# # apacheds # class plnxtools::apacheds( $ads_shutdown_port = 0, $appname = "apacheds", $ads_instances = "/var/apacheds", $ads_logdir = "/var/log/$appname", $java_home = $plnxtools::java_home ) inherits ::plnxtools { $ads_home = "$opt_dir/$appname" file {"opt_plnx_ads": path => "$opt_dir/plnxtools/ads", ensure => directory } package {"openldap-client": ensure => installed } plnxtools::install{$appname: sourcedir => "https://downloads.apache.org/directory/apacheds/dist/2.0.0.AM26", distfile => "apacheds-2.0.0.AM26.tar.gz", dirname => "apacheds-2.0.0.AM26", require => Class['::plnxtools'], }-> file {"$opt_dir/$appname/bin/setenv.sh": ensure => file, content => template("plnxtools/apacheds/setenv.sh.erb"), }-> file {"$ads_instances": ensure => directory } file {"$ads_logdir": ensure => directory } } class plnxtools::apacheds::del( $ensure = stopped ) inherits plnxtools::apacheds { $in = $facts['ads_instances'] $in.each |$x| { if !defined(Plnxtools::Apacheds::Instance[$x]) { plnxtools::apacheds::instance{$x: partitionid => "$x", partitionsuffix => "dc=$x,dc=org", ensure => $ensure, } } } } define plnxtools::apacheds::instance( $ensure = running, $ldap_port = 10389, $ldaps_port = 10638, $admin_password = "secret", $partitionsuffix, $partitionid ) { $ads_instances = $plnxtools::apacheds::ads_instances if $ensure != purged { $log_file = "$plnxtools::apacheds::ads_logdir/$title.log" # # Create a base 64 encoded ads-contextentry # see: https://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html # $ads_contextentry0 = base64('encode',"dn: $partitionsuffix\ndc: $title\nobjectclass: domain\nobjectclass: top\n\n") $ads_contextentry = strip(regsubst($ads_contextentry0, '\n', "\n ")) file{"$ads_instances/$title": ensure => directory } -> file{"$ads_instances/$title/conf": ensure => directory } -> file{"$ads_instances/$title/log": ensure => directory } -> file{"$ads_instances/$title/run": ensure => directory } -> file{"$ads_instances/$title/conf/log4j.properties": ensure => file, content => template ("plnxtools/apacheds/log4j.properties.erb"), }-> file{"/tmp/ads-$title-config.ldif": ensure => file, content => template ("plnxtools/apacheds/config.ldif.erb"), }-> exec {"/bin/cp /tmp/ads-$title-config.ldif $ads_instances/$title/conf/config.ldif": creates => "$ads_instances/$title/conf/config.ldif_migrated" } $bin_dir = "${plnxtools::apacheds::opt_dir}/${plnxtools::apacheds::appname}/bin" file {"/opt/plnxtools/ads/$title.instance": ensure => file }-> service {"apacheds_${title}": start => "$bin_dir/apacheds.sh $title start", stop => "$bin_dir/apacheds.sh $title stop", status => "$bin_dir/apacheds.sh $title status | grep 'is running'", ensure => $ensure, }-> exec{"set_passwd": # To sleep 20 secs is an ugly hack, better would be to wait somehow # til the port is ready command => "/bin/sleep 30 && /usr/bin/printf \ 'dn: uid=admin,ou=system\nchangetype: modify\nreplace: userPassword\nuserPassword: $admin_password'\ | ldapmodify -c -h localhost -p $ldap_port -D uid=admin,ou=system -w secret", creates => "$ads_instances/$title/conf/config.ldif_migrated" } } else{ $bin_dir = "${plnxtools::apacheds::opt_dir}/${plnxtools::apacheds::appname}/bin" service {"apacheds_${title}": start => "$bin_dir/apacheds.sh $title start", stop => "$bin_dir/apacheds.sh $title stop", status => "$bin_dir/apacheds.sh $title status | grep 'is running'", ensure => stopped, } -> file {"/opt/plnxtools/ads/$title.instance": ensure => absent } -> file{"$ads_instances/$title": ensure => absent, force => true } } } define plnxtools::apacheds::syncrepl( $parition, $consumerid, $ldap_password, $ldap_port = 389, $provider_port = 10389 ) { $params = "\ ads-replSearchTimeOut: 0 ads-replSearchScope: sub ads-searchBaseDN: dc=example,dc=com ads-replProvHostName: localhost ads-replStrictCertValidation: FALSE ads-replRefreshNPersist: TRUE ads-replUseTls: FALSE ads-replUserDn: uid=admin,ou=system ads-replProvPort: $provider_port ads-replRefreshInterval: 60000 ads-enabled: TRUE ads-replConsumerId: consumer1 ads-replUserPassword: secret ads-replSearchSizeLimit: 0 ads-replAttributes: * ads-replSearchFilter: (objectClass=*) ads-replAliasDerefMode: never objectClass: top objectClass: ads-base objectClass: ads-replConsumer " $del_params = "\ dn: ads-replConsumerId=${$title},ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config changetype: delete " $add_params = "\ dn: ads-replConsumerId=${$title},ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config changetype: add $params " file {"/tmp/$title-add": ensure => file, content => $add_params } file {"/tmp/$title-del": ensure => file, content => $del_params } exec {"get_ldap$title": command => "\ /usr/local/bin/ldapsearch -LLL -h localhost -p 389 -D uid=admin,ou=system -w $ldap_password \ -b ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config ads-replConsumerId=$title > /tmp/syncrepl-$title" } $dnp="\ dn: ads-replConsumerId=$title,ou=replConsumers,ads-serverId=ldapServer,ou=s ervers,ads-directoryServiceId=default,ou=config " file {"/tmp/syncrepl-$title": ensure => file, content => "$dnp$params", require => Exec["get_ldap$title"] } $mps = $facts['ads_syncrepls'] $ldapmodify = "/usr/local/bin/ldapmodify" if $title in $mps { exec{"syscrepl_del_$title": command => "$ldapmodify -c -h localhost -p $ldap_port -D uid=admin,ou=system -w $ldap_password -f /tmp/$title-del", refreshonly=>true, subscribe => File["/tmp/syncrepl-$title"] } -> exec{"syscrepl_exec_$title": command => "$ldapmodify -c -h localhost -p $ldap_port -D uid=admin,ou=system -w $ldap_password -f /tmp/$title-add", refreshonly=>true, subscribe => File["/tmp/syncrepl-$title"] } -> file {"/opt/plnxtools/ads/$title.syncrepl": ensure => file } } else { exec{"syscrepl_exec_$title": command => "$ldapmodify -c -h localhost -p $ldap_port -D uid=admin,ou=system -w $ldap_password -f /tmp/$title-add", refreshonly=>true, subscribe => File["/tmp/syncrepl-$title"] } -> file {"/opt/plnxtools/ads/$title.syncrepl": ensure => file } } }