Closed tobiasbp closed 3 years ago
tiredofit
commented
3 years ago Great Suggestion. Yes, this should be easy enough to add and also rename the variables to reduce confusion. I'll see about putting something together this week. Can you verify that if ldapTLS="FALSE" in the location tag also disables startTLS? Just want to make sure.
tiredofit
commented
3 years ago Have a peek at tiredofit/fusiondirectory:2.6.0
I've changed the environment variables to SSL as recommended and also enabled the TLS functionality. Readme reflects those changes as well.
tobiasbp
commented
3 years ago Can you verify that if ldapTLS="FALSE" in the location tag also disables startTLS? Just want to make sure.
Confirmed
tobiasbp
commented
3 years ago Have a peek at
tiredofit/fusiondirectory:2.6.0I've changed the environment variables to SSL as recommended and also enabled the TLS functionality. Readme reflects those changes as well.
~UPDATE: I'm having other issues. Ignore this post.~
I'm running the image latest in Kubernetes. nginx ends up not running. These are the processes running in the container:
1 root 0:00 s6-svscan -t0 /var/run/s6/services
33 root 0:00 foreground if /etc/s6/init/init-stage2-redirfd foreground if if s6-echo -n -- [s6-init] making user provided files available at /var/run/s6/etc...
34 root 0:00 s6-supervise s6-fdholderd
43 root 0:00 if /etc/s6/init/init-stage2-redirfd foreground if if s6-echo -n -- [s6-init] making user provided files available at /var/run/s6/etc... foreground
44 root 0:00 foreground if if s6-echo -n -- [s6-init] making user provided files available at /var/run/s6/etc... foreground backtick -n S6_RUNTIME_PROFILE printc
50 root 0:00 if if -t s6-test -d /var/run/s6/etc/cont-init.d if s6-echo [cont-init.d] executing container initialization scripts... if pipeline s6-ls -0 -- /var/r
641 root 0:00 if pipeline s6-ls -0 -- /var/run/s6/etc/cont-init.d pipeline s6-sort -0 -- forstdin -o 0 -0 -- i importas -u i i if s6-echo -- [cont-init.d] ${i
644 root 0:00 forstdin -o 0 -0 -- i importas -u i i if s6-echo -- [cont-init.d] ${i}: executing... foreground /var/run/s6/etc/cont-init.d/${i} importas -u ? ? if s6-echo -- [cont-init.d
645 root 0:00 [s6-ls]
646 root 0:00 [s6-sort]
982 root 0:00 foreground /var/run/s6/etc/cont-init.d/40-fusiondirectory importas -u ? ? if s6-echo -- [cont-init.d] 40-fusiondirectory: exited ${?}. ifelse s6-test 0 -eq 0 exit 0 ex
984 root 0:00 bash /var/run/s6/etc/cont-init.d/40-fusiondirectory
1050 root 8:14 {fusiondirectory} /usr/bin/perl /usr/sbin/fusiondirectory-setup --set-fd_home=/www/fusiondirectory --write-vars --install-plugins --check-directories --update-locales --update-cacheConfig file /etc/fusiondirectory/fusiondirectory.conf does not exist in the image. Is it waiting for manual config?
These are the processes running in image 2.5.2 (FD is working):
PID USER TIME COMMAND
1 root 0:00 s6-svscan -t0 /var/run/s6/services
31 root 0:00 s6-supervise s6-fdholderd
2455 root 0:00 s6-supervise 20-php-fpm
2456 root 0:00 s6-supervise 04-cron
2457 root 0:00 s6-supervise 10-nginx
2459 root 0:00 nginx: master process nginx
2460 root 0:00 bash ./run
2461 nginx 0:00 {php-fpm7} php-fpm: master process (/etc/php7/php-fpm.conf)
2512 root 0:00 sleep 60
2513 nginx 0:00 nginx: worker process
2514 nginx 0:00 {php-fpm7} php-fpm: pool www
2515 nginx 0:00 {php-fpm7} php-fpm: pool www
2516 root 0:00 bash
2521 root 0:00 ps auxInteresting. Getting caught up with process 1050 which is installing the plugins. Will try to recreate.
tobiasbp
commented
3 years ago Interesting. Getting caught up with process 1050 which is installing the plugins. Will try to recreate.
