305,7 +305,6 @@ EOF
     [[ -f "$WAS_STARTED_WITH_REPLICATION" ]] && rm -f "$WAS_STARTED_WITH_REPLICATION"
     touch $WAS_STARTED_WITH_REPLICATION
     echo "export PREVIOUS_HOSTNAME=${HOSTNAME}" >> $WAS_STARTED_WITH_REPLICATION
-    chmod +x $WAS_STARTED_WITH_REPLICATION
 
   else