OpenDJ Openshift Template

Author: maximthomas

.travis.yml

@@ -36,6 +36,7 @@ matrix:
         - "opendj-packages/opendj-rpm/opendj-rpm-standard/target/rpm/opendj/RPMS/noarch/*.rpm"
         - "opendj-packages/opendj-msi/opendj-msi-standard/target/*.msi"
         - "opendj-packages/opendj-docker/target/Dockerfile"
+	- "opendj-packages/opendj-openshift-template/*.yaml"
         - "opendj-doc-generated-ref/target/*.zip"
         - "opendj-dsml-servlet/target/*.war"
         - "opendj-rest2ldap-servlet/target/*.war"
@@ -94,4 +95,4 @@ install:
   - mvn -q -B -V -DskipTests -Dmaven.javadoc.skip=true install -f forgerock-parent
 script:
   - echo "mvn -B install $INSTALL_SUFFIX"
-  - eval "mvn -B install $INSTALL_SUFFIX"
+  - eval "mvn -B install $INSTALL_SUFFIX"

opendj-packages/opendj-docker/Dockerfile

@@ -2,42 +2,51 @@ FROM java:8
 
 MAINTAINER Open Identity Platform Community <open-identity-platform-opendj@googlegroups.com>
 
-ARG ADD_BASE_ENTRY="--addBaseEntry"
+ENV ADD_BASE_ENTRY="--addBaseEntry"
 
-ARG PORT=1389
+ENV PORT=1389
 
-ARG LDAPS_PORT=1636
+ENV LDAPS_PORT=1636
 
-ARG BASE_DN="dc=example,dc=com"
+ENV BASE_DN=${BASE_DN:-"dc=example,dc=com"}
 
-ARG ROOT_USER_DN="cn=Directory Manager"
+ENV ROOT_USER_DN=${ROOT_USER_DN:-"cn=Directory Manager"}
 
-ARG ROOT_PASSWORD=password
+ENV ROOT_PASSWORD=${ROOT_PASSWORD:-"password"}
 
-ARG VERSION=@project_version@
+ENV SECRET_VOLUME=${SECRET_VOLUME}
 
-ARG OPENDJ_USER="opendj"
+ENV MASTER_SERVER=${MASTER_SERVER}
 
-WORKDIR /opt
+ENV OPENDJ_REPLICATION_TYPE=${OPENDJ_REPLICATION_TYPE}
+
+ENV VERSION=@project_version@
+
+#ENV VERSION=4.3.1
 
-RUN apt-get install -y wget unzip
+ENV OPENDJ_USER="opendj"
 
-RUN wget --quiet \
+WORKDIR /opt
+
+RUN wget --show-progress --progress=bar:force:noscroll --quiet \
   https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip && \
   unzip opendj-$VERSION.zip && \
   rm -r opendj-$VERSION.zip
 
-RUN useradd -m -r -u 1001 -g root $OPENDJ_USER
+RUN echo "/opt/opendj/data" > /opt/opendj/instance.loc  && \
+    mkdir -p /opt/opendj/data/lib/extensions
 
-RUN chgrp -R 0 /opt/opendj && \
-  chmod -R g=u /opt/opendj
+ADD bootstrap/ /opt/opendj/bootstrap/
 
-USER $OPENDJ_USER
+ADD run.sh /opt/opendj/run.sh
+
+RUN useradd -m -r -u 1001 -G root,sudo $OPENDJ_USER
 
-RUN /opt/opendj/setup --cli -p $PORT --ldapsPort $LDAPS_PORT --enableStartTLS \
-  --generateSelfSignedCertificate --baseDN "$BASE_DN" -h localhost --rootUserDN "$ROOT_USER_DN" \
-  --rootUserPassword "$ROOT_PASSWORD" --acceptLicense --no-prompt --doNotStart $ADD_BASE_ENTRY
+RUN chgrp -R 0 /opt/opendj && \
+    chmod -R g=u /opt/opendj
 
