[GeoNetwork-users] LDAP configuration for Geonetwork 4.0.6 in Kubernetes

Pierpaolo_Culurciell · March 22, 2022, 11:28am

Dear all,

I am trying to migrate a Kubernetes GeoNetwork deployment from 3.10.6 to 4.0.6.
When using 3.106 version I just configured a couple of configmaps for all the modified config files (config-security.xml, config-security-ldap-recursive.xml, web.xml) and mount them at the proper path, here's the kubernetes manifest part used for this:

...
       volumeMounts:
             - mountPath: /var/lib/geonetwork_data
               name: geonetwork-data
             - mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security.xml
               name: geonetwork-sec-conf
               subPath: config-security.xml
             - mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security-ldap-recursive.xml
               name: geonetwork-ldap-conf
               subPath: config-security-ldap-recursive.xml
             - mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/web.xml
               name: geonetwork-webxml
...
    volumes:
         - name: geonetwork-sec-conf
           configMap:
             name: geonetwork-sec-config
         - name: geonetwork-ldap-conf
           configMap:
             name: geonetwork-ldap-config
         - name: geonetwork-webxml
           configMap:
             name: geonetwork-webxml-cmap
...

when I tried to use the same configuration fro Geonetwork-4.0.6 I saw the folowing errors in container logs:

....
2022-03-22 10:46:18,659 ERROR [jeeves] - JeevesContextLoaderListener: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:342)
...

So I decided to build a custom image slightly modifying GeoNetwork 4.0.6 Dockerfile and copying the modified configuration files just before runnign the command "java -jar /usr/local/jetty/start.jar".
Here's my modification to the Dockerfile:

...
USER jetty
ENV GN_FILE geonetwork.war
ENV GN_VERSION 4.0.6
ENV GN_DOWNLOAD_MD5 793732cb9c723e73857a4da73b78451b

RUN cd /var/lib/jetty/webapps/geonetwork/ && \
      curl -fSL -o geonetwork.war \
      https://sourceforge.net/projects/geonetwork/files/GeoNetwork_opensource/v$\{GN\_VERSION\}/$\{GN\_FILE\}/download && \
      echo "${GN_DOWNLOAD_MD5} *geonetwork.war" | md5sum -c && \
      unzip -q geonetwork.war && \
      rm geonetwork.war

COPY ./docker-entrypoint.sh /geonetwork-entrypoint.sh
COPY ./configs/config-security/* /var/lib/jetty/webapps/geonetwork/WEB-INF/config-security/
COPY ./configs/web.xml /var/lib/jetty/webapps/geonetwork/WEB-INF/web.xml

ENTRYPOINT ["/geonetwork-entrypoint.sh"]
CMD ["java","-jar","/usr/local/jetty/start.jar"]

VOLUME [ "${DATA_DIR}" ]
...

I then removed from the Kubernetes GeoNetwork deployment manifest file the lines above that mount the configmaps for LDAP and web.xml, since they are now replaced by the COPY commands in Dockerfile.
Anyway when I start the container I still see the same ERRORS as above.
Does anybody of you know how to run GeoNetwork 4.0.6 in Kubernetes with modified config files?

Best regards,
Pierpaolo

Jean_Pommier · March 22, 2022, 12:02pm

Hi Pierpaolo,

From the logs, it looks like the issue is not with k8s but with your xml configuration. Can you share your custom config files ?

Best,

Jean

*Jean Pommier -- pi-Geosolutions*

Ingénieur, consultant indépendant

Tél. : (+33) 6 09 23 21 36
E-mail : jp@anonymised.com
Web : www.pi-geosolutions.fr

Le 22/03/2022 à 12:28, Pierpaolo Culurciello via GeoNetwork-users a écrit :

Dear all,

I am trying to migrate a Kubernetes GeoNetwork deployment from 3.10.6 to 4.0.6.
When using 3.106 version I just configured a couple of configmaps for all the modified config files (config-security.xml, config-security-ldap-recursive.xml, web.xml) and mount them at the proper path, here's the kubernetes manifest part used for this:

...
volumeMounts:
- mountPath: /var/lib/geonetwork_data
name: geonetwork-data
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security.xml
name: geonetwork-sec-conf
subPath: config-security.xml
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security-ldap-recursive.xml
name: geonetwork-ldap-conf
subPath: config-security-ldap-recursive.xml
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/web.xml
name: geonetwork-webxml
...
volumes:
- name: geonetwork-sec-conf
configMap:
name: geonetwork-sec-config
- name: geonetwork-ldap-conf
configMap:
name: geonetwork-ldap-config
- name: geonetwork-webxml
configMap:
name: geonetwork-webxml-cmap
...

when I tried to use the same configuration fro Geonetwork-4.0.6 I saw the folowing errors in container logs:

....
2022-03-22 10:46:18,659 ERROR [jeeves] - JeevesContextLoaderListener: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:342)
...

