search

osixia / docker-openldap

OpenLDAP container image 🐳🌴
MIT License
4.05k stars 977 forks source link

Container startup is not idempotent #183

Open apollo13 opened 6 years ago

apollo13 commented 6 years ago

If /container/run/state/ is not mapped, startup.sh tries to execute replication/tls config on every restart of the container -- this doesn't seem intentional; or do I miss something?

EDIT:// I probably missed the point of /container/run/state/, but if the container is recreated and the configuration is redone, the replication adds duplicate syncprov entries -- it seems as if https://github.com/osixia/docker-openldap/blob/stable/image/service/slapd/assets/config/replication/replication-disable.ldif#L8-L21 would not work (further investigation needed).

BertrandGouny commented 6 years ago

Hello, /container/run/state/ is not designed to be mapped as persistent volume like all /container/run directory.

Here is what happens : When a container is started, container state is saved in /container/run/state so if the container is restarted ( docker stop / start / restart commands), the container will not run some parts of startup.sh (because file defined in $FIRST_START_DONE will exists)

But if an other container is created linked to the same persistent volume /var/lib/ldap and /etc/ldap/slapd.d all startup.sh will be run.

Can you please edit this issue title to a question, to not confuse people ?

Thanks

apollo13 commented 6 years ago

Yes, sorry I got a little bit confused.

That said, I think disable-replication is currently broken:

If I manually try to run replication-disable I get:

deleting entry "olcOverlay=syncprov,olcDatabase={1}hdb,cn=config"
ldap_delete: Server is unwilling to perform (53)

deleting entry "olcOverlay=syncprov,olcDatabase={0}config,cn=config"
ldap_delete: Server is unwilling to perform (53)

modifying entry "cn=config"

If I diff a slapcat -n0 from the two runs I see that every time a container is recreated (not restarted), it adds a new syncprov,olcDatabase={0}config,cn=config entry.