 EXPOSE $PORT $LDAPS_PORT 4444
 
-CMD ["/opt/opendj/bin/start-ds", "--nodetach"
+USER $OPENDJ_USER
+
+ENTRYPOINT ["/opt/opendj/run.sh"]

opendj-packages/opendj-docker/README.md

@@ -1,8 +1,25 @@
 # How-to:
 Build docker image:
-
-    docker build . -t openidentityplatform/opendj
-
+```bash
+docker build . -t openidentityplatform/opendj
+```
 Run image
+```bash
+docker run -d -p 1389:1389 -p 1636:1636 -p 4444:4444 --name opendj openidentityplatform/opendj
+```
+
+##  Environment Variables
 
-    docker run -d -p 1389:1389 -p 1636:1636 -p 4444:4444 --name opendj openidentityplatform/opendj
+|Variable|Default Value|Description|
+|--------|-------------|-----------|
+|ADD_BASE_ENTRY|--addBaseEntry|if set, creates base DN entry|
+|PORT|1389|LDAP Listener Port|
+|LDAPS_PORT|1636|LDAPS Listener Port|
+|BASE_DN|dc=example,dc=com|OpenDJ Base DN |
+|ROOT_USER_DN|cn=Directory Manager|Initial root user DN|
+|ROOT_PASSWORD|password|Initial root user password|
+|SECRET_VOLUME|-|Mounted keystore volume, if present copies keystore over|
+|MASTER_SERVER|-|Replication master server|
+|VERSION|4.3.1|OpenDJ version|
+|OPENDJ_USER|-|user which runs OpenDJ|
+|OPENDJ_REPLICATION_TYPE|-|OpenDJ Replication type, valid values are: <ul><li>simple - standart replication</li><li>srs - standalone replication servers</li><li>sdsr - Standalone Directory Server Replicas</li><li>rg - Replication Groups</li></ul>Other values will be ignored|

