mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
| .travis.yml | ●●●●● patch | view | raw | blame | history | |
| opendj-packages/opendj-docker/Dockerfile | ●●●●● patch | view | raw | blame | history | |
| opendj-packages/opendj-docker/README.md | ●●●●● patch | view | raw | blame | history | |
| opendj-packages/opendj-docker/bootstrap/replicate.sh | ●●●●● patch | view | raw | blame | history | |
| opendj-packages/opendj-docker/bootstrap/setup.sh | ●●●●● patch | view | raw | blame | history | |
| opendj-packages/opendj-docker/pom.xml | ●●●●● patch | view | raw | blame | history | |
| opendj-packages/opendj-docker/run.sh | ●●●●● patch | view | raw | blame | history | |
| opendj-packages/opendj-openshift-template/README.md | ●●●●● patch | view | raw | blame | history | |
| opendj-packages/opendj-openshift-template/opendj-template.yaml | ●●●●● patch | view | raw | blame | history |
.travis.yml
@@ -36,6 +36,7 @@ - "opendj-packages/opendj-rpm/opendj-rpm-standard/target/rpm/opendj/RPMS/noarch/*.rpm" - "opendj-packages/opendj-msi/opendj-msi-standard/target/*.msi" - "opendj-packages/opendj-docker/target/Dockerfile" - "opendj-packages/opendj-openshift-template/*.yaml" - "opendj-doc-generated-ref/target/*.zip" - "opendj-dsml-servlet/target/*.war" - "opendj-rest2ldap-servlet/target/*.war" opendj-packages/opendj-docker/Dockerfile
@@ -2,42 +2,51 @@ MAINTAINER Open Identity Platform Community <open-identity-platform-opendj@googlegroups.com> ARG ADD_BASE_ENTRY="--addBaseEntry" ENV ADD_BASE_ENTRY="--addBaseEntry" ARG PORT=1389 ENV PORT=1389 ARG LDAPS_PORT=1636 ENV LDAPS_PORT=1636 ARG BASE_DN="dc=example,dc=com" ENV BASE_DN=${BASE_DN:-"dc=example,dc=com"} ARG ROOT_USER_DN="cn=Directory Manager" ENV ROOT_USER_DN=${ROOT_USER_DN:-"cn=Directory Manager"} ARG ROOT_PASSWORD=password ENV ROOT_PASSWORD=${ROOT_PASSWORD:-"password"} ARG VERSION=@project_version@ ENV SECRET_VOLUME=${SECRET_VOLUME} ARG OPENDJ_USER="opendj" ENV MASTER_SERVER=${MASTER_SERVER} ENV OPENDJ_REPLICATION_TYPE=${OPENDJ_REPLICATION_TYPE} ENV VERSION=@project_version@ #ENV VERSION=4.3.1 ENV OPENDJ_USER="opendj" WORKDIR /opt RUN apt-get install -y wget unzip RUN wget --quiet \ RUN wget --show-progress --progress=bar:force:noscroll --quiet \ https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip && \ unzip opendj-$VERSION.zip && \ rm -r opendj-$VERSION.zip RUN useradd -m -r -u 1001 -g root $OPENDJ_USER RUN echo "/opt/opendj/data" > /opt/opendj/instance.loc && \ mkdir -p /opt/opendj/data/lib/extensions ADD bootstrap/ /opt/opendj/bootstrap/ ADD run.sh /opt/opendj/run.sh RUN useradd -m -r -u 1001 -G root,sudo $OPENDJ_USER RUN chgrp -R 0 /opt/opendj && \ chmod -R g=u /opt/opendj USER $OPENDJ_USER RUN /opt/opendj/setup --cli -p $PORT --ldapsPort $LDAPS_PORT --enableStartTLS \ --generateSelfSignedCertificate --baseDN "$BASE_DN" -h localhost --rootUserDN "$ROOT_USER_DN" \ --rootUserPassword "$ROOT_PASSWORD" --acceptLicense --no-prompt --doNotStart $ADD_BASE_ENTRY EXPOSE $PORT $LDAPS_PORT 4444 CMD ["/opt/opendj/bin/start-ds", "--nodetach" USER $OPENDJ_USER ENTRYPOINT ["/opt/opendj/run.sh"] opendj-packages/opendj-docker/README.md