So I decided to build a custom image slightly modifying GeoNetwork 4.0.6 Dockerfile and copying the modified configuration files just before runnign the command "java -jar /usr/local/jetty/start.jar".
Here's my modification to the Dockerfile:

...
USER jetty
ENV GN_FILE geonetwork.war
ENV GN_VERSION 4.0.6
ENV GN_DOWNLOAD_MD5 793732cb9c723e73857a4da73b78451b

RUN cd /var/lib/jetty/webapps/geonetwork/ && \
curl -fSL -o geonetwork.war \
https://sourceforge.net/projects/geonetwork/files/GeoNetwork_opensource/v$\{GN\_VERSION\}/$\{GN\_FILE\}/download && \
echo "${GN_DOWNLOAD_MD5} *geonetwork.war" | md5sum -c && \
unzip -q geonetwork.war && \
rm geonetwork.war

COPY ./docker-entrypoint.sh /geonetwork-entrypoint.sh
COPY ./configs/config-security/* /var/lib/jetty/webapps/geonetwork/WEB-INF/config-security/
COPY ./configs/web.xml /var/lib/jetty/webapps/geonetwork/WEB-INF/web.xml

ENTRYPOINT ["/geonetwork-entrypoint.sh"]
CMD ["java","-jar","/usr/local/jetty/start.jar"]

VOLUME [ "${DATA_DIR}" ]
...

I then removed from the Kubernetes GeoNetwork deployment manifest file the lines above that mount the configmaps for LDAP and web.xml, since they are now replaced by the COPY commands in Dockerfile.
Anyway when I start the container I still see the same ERRORS as above.
Does anybody of you know how to run GeoNetwork 4.0.6 in Kubernetes with modified config files?

Best regards,
Pierpaolo

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

Pierpaolo_Culurciell · March 23, 2022, 6:38am

Hi Jean Pommier,

and many thanks for your quick reply!
Sure, I can share my config files with you.
I modified them following the guide for LDAP on version 3.110.x (https://geonetwork-opensource.org/manuals/3.10.x/en/administrator-guide/managing-users-and-groups/authentication-mode.html#authentication-ldap-hierarchy).
The first one is config-security.xml, in wich, as per the guide, I just enabled the ldap-recursive module:

. . . . . .

</beans>
. . . . . . . .

And here you are the config-security-ldap-recursive.xml file:

. . . . . . . .

</beans>
pierpaolo@anonymised.com:~/work/k8s/geonetwork/production$ cat config-security/config-security-ldap-recursive.xml
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:util="http://www.springframework.org/schema/util"
        xmlns="http://www.springframework.org/schema/beans"
        xsi:schemaLocation="
          http://www.springframework.org/schema/beans/spring-beans.xsd
          http://www.springframework.org/schema/util/spring-util.xsd
          http://www.springframework.org/schema/data/jpa/spring-jpa-1.3.xsd
          http://www.springframework.org/schema/context/spring-context-3.0.xsd
        ">

<bean id="ldapAuthenticationProviderPostProcessor"
         class="jeeves.config.springutil.AddAuthenticationProviderPostProcessor">
     <constructor-arg ref="ldapAuthProvider"/>
   </bean>

<bean id="contextSource"
         class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
     <constructor-arg value="ldap://ldap.ve.ismar.cnr.it:389/dc=ismar,dc=cnr,dc=it"/>
     
     <property name="userDn" value="cn=XXXXXXX,cn=XXXXXXX,dc=ismar,dc=cnr,dc=it"/>
     <property name="password" value="XXXXXXXXXXXX"/>
   </bean>

</beans>
. . . . . . . . . . . . .

Hope it will help to resolve my issue.

Cheers,
Pierpaolo

Quoting Jean Pommier via GeoNetwork-users <geonetwork-users@lists.sourceforge.net>:

Hi Pierpaolo,

From the logs, it looks like the issue is not with k8s but with your xml configuration. Can you share your custom config files ?

