Merge branch 'hotfix-0.6.11' into stable

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 0.6.11
+  - Upgrade baseimage: web-baseimage:0.1.10
+
 ## 0.6.10
   - Add PHPLDAPADMIN_SERVER_PATH environment variable
 

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/phpldapadmin
-VERSION = 0.6.10
+VERSION = 0.6.11
 
 .PHONY: all build build-nocache test tag_latest release
 
@@ -15,7 +15,7 @@ test:
 	env NAME=$(NAME) VERSION=$(VERSION) bats test/test.bats
 
 tag_latest:
-	docker tag -f $(NAME):$(VERSION) $(NAME):latest
+	docker tag $(NAME):$(VERSION) $(NAME):latest
 
 release: build test tag_latest
 	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi

README.md

@@ -5,7 +5,7 @@
 
 [hub]: https://hub.docker.com/r/osixia/phpldapadmin/
 
-Latest release: 0.6.10 - phpLDAPadlin 1.2.3 (with php5.5 patch) - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/phpldapadmin/) 
+Latest release: 0.6.11 - phpLDAPadlin 1.2.3 (with php5.5 patch) - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/phpldapadmin/) 
 
 A docker image to run phpLDAPadmin.
 > [phpldapadmin.sourceforge.net](http://phpldapadmin.sourceforge.net)
@@ -26,7 +26,7 @@ A docker image to run phpLDAPadmin.
 		- [Link environment file](#link-environment-file)
 		- [Make your own image or extend this image](#make-your-own image-or-extend-this-image)
 - [Advanced User Guide](#advanced-user-guide)
-	- [Extend osixia/phpldapadmin:0.6.10 image](#extend-osixiaphpldapadmin0610-image)
+	- [Extend osixia/phpldapadmin:0.6.11 image](#extend-osixiaphpldapadmin0611-image)
 	- [Make your own phpLDAPadmin image](#make-your-own-phpldapadmin-image)
 	- [Tests](#tests)
 	- [Kubernetes](#kubernetes)
@@ -39,7 +39,7 @@ Run a phpLDAPadmin docker image by replacing `ldap.example.com` with your ldap h
 
     docker run -p 6443:443 \
            --env PHPLDAPADMIN_LDAP_HOSTS=ldap.example.com \
-           --detach osixia/phpldapadmin:0.6.10
+           --detach osixia/phpldapadmin:0.6.11
 
 That's it :) you can access phpLDAPadmin on [https://localhost:6443](https://localhost:6443)
 
@@ -50,7 +50,7 @@ Example script:
     #!/bin/bash -e
 		docker run --name ldap-service --hostname ldap-service --detach osixia/openldap:1.1.1
 
-		docker run --name phpldapadmin-service --hostname phpldapadmin-service --link ldap-service:ldap-host --env PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:0.6.10
+		docker run --name phpldapadmin-service --hostname phpldapadmin-service --link ldap-service:ldap-host --env PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:0.6.11
 
 		PHPLDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" phpldapadmin-service)
 
@@ -67,7 +67,7 @@ but setting your own config.php is possible. 2 options:
 
 - Link your config file at run time to `/container/service/phpldapadmin/assets/config.php` :
 
-            docker run --volume /data/my-config.php:/container/service/phpldapadmin/assets/config.php --detach osixia/phpldapadmin:0.6.10
+            docker run --volume /data/my-config.php:/container/service/phpldapadmin/assets/config.php --detach osixia/phpldapadmin:0.6.11
 
 - Add your config file by extending or cloning this image, please refer to the [Advanced User Guide](#advanced-user-guide)
 
@@ -76,7 +76,7 @@ but setting your own config.php is possible. 2 options:
 #### Use autogenerated certificate
 By default HTTPS is enable, a certificate is created with the container hostname (it can be set by docker run --hostname option eg: phpldapadmin.my-company.com).
 
-	docker run --hostname phpldapadmin.my-company.com --detach osixia/phpldapadmin:0.6.10
+	docker run --hostname phpldapadmin.my-company.com --detach osixia/phpldapadmin:0.6.11
 
 #### Use your own certificate
 
@@ -86,22 +86,22 @@ You can set your custom certificate at run time, by mounting a directory contain
 	--env PHPLDAPADMIN_HTTPS_CRT_FILENAME=my-cert.crt \
 	--env PHPLDAPADMIN_HTTPS_KEY_FILENAME=my-cert.key \
 	--env PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME=the-ca.crt \
-	--detach osixia/phpldapadmin:0.6.10
+	--detach osixia/phpldapadmin:0.6.11
 
 Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)
 
 #### Disable HTTPS
 Add --env PHPLDAPADMIN_HTTPS=false to the run command :
 
-    docker run --env PHPLDAPADMIN_HTTPS=false --detach osixia/phpldapadmin:0.6.10
+    docker run --env PHPLDAPADMIN_HTTPS=false --detach osixia/phpldapadmin:0.6.11
 
 ### Fix docker mounted file problems
 
 You may have some problems with mounted files on some systems. The startup script try to make some file adjustment and fix files owner and permissions, this can result in multiple errors. See [Docker documentation](https://docs.docker.com/v1.4/userguide/dockervolumes/#mount-a-host-file-as-a-data-volume).
 
