search

osixia / docker-openldap

OpenLDAP container image 🐳🌴
MIT License
4.05k stars 977 forks source link

startup issue with mounted volume #400

Open encryptblockr opened 4 years ago

encryptblockr commented 4 years ago

i think this issue was mention in #283 but this issue still exists when one tries to restart ldap when volume is mounted to host

here is error log am getting

running current latest docker image 4c780dfa5f5e 4 months ago

*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** failed to link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools: [Errno 17] File exists: '/container/service/:ssl-tools/startup.sh' -> '/container/run/startup/:ssl-tools'
*** link /container/service/slapd/startup.sh to /container/run/startup/slapd
*** failed to link /container/service/slapd/startup.sh to /container/run/startup/slapd: [Errno 17] File exists: '/container/service/slapd/startup.sh' -> '/container/run/startup/slapd'
*** link /container/service/slapd/process.sh to /container/run/process/slapd/run
*** directory /container/run/process/slapd already exists
*** failed to link /container/service/slapd/process.sh to /container/run/process/slapd/run : [Errno 17] File exists: '/container/service/slapd/process.sh' -> '/container/run/process/slapd/run'
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml
ldap_server    |
To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/startup/:ssl-tools...
*** Running /container/run/startup/slapd...
Start OpenLDAP...
Waiting for OpenLDAP to start...
Add TLS config...
Disable replication config...
*** /container/run/startup/slapd failed with status 34
ldap_server    |
*** Killing all processes...
ldap_server exited with code 1

anyone seems to know work around for this?

phy25 commented 4 years ago

What is your volume config? Do you have files in your (existing) volume?

encryptblockr commented 4 years ago

i mounted the following volumes to my local host

/var/lib/ldap and /etc/ldap/slapd.d

so like below

docker run ... -v /data/ldap:/var/lib/ldap -v /data/slapd:/etc/ldap/slapd.d osixia/openldap:latest

and i already spun up the server once and now i made some changes to the docker network i want it on and now tried to restart/start it again and now i got the mount error

totemofwolf commented 4 years ago

i mounted the following volumes to my local host

/var/lib/ldap and /etc/ldap/slapd.d

so like below

docker run ... -v /data/ldap:/var/lib/ldap -v /data/slapd:/etc/ldap/slapd.d osixia/openldap:latest

and i already spun up the server once and now i made some changes to the docker network i want it on and now tried to restart/start it again and now i got the mount error

U may need to only mount /tmp:/tmp at initial . After the docker running, run in docker cp -ar /var/lib/ldap /tmp/; cp -ar /etc/ldap/slapd.d /tmp/ On host machine, cp -ar /tmp//var/lib/ldap/* /data/ldap; cp -ar /tmp//etc/ldap/slapd.d/* /data/slapd

Then you can run openldap with (Persistent storage) via:

-v /data/ldap:/var/lib/ldap -v /data/slapd:/etc/ldap/slapd.d

btw:

You may need to remove unused volumes via docker volume ls && docker volume rm

totemofwolf commented 4 years ago

Run this at the first time..

version: '2.4'
services:
  openldap:
    image: osixia/openldap:1.3.0
    container_name: openldap
    network_mode: host
    restart: unless-stopped
    environment:
...
      TZ: 'Asia/Shanghai'
      KEEP_EXISTING_CONFIG: "true"
      LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
...
    tty: true
    stdin_open: true
    volumes:
      - /var/lib/ldap
      - /etc/ldap/slapd.d
      - '/tmp:/tmp'
      # - /container/service/slapd/assets/certs/
...

Done with cp things, then you can use this now:

version: '2.4'
services:
  openldap:
    image: osixia/openldap:1.3.0
    container_name: openldap
    network_mode: host
    restart: unless-stopped
    environment:
...
      TZ: 'Asia/Shanghai'
      KEEP_EXISTING_CONFIG: "true"
      LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
...
    tty: true
    stdin_open: true
    volumes:
      - '/data/docker/openldap/var/lib/ldap:/var/lib/ldap'
      - '/data/docker/openldap/etc/ldap/slapd.d:/etc/ldap/slapd.d'
      # - '/tmp:/tmp'
      # - /container/service/slapd/assets/certs/
...
encryptblockr commented 4 years ago

this is an awful way to build a docker image....makes sense to be running first time and then second time but this is not a good practice..you should be able to run once and things should stick where they should

phy25 commented 4 years ago

Well for some reason this VOLUME line is commented. Maybe uncommenting it should do the trick.

https://github.com/osixia/docker-openldap/blob/2a03b392b019adbf810f11bd64a2fed753d77b9d/image/Dockerfile#L59

I am not sure why they are being commented out.

obourdon commented 4 years ago

@phy25 not sure this is the reason why because this commented code has been there for 2 years (from git blame)

@encryptblockr a test was added to see if taking volumes from existing host data worked and AFAIK it does (just tried right now on Linux and MacOSX hosts)

the best thing would be to have your entire docker run ... command line and the full output when using --loglevel debug to be able to have a chance to progress on this

phy25 commented 4 years ago

@obourdon I apologize, I might have messed up my memory with another docker image which requires manually copying.

Looks like it is working on my end as well:

```shell $ mkdir -p VOLUMES/config VOLUMES/database $ LDAP_CID=$(docker run -h ldap.example.org -e LDAP_TLS=false --volume $PWD/VOLUMES/database:/var/lib/ldap --volume $PWD/VOLUMES/config:/etc/ldap/slapd.d -d osixia/openldap) Unable to find image 'osixia/openldap:latest' locally latest: Pulling from osixia/openldap Digest: sha256:9cf1631238e606cf8b58e4654b26e6eba7182eadafefffa662cd9784ea811eda Status: Downloaded newer image for osixia/openldap:latest $ docker exec $LDAP_CID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # example.org dn: dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: Example Inc. dc: example # admin, example.org dn: cn=admin,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9dy9hdjNJNVk1VmNsaEdyTVhpVlE3MDVRWkpqVnQvcW8= # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 $ docker kill $LDAP_CID d27477cfd9d223bb2d3996a7ea91cd2ac658523d17847472e9d1238cd4e5d25c $ LDAP_CID=$(docker run -h ldap.example.org -e LDAP_TLS=false --volume $PWD/VOLUMES/database:/var/lib/ldap --volume $PWD/VOLUMES/config:/etc/ldap/slapd.d -d osixia/openldap) $ docker exec $LDAP_CID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # example.org dn: dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: Example Inc. dc: example # admin, example.org dn: cn=admin,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9ejR1YStpZWV0anlUSmJiWjk0b28ycGtWZEJvWTlhKzc= # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 ```
obourdon commented 4 years ago

@phy25 no pb at all and many thanks for checking this on your side