Best,

Jean

*Jean Pommier -- pi-Geosolutions*

Ingénieur, consultant indépendant

Tél. : (+33) 6 09 23 21 36
E-mail : jp@anonymised.com
Web : www.pi-geosolutions.fr

Le 22/03/2022 à 12:28, Pierpaolo Culurciello via GeoNetwork-users a écrit :

Dear all,

I am trying to migrate a Kubernetes GeoNetwork deployment from 3.10.6 to 4.0.6.
When using 3.106 version I just configured a couple of configmaps for all the modified config files (config-security.xml, config-security-ldap-recursive.xml, web.xml) and mount them at the proper path, here's the kubernetes manifest part used for this:

...
volumeMounts:
- mountPath: /var/lib/geonetwork_data
name: geonetwork-data
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security.xml
name: geonetwork-sec-conf
subPath: config-security.xml
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security-ldap-recursive.xml
name: geonetwork-ldap-conf
subPath: config-security-ldap-recursive.xml
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/web.xml
name: geonetwork-webxml
...
volumes:
- name: geonetwork-sec-conf
configMap:
name: geonetwork-sec-config
- name: geonetwork-ldap-conf
configMap:
name: geonetwork-ldap-config
- name: geonetwork-webxml
configMap:
name: geonetwork-webxml-cmap
...

when I tried to use the same configuration fro Geonetwork-4.0.6 I saw the folowing errors in container logs:

....
2022-03-22 10:46:18,659 ERROR [jeeves] - JeevesContextLoaderListener: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:342)
...

So I decided to build a custom image slightly modifying GeoNetwork 4.0.6 Dockerfile and copying the modified configuration files just before runnign the command "java -jar /usr/local/jetty/start.jar".
Here's my modification to the Dockerfile:

...
USER jetty
ENV GN_FILE geonetwork.war
ENV GN_VERSION 4.0.6
ENV GN_DOWNLOAD_MD5 793732cb9c723e73857a4da73b78451b

RUN cd /var/lib/jetty/webapps/geonetwork/ && \
curl -fSL -o geonetwork.war \
https://sourceforge.net/projects/geonetwork/files/GeoNetwork_opensource/v$\{GN\_VERSION\}/$\{GN\_FILE\}/download && \
echo "${GN_DOWNLOAD_MD5} *geonetwork.war" | md5sum -c && \
unzip -q geonetwork.war && \
rm geonetwork.war

COPY ./docker-entrypoint.sh /geonetwork-entrypoint.sh
COPY ./configs/config-security/* /var/lib/jetty/webapps/geonetwork/WEB-INF/config-security/
COPY ./configs/web.xml /var/lib/jetty/webapps/geonetwork/WEB-INF/web.xml

ENTRYPOINT ["/geonetwork-entrypoint.sh"]
CMD ["java","-jar","/usr/local/jetty/start.jar"]

VOLUME [ "${DATA_DIR}" ]
...

I then removed from the Kubernetes GeoNetwork deployment manifest file the lines above that mount the configmaps for LDAP and web.xml, since they are now replaced by the COPY commands in Dockerfile.
Anyway when I start the container I still see the same ERRORS as above.
Does anybody of you know how to run GeoNetwork 4.0.6 in Kubernetes with modified config files?

Best regards,
Pierpaolo

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

Jean_Pommier · March 23, 2022, 3:39pm

Hi Pierpaolo,

Sorry, I've compared with a config file I had, that works on a GN 4.0.3, and they look similar, couldn't find a clue.

Wishing you luck in your investigations

Jean

*Jean Pommier -- pi-Geosolutions*

Ingénieur, consultant indépendant

Tél. : (+33) 6 09 23 21 36
E-mail : jp@anonymised.com
Web : www.pi-geosolutions.fr

Le 23/03/2022 à 07:38, Pierpaolo Culurciello via GeoNetwork-users a écrit :

Hi Jean Pommier,

and many thanks for your quick reply!
Sure, I can share my config files with you.
I modified them following the guide for LDAP on version 3.110.x (https://geonetwork-opensource.org/manuals/3.10.x/en/administrator-guide/managing-users-and-groups/authentication-mode.html#authentication-ldap-hierarchy).
The first one is config-security.xml, in wich, as per the guide, I just enabled the ldap-recursive module:

. . . . . .


<beans
xmlns:ctx="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
xmlns="http://www.springframework.org/schema/beans">

<import resource="config-security-core.xml"/>
<import resource="config-security-mapping.xml"/>

<import resource="config-security-ldap-recursive.xml"/>





<ctx:property-placeholder location="WEB-INF/config-security/config-security.properties"
file-encoding="UTF-8" ignore-unresolvable="true" order="100"/>

</beans>
. . . . . . . .