 To fix that run the container with `--copy-service` argument :
 
-		docker run [your options] osixia/phpldapadmin:0.6.10 --copy-service
+		docker run [your options] osixia/phpldapadmin:0.6.11 --copy-service
 
 ### Debug
 
@@ -110,11 +110,11 @@ Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.
 
 Example command to run the container in `debug` mode:
 
-	docker run --detach osixia/phpldapadmin:0.6.10 --loglevel debug
+	docker run --detach osixia/phpldapadmin:0.6.11 --loglevel debug
 
 See all command line options:
 
-	docker run osixia/phpldapadmin:0.6.10 --help
+	docker run osixia/phpldapadmin:0.6.11 --help
 
 ## Environment Variables
 
@@ -167,7 +167,7 @@ See how to [set your own environment variables](#set-your-own-environment-variab
 
   If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:
 
-		docker run --env PHPLDAPADMIN_LDAP_HOSTS="#PYTHON2BASH:[{'ldap.example.org': [{'server': [{'tls': True}]},{'login': [{'bind_id': 'cn=admin,dc=example,dc=org'}]}]}, 'ldap2.example.org', 'ldap3.example.org']" --detach osixia/phpldapadmin:0.6.10
+		docker run --env PHPLDAPADMIN_LDAP_HOSTS="#PYTHON2BASH:[{'ldap.example.org': [{'server': [{'tls': True}]},{'login': [{'bind_id': 'cn=admin,dc=example,dc=org'}]}]}, 'ldap2.example.org', 'ldap3.example.org']" --detach osixia/phpldapadmin:0.6.11
 
   To convert yaml to python online: http://yaml-online-parser.appspot.com/
 
@@ -195,23 +195,23 @@ Ldap client TLS/LDAPS :
 	More information at : http://www.openldap.org/doc/admin24/tls.html (16.2.2. Client Configuration)
 
 Other environment variables:
-- **PHPLDAPADMIN_CFSSL_PREFIX**: cfssl environment variables prefix. Defaults to `phpldapadmin`, cfssl-helper first search config from PHPLDAPADMIN_CFSSL_* variables, before CFSSL_* variables.
-- **LDAP_CLIENT_CFSSL_PREFIX**: cfssl environment variables prefix. Defaults to `ldap`, cfssl-helper first search config from LDAP_CFSSL_* variables, before CFSSL_* variables.
+- **PHPLDAPADMIN_SSL_HELPER_PREFIX**: ssl-helper environment variables prefix. Defaults to `phpldapadmin`, ssl-helper first search config from PHPLDAPADMIN_SSL_HELPER_* variables, before SSL_HELPER_* variables.
+- **LDAP_CLIENT_SSL_HELPER_PREFIX**: ssl-helper environment variables prefix. Defaults to `ldap`, ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
 
 ### Set your own environment variables
 
 #### Use command line argument
 Environment variables can be set by adding the --env argument in the command line, for example:
 
 	docker run --env PHPLDAPADMIN_LDAP_HOSTS="ldap.example.org" \
-	--detach osixia/phpldapadmin:0.6.10
+	--detach osixia/phpldapadmin:0.6.11
 
 #### Link environment file
 
 For example if your environment file is in :  /data/environment/my-env.yaml
 
 	docker run --volume /data/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
-	--detach osixia/phpldapadmin:0.6.10
+	--detach osixia/phpldapadmin:0.6.11
 
 Take care to link your environment file to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not  directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
 
@@ -221,13 +221,13 @@ This is the best solution if you have a private registry. Please refer to the [A
 
 ## Advanced User Guide
 
-### Extend osixia/phpldapadmin:0.6.10 image
+### Extend osixia/phpldapadmin:0.6.11 image
 
 If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.
 