opendj-packages/opendj-docker/bootstrap/replicate.sh

@@ -0,0 +1,140 @@
+#!/usr/bin/env bash
+# Replicate to the master server hostname defined in $1
+# If that server is ourself this is a no-op
+
+# This is a bit  kludgy.
+# The hostname has to be a fully resolvable DNS name in the cluster
+# If the service is called
+
+MYHOSTNAME=${MYHOSTNAME:-`hostname -f`}
+
+echo "Setting up replication from $MYHOSTNAME to $MASTER_SERVER"
+
+# For debug
+
+# K8s puts the service name in /etc/hosts
+if grep ${MASTER_SERVER} /etc/hosts; then
+ echo "We are the master. Skipping replication setup to ourself"
+ exit 0
+fi
+
+# Comment out
+echo "replicate ENV vars:"
+env
+
+# todo: Replace with command to test for master being reachable and up
+# This is hacky....
+echo "Will sleep for a bit to ensure master is up"
+
+sleep 5
+
+if [ "$OPENDJ_REPLICATION_TYPE" == "simple" ] then
+  echo "Enabling Standart Replication..."
+  /opt/opendj/bin/dsreplication enable --host1 $MYHOSTNAME --port1 4444 \
+    --bindDN1 "$ROOT_USER_DN" \
+    --bindPassword1 $ROOT_PASSWORD --replicationPort1 8989 \
+    --host2 $MASTER_SERVER --port2 4444 --bindDN2 "$ROOT_USER_DN" \
+    --bindPassword2 $ROOT_PASSWORD --replicationPort2 8989 \
+    --adminUID admin --adminPassword $ROOT_PASSWORD --baseDN $BASE_DN -X -n
+
+  echo "initializing replication"
+
+  /opt/opendj/bin/dsreplication initialize --baseDN $BASE_DN \
+    --adminUID admin --adminPassword $ROOT_PASSWORD \
+    --hostSource $MYHOSTNAME --portSource 4444 \
+    --hostDestination $MASTER_SERVER --portDestination 4444 -X -n
+
+elif [ "$OPENDJ_REPLICATION_TYPE" == "srs" ] then
+  echo "Enabling Standalone Replication Servers..."
+  dsreplication enable \
+   --adminUID admin \
+   --adminPassword $ROOT_PASSWORD \
+   --baseDN $BASE_DN \
+   --host1 $MYHOSTNAME \
+   --port1 4444 \
+   --bindDN1 "$ROOT_USER_DN" \
+   --bindPassword1 $ROOT_PASSWORD \
+   --noReplicationServer1 \
+   --host2 $MASTER_SERVER \
+   --port2 4444 \
+   --bindDN2 "$ROOT_USER_DN" \
+   --bindPassword2 $ROOT_PASSWORD \
+   --replicationPort2 8989 \
+   --onlyReplicationServer2 \
+   --trustAll \
+   --no-prompt;
+
+  echo "initializing replication"
+
+  dsreplication \
+   initialize-all \
+   --adminUID admin \
+   --adminPassword $ROOT_PASSWORD \
+   --baseDN $BASE_DN \
+   --hostname $MYHOSTNAME \
+   --port 4444 \
+   --trustAll \
+   --no-prompt
+
+elif [ "$OPENDJ_REPLICATION_TYPE" == "sdsr" ] then
+  echo "Enabling Standalone Directory Server Replicas...."
+  dsreplication \
+   enable \
+   --adminUID admin \
+   --adminPassword $ROOT_PASSWORD \
+   --baseDN $BASE_DN \
+   --host1 $MASTER_SERVER \
+   --port1 4444 \
+   --bindDN1 "$ROOT_USER_DN" \
+   --bindPassword1 $ROOT_PASSWORD \
+   --host2 $MYHOSTNAME \
+   --port2 4444 \
+   --bindDN2 "$ROOT_USER_DN" \
+   --bindPassword2 ROOT_PASSWORD \
+   --noReplicationServer2 \
+   --trustAll \
+   --no-prompt
+
+ echo "initializing replication"
+
+ dsreplication \
+   initialize \
+   --adminUID admin \
+   --adminPassword $ROOT_PASSWORD \
+   --baseDN $BASE_DN \
+   --hostSource $MASTER_SERVER \
+   --portSource 4444 \
+   --hostDestination $MYHOSTNAME \
+   --portDestination 4444 \
+   --trustAll \
+   --no-prompt
+
+elif [ "$OPENDJ_REPLICATION_TYPE" == "rg" ] then
+  echo "Enabling Replication Groups..."
+
+  dsconfig \
+   set-replication-domain-prop \
+   --port 4444 \
+   --hostname $MYHOSTNAME \
+   --bindDN "$ROOT_USER_DN" \
+   --bindPassword $ROOT_PASSWORD \
+   --provider-name "Multimaster Synchronization" \
+   --domain-name $BASE_DN \
+   --set group-id:$OPENDJ_REPLICATION_GROUP_ID \
+   --trustAll \
+   --no-prompt
+
+   dsconfig \
+    set-replication-server-prop \
+    --port 4444 \
+    --hostname $MASTER_SERVER \
+    --bindDN "$ROOT_USER_DN" \
+    --bindPassword $ROOT_PASSWORD \
+    --provider-name "Multimaster Synchronization" \
+    --set group-id:$OPENDJ_REPLICATION_GROUP_ID \
+    --trustAll \
+    --no-prompt
+
+else
+  echo "Unknown replication type, skiping replication..."
+fi

opendj-packages/opendj-docker/bootstrap/setup.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# Default setup script
+
+echo "Setting up default OpenDJ instance"
+
+# If any optional LDIF files are present load them
+
+/opt/opendj/setup --cli -p $PORT --ldapsPort $LDAPS_PORT --enableStartTLS --generateSelfSignedCertificate \
+  --baseDN $BASE_DN -h localhost --rootUserPassword "$ROOT_PASSWORD" \
+  --acceptLicense --no-prompt  $ADD_BASE_ENTRY #--sampleData 1
+
+
+if [ -d /opt/opendj/bootstrap/schema/ ]; then
+  echo "Loading initial schema:"
+  for file in /opt/opendj/bootstrap/schema/*;  do
+      echo "Loading $file ..."
+      /opt/opendj/bin/ldapmodify -D "$ROOT_USER_DN" -h localhost -p $PORT -w $ROOT_PASSWORD -f $file
+  done
+fi
+
+if [ -d /opt/opendj/bootstrap/data/ ]; then
+  echo "Loading initial data:"
+  for file in /opt/opendj/bootstrap/data/*;  do
+      echo "Loading $file ..."
+      /opt/opendj/bin/ldapmodify -D "$ROOT_USER_DN" -h localhost -p $PORT -w $ROOT_PASSWORD -f $file
+  done
+fi

opendj-packages/opendj-docker/pom.xml

@@ -12,7 +12,7 @@
   Header, with the fields enclosed by brackets [] replaced by your own identifying
   information: "Portions Copyright [year] [name of copyright owner]".
 