And here you are the config-security-ldap-recursive.xml file:

. . . . . . . .


<beans
xmlns:ctx="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
xmlns="http://www.springframework.org/schema/beans">

<import resource="config-security-core.xml"/>
<import resource="config-security-mapping.xml"/>

<import resource="config-security-ldap-recursive.xml"/>





<ctx:property-placeholder location="WEB-INF/config-security/config-security.properties"
file-encoding="UTF-8" ignore-unresolvable="true" order="100"/>

</beans>
pierpaolo@anonymised.com:~/work/k8s/geonetwork/production$ cat config-security/config-security-ldap-recursive.xml
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xmlns="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/data/jpa/spring-jpa-1.3.xsd
http://www.springframework.org/schema/context/spring-context-3.0.xsd
">



<bean id="ldapRoleConverterGroupNameParser"
class="org.fao.geonet.kernel.security.ldap.LDAPRoleConverterGroupNameParser">
<property name="ldapMembershipQueryParser" value="GCAT_(.*)_(.*)"/>
<property name="groupIndexInPattern" value="1"/>
<property name="profileIndexInPattern" value="2"/>
<property name="profileMapping">
<map>
<entry key="ADMIN" value="Administrator"/>
<entry key="EDITOR" value="Editor"/>
</map>
</property>
</bean>


<bean id="ldapAuthenticationProviderPostProcessor"
class="jeeves.config.springutil.AddAuthenticationProviderPostProcessor">
<constructor-arg ref="ldapAuthProvider"/>
</bean>


<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://ldap.ve.ismar.cnr.it:389/dc=ismar,dc=cnr,dc=it"/>

<property name="userDn" value="cn=XXXXXXX,cn=XXXXXXX,dc=ismar,dc=cnr,dc=it"/>
<property name="password" value="XXXXXXXXXXXX"/>
</bean>

<bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg name="searchBase" value="ou=people"/>
<constructor-arg name="searchFilter" value="(uid={0})"/>
<constructor-arg name="contextSource" ref="contextSource"/>
&lt;property name=&quot;searchSubtree&quot; value=&quot;true&quot;/&gt;
</bean>

<bean id="usernameMapper"
class="org.fao.geonet.kernel.security.ldap.SearchingLdapUsernameToDnMapper">
<property name="ldapContextSource" ref="contextSource"/>
<property name="ldapUserSearch" ref="ldapUserSearch"/>
</bean>

<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userSearch" ref="ldapUserSearch"/>
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="ldapUserContextMapper"/>
</bean>

<bean id="ldapUserDetailsService"
class="org.fao.geonet.kernel.security.ldap.LdapUserDetailsManager">
<constructor-arg ref="contextSource"/>
<constructor-arg name="groupMemberAttributeName"
value="cn"/>
<constructor-arg name="query"
value="mail={1}"/>
<property name="groupSearchBase"
value="ou=groups,ou=ve,dc=ismar,dc=cnr,dc=it"/>
<property name="usernameMapper" ref="usernameMapper"/>
<property name="userDetailsMapper" ref="ldapUserContextMapper"/>
</bean>

<bean id="ldapUtils" class="org.fao.geonet.kernel.security.ldap.LDAPUtils"/>

<bean id="ldapUserContextMapper" class="org.fao.geonet.kernel.security.ldap.LDAPUserDetailsContextMapperWithProfileSearchEnhanced">
<property name="mapping">
<map>
<entry key="name" value="givenName,"/>
<entry key="surname" value="sn,"/>
<entry key="mail" value="mail,"/>
<entry key="organisation" value="o,"/>
<entry key="address" value=","/>
<entry key="zip" value=","/>
<entry key="state" value=","/>
<entry key="city" value=","/>
<entry key="country" value=","/>
    &lt;entry key=&quot;profile&quot; value=&quot;,RegisteredUser&quot;/&gt;
    &lt;entry key=&quot;privilege&quot; value=&quot;,none&quot;/&gt;
  &lt;/map&gt;
&lt;/property&gt;
&lt;property name=&quot;profileMapping&quot;&gt;
  &lt;map/&gt;
&lt;/property&gt;
&lt;property name=&quot;ldapUtils&quot; ref=&quot;ldapUtils&quot;/&gt;
&lt;property name=&quot;importPrivilegesFromLdap&quot; value=&quot;true&quot;/&gt;
&lt;\!\-\- typically, don&#39;t want GN to modify the LDAP server\! \-\-&gt;
&lt;property name=&quot;createNonExistingLdapGroup&quot; value=&quot;false&quot; /&gt;
&lt;property name=&quot;createNonExistingLdapUser&quot; value=&quot;false&quot; /&gt;