FWIW, I'm running the image in a Kubernetes cluster.
tiredofit
commented
3 years ago OK. That shouldn't affect it. Theres a setting you can make as an environment variable DEBUG=TRUE which will give a ridiculous amount of output to the docker logs as to whats happening. A more tamer approach would be CONTAINER_LOG_LEVEL=DEBUG. One of those two options will show the output of that process that is getting hung, that would be useful if you could grab that for me.
tobiasbp
commented
3 years ago OK. That shouldn't affect it. Theres a setting you can make as an environment variable
DEBUG=TRUEwhich will give a ridiculous amount of output to the docker logs as to whats happening.
UPDATE: Sorry. below is with _CONTAINER_LOGLEVEL=DEBUG
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 00-functions: applying...
[fix-attrs.d] 00-functions: exited 0.
[fix-attrs.d] 01-s6: applying...
[fix-attrs.d] 01-s6: exited 0.
[fix-attrs.d] 02-zabbix: applying...
[fix-attrs.d] 02-zabbix: exited 0.
[fix-attrs.d] 03-logrotate: applying...
[fix-attrs.d] 03-logrotate: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-startup: executing...
[DEBUG] ** [container-init] Cold Container startup detected - Proceeding to initialize services normally
[cont-init.d] 00-startup: exited 0.
[cont-init.d] 01-timezone: executing...
[cont-init.d] 01-timezone: exited 0.
[cont-init.d] 02-permissions: executing...
[cont-init.d] 02-permissions: exited 0.
[cont-init.d] 03-zabbix: executing...
[DEBUG] ** [container] Container: Getting defaults for 03-zabbix
[DEBUG] ** [container] Container: No functions available for 03-zabbix
[NOTICE] ** [zabbix] Disabling Zabbix Monitoring Functionality
[cont-init.d] 03-zabbix: exited 0.
[cont-init.d] 04-cron: executing...
[DEBUG] ** [container] Container: Getting defaults for 04-cron
[DEBUG] ** [container] Container: No functions available for 04-cron
[cont-init.d] 04-cron: exited 0.
[cont-init.d] 05-smtp: executing...
[DEBUG] ** [container] Container: Getting defaults for 05-smtp
[DEBUG] ** [container] Container: No functions available for 05-smtp
[NOTICE] ** [smtp] Disabling SMTP Features
[cont-init.d] 05-smtp: exited 0.
[cont-init.d] 10-nginx: executing...
[DEBUG] ** [container] Container: Getting defaults for 10-nginx
[DEBUG] ** [container] Container: No functions available for 10-nginx
[NOTICE] ** [nginx] Disable Nginx FastCGI HTTPS Termination Support
[cont-init.d] 10-nginx: exited 0.
[cont-init.d] 11-nginx-config-reload: executing...
[DEBUG] ** [container] Container: Getting defaults for 10-nginx
[DEBUG] ** [container] Container: No functions available for: 10-nginx
[cont-init.d] 11-nginx-config-reload: exited 0.
[cont-init.d] 20-php-fpm: executing...
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/01-permissions
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/03-zabbix
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/04-cron
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/05-smtp
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/10-nginx
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/20-php-fpm
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/30-argonaut
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/40-fusiondirectory
[NOTICE] ** [php-fpm] PHP-FPM Preparing to start with the following plugins enabled: apcu, bcmath, ctype, curl, dom, gd, gettext, iconv, imagick, imap, intl, json, ldap, mbstring, mcrypt, mysqli, mysqlnd, opcache, openssl, pdo, pdo_mysql, pgsql, phar, session, xml, xmlreader, zlib
[cont-init.d] 20-php-fpm: exited 0.
[cont-init.d] 30-argonaut: executing...
[DEBUG] ** [container] Container: Getting defaults for 30-argonaut
[DEBUG] ** [container] Container: No functions available for 30-argonaut
[DEBUG] ** [argonaut] Checking to see if service has initialized
[cont-init.d] 30-argonaut: exited 0.