-  Copyright 2015-2016 ForgeRock AS.
+  Copyright 2018-2019 Open Identity Platform Community.
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -40,20 +40,22 @@
     </description>
 
     <build>
-            <plugins>
-                <plugin>
+      <plugins>
+        <plugin>
 				    <artifactId>maven-antrun-plugin</artifactId>
 				    <executions>
 				      <execution>
 				        <phase>prepare-package</phase>
 				        <configuration>
 				          <tasks>
 				          	<copy todir="${project.build.directory}">
-    							<fileset dir="${basedir}">
-        							<include name="Dockerfile" />  <!--NOTE DIFFERENCE HERE-->
-    							</fileset>
-							</copy>
-				            <replace token="@project_version@" value="${project.version}" dir="target/">                                 
+    							    <fileset dir="${basedir}">
+        							  <include name="Dockerfile" />  <!--NOTE DIFFERENCE HERE-->
+                        <include name="bootstrap/**" />
+                        <include name="run.sh" />
+    							    </fileset>
+							      </copy>
+				            <replace token="@project_version@" value="${project.version}" dir="target/">
 				              <include name="Dockerfile" />
 				            </replace>
 				          </tasks>
@@ -64,6 +66,6 @@
 				      </execution>
 				    </executions>
 				  </plugin>
-            </plugins>
+      </plugins>
     </build>
 </project>

opendj-packages/opendj-docker/run.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+# Run the OpenDJ server
+# The idea is to consolidate all of the writable DJ directories to
+# a single instance directory root, and update DJ's instance.loc file to point to that root
+# This allows us to to mount a data volume on that root which  gives us
+# persistence across restarts of OpenDJ.
+# For Docker - mount a data volume on /opt/opendj/data
+# For Kubernetes mount a PV
+
+
+cd /opt/opendj
+
+
+# Instance dir does not exist? Then we need to run setup
+if [ ! -d ./data/config ] ; then
+
+  echo "Instance data Directory is empty. Creating new DJ instance"
+
+  BOOTSTRAP=${BOOTSTRAP:-/opt/opendj/bootstrap/setup.sh}
+
+  export BASE_DN=${BASE_DN:-"dc=example,dc=com"}
+  echo "BASE DN is ${BASE_DN}"
+
+  export PASSWORD=${ROOT_PASSWORD:-password}
+
+   echo "Password set to $PASSWORD"
+
+   echo "Running $BOOTSTRAP"
+   sh "${BOOTSTRAP}"
+
+   # Check if OPENDJ_REPLICATION_TYPE var is set. If it is - replicate to that server
+   if [ ! -z ${MASTER_SERVER} ] && [ ! -z ${OPENDJ_REPLICATION_TYPE} ];  then
+      /opt/opendj/bootstrap/replicate.sh
+   fi
+else
+ exec ./bin/start-ds --nodetach
+ return
+fi
+
+# Check if keystores are mounted as a volume, and if so
+# Copy any keystores over
+SECRET_VOLUME=${SECRET_VOLUME:-/var/secrets/opendj}
+
+if [ -d "${SECRET_VOLUME}" ]; then
+  echo "Secret volume is present. Will copy any keystores and truststore"
+  # We send errors to /dev/null in case no data exists.
+  cp -f ${SECRET_VOLUME}/key*   ${SECRET_VOLUME}/trust* ./data/config 2>/dev/null
+fi
+
+# todo: Check /opt/opendj/data/config/buildinfo
+# Run upgrade if the server is older
+
+if (bin/status -n | grep Started) ; then
+   echo "OpenDJ is started"
+   # We cant exit because we are pid 1
+   while true; do sleep 100000; done
+fi
+
+
+echo "Starting OpenDJ"
+
+#
+
+exec ./bin/start-ds --nodetach