 Dockerfile example:
 
-    FROM osixia/phpldapadmin:0.6.10
+    FROM osixia/phpldapadmin:0.6.11
     MAINTAINER Your Name <your@name.com>
 
     ADD https-certs /container/service/phpldapadmin/assets/apache2/certs
@@ -249,7 +249,7 @@ Clone this project :
 Adapt Makefile, set your image NAME and VERSION, for example :
 
 	NAME = osixia/phpldapadmin
-	VERSION = 0.6.10
+	VERSION = 0.6.11
 
 	becomes :
 	NAME = billy-the-king/phpldapadmin

example/kubernetes/phpldapadmin-rc.yaml

@@ -15,7 +15,7 @@ spec:
     spec:
       containers:
         - name: phpldapadmin
-          image: osixia/phpldapadmin:0.6.10
+          image: osixia/phpldapadmin:0.6.11
           volumeMounts:
             - name: phpldapadmin-certs
               mountPath: /container/service/phpldapadmin/assets/apache2/certs

image/Dockerfile

@@ -1,4 +1,4 @@
-FROM osixia/web-baseimage:0.1.10
+FROM osixia/web-baseimage:0.1.11
 MAINTAINER Bertrand Gouny <bertrand.gouny@osixia.net>
 
 # phpLDAPadmin version
@@ -10,13 +10,13 @@ ENV PHPLDAPADMIN_SHA1 669fca66c75e24137e106fdd02e3832f81146e23
 #          https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/add-service-available
 #          https://github.com/osixia/docker-web-baseimage/blob/stable/image/service-available/:apache2/download.sh
 #          https://github.com/osixia/docker-web-baseimage/blob/stable/image/service-available/:php5-fpm/download.sh
-#          https://github.com/osixia/docker-web-baseimage/blob/stable/image/service-available/:cfssl/download.sh
+#          https://github.com/osixia/light-baseimage/blob/stable/image/service-available/:ssl-tools/download.sh
 # Install ca-certificates, curl and php dependencies
 # Download phpLDAPadmin, check file integrity, and unzip phpLDAPadmin to /var/www/phpldapadmin_bootstrap
 # Remove curl
 RUN apt-get update \
 		&& /container/tool/add-multiple-process-stack \
-		&& /container/tool/add-service-available :apache2 :php5-fpm :cfssl \
+		&& /container/tool/add-service-available :apache2 :php5-fpm :ssl-tools \
 		&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --force-yes --no-install-recommends \
 		   ca-certificates \
 			 curl \

image/environment/default.startup.yaml

@@ -0,0 +1,20 @@
+PHPLDAPADMIN_LDAP_HOSTS:
+  - ldap.example.org:
+    - server:
+      - tls: true
+    - login:
+      - bind_id: cn=admin,dc=example,dc=org
+  - ldap2.example.org
+  - ldap3.example.org
+
+# LDAP client tls config
+PHPLDAPADMIN_LDAP_CLIENT_TLS: true
+PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: demand
+PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ldap-ca.crt
+PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: ldap-client.crt
+PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: ldap-client.key
+
+# ssl-helper environment variables prefix
+LDAP_CLIENT_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
+
+SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: :apache2 :php5-fpm

image/environment/default.yaml

@@ -1,12 +1,3 @@
-PHPLDAPADMIN_LDAP_HOSTS:
-  - ldap.example.org:
-    - server:
-      - tls: true
-    - login:
-      - bind_id: cn=admin,dc=example,dc=org
-  - ldap2.example.org
-  - ldap3.example.org
-
 # Apache
 PHPLDAPADMIN_SERVER_ADMIN: webmaster@example.org
 PHPLDAPADMIN_SERVER_PATH: /phpldapadmin
@@ -22,13 +13,7 @@ PHPLDAPADMIN_HTTPS_CRT_FILENAME: phpldapadmin.crt
 PHPLDAPADMIN_HTTPS_KEY_FILENAME: phpldapadmin.key
 PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: ca.crt
 
-# LDAP client tls config
-PHPLDAPADMIN_LDAP_CLIENT_TLS: true
-PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: demand
-PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ldap-ca.crt
-PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: ldap-client.crt
-PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: ldap-client.key
+PHPLDAPADMIN_TRUST_PROXY_SSL: false
 
-# cfssl environment variables prefix
-PHPLDAPADMIN_CFSSL_PREFIX: phpldapadmin # cfssl-helper first search config from PHPLDAPADMIN_CFSSL_* variables, before CFSSL_* variables.
-LDAP_CLIENT_CFSSL_PREFIX: ldap # cfssl-helper first search config from LDAP_CFSSL_* variables, before CFSSL_* variables.
+# ssl-helper environment variables prefix
+PHPLDAPADMIN_SSL_HELPER_PREFIX: phpldapadmin # ssl-helper first search config from PHPLDAPADMIN_SSL_HELPER_* variables, before SSL_HELPER_* variables.

image/service/ldap-client/startup.sh

@@ -13,8 +13,8 @@ if [ ! -e "$FIRST_START_DONE" ]; then
   if [ "${PHPLDAPADMIN_LDAP_CLIENT_TLS,,}" == "true" ]; then
 
