diff --git a/README.md b/README.md index 96f9e8a..35b5bde 100755 --- a/README.md +++ b/README.md @@ -9,15 +9,10 @@ This version now use the [Bitnami Openldap](https://hub.docker.com/r/bitnami/ope More detail on the container image can be found [here](https://github.com/bitnami/containers/tree/main/bitnami/openldap) -There are some major changes between the Osixia version and the Bitnami version , ergo the major gap of the chart version. +The chart now support `Bitnami/Openldap 2.6.6`. -- Upgrade may not work fine between `3.x` and `4.x` -- Ldap and Ldaps port are non privileged ports (`1389` and `1636`) internally but are exposed through `global.ldapPort` and `global.sslLdapPort` (389 and 636) -- Replication is now purely setup by configuration. Extra schemas are loaded using `LDAP_EXTRA_SCHEMAS: "cosine,inetorgperson,nis,syncprov,serverid,csyncprov,rep,bsyncprov,brep,acls`. You can add your own schemas via the `customSchemaFiles` option. - -A default tree (Root organisation, users and group) is created during startup, this can be skipped using `LDAP_SKIP_DEFAULT_TREE` , however you need to use `customLdifFiles` or `customLdifCm` to create a root organisation. - -- This will be improved in a future update. +Due to #115, the chart does not fully support scaling the `openldap` cluster. To scale the cluster please follow [scaling your cluster](#scaling-your-cluster) +- This will be fixed in priority ## Prerequisites Details * Kubernetes 1.8+ @@ -239,6 +234,29 @@ $ kubectl delete pvc -l release=${RELEASE-NAME} `global.existingSecret` can be used to override the default secret.yaml provided +## Scaling your cluster +In order to scale the cluster, first use `helm` to updrgade the number of `replica` +``` +helm upgrade -n openldap-ha --set replicaCount=4 openldap-ha . +``` +Then connect to the `-0` container, under `/opt/bitnami/openldap/etc/schema/`, edit : + 1. `serverid.ldif` and remove existing `olcServerID` (only keep the one you added by scaling) + 2. `brep.ldif` and remove existing `olcServerID` (only keep the one you added by scaling) + 3. Apply your changes + +``` +ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/serverid.ldif +ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/brep.ldif +``` + +Tips : to edit in the container, use : +``` +cat < /tmp/serverid.ldif +copy +your +line +EOF +``` ## Troubleshoot diff --git a/templates/statefulset.yaml b/templates/statefulset.yaml index 92b0d80..fb42f04 100644 --- a/templates/statefulset.yaml +++ b/templates/statefulset.yaml @@ -41,9 +41,67 @@ spec: {{- end }} spec: initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + - name: init-schema + image: debian + imagePullPolicy: {{ .Values.initTLSSecret.image.pullPolicy | quote }} + command: + - sh + - -c + - | + host=$(hostname) + if [ "$host" = "{{ template "openldap.fullname" . }}-0" ] + then + echo "This is the main openldap so let's init all additional schemas and ldifs here" + cp -p -f /cm-schemas-acls/*.ldif /custom_config/ + if [ -d /cm-schemas ]; then + cp -p -f /cm-schemas/*.ldif /custom-schemas/ + fi + if [ -d /cm-ldifs ]; then + cp -p -f /cm-ldifs/*.ldif /custom-ldifs/ + fi + else + cp -p -f /cm-schemas-acls/*.ldif /custom_config/ + rm -rf /custom_config/acls.ldif + echo "let the replication takes care of everything :)" + fi + {{- if .Values.global.existingSecret }} + sed -i -e "s/%%CONFIG_PASSWORD%%/${LDAP_CONFIG_ADMIN_PASSWORD}/g" /custom_config/* + sed -i -e "s/%%ADMIN_PASSWORD%%/${LDAP_ADMIN_PASSWORD}/g" /custom_config/* + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.initTLSSecret.resources }} + resources: {{- toYaml .Values.initTLSSecret.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.customSchemaFiles }} + {{- range $file := (include "openldap.customSchemaFiles" . | split ",") }} + - name: cm-custom-schema-files + mountPath: /cm-schemas/{{ $file }}.ldif + subPath: {{ $file }}.ldif + - name: custom-schema-files + mountPath: /custom-schemas/ {{- end }} + {{- end }} + {{- if or (.Values.customLdifFiles) (.Values.customLdifCm) }} + - name: cm-custom-ldif-files + mountPath: /cm-ldifs/ + - name: custom-ldif-files + mountPath: /custom-ldifs/ + {{- end }} + - name: cm-replication-acls + mountPath: "/cm-schemas-acls" + - name: replication-acls + mountPath: "/custom_config" + {{- if .Values.global.existingSecret }} + envFrom: + - secretRef: + name: {{ template "openldap.secretName" . }} + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} - name: init-tls-secret image: {{ include "openldap.initTLSSecretImage" . }} imagePullPolicy: {{ .Values.initTLSSecret.image.pullPolicy | quote }} @@ -84,35 +142,6 @@ spec: - name: foo mountPath: bar {{- end }} - {{- if .Values.global.existingSecret }} - - name: update-replication - image: {{ include "openldap.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - sh - - -c - - | - ls -al /cm-schemas-acls /custom_config - cp -p /cm-schemas-acls/*.ldif /custom_config/ - ls -al /custom_config - sed -i -e "s/%%CONFIG_PASSWORD%%/${LDAP_CONFIG_ADMIN_PASSWORD}/g" /custom_config/* - sed -i -e "s/%%ADMIN_PASSWORD%%/${LDAP_ADMIN_PASSWORD}/g" /custom_config/* - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.updateReplication.resources }} - resources: {{- toYaml .Values.updateReplication.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: cm-replication-acls - mountPath: "/cm-schemas-acls" - - name: replication-acls - mountPath: "/custom_config" - envFrom: - - secretRef: - name: {{ template "openldap.secretName" . }} - {{- end }} - {{- /* serviceAccountName: {{ template "openldap.serviceAccountName" . }} */ -}} @@ -258,31 +287,35 @@ spec: claimName: {{ .Values.persistence.existingClaim }} {{- end }} {{- end }} -{{- if .Values.global.existingSecret }} - name: cm-replication-acls configMap: name: {{ template "openldap.fullname" . }}-replication-acls - name: replication-acls emptyDir: medium: Memory -{{- else }} - - name: replication-acls - configMap: - name: {{ template "openldap.fullname" . }}-replication-acls -{{- end }} + {{- if .Values.customLdifFiles }} - - name: custom-ldif-files + - name: cm-custom-ldif-files configMap: name: {{ template "openldap.fullname" . }}-customldif -{{- else if .Values.customLdifCm }} - name: custom-ldif-files + emptyDir: + medium: Memory +{{- else if .Values.customLdifCm }} + - name: cm-custom-ldif-files configMap: name: {{ .Values.customLdifCm }} + - name: custom-ldif-files + emptyDir: + medium: Memory {{- end }} {{- if .Values.customSchemaFiles }} - - name: custom-schema-files + - name: cm-custom-schema-files configMap: name: {{ template "openldap.fullname" . }}-customschema + - name: custom-schema-files + emptyDir: + medium: Memory {{- end }} - name: certs emptyDir: diff --git a/values.yaml b/values.yaml index 6017e08..c2e8cc4 100644 --- a/values.yaml +++ b/values.yaml @@ -56,8 +56,8 @@ image: #repository: bitnami/openldap #tag: 2.6.3 # Temporary fix - repository: jpgouin/openldap - tag: 2.6.6-fix + repository: bitnami/openldap + tag: 2.6.6 pullPolicy: Always pullSecrets: []