&lt;property name=&quot;ldapManager&quot; ref=&quot;ldapUserDetailsService&quot; /&gt;

&lt;property name=&quot;membershipSearchStartObject&quot; value=&quot;&quot;/&gt;
&lt;property name=&quot;ldapMembershipQuery&quot; value=&quot;$&amp;amp;\(objectClass=groupOfUniqueNames$$uniquemember=\{2\}$$cn=GCAT\_\*$\)&quot;/&gt;

&lt;property name=&quot;ldapRoleConverters&quot;&gt;
  &lt;util:list&gt;
    &lt;ref bean=&quot;ldapRoleConverterGroupNameParser&quot;/&gt;
  &lt;/util:list&gt;
&lt;/property&gt;

&lt;property name=&quot;contextSource&quot; ref=&quot;contextSource&quot; /&gt;
</bean>

</beans>
. . . . . . . . . . . . .

Hope it will help to resolve my issue.

Cheers,
Pierpaolo

Quoting Jean Pommier via GeoNetwork-users <geonetwork-users@lists.sourceforge.net>:

Hi Pierpaolo,

From the logs, it looks like the issue is not with k8s but with your xml configuration. Can you share your custom config files ?

Best,

Jean

*Jean Pommier -- pi-Geosolutions*

Ingénieur, consultant indépendant

Tél. : (+33) 6 09 23 21 36
E-mail : jp@anonymised.com
Web : www.pi-geosolutions.fr

Le 22/03/2022 à 12:28, Pierpaolo Culurciello via GeoNetwork-users a écrit :

Dear all,

I am trying to migrate a Kubernetes GeoNetwork deployment from 3.10.6 to 4.0.6.
When using 3.106 version I just configured a couple of configmaps for all the modified config files (config-security.xml, config-security-ldap-recursive.xml, web.xml) and mount them at the proper path, here's the kubernetes manifest part used for this:

...
volumeMounts:
- mountPath: /var/lib/geonetwork_data
name: geonetwork-data
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security.xml
name: geonetwork-sec-conf
subPath: config-security.xml
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security-ldap-recursive.xml
name: geonetwork-ldap-conf
subPath: config-security-ldap-recursive.xml
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/web.xml
name: geonetwork-webxml
...
volumes:
- name: geonetwork-sec-conf
configMap:
name: geonetwork-sec-config
- name: geonetwork-ldap-conf
configMap:
name: geonetwork-ldap-config
- name: geonetwork-webxml
configMap:
name: geonetwork-webxml-cmap
...

when I tried to use the same configuration fro Geonetwork-4.0.6 I saw the folowing errors in container logs:

....
2022-03-22 10:46:18,659 ERROR [jeeves] - JeevesContextLoaderListener: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:342)
...

So I decided to build a custom image slightly modifying GeoNetwork 4.0.6 Dockerfile and copying the modified configuration files just before runnign the command "java -jar /usr/local/jetty/start.jar".
Here's my modification to the Dockerfile:

...
USER jetty
ENV GN_FILE geonetwork.war
ENV GN_VERSION 4.0.6
ENV GN_DOWNLOAD_MD5 793732cb9c723e73857a4da73b78451b

RUN cd /var/lib/jetty/webapps/geonetwork/ && \
curl -fSL -o geonetwork.war \
https://sourceforge.net/projects/geonetwork/files/GeoNetwork_opensource/v$\{GN\_VERSION\}/$\{GN\_FILE\}/download && \
echo "${GN_DOWNLOAD_MD5} *geonetwork.war" | md5sum -c && \
unzip -q geonetwork.war && \
rm geonetwork.war

COPY ./docker-entrypoint.sh /geonetwork-entrypoint.sh
COPY ./configs/config-security/* /var/lib/jetty/webapps/geonetwork/WEB-INF/config-security/
COPY ./configs/web.xml /var/lib/jetty/webapps/geonetwork/WEB-INF/web.xml

ENTRYPOINT ["/geonetwork-entrypoint.sh"]
CMD ["java","-jar","/usr/local/jetty/start.jar"]

VOLUME [ "${DATA_DIR}" ]
...

I then removed from the Kubernetes GeoNetwork deployment manifest file the lines above that mount the configmaps for LDAP and web.xml, since they are now replaced by the COPY commands in Dockerfile.
Anyway when I start the container I still see the same ERRORS as above.
Does anybody of you know how to run GeoNetwork 4.0.6 in Kubernetes with modified config files?

Best regards,
Pierpaolo

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

Pierpaolo_Culurciell · March 25, 2022, 11:17am

Hi Jean Pommier,

I finally managed to start the GeoNetwork deployment on Kubernetes, the problem was not related to LDAP configuration, simply the "GEONETWORK_DB_HOST" env variable was not correct and so the connection to the postgis database failed.
The weird part of the problem was that the logs did not mention at all problems in database connection, so before spotting the problem I had to modify the k8s deployment yaml file and eliminate all the volumemounts statements in order to have a blank installation. Only then I realized that the problem was somewhere else...

Thank you for your support anyway!
Pierpaolo

Quoting Jean Pommier via GeoNetwork-users <geonetwork-users@lists.sourceforge.net>:

Hi Pierpaolo,

Sorry, I've compared with a config file I had, that works on a GN 4.0.3, and they look similar, couldn't find a clue.

Wishing you luck in your investigations

Jean

*Jean Pommier -- pi-Geosolutions*

Ingénieur, consultant indépendant

Tél. : (+33) 6 09 23 21 36
E-mail : jp@anonymised.com
Web : www.pi-geosolutions.fr

Le 23/03/2022 à 07:38, Pierpaolo Culurciello via GeoNetwork-users a écrit :
Hi Jean Pommier,

and many thanks for your quick reply!
Sure, I can share my config files with you.
I modified them following the guide for LDAP on version 3.110.x (https://geonetwork-opensource.org/manuals/3.10.x/en/administrator-guide/managing-users-and-groups/authentication-mode.html#authentication-ldap-hierarchy).
The first one is config-security.xml, in wich, as per the guide, I just enabled the ldap-recursive module:

. . . . . .


<beans
xmlns:ctx="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
xmlns="http://www.springframework.org/schema/beans">

<import resource="config-security-core.xml"/>
<import resource="config-security-mapping.xml"/>

<import resource="config-security-ldap-recursive.xml"/>





<ctx:property-placeholder location="WEB-INF/config-security/config-security.properties"
file-encoding="UTF-8" ignore-unresolvable="true" order="100"/>

</beans>
. . . . . . . .

And here you are the config-security-ldap-recursive.xml file:

. . . . . . . .


<beans
xmlns:ctx="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
xmlns="http://www.springframework.org/schema/beans">

<import resource="config-security-core.xml"/>
<import resource="config-security-mapping.xml"/>

<import resource="config-security-ldap-recursive.xml"/>





<ctx:property-placeholder location="WEB-INF/config-security/config-security.properties"
file-encoding="UTF-8" ignore-unresolvable="true" order="100"/>

</beans>
pierpaolo@anonymised.com:~/work/k8s/geonetwork/production$ cat config-security/config-security-ldap-recursive.xml
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xmlns="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/data/jpa/spring-jpa-1.3.xsd
http://www.springframework.org/schema/context/spring-context-3.0.xsd
">



<bean id="ldapRoleConverterGroupNameParser"
class="org.fao.geonet.kernel.security.ldap.LDAPRoleConverterGroupNameParser">
<property name="ldapMembershipQueryParser" value="GCAT_(.*)_(.*)"/>
<property name="groupIndexInPattern" value="1"/>
<property name="profileIndexInPattern" value="2"/>
<property name="profileMapping">
<map>
<entry key="ADMIN" value="Administrator"/>
<entry key="EDITOR" value="Editor"/>
</map>
</property>
</bean>


<bean id="ldapAuthenticationProviderPostProcessor"
class="jeeves.config.springutil.AddAuthenticationProviderPostProcessor">
<constructor-arg ref="ldapAuthProvider"/>
</bean>


<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://ldap.ve.ismar.cnr.it:389/dc=ismar,dc=cnr,dc=it"/>

<property name="userDn" value="cn=XXXXXXX,cn=XXXXXXX,dc=ismar,dc=cnr,dc=it"/>
<property name="password" value="XXXXXXXXXXXX"/>
</bean>

<bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg name="searchBase" value="ou=people"/>
<constructor-arg name="searchFilter" value="(uid={0})"/>
<constructor-arg name="contextSource" ref="contextSource"/>
&lt;property name=&quot;searchSubtree&quot; value=&quot;true&quot;/&gt;
</bean>

