Closed cristichiru closed 4 years ago
tiredofit
commented
4 years ago Hi there, the clue is up at the top - where its looking for a function called prepare_service. Something has happened with Docker Hub and it's built a whole bunch of images out of sequence before the underlying base image was built.
You could try an earlier tagged version or try latest - I don't know when Docker Hub will finish off what its doing, it has been going on now for near 5 days.
tiredofit
commented
4 years ago Deleting the tag from Docker Hub
tiredofit
commented
4 years ago New build up 6.9.1 which should resolve all these issues. My apologies.
cristichiru
commented
4 years ago Thank you for looking into this.
I have tried again with 6.9.1 and seems to be kind of the same problem.
Container still fails:
[INFO] /etc/cont-init.d/10-openldap ** [openldap] Starting TLS configuration. Please wait...
+ silent ssl-helper /server.crt /server.key /ca.crt
+ '[' true = TRUE ']'
+ '[' true = true ']'
+ ssl-helper /server.crt /server.key /ca.crt
+ PREFIX=/server.crt
+ CERT_FILE=/server.key
+ KEY_FILE=/ca.crt
+ CA_FILE=
+ PREFIX=/SERVER.CRT
+ PREFIX_SSL_HELPER_TOOL=/SERVER.CRT_SSL_HELPER_TOOL
+ PREFIX_SSL_HELPER_AUTO_RENEW=/SERVER.CRT_SSL_HELPER_AUTO_RENEW
+ PREFIX_SSL_HELPER_AUTO_RENEW_CRON_EXP=/SERVER.CRT_SSL_HELPER_AUTO_RENEW_CRON_EXP
+ PREFIX_SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED=/SERVER.CRT_SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED
+ PREFIX_SSL_HELPER_AUTO_RENEW_FROM_FILES=/SERVER.CRT_SSL_HELPER_AUTO_RENEW_FROM_FILES
+ PREFIX_SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE=/SERVER.CRT_SSL_HELPER_AUTO_RENEW_CERT_FROM_FILE
+ PREFIX_SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE=/SERVER.CRT_SSL_HELPER_AUTO_RENEW_KEY_FROM_FILE
+ PREFIX_SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE=/SERVER.CRT_SSL_HELPER_AUTO_RENEW_CA_CERT_FROM_FILE
/usr/sbin/ssl-helper: line 27: /SERVER.CRT_SSL_HELPER_TOOL: invalid variable name
[cont-init.d] 10-openldap: exited 1.
[cont-init.d] 99-container: executing...
+ PROCESS_NAME=container
+ var_false FALSE
+ '[' FALSE = FALSE ']'
+ output_off
+ '[' true = TRUE ']'
+ '[' true = true ']'
+ set +x
**********************************************************************************************************************
**********************************************************************************************************************
**** ****
**** ERROR - Some initialization scripts haven't completed - All services are now halted ****
**** - The following scripts in '/etc/cont-init.d' did not pass their completion check ****
**** ****
**********************************************************************************************************************
**********************************************************************************************************************
10-openldapNotice how, among other things, CA and Key files are mapped incorrectly.
Running inside the container:
for e in `grep -oE '^\w+' /assets/defaults/10-openldap`; do eval "echo $e=\$$e"; doneproduces:
BACKUP_TTL=15
CONFIG_PASS=thisisnotanactualpass
DOMAIN=mydomain.com
ENABLE_NGINX=
ENABLE_READONLY_USER=false
ENABLE_REPLICATION=true
ENABLE_TLS=true
FIRST_START_DONE=
LOG_LEVEL=256
ORGANIZATION=MyOrg
READONLY_USER_PASS=readonlychangeme
READONLY_USER_USER=
REMOVE_CONFIG_AFTER_SETUP=
SCHEMA_TYPE=rfc2307bis
SLAPD_ARGS=
SLAPD_HOSTS=ldap://server1.lan ldaps://server1.lan ldapi:///
SSL_HELPER_PREFIX=
TLS_CA_CRT_FILENAME=ca.crt
TLS_CA_CRT_PATH=
TLS_CIPHER_SUITE=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:-DHE-DSS:-RSA:!aNULL:!MD5:!DSS:!SHA
TLS_CRT_FILENAME=server.crt
TLS_CRT_PATH=
TLS_DH_PARAM_FILENAME=dhparam.pem
TLS_DH_PARAM_KEYSIZE=2048
TLS_DH_PARAM_PATH=
TLS_ENFORCE=false
TLS_KEY_FILENAME=server.key
TLS_KEY_PATH=
TLS_RESET_PERMISSIONS=
TLS_VERIFY_CLIENT=
ULIMIT_N=2048
WAS_STARTED_WITH_REPLICATION=
WAS_STARTED_WITH_TLS=
WAS_STARTED_WITH_TLS_ENFORCE=As you can see, some vars are not set. The ones that have values, are set by me.
tiredofit
commented
4 years ago Yes definitely not right. I will go back and look at this in the next 24 hours. Can you switch to using something before the 6.9.0 series for now?
cristichiru
commented
4 years ago Thanks. No worries, 6.8.9 does the job just right at the moment. I switch easily using an ansible playbook/role.
tiredofit
commented
4 years ago Found the problem. When upgrading my base images there was a one line missed out on upgrading this image to support it where it simply pulled the functions, but not the defaults. You should have success going forward.
cristichiru
commented
4 years ago 6.9.2 seems to be working fine. Enabled debug and all variables seem to be right.
Thank you for the effort put into this. Your release is simpler and it just works (with multimaster replication) compared to oxisia release. Daily dumps of data and config is a really nice touch.
For anyone interested, I am using this ansible playbook and role to deploy tiredofit/docker-openldap release.
Trying to deploy with TLS_ENFORCE: "true" will fail to launch ldap.
It seems that the
defaults/10-openldapthat is supposed to set some vars is not actually loaded, becauseWAS_STARTED_WITH_REPLICATIONseems empty, sincetouchcomplains.Also, I have noticed that
dhparam.pemfile is created in the root of the container, as I did not specify the path, just the name, assuming the defaults. This is another clue.Maybe this is not yet working.
Log
In my opinion, if ldap is failing to start, the whole container should fail.