Merge branch 'hotfix-0.6.7' into stable

Author: BertrandGouny

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## 0.6.7
+  - Upgrade baseimage: web-baseimage:0.1.8
+
 ## 0.6.6
   - Upgrade baseimage: web-baseimage:0.1.7
   - Makefile with build no cache

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/phpldapadmin
-VERSION = 0.6.6
+VERSION = 0.6.7
 
 .PHONY: all build build-nocache test tag_latest release
 

README.md

@@ -1,22 +1,41 @@
 # osixia/phpldapadmin
 
-[![](https://badge.imagelayers.io/osixia/phpldapadmin:latest.svg)](https://imagelayers.io/?images=osixia/phpldapadmin:latest 'Get your own badge on imagelayers.io')
+[![](https://badge.imagelayers.io/osixia/phpldapadmin:latest.svg)](https://imagelayers.io/?images=osixia/phpldapadmin:latest 'Get your own badge on imagelayers.io') | Latest release: 0.6.7 - [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/phpldapadmin/) 
 
 A docker image to run phpLDAPadmin.
 > [phpldapadmin.sourceforge.net](http://phpldapadmin.sourceforge.net)
 
+- [Quick start](#quick-start)
+	- [OpenLDAP & phpLDAPadmin in 1'](#openldap--phpldapadmin-in-1)
+- [Beginner Guide](#beginner-guide)
+	- [Use your own phpLDAPadmin config](#use-your-own-phpldapadmin-config)
+	- [HTTPS](#https)
+		- [Use autogenerated certificate](#use-autogenerated-certificate)
+		- [Use your own certificate](#use-your-own-certificate)
+		- [Disable HTTPS](#disable-https)
+	- [Debug](#debug)
+- [Environment Variables](#environment-variables)
+	- [Set your own environment variables](#set-your-own environment-variables)
+		- [Use command line argument](#use-command-line-argument)
+		- [Link environment file](#link-environment-file)
+		- [Make your own image or extend this image](#make-your-own image-or-extend-this-image)
+- [Advanced User Guide](#advanced-user-guide)
+	- [Extend osixia/phpldapadmin:0.6.7 image](#extend-osixiaphpldapadmin067-image)
+	- [Make your own phpLDAPadmin image](#make-your-own-phpldapadmin-image)
+	- [Tests](#tests)
+	- [Kubernetes](#kubernetes)
+	- [Under the hood: osixia/web-baseimage](#under-the-hood-osixiaweb-baseimage)
+- [Changelog](#changelog)
+
 ## Quick start
 
 Run a phpLDAPadmin docker image by replacing `ldap.example.com` with your ldap host or IP :
 
-    sudo docker run -p 443:443 \
-               -e PHPLDAPADMIN_LDAP_HOSTS=ldap.example.com \
-               -d osixia/phpldapadmin
-
-That's it :) you can access phpLDAPadmin on **https://localhost**
-
+    docker run -p 6443:443 \
+           --env PHPLDAPADMIN_LDAP_HOSTS=ldap.example.com \
+           --detach osixia/phpldapadmin:0.6.7
 
-## Examples
+That's it :) you can access phpLDAPadmin on [https://localhost:6443](https://localhost:6443)
 
 ### OpenLDAP & phpLDAPadmin in 1'
 
@@ -25,11 +44,11 @@ Example script:
     #!/bin/bash -e
 
     # Run a ldap server, save the container id in LDAP_CID and get its IP:
-    LDAP_CID=$(docker run -h ldap.example.org -d osixia/openldap:1.0.1)
+    LDAP_CID=$(docker run --hostname ldap.example.org --detach osixia/openldap:1.1.0)
     LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
 
     # Run phpLDAPadmin and set ldap host to ldap ip
-    PHPLDAP_CID=$(docker run -h phpldapadmin.example.org -e PHPLDAPADMIN_LDAP_HOSTS=$LDAP_IP -d osixia/phpldapadmin:0.6.4)
+    PHPLDAP_CID=$(docker run --hostname phpldapadmin.example.org --env PHPLDAPADMIN_LDAP_HOSTS=$LDAP_IP --detach osixia/phpldapadmin:0.6.7)
 
     # We get phpLDAPadmin container ip
     PHPLDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $PHPLDAP_CID)
@@ -38,66 +57,110 @@ Example script:
     echo "Login DN: cn=admin,dc=example,dc=org"
     echo "Password: admin"
 
+
+## Beginner Guide
+
+### Use your own phpLDAPadmin config
+This image comes with a phpLDAPadmin config.php file that can be easily customized via environment variables for a quick bootstrap,
+but setting your own config.php is possible. 2 options:
+
+- Link your config file at run time to `/container/service/phpldapadmin/assets/config.php` :
+
+      docker run --volume /data/my-config.php:/container/service/phpldapadmin/assets/config.php --detach osixia/phpldapadmin:0.6.7
+
+- Add your config file by extending or cloning this image, please refer to the [Advanced User Guide](#advanced-user-guide)
+
 ### HTTPS
 
 #### Use autogenerated certificate
-By default HTTPS is enable, a certificate is created with the container hostname (set by -h option eg: phpldapadmin.my-compagny.com).
+By default HTTPS is enable, a certificate is created with the container hostname (it can be set by docker run --hostname option eg: phpldapadmin.my-company.com).
 
-	docker run -h phpldapadmin.my-compagny.com -d osixia/phpldapadmin
+	docker run --hostname phpldapadmin.my-company.com --detach osixia/phpldapadmin:0.6.7
 
 #### Use your own certificate
 
-Add your custom certificate, private key and CA certificate in the directory **image/service/phpldapadmin/assets/apache2/certs** adjust filename in **image/env.yaml** and rebuild the image ([see manual build](#manual-build)).
-
-Or you can set your custom certificate at run time, by mouting your a directory containing thoses files to **/container/service/phpldapadmin/assets/apache2/certs** and adjust there name with the following environment variables :
+You can set your custom certificate at run time, by mounting a directory containing those files to **/container/service/phpldapadmin/assets/apache2/certs** and adjust their name with the following environment variables:
 
-	docker run -v /path/to/certifates:/container/service/phpldapadmin/assets/apache2/certs \
-	-e PHPLDAPADMIN_HTTPS_CRT_FILENAME=my-phpldapadmin.crt \
-	-e PHPLDAPADMIN_HTTPS_KEY_FILENAME=my-phpldapadmin.key \
-	-e PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME=the-ca.crt \
-	-d osixia/phpldapadmin
+	docker run --volume /path/to/certifates:/container/service/phpldapadmin/assets/apache2/certs \
+	--env PHPLDAPADMIN_HTTPS_CRT_FILENAME=my-cert.crt \
+	--env PHPLDAPADMIN_HTTPS_KEY_FILENAME=my-cert.key \
+	--env PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME=the-ca.crt \
+	--detach osixia/phpldapadmin:0.6.7
 
-Ommit the -e PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME variable for self signed certificates
+Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)
 
 #### Disable HTTPS
-Add -e PHPLDAPADMIN_HTTPS=false to the run command :
+Add --env PHPLDAPADMIN_HTTPS=false to the run command :
 
-    docker run -e PHPLDAPADMIN_HTTPS=false -d osixia/phpldapadmin
+    docker run --env PHPLDAPADMIN_HTTPS=false --detach osixia/phpldapadmin:0.6.7
 
-## Environment Variables
+### Debug
 
-Environement variables defaults are set in **image/env.yaml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yaml file as a docker volume to `/container/environment/env.yaml`. See examples below.
+The container default log level is **info**.
+Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.
 
-- **PHPLDAPADMIN_LDAP_HOSTS**: Set phpLDAPadmin server config. Defaults to :
+Example command to run the container in `debug` mode:
 
-		   - ldap.example.org:
-		    - server:
-		      - tls: true
-		    - login:
-		      - bind_id: cn=admin,dc=example,dc=org
-		  - ldap2.example.org
-		  - ldap3.example.org
+	docker run --detach osixia/phpldapadmin:0.6.7 --loglevel debug
 
-	This will be converted in the phpldapadmin config.php file to :
+See all command line options:
 
-		$servers->newServer('ldap_pla');
-		$servers->setValue('server','name','ldap.example.org');
-		$servers->setValue('server','host','ldap.example.org');
-		$servers->setValue('server','tls',true);
-		$servers->setValue('login','bind_id','cn=admin,dc=example,dc=org');
-		$servers->newServer('ldap_pla');
-		$servers->setValue('server','name','ldap2.example.org');
-		$servers->setValue('server','host','ldap2.example.org');
-		$servers->newServer('ldap_pla');
-		$servers->setValue('server','name','ldap3.example.org');
-		$servers->setValue('server','host','ldap3.example.org');
+	docker run osixia/phpldapadmin:0.6.7 --help
 
-	If you want to set this variable at docker run command convert the yaml in python :
+## Environment Variables
 
-		docker run -e PHPLDAPADMIN_LDAP_HOSTS="[{'ldap.example.org': [{'server': [{'tls': True}]},{'login': [{'bind_id': 'cn=admin,dc=example,dc=org'}]}]}, 'ldap2.example.org', 'ldap3.example.org']" -d osixia/phpldapadmin
+Environment variables defaults are set in **image/environment/default.yaml**
 
-	To convert yaml to python online :
-	http://yaml-online-parser.appspot.com/
+See how to [set your own environment variables](#set-your-own-environment-variables)
+
+- **PHPLDAPADMIN_LDAP_HOSTS**: Set phpLDAPadmin server config. Defaults to :
+
+  ```yaml
+  - ldap.example.org:
+    - server:
+      - tls: true
+    - login:
+      - bind_id: cn=admin,dc=example,dc=org
+  - ldap2.example.org
+  - ldap3.example.org
+  ```
+  This will be converted in the phpldapadmin config.php file to :
+  ```php5
+  $servers->newServer('ldap_pla');
+  $servers->setValue('server','name','ldap.example.org');
+  $servers->setValue('server','host','ldap.example.org');
+  $servers->setValue('server','tls',true);
+  $servers->setValue('login','bind_id','cn=admin,dc=example,dc=org');
+  $servers->newServer('ldap_pla');
+  $servers->setValue('server','name','ldap2.example.org');
+  $servers->setValue('server','host','ldap2.example.org');
+  $servers->newServer('ldap_pla');
+  $servers->setValue('server','name','ldap3.example.org');
+  $servers->setValue('server','host','ldap3.example.org');
+  ```
+  All server configuration are available, just add the needed entries, for example:  
+  ```yaml
+  - ldap.example.org:
+    - server:
+      - tls: true
+      - port: 636
+      - force_may: array('uidNumber','gidNumber','sambaSID')
+    - login:
+      - bind_id: cn=admin,dc=example,dc=org
+      - bind_pass: p0p!
+    - auto_number:
+      - min: 1000
+  - ldap2.example.org
+  - ldap3.example.org
+  ```
+
+  See complete list: http://phpldapadmin.sourceforge.net/wiki/index.php/LDAP_server_definitions
+
+  If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:
+
+		docker run --env PHPLDAPADMIN_LDAP_HOSTS="#PYTHON2BASH:[{'ldap.example.org': [{'server': [{'tls': True}]},{'login': [{'bind_id': 'cn=admin,dc=example,dc=org'}]}]}, 'ldap2.example.org', 'ldap3.example.org']" --detach osixia/phpldapadmin:0.6.7
+
+  To convert yaml to python online: http://yaml-online-parser.appspot.com/
 
 Apache :
 - **PHPLDAPADMIN_SERVER_ADMIN**: Server admin email. Defaults to `webmaster@example.org`
@@ -118,19 +181,49 @@ Ldap client TLS/LDAPS :
 
 	More information at : http://www.openldap.org/doc/admin24/tls.html (16.2.2. Client Configuration)
 
-### Set environment variables at run time :
+Other environment variables:
+- **PHPLDAPADMIN_CFSSL_PREFIX**: cfssl environment variables prefix. Defaults to `phpldapadmin`, cfssl-helper first search config from PHPLDAPADMIN_CFSSL_* variables, before CFSSL_* variables.
+- **LDAP_CLIENT_CFSSL_PREFIX**: cfssl environment variables prefix. Defaults to `ldap`, cfssl-helper first search config from LDAP_CFSSL_* variables, before CFSSL_* variables.
+
+### Set your own environment variables
+
+#### Use command line argument
+Environment variables can be set by adding the --env argument in the command line, for example:
+
+	docker run --env PHPLDAPADMIN_LDAP_HOSTS="ldap.example.org" \
+	--detach osixia/phpldapadmin:0.6.7
 
-Environment variable can be set directly by adding the -e argument in the command line, for example :
+#### Link environment file
 
-	docker run -h phpldapadmin.example.org -e PHPLDAPADMIN_LDAP_HOSTS="ldap.example.org" \
-	-d osixia/phpldapadmin
+For example if your environment file is in :  /data/environment/my-env.yaml
 
-Or by setting your own `env.yaml` file as a docker volume to `/container/environment/env.yaml`
+	docker run --volume /data/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
+	--detach osixia/phpldapadmin:0.6.7
 
-	docker run -h ldap.example.org -v /data/my-env.yaml:/container/environment/env.yaml \
-	-d osixia/openldap
+Take care to link your environment file to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not  directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
 
-## Manual build
+#### Make your own image or extend this image
+
+This is the best solution if you have a private registry. Please refer to the [Advanced User Guide](#advanced-user-guide) just below.
+
+## Advanced User Guide
+
+### Extend osixia/phpldapadmin:0.6.7 image
+
+If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.
+
+Dockerfile example:
+
+    FROM osixia/phpldapadmin:0.6.7
+    MAINTAINER Your Name <your@name.com>
+
+    ADD https-certs /container/service/phpldapadmin/assets/apache2/certs
+    ADD ldap-certs /container/service/ldap-client/assets/certs
+    ADD my-config.php /container/service/phpldapadmin/assets/config.php
+    ADD environment /container/environment/01-custom
+
+
+### Make your own phpLDAPadmin image
 
 Clone this project :
 
@@ -140,12 +233,14 @@ Clone this project :
 Adapt Makefile, set your image NAME and VERSION, for example :
 
 	NAME = osixia/phpldapadmin
-	VERSION = 0.6.4
+	VERSION = 0.6.7
 
 	becomes :
 	NAME = billy-the-king/phpldapadmin
 	VERSION = 0.1.0
 
+Add your custom certificate, environment files, config.php ...
+
 Build your image :
 
 	make build
@@ -154,7 +249,7 @@ Run your image :
 
 	docker run -d billy-the-king/phpldapadmin:0.1.0
 
-## Tests
+### Tests
 
 We use **Bats** (Bash Automated Testing System) to test this image:
 
@@ -163,3 +258,22 @@ We use **Bats** (Bash Automated Testing System) to test this image:
 Install Bats, and in this project directory run :
 
 	make test
+
+### Kubernetes
+
+Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications.
+
+More information:
+- http://kubernetes.io
+- https://github.com/kubernetes/kubernetes
+
+A kubernetes example is available in **example/kubernetes**
+
+### Under the hood: osixia/web-baseimage
+
+This image is based on osixia/web-baseimage.
+More info: https://github.com/osixia/docker-web-baseimage
+
+## Changelog
+
+Please refer to: [CHANGELOG.md](CHANGELOG.md)

example/kubernetes/phpldapadmin-rc.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: phpldapadmin-controller
+  labels:
+    app: phpldapadmin
+spec:
+  replicas: 1
+  selector:
+    app: phpldapadmin
+  template:
+    metadata:
+      labels:
+        app: phpldapadmin
+    spec:
+      containers:
+        - name: phpldapadmin
+          image: osixia/phpldapadmin:0.6.7
+          volumeMounts:
+            - name: phpldapadmin-certs
+              mountPath: /container/service/phpldapadmin/assets/apache2/certs
+            - name: ldap-client-certs
+              mountPath: /container/service/ldap-client/assets/certs
+          ports:
+            - containerPort: 443
+          env:
+            - name: PHPLDAPADMIN_LDAP_HOSTS
+              value: "[{'ldap.example.org': [{'server': [{'tls': 'true'}]}]}]"
+            - name: PHPLDAPADMIN_SERVER_ADMIN
+              value: "webmaster@example.org"
+            - name: PHPLDAPADMIN_HTTPS
+              value: "true"
+            - name: PHPLDAPADMIN_HTTPS_CRT_FILENAME
+              value: "cert.crt"
+            - name: PHPLDAPADMIN_HTTPS_KEY_FILENAME
+              value: "cert.key"
+            - name: PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME
+              value: "ca.crt"
+            - name: PHPLDAPADMIN_LDAP_CLIENT_TLS
+              value: "true"
+            - name: PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT
+              value: "demand"
+            - name: PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME
+              value: "cert.crt"
+            - name: PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME
+              value: "cert.key"
+            - name: PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME
+              value: "ca.crt"
+      volumes:
+        - name: phpldapadmin-certs
+          hostPath:
+            path: "/data/phpldapadmin/ssl/"
+        - name: ldap-client-certs
+          hostPath:
+            path: "/data/phpldapadmin/ldap-client-certs/"