[cont-init.d] 40-fusiondirectory: executing...
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/01-permissions
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/03-zabbix
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/04-cron
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/05-smtp
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/10-nginx
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/20-php-fpm
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/30-argonaut
[DEBUG] ** [container] Container: Getting Defaults for /assets/defaults/40-fusiondirectory
[DEBUG] ** [fusiondirectory] Checking to see if service has initialized
[NOTICE] ** [fusiondirectory] Enabling the following plugins: systemsOK. That shouldn't affect it. Theres a setting you can make as an environment variable
DEBUG=TRUEwhich will give a ridiculous amount of output to the docker logs as to whats happening.
With DEBUG=TRUE:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 00-functions: applying...
[fix-attrs.d] 00-functions: exited 0.
[fix-attrs.d] 01-s6: applying...
[fix-attrs.d] 01-s6: exited 0.
[fix-attrs.d] 02-zabbix: applying...
[fix-attrs.d] 02-zabbix: exited 0.
[fix-attrs.d] 03-logrotate: applying...
[fix-attrs.d] 03-logrotate: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-startup: executing...
[cont-init.d] 00-startup: exited 0.
[cont-init.d] 01-timezone: executing...
[cont-init.d] 01-timezone: exited 0.
[cont-init.d] 02-permissions: executing...
[cont-init.d] 02-permissions: exited 0.
[cont-init.d] 03-zabbix: executing...
[NOTICE] ** [zabbix] Disabling Zabbix Monitoring Functionality
[cont-init.d] 03-zabbix: exited 0.
[cont-init.d] 04-cron: executing...
[cont-init.d] 04-cron: exited 0.
[cont-init.d] 05-smtp: executing...
[NOTICE] ** [smtp] Disabling SMTP Features
[cont-init.d] 05-smtp: exited 0.
[cont-init.d] 10-nginx: executing...
[NOTICE] ** [nginx] Disable Nginx FastCGI HTTPS Termination Support
[cont-init.d] 10-nginx: exited 0.
[cont-init.d] 11-nginx-config-reload: executing...
[cont-init.d] 11-nginx-config-reload: exited 0.
[cont-init.d] 20-php-fpm: executing...
[NOTICE] ** [php-fpm] PHP-FPM Preparing to start with the following plugins enabled: apcu, bcmath, ctype, curl, dom, gd, gettext, iconv, imagick, imap, intl, json, ldap, mbstring, mcrypt, mysqli, mysqlnd, opcache, openssl, pdo, pdo_mysql, pgsql, phar, session, xml, xmlreader, zlib
[cont-init.d] 20-php-fpm: exited 0.
[cont-init.d] 30-argonaut: executing...
[cont-init.d] 30-argonaut: exited 0.
[cont-init.d] 40-fusiondirectory: executing...
[NOTICE] ** [fusiondirectory] Enabling the following plugins: systemsOh jeesh, my apologies. DEBUG_MODE=TRUE is the correct one. Sorry, mighty early this morning and still not fully awake.
Careful on the log for DEBUG_MODE=TRUE though, credentials will get leaked. You can email to me privately if you'd like, or just grab the bits that look like they are telling us whats happening. Definitely something with the fusiondirectory-setup process.
tobiasbp
commented
3 years ago Oh jeesh, my apologies.
DEBUG_MODE=TRUEis the correct one.