     # generate a certificate and key if files don't exists
-    # https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:cfssl/assets/tool/cfssl-helper
-    cfssl-helper ${LDAP_CLIENT_CFSSL_PREFIX} "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME}" "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME}" "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME}"
+    # https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/assets/tool/ssl-helper
+    ssl-helper ${LDAP_CLIENT_SSL_HELPER_PREFIX} "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME}" "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME}" "${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME}"
 
     # ldap client config
     sed -i --follow-symlinks "s,TLS_CACERT.*,TLS_CACERT ${CONTAINER_SERVICE_DIR}/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf

image/service/phpldapadmin/startup.sh

@@ -14,8 +14,8 @@ if [ "${PHPLDAPADMIN_HTTPS,,}" == "true" ]; then
   log-helper info "Set apache2 https config..."
 
   # generate a certificate and key if files don't exists
-  # https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:cfssl/assets/tool/cfssl-helper
-  cfssl-helper ${PHPLDAPADMIN_CFSSL_PREFIX} "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CRT_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_KEY_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME"
+  # https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/assets/tool/ssl-helper
+  ssl-helper ${PHPLDAPADMIN_SSL_HELPER_PREFIX} "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CRT_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_KEY_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME"
 
   # add CA certificat config if CA cert exists
   if [ -e "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME" ]; then
@@ -43,7 +43,7 @@ a2ensite phpldapadmin | log-helper debug
 #
 # phpLDAPadmin directory is empty, we use the bootstrap
 #
-if [ ! "$(ls -A /var/www/phpldapadmin)" ]; then
+if [ ! "$(ls -A -I lost+found /var/www/phpldapadmin)" ]; then
 
   log-helper info "Bootstap phpLDAPadmin..."
 

test/test.bats

@@ -13,7 +13,7 @@ load test_helper
   tmp_file="$BATS_TMPDIR/docker-test"
 
   run_image
-  wait_service apache2 php5-fpm
+  wait_process apache2 php5-fpm
   curl --silent --insecure https://$CONTAINER_IP >> $tmp_file
   run grep -c "Use the menu to the left to navigate" $tmp_file
   rm $tmp_file
@@ -29,17 +29,17 @@ load test_helper
   tmp_file="$BATS_TMPDIR/docker-test"
 
   # we start a new openldap container
-  LDAP_CID=$(docker run -d osixia/openldap:1.1.1)
+  LDAP_CID=$(docker run -d osixia/openldap:1.1.6)
   LDAP_IP=$(get_container_ip_by_cid $LDAP_CID)
 
   # we start the wordpress container and set DB_HOSTS
   run_image -e PHPLDAPADMIN_LDAP_HOSTS=$LDAP_IP
 
   # wait openldap
-  wait_service_by_cid $LDAP_CID slapd
+  wait_process_by_cid $LDAP_CID slapd
 
   # wait phpLDAPadmin container apache2 service
-  wait_service apache2 php5-fpm
+  wait_process apache2 php5-fpm
 
   curl -L --silent --insecure -c $BATS_TMPDIR/cookie.txt https://$CONTAINER_IP >> $tmp_file
 

test/test_helper.bash

@@ -30,19 +30,10 @@ clear_container() {
   remove_containers_by_cid $CONTAINER_ID
 }
 
-is_service_running() {
-  is_service_running_by_cid $CONTAINER_ID $1
+wait_process() {
+  wait_process_by_cid $CONTAINER_ID $@
 }
 
-is_file_exists() {
-  is_file_exists_by_cid $CONTAINER_ID $1
-}
-
-wait_service() {
-  wait_service_by_cid $CONTAINER_ID $@
-}
-
-
 # generic functions
 get_container_ip_by_cid() {
   local IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $1)
@@ -78,30 +69,7 @@ clear_containers_by_cid() {
   remove_containers_by_cid $@
 }
 
-is_service_running_by_cid() {
-  docker exec $1 ps cax | grep $2  > /dev/null
-}
-
-is_file_exists_by_cid() {
-  docker exec $1 cat $2 > /dev/null 2>&1
-}
-
-wait_service_by_cid() {
-
+wait_process_by_cid() {
   cid=$1
-
-  # first wait image init end
-  while ! is_file_exists_by_cid $cid /container/run/state/startup-done
-  do
-    sleep 0.5
-  done
-
-  for service in "${@:2}"
-  do
-    # wait service
-    while ! is_service_running_by_cid $cid $service
-    do
-      sleep 0.5
-    done
-  done
+  docker exec $cid /container/tool/wait-process ${@:2}
 }