@@ -1,8 +1,25 @@ # How-to: Build docker image: ```bash docker build . -t openidentityplatform/opendj ``` Run image ```bash docker run -d -p 1389:1389 -p 1636:1636 -p 4444:4444 --name opendj openidentityplatform/opendj ``` ## Environment Variables |Variable|Default Value|Description| |--------|-------------|-----------| |ADD_BASE_ENTRY|--addBaseEntry|if set, creates base DN entry| |PORT|1389|LDAP Listener Port| |LDAPS_PORT|1636|LDAPS Listener Port| |BASE_DN|dc=example,dc=com|OpenDJ Base DN | |ROOT_USER_DN|cn=Directory Manager|Initial root user DN| |ROOT_PASSWORD|password|Initial root user password| |SECRET_VOLUME|-|Mounted keystore volume, if present copies keystore over| |MASTER_SERVER|-|Replication master server| |VERSION|4.3.1|OpenDJ version| |OPENDJ_USER|-|user which runs OpenDJ| |OPENDJ_REPLICATION_TYPE|-|OpenDJ Replication type, valid values are: <ul><li>simple - standart replication</li><li>srs - standalone replication servers</li><li>sdsr - Standalone Directory Server Replicas</li><li>rg - Replication Groups</li></ul>Other values will be ignored| opendj-packages/opendj-docker/bootstrap/replicate.sh
New file @@ -0,0 +1,140 @@ #!/usr/bin/env bash # Replicate to the master server hostname defined in $1 # If that server is ourself this is a no-op # This is a bit kludgy. # The hostname has to be a fully resolvable DNS name in the cluster # If the service is called MYHOSTNAME=${MYHOSTNAME:-`hostname -f`} echo "Setting up replication from $MYHOSTNAME to $MASTER_SERVER" # For debug # K8s puts the service name in /etc/hosts if grep ${MASTER_SERVER} /etc/hosts; then echo "We are the master. Skipping replication setup to ourself" exit 0 fi # Comment out echo "replicate ENV vars:" env # todo: Replace with command to test for master being reachable and up # This is hacky.... echo "Will sleep for a bit to ensure master is up" sleep 5 if [ "$OPENDJ_REPLICATION_TYPE" == "simple" ] then echo "Enabling Standart Replication..." /opt/opendj/bin/dsreplication enable --host1 $MYHOSTNAME --port1 4444 \ --bindDN1 "$ROOT_USER_DN" \ --bindPassword1 $ROOT_PASSWORD --replicationPort1 8989 \ --host2 $MASTER_SERVER --port2 4444 --bindDN2 "$ROOT_USER_DN" \ --bindPassword2 $ROOT_PASSWORD --replicationPort2 8989 \ --adminUID admin --adminPassword $ROOT_PASSWORD --baseDN $BASE_DN -X -n echo "initializing replication" /opt/opendj/bin/dsreplication initialize --baseDN $BASE_DN \ --adminUID admin --adminPassword $ROOT_PASSWORD \ --hostSource $MYHOSTNAME --portSource 4444 \ --hostDestination $MASTER_SERVER --portDestination 4444 -X -n elif [ "$OPENDJ_REPLICATION_TYPE" == "srs" ] then echo "Enabling Standalone Replication Servers..." dsreplication enable \ --adminUID admin \ --adminPassword $ROOT_PASSWORD \ --baseDN $BASE_DN \ --host1 $MYHOSTNAME \ --port1 4444 \ --bindDN1 "$ROOT_USER_DN" \ --bindPassword1 $ROOT_PASSWORD \ --noReplicationServer1 \ --host2 $MASTER_SERVER \ --port2 4444 \ --bindDN2 "$ROOT_USER_DN" \ --bindPassword2 $ROOT_PASSWORD \ --replicationPort2 8989 \ --onlyReplicationServer2 \ --trustAll \ --no-prompt; echo "initializing replication" dsreplication \ initialize-all \ --adminUID admin \ --adminPassword $ROOT_PASSWORD \ --baseDN $BASE_DN \ --hostname $MYHOSTNAME \ --port 4444 \ --trustAll \ --no-prompt elif [ "$OPENDJ_REPLICATION_TYPE" == "sdsr" ] then echo "Enabling Standalone Directory Server Replicas...." dsreplication \ enable \ --adminUID admin \ --adminPassword $ROOT_PASSWORD \ --baseDN $BASE_DN \ --host1 $MASTER_SERVER \ --port1 4444 \ --bindDN1 "$ROOT_USER_DN" \ --bindPassword1 $ROOT_PASSWORD \ --host2 $MYHOSTNAME \ --port2 4444 \ --bindDN2 "$ROOT_USER_DN" \ --bindPassword2 ROOT_PASSWORD \ --noReplicationServer2 \ --trustAll \ --no-prompt echo "initializing replication" dsreplication \ initialize \ --adminUID admin \ --adminPassword $ROOT_PASSWORD \ --baseDN $BASE_DN \ --hostSource $MASTER_SERVER \ --portSource 4444 \ --hostDestination $MYHOSTNAME \ --portDestination 4444 \ --trustAll \ --no-prompt elif [ "$OPENDJ_REPLICATION_TYPE" == "rg" ] then echo "Enabling Replication Groups..." dsconfig \ set-replication-domain-prop \ --port 4444 \ --hostname $MYHOSTNAME \ --bindDN "$ROOT_USER_DN" \ --bindPassword $ROOT_PASSWORD \ --provider-name "Multimaster Synchronization" \ --domain-name $BASE_DN \ --set group-id:$OPENDJ_REPLICATION_GROUP_ID \ --trustAll \ --no-prompt dsconfig \ set-replication-server-prop \ --port 4444 \ --hostname $MASTER_SERVER \ --bindDN "$ROOT_USER_DN" \ --bindPassword $ROOT_PASSWORD \ --provider-name "Multimaster Synchronization" \ --set group-id:$OPENDJ_REPLICATION_GROUP_ID \ --trustAll \ --no-prompt else echo "Unknown replication type, skiping replication..." fi opendj-packages/opendj-docker/bootstrap/setup.sh
New file @@ -0,0 +1,27 @@ #!/usr/bin/env bash # Default setup script echo "Setting up default OpenDJ instance" # If any optional LDIF files are present load them /opt/opendj/setup --cli -p $PORT --ldapsPort $LDAPS_PORT --enableStartTLS --generateSelfSignedCertificate \ --baseDN $BASE_DN -h localhost --rootUserPassword "$ROOT_PASSWORD" \ --acceptLicense --no-prompt $ADD_BASE_ENTRY #--sampleData 1 if [ -d /opt/opendj/bootstrap/schema/ ]; then echo "Loading initial schema:" for file in /opt/opendj/bootstrap/schema/*; do echo "Loading $file ..." /opt/opendj/bin/ldapmodify -D "$ROOT_USER_DN" -h localhost -p $PORT -w $ROOT_PASSWORD -f $file done fi if [ -d /opt/opendj/bootstrap/data/ ]; then echo "Loading initial data:" for file in /opt/opendj/bootstrap/data/*; do echo "Loading $file ..." /opt/opendj/bin/ldapmodify -D "$ROOT_USER_DN" -h localhost -p $PORT -w $ROOT_PASSWORD -f $file done fi opendj-packages/opendj-docker/pom.xml
@@ -12,7 +12,7 @@ Header, with the fields enclosed by brackets [] replaced by your own identifying information: "Portions Copyright [year] [name of copyright owner]". Copyright 2015-2016 ForgeRock AS. Copyright 2018-2019 Open Identity Platform Community. --> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> @@ -51,6 +51,8 @@ <copy todir="${project.build.directory}"> <fileset dir="${basedir}"> <include name="Dockerfile" /> <!--NOTE DIFFERENCE HERE--> <include name="bootstrap/**" /> <include name="run.sh" /> </fileset> </copy> <replace token="@project_version@" value="${project.version}" dir="target/"> opendj-packages/opendj-docker/run.sh
New file @@ -0,0 +1,64 @@ #!/usr/bin/env bash # Run the OpenDJ server # The idea is to consolidate all of the writable DJ directories to # a single instance directory root, and update DJ's instance.loc file to point to that root # This allows us to to mount a data volume on that root which gives us # persistence across restarts of OpenDJ. # For Docker - mount a data volume on /opt/opendj/data # For Kubernetes mount a PV cd /opt/opendj # Instance dir does not exist? Then we need to run setup if [ ! -d ./data/config ] ; then echo "Instance data Directory is empty. Creating new DJ instance" BOOTSTRAP=${BOOTSTRAP:-/opt/opendj/bootstrap/setup.sh} export BASE_DN=${BASE_DN:-"dc=example,dc=com"} echo "BASE DN is ${BASE_DN}" export PASSWORD=${ROOT_PASSWORD:-password} echo "Password set to $PASSWORD" echo "Running $BOOTSTRAP" sh "${BOOTSTRAP}" # Check if OPENDJ_REPLICATION_TYPE var is set. If it is - replicate to that server if [ ! -z ${MASTER_SERVER} ] && [ ! -z ${OPENDJ_REPLICATION_TYPE} ]; then /opt/opendj/bootstrap/replicate.sh fi else exec ./bin/start-ds --nodetach return fi # Check if keystores are mounted as a volume, and if so # Copy any keystores over SECRET_VOLUME=${SECRET_VOLUME:-/var/secrets/opendj} if [ -d "${SECRET_VOLUME}" ]; then echo "Secret volume is present. Will copy any keystores and truststore" # We send errors to /dev/null in case no data exists. cp -f ${SECRET_VOLUME}/key* ${SECRET_VOLUME}/trust* ./data/config 2>/dev/null fi # todo: Check /opt/opendj/data/config/buildinfo # Run upgrade if the server is older if (bin/status -n | grep Started) ; then echo "OpenDJ is started" # We cant exit because we are pid 1 while true; do sleep 100000; done fi echo "Starting OpenDJ" # exec ./bin/start-ds --nodetach opendj-packages/opendj-openshift-template/README.md
New file @@ -0,0 +1,12 @@ # How-to: ## Install template to OpenShift ```bash oc create -f opendj-template.yml ``` if you already installed the template and want to update it, run ```bash oc update -f opendj-template.yml ``` After installation, OpenDJ template available in OpenShift Catalog. opendj-packages/opendj-openshift-template/opendj-template.yaml
New file @@ -0,0 +1,191 @@ --- apiVersion: v1 kind: Template labels: template: opendj-persistent-template message: |- The following service(s) have been created in your project: ${OPENDJ_SERVICE_NAME}. Root user DN: ${OPENDJ_ROOT_USER_DN} Password: ${OPENDJ_ROOT_PASSWORD} Base DN: ${OPENDJ_BASE_DN} Connection URL: ldap://${OPENDJ_SERVICE_NAME}:1389/ Replication: ${OPENDJ_REPLICATION_TYPE} Master Server: ${OPENDJ_MASTER_SERVER} Secret Volume: ${OPENDJ_SECRET_VOLUME} For more information about using this template, including OpenShift considerations, see TODO: add urls. metadata: annotations: description: |- OpenDJ is an LDAPv3 compliant directory service, which has been developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization. For more information about using this template, including OpenShift considerations, see TODO: add urls. NOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template. iconClass: icon-sso openshift.io/display-name: OpenDJ openshift.io/documentation-url: https://github.com/OpenIdentityPlatform/OpenDJ/wiki openshift.io/long-description: This template provides a standalone OpenDJ server with a database created. The database is stored on persistent storage. The root DN, base DN, and password are chosen via parameters when provisioning this service. openshift.io/provider-display-name: Open Identity Platform Community. openshift.io/support-url: http://www.openidentityplatform.org tags: database,opendj,ldap name: opendj objects: #Secret - apiVersion: v1 kind: Secret metadata: annotations: template.openshift.io/expose-password: "{.data['opendj-root-password']}" name: ${OPENDJ_SERVICE_NAME} labels: name: ${OPENDJ_SERVICE_NAME} stringData: opendj-root-password: ${OPENDJ_ROOT_PASSWORD} #Service - apiVersion: v1 kind: Service metadata: annotations: template.openshift.io/expose-uri: ldap://{.spec.clusterIP}:{.spec.ports[?(.name=="opendj")].port} name: "${OPENDJ_SERVICE_NAME}" labels: name: ${OPENDJ_SERVICE_NAME} spec: ports: - name: 1389-tcp port: 1389 protocol: TCP targetPort: 1389 - name: 1636-tcp port: 1636 protocol: TCP targetPort: 1636 - name: 4444-tcp port: 4444 protocol: TCP targetPort: 4444 selector: name: "${OPENDJ_SERVICE_NAME}" sessionAffinity: None clusterIP: None type: ClusterIP selector: app: ${OPENDJ_SERVICE_NAME} #StatefulSet - apiVersion: apps/v1 kind: StatefulSet metadata: name: ${OPENDJ_SERVICE_NAME} labels: app: ${OPENDJ_SERVICE_NAME} spec: serviceName: ${OPENDJ_SERVICE_NAME} replicas: 1 selector: matchLabels: app: ${OPENDJ_SERVICE_NAME} template: metadata: labels: app: ${OPENDJ_SERVICE_NAME} spec: terminationGracePeriodSeconds: 1800 containers: - name: "${OPENDJ_SERVICE_NAME}" image: docker.io/openidentityplatform/opendj imagePullPolicy: Always ports: - containerPort: 1389 protocol: TCP - containerPort: 1636 protocol: TCP - containerPort: 4444 protocol: TCP resources: {} #securityContext: #lifecycle: {} volumeMounts: - mountPath: "/opt/opendj/data/" name: "${OPENDJ_SERVICE_NAME}-data" env: - name: BASE_DN value: ${OPENDJ_BASE_DN} - name: ROOT_USER_DN value: ${OPENDJ_ROOT_USER_DN} - name: ROOT_PASSWORD value: ${OPENDJ_ROOT_PASSWORD} - name: MASTER_SERVER value: ${OPENDJ_MASTER_SERVER} - name: SECRET_VOLUME value: ${OPENDJ_SECRET_VOLUME} - name: MYHOSTNAME value: ${OPENDJ_SERVICE_NAME} volumeClaimTemplates: - metadata: name: "${OPENDJ_SERVICE_NAME}-data" spec: accessModes: - ReadWriteOnce resources: requests: storage: "${VOLUME_CAPACITY}" parameters: - description: The name of the OpenShift Service exposed for the database. displayName: Database Service Name name: OPENDJ_SERVICE_NAME required: true value: "opendj" - description: DN for OpenDJ user that will be used for accessing the database. displayName: OpenDJ Root User DN name: OPENDJ_ROOT_USER_DN required: true value: "cn=Directory Manager" - description: Password for the OpenDJ Root User. displayName: OpenDJ Connection Password from: "[a-zA-Z0-9]{16}" generate: expression name: OPENDJ_ROOT_PASSWORD required: true - description: Name of the OpenDJ Base DN displayName: Base DN name: OPENDJ_BASE_DN required: true value: "dc=example,dc=com" - description: Volume space available for data, e.g. 512Mi, 2Gi. displayName: Volume Capacity name: VOLUME_CAPACITY required: true value: 20Gi - description: |- OpenDJ Replication type, valid values are: simple - standart replication srs - standalone replication servers sdsr - Standalone Directory Server Replicas rg - Replication Groups Other values will be ignored displayName: OpenDJ Replication Type name: OPENDJ_REPLICATION_TYPE value: required: false - description: OpenDJ master server for replication. displayName: OpenDJ Master Server name: OPENDJ_MASTER_SERVER value: required: false - description: OpenDJ replication group id, used only for rg replication type displayName: OpenDJ Replication Group Id name: OPENDJ_REPLICATION_GROUP_ID value: required: false - description: Secret keystore volume. displayName: Secret Keystore Volume name: OPENDJ_SECRET_VOLUME value: required: false