This is the end of the log:
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/postfix
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/ppolicy
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/puppet
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/pureftpd
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/quota
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/renater-partage
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/repository
+ var_false true
+ '[' true = FALSE ']'
+ '[' true = false ']'
+ '[' true = NO ']'
+ '[' true = no ']'
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/seafile
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/sinaps
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/sogo
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/spamassassin
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/squid
+ var_false true
+ '[' true = FALSE ']'
+ '[' true = false ']'
+ '[' true = NO ']'
+ '[' true = no ']'
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/subcontracting
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/sudo
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/supann
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/supann-ext
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/sympa
+ var_false TRUE
+ '[' TRUE = FALSE ']'
+ '[' TRUE = false ']'
+ '[' TRUE = NO ']'
+ '[' TRUE = no ']'
+ var_false false
+ '[' false = FALSE ']'
+ '[' false = false ']'
+ rm -rf /assets/fusiondirectory-plugins/user-reminder
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ rm -rf /assets/fusiondirectory-plugins/weblink
+ var_false true
+ '[' true = FALSE ']'
+ '[' true = false ']'
+ '[' true = NO ']'
+ '[' true = no ']'
+ cd /assets
+ print_notice 'Enabling the following plugins: systems'
+ output_off
+ '[' TRUE = TRUE ']'
+ set +x
[NOTICE] /etc/cont-init.d/40-fusiondirectory ** [fusiondirectory] Enabling the following plugins: systems
+ '[' -d /assets/custom/plugins/ ']'
+ '[' -d /assets/custom-plugins/ ']'
+ tar cfz fusiondirectory-plugins.tar.gz ./fusiondirectory-plugins
+ fusiondirectory-setup --set-fd_home=/www/fusiondirectory --write-vars --install-plugins --check-directories --update-locales --update-cache
+ echo /assets/fusiondirectory-plugins.tar.gzEnvironment:
PLUGIN_WEBSERVICE=true
PLUGIN_LDAPDUMP=true
PLUGIN_PERSONAL=true
PLUGIN_SAMBA=true
PLUGIN_LDAPMANAGER=true
PLUGIN_MAIL=true
PLUGIN_USER_REMINDER=false
PLUGIN_CERTIFICATES=true
FUSIONDIRECTORY_PLUGINS_VERSION=
PLUGIN_COMMUNITY=true
PLUGIN_SSH=true
PLUGIN_FUSIONINVENTORY=false
PLUGIN_MIXEDGROUPS=false
PLUGIN_POSIX=trueOK, Here's the line in the code, if you wanted to run inside the container:
echo '/assets/fusiondirectory-plugins.tar.gz' | fusiondirectory-setup --set-fd_home="${NGINX_WEBROOT}" --write-vars --install-plugins --check-directories --update-locales --update-cache
A couple weeks / months? back now when I was testing Fusiondirectory 1.4 development branch I do believe there was something that had changed with the command and was requesting input. I'm not seeing it on my end however on this 1.3 release.
tiredofit
commented
3 years ago I've just pushed a tiredofit/fusiondirectory:develop up to docker hub that changes the source of where we are getting plugins and fusiondirectory from. It might be useful and give better results at this time while I figure out what has gone wrong.
tobiasbp
commented
3 years ago I've just pushed a
tiredofit/fusiondirectory:developup to docker hub that changes the source of where we are getting plugins and fusiondirectory from.
This release works for me.
tiredofit
commented
3 years ago OK, very strange. I'll turn this into an actual release so you can see there's no funny stuff going on inside the image.
tiredofit
commented
3 years ago Tagged as 2.6.1
tobiasbp
commented
3 years ago Sounds good. Can you comment on the changes you had to make it work? Do you not see the problem in your own testing?
On Wed, Nov 4, 2020 at 6:58 PM Dave Conroy notifications@github.com wrote:
OK, very strange. I'll turn this into an actual release so you can see there's no funny stuff going on inside the image.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/tiredofit/docker-fusiondirectory/issues/35#issuecomment-721884384, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABLIRK57BGHILY4I2V4673DSOGI4BANCNFSM4TIXH6HA .
tiredofit
commented
3 years ago I don't see the problem on my end actually - I run a pretty large FD setup and our development, staging, and production systems aren't showing the symptom on 2.6.0.
I changed the source of where I was pulling the code from from the repo.fusiondirectory.org tarball vs a gitlab repository.
tobiasbp
commented
3 years ago 2.6.1 confirmed working with startTLS in my setup. Thanks.
The current image (2.5.2) does not appear to support startTLS for encrypted LDAP connections on port 389. The ENV variables LDAPx_TLS enables LDAP over SSL (Protocol ldaps on port 636).
It would be nice with something like LDAP1_STARTTLS to enable startTLS. Additionally, LDAP1_TLS could be renamed to something like LDAP1_SSL to avoid confusion.
In fusiondirectory.conf, startTLS can be enabled by adding ldapTLS = "TRUE" to a location: