How to start openldap in k8s?

Question

*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** link /container/service/slapd/startup.sh to /container/run/startup/slapd
*** link /container/service/slapd/process.sh to /container/run/process/slapd/run
*** Set environment for startup files
*** Environment files will be proccessed in this order :  Caution: previously defined variables will not be overriden. /container/environment/99-default/default.startup.yaml /container/environment/99-default/default.yaml
To see how this files are processed and environment variables values, run this container with '--loglevel debug'
*** Running /container/run/startup/:ssl-tools...
*** Running /container/run/startup/slapd... Database and config directory are empty... Init new ldap server... invoke-rc.d: could not determine current runlevel invoke-rc.d: policy-rc.d denied execution of stop.   Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.44+dfsg-5+deb9u2... done.   Creating initial configuration... done.   Creating LDAP directory... done. invoke-rc.d: could not determine current runlevel invoke-rc.d: policy-rc.d denied execution of start. Start OpenLDAP... Waiting for OpenLDAP to start... Add bootstrap schemas... config file testing succeeded Add image bootstrap ldif... Add custom bootstrap ldif... Disable replication config... Stop OpenLDAP... Remove config files... First start is done...
*** Set environment for container process
*** Remove file /container/environment/99-default/default.startup.yaml
*** Environment files will be proccessed in this order :  Caution: previously defined variables will not be overriden. /container/environment/99-default/default.yaml
To see how this files are processed and environment variables values, run this container with '--loglevel debug'
*** Running /container/run/process/slapd/run...
*** Running --loglevel debug...
*** --loglevel debug exited with status 127.
*** Shutting down /container/run/process/slapd/run (PID 414)...
*** Killing all processes...

When I try to start an osixia/openldap:1.4.0 container in k8s, I get the error message above. The manifest file:

...
    containers:
        - name: ldap
          image: osixia/openldap:1.4.0
          #args: ["--copy-service","--loglevel warning"]
          args: ["--loglevel debug"]
          ports:
          - containerPort: 389
          env:
            - name: LDAP_ADMIN_PASSWORD
              value: "admin"
            - name: LDAP_TLS
              value: "false"
            - name: LDAP_ORGANISATION
              value: "My Company"
            - name: LDAP_DOMAIN
              name: "mycompany.io"

When I add db and config volumes, I get a different error message:

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/process/slapd/run...
5f841fca @(#) $OpenLDAP: slapd 2.4.50+dfsg-1~bpo10+1 (May  4 2020 05:25:06) $
    Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
5f841fca daemon: listen URL "ldap://ldap:tcp://10.100.225.153:389" parse error=5
5f841fca slapd stopped.
5f841fca connections_destroy: nothing to destroy.
*** /container/run/process/slapd/run exited with status 1
*** Killing all processes...

Any idea what is wrong? Thanks a lot.

I'm not familiar with that docker image, but the message `First start is done` indicates to me that there is nothing wrong with your config, except that you don't have any persistant storage in that container. That would result in a first start every time you start the container. Add persistent storage [as documented](https://github.com/osixia/docker-openldap#create-new-ldap-server) and it could work the next time you start the container. — Gerald Schneider, Oct 12 '20 at 08:10
Please don't add any additional information in comments, edit your question instead. The stuff is unreadable in the comments. — Gerald Schneider, Oct 12 '20 at 09:28
This was originally asked on stackoverflow and someone there promised a solution so I am waiting for him now. It is probably k8s manifest file problem. — Gábor Varga, Oct 12 '20 at 09:51

score 1 · Answer 1 · answered Oct 12 '20 at 10:06

1

I think you hit this issue: https://github.com/osixia/docker-openldap/issues/457

Quote from there:

It happens because you named your service LDAP and kubernetes automatically creates LDAP_PORT and number of other environment variables.

And LDAP_PORT collides with this docker image conventions.

The solution: don't name your container ldap, choose a different name.

answered Oct 12 '20 at 10:06

Gerald Schneider

23,274
8
57
89

1

This was the last issue. Thanks a lot. – Gábor Varga Oct 12 '20 at 11:05

score 0 · Answer 2 · answered Oct 12 '20 at 09:51

0

The answer is in this line:

*** --loglevel debug exited with status 127.

Exit status 127 basically means command not found.

You need to correct one line in your yaml file. Instead of:

args: ["--loglevel debug"]

it should be:

args: ["--loglevel", "debug"]

and it will work perfectly fine.

answered Oct 12 '20 at 09:51

mario

585
3
8

Thanks, error status 127 now disappeared. Now I have the parsing error again - I tried the deployment without args as well so I faced this problem before: parse error=5 Any hint about this? The url is obviouosly wrong: "ldap://ldap:tcp://10.100.225.153:389", the IP is ldap service IP., ldap is the pod's hostname (so it can be changed). – Gábor Varga Oct 12 '20 at 10:03
ok, I need more information on what you're exactly configuring so I can reproduce it. Can you post your entire yaml ? And running it with suggested `--loglevel debug` flag doesn't give any more specific information ? – mario Oct 12 '20 at 11:27
1

See the issue mentioned by Gerald below. You can not use the service name "ldap" in k8s. ;) – Gábor Varga Oct 13 '20 at 12:28

How to start openldap in k8s?

2 Answers2