<bean id="usernameMapper"
class="org.fao.geonet.kernel.security.ldap.SearchingLdapUsernameToDnMapper">
<property name="ldapContextSource" ref="contextSource"/>
<property name="ldapUserSearch" ref="ldapUserSearch"/>
</bean>

<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userSearch" ref="ldapUserSearch"/>
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="ldapUserContextMapper"/>
</bean>

<bean id="ldapUserDetailsService"
class="org.fao.geonet.kernel.security.ldap.LdapUserDetailsManager">
<constructor-arg ref="contextSource"/>
<constructor-arg name="groupMemberAttributeName"
value="cn"/>
<constructor-arg name="query"
value="mail={1}"/>
<property name="groupSearchBase"
value="ou=groups,ou=ve,dc=ismar,dc=cnr,dc=it"/>
<property name="usernameMapper" ref="usernameMapper"/>
<property name="userDetailsMapper" ref="ldapUserContextMapper"/>
</bean>

<bean id="ldapUtils" class="org.fao.geonet.kernel.security.ldap.LDAPUtils"/>

<bean id="ldapUserContextMapper" class="org.fao.geonet.kernel.security.ldap.LDAPUserDetailsContextMapperWithProfileSearchEnhanced">
<property name="mapping">
<map>
<entry key="name" value="givenName,"/>
<entry key="surname" value="sn,"/>
<entry key="mail" value="mail,"/>
<entry key="organisation" value="o,"/>
<entry key="address" value=","/>
<entry key="zip" value=","/>
<entry key="state" value=","/>
<entry key="city" value=","/>
<entry key="country" value=","/>
    &lt;entry key=&quot;profile&quot; value=&quot;,RegisteredUser&quot;/&gt;
    &lt;entry key=&quot;privilege&quot; value=&quot;,none&quot;/&gt;
  &lt;/map&gt;
&lt;/property&gt;
&lt;property name=&quot;profileMapping&quot;&gt;
  &lt;map/&gt;
&lt;/property&gt;
&lt;property name=&quot;ldapUtils&quot; ref=&quot;ldapUtils&quot;/&gt;
&lt;property name=&quot;importPrivilegesFromLdap&quot; value=&quot;true&quot;/&gt;
&lt;\!\-\- typically, don&#39;t want GN to modify the LDAP server\! \-\-&gt;
&lt;property name=&quot;createNonExistingLdapGroup&quot; value=&quot;false&quot; /&gt;
&lt;property name=&quot;createNonExistingLdapUser&quot; value=&quot;false&quot; /&gt;

&lt;property name=&quot;ldapManager&quot; ref=&quot;ldapUserDetailsService&quot; /&gt;

&lt;property name=&quot;membershipSearchStartObject&quot; value=&quot;&quot;/&gt;
&lt;property name=&quot;ldapMembershipQuery&quot; value=&quot;$&amp;amp;\(objectClass=groupOfUniqueNames$$uniquemember=\{2\}$$cn=GCAT\_\*$\)&quot;/&gt;

&lt;property name=&quot;ldapRoleConverters&quot;&gt;
  &lt;util:list&gt;
    &lt;ref bean=&quot;ldapRoleConverterGroupNameParser&quot;/&gt;
  &lt;/util:list&gt;
&lt;/property&gt;

&lt;property name=&quot;contextSource&quot; ref=&quot;contextSource&quot; /&gt;
</bean>

</beans>
. . . . . . . . . . . . .

Hope it will help to resolve my issue.

Cheers,
Pierpaolo

Quoting Jean Pommier via GeoNetwork-users <geonetwork-users@lists.sourceforge.net>:

Hi Pierpaolo,

From the logs, it looks like the issue is not with k8s but with your xml configuration. Can you share your custom config files ?

Best,

Jean

*Jean Pommier -- pi-Geosolutions*

Ingénieur, consultant indépendant

Tél. : (+33) 6 09 23 21 36
E-mail : jp@anonymised.com
Web : www.pi-geosolutions.fr

Le 22/03/2022 à 12:28, Pierpaolo Culurciello via GeoNetwork-users a écrit :

Dear all,

I am trying to migrate a Kubernetes GeoNetwork deployment from 3.10.6 to 4.0.6.
When using 3.106 version I just configured a couple of configmaps for all the modified config files (config-security.xml, config-security-ldap-recursive.xml, web.xml) and mount them at the proper path, here's the kubernetes manifest part used for this:

...
volumeMounts:
- mountPath: /var/lib/geonetwork_data
name: geonetwork-data
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security.xml
name: geonetwork-sec-conf
subPath: config-security.xml
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/config-security/config-security-ldap-recursive.xml
name: geonetwork-ldap-conf
subPath: config-security-ldap-recursive.xml
- mountPath: /usr/local/tomcat/webapps/geonetwork/WEB-INF/web.xml
name: geonetwork-webxml
...
volumes:
- name: geonetwork-sec-conf
configMap:
name: geonetwork-sec-config
- name: geonetwork-ldap-conf
configMap:
name: geonetwork-ldap-config
- name: geonetwork-webxml
configMap:
name: geonetwork-webxml-cmap
...

when I tried to use the same configuration fro Geonetwork-4.0.6 I saw the folowing errors in container logs:

....
2022-03-22 10:46:18,659 ERROR [jeeves] - JeevesContextLoaderListener: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthenticationProviderPostProcessor' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapAuthProvider' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthProvider' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUserContextMapper' while setting bean property 'userDetailsContextMapper'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserContextMapper' defined in ServletContext resource [/WEB-INF/config-security/config-security-ldap-recursive.xml]: Cannot resolve reference to bean 'ldapUtils' while setting bean property 'ldapUtils'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUtils': Injection of persistence dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in URL [jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory; nested exception is org.hibernate.exception.GenericJDBCException: Unable to open JDBC Connection for DDL execution
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:342)
...

So I decided to build a custom image slightly modifying GeoNetwork 4.0.6 Dockerfile and copying the modified configuration files just before runnign the command "java -jar /usr/local/jetty/start.jar".
Here's my modification to the Dockerfile:

...
USER jetty
ENV GN_FILE geonetwork.war
ENV GN_VERSION 4.0.6
ENV GN_DOWNLOAD_MD5 793732cb9c723e73857a4da73b78451b

RUN cd /var/lib/jetty/webapps/geonetwork/ && \
curl -fSL -o geonetwork.war \
https://sourceforge.net/projects/geonetwork/files/GeoNetwork_opensource/v$\{GN\_VERSION\}/$\{GN\_FILE\}/download && \
echo "${GN_DOWNLOAD_MD5} *geonetwork.war" | md5sum -c && \
unzip -q geonetwork.war && \
rm geonetwork.war

COPY ./docker-entrypoint.sh /geonetwork-entrypoint.sh
COPY ./configs/config-security/* /var/lib/jetty/webapps/geonetwork/WEB-INF/config-security/
COPY ./configs/web.xml /var/lib/jetty/webapps/geonetwork/WEB-INF/web.xml

ENTRYPOINT ["/geonetwork-entrypoint.sh"]
CMD ["java","-jar","/usr/local/jetty/start.jar"]

VOLUME [ "${DATA_DIR}" ]
...

I then removed from the Kubernetes GeoNetwork deployment manifest file the lines above that mount the configmaps for LDAP and web.xml, since they are now replaced by the COPY commands in Dockerfile.
Anyway when I start the container I still see the same ERRORS as above.
Does anybody of you know how to run GeoNetwork 4.0.6 in Kubernetes with modified config files?

Best regards,
Pierpaolo

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

Juan_Luis_Rodriguez · March 25, 2022, 4:31pm

On Fri, Mar 25, 2022 at 12:18 PM Pierpaolo Culurciello via GeoNetwork-users
<geonetwork-users@lists.sourceforge.net> wrote:

Hi Jean Pommier,

I finally managed to start the GeoNetwork deployment on Kubernetes,
the problem was not related to LDAP configuration, simply the
"GEONETWORK_DB_HOST" env variable was not correct and so the
connection to the postgis database failed.
The weird part of the problem was that the logs did not mention at all
problems in database connection, so before spotting the problem I had
to modify the k8s deployment yaml file and eliminate all the
volumemounts statements in order to have a blank installation. Only
then I realized that the problem was somewhere else...

Just as a note that's exactly what the error log says, that it can't
connect to the database:

[jar:file:/var/lib/jetty/webapps/geonetwork/WEB-INF/lib/gn-domain-4.0.6-0.jar!/config-spring-geonetwork.xml]:
Invocation of init method failed; nested exception is
javax.persistence.PersistenceException: [PersistenceUnit: default] Unable
to build Hibernate SessionFactory; nested exception is
org.hibernate.exception.GenericJDBCException: Unable to open JDBC
Connection for DDL
execution

--

*Vriendelijke groeten / Kind regards,Juan Luis Rodríguez.
<http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
(0)318 416664 <+31318416664>Please consider the environment before printing
this email.*