253 lines
6.4 KiB
Puppet
253 lines
6.4 KiB
Puppet
#
|
|
# apacheds
|
|
#
|
|
class plnxtools::apacheds(
|
|
$ads_shutdown_port = 0,
|
|
$appname = "apacheds",
|
|
$ads_instances = "/var/apacheds",
|
|
$ads_logdir = "/var/log/$appname",
|
|
|
|
$java_home = $plnxtools::java_home
|
|
)
|
|
inherits ::plnxtools
|
|
{
|
|
$ads_home = "$opt_dir/$appname"
|
|
|
|
file {"opt_plnx_ads":
|
|
path => "$opt_dir/plnxtools/ads",
|
|
ensure => directory
|
|
}
|
|
|
|
package {"openldap-client":
|
|
ensure => installed
|
|
}
|
|
|
|
plnxtools::install{$appname:
|
|
sourcedir => "https://downloads.apache.org/directory/apacheds/dist/2.0.0.AM26",
|
|
distfile => "apacheds-2.0.0.AM26.tar.gz",
|
|
dirname => "apacheds-2.0.0.AM26",
|
|
require => Class['::plnxtools'],
|
|
}->
|
|
file {"$opt_dir/$appname/bin/setenv.sh":
|
|
ensure => file,
|
|
content => template("plnxtools/apacheds/setenv.sh.erb"),
|
|
}->
|
|
file {"$ads_instances":
|
|
ensure => directory
|
|
}
|
|
file {"$ads_logdir":
|
|
ensure => directory
|
|
}
|
|
}
|
|
|
|
class plnxtools::apacheds::del(
|
|
$ensure = stopped
|
|
)
|
|
inherits plnxtools::apacheds
|
|
{
|
|
$in = $facts['ads_instances']
|
|
$in.each |$x| {
|
|
|
|
if !defined(Plnxtools::Apacheds::Instance[$x]) {
|
|
plnxtools::apacheds::instance{$x:
|
|
partitionid => "$x",
|
|
partitionsuffix => "dc=$x,dc=org",
|
|
ensure => $ensure,
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
define plnxtools::apacheds::instance(
|
|
$ensure = running,
|
|
$ldap_port = 10389,
|
|
$ldaps_port = 10638,
|
|
$admin_password = "secret",
|
|
$partitionsuffix,
|
|
$partitionid
|
|
|
|
) {
|
|
$ads_instances = $plnxtools::apacheds::ads_instances
|
|
if $ensure != purged {
|
|
$log_file = "$plnxtools::apacheds::ads_logdir/$title.log"
|
|
|
|
#
|
|
# Create a base 64 encoded ads-contextentry
|
|
# see: https://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html
|
|
#
|
|
$ads_contextentry0 = base64('encode',"dn: $partitionsuffix\ndc: $title\nobjectclass: domain\nobjectclass: top\n\n")
|
|
$ads_contextentry = strip(regsubst($ads_contextentry0, '\n', "\n "))
|
|
|
|
|
|
file{"$ads_instances/$title":
|
|
ensure => directory
|
|
} ->
|
|
file{"$ads_instances/$title/conf":
|
|
ensure => directory
|
|
} ->
|
|
file{"$ads_instances/$title/log":
|
|
ensure => directory
|
|
} ->
|
|
file{"$ads_instances/$title/run":
|
|
ensure => directory
|
|
} ->
|
|
file{"$ads_instances/$title/conf/log4j.properties":
|
|
ensure => file,
|
|
content => template ("plnxtools/apacheds/log4j.properties.erb"),
|
|
}->
|
|
file{"/tmp/ads-$title-config.ldif":
|
|
ensure => file,
|
|
content => template ("plnxtools/apacheds/config.ldif.erb"),
|
|
}->
|
|
exec {"/bin/cp /tmp/ads-$title-config.ldif $ads_instances/$title/conf/config.ldif":
|
|
creates => "$ads_instances/$title/conf/config.ldif_migrated"
|
|
}
|
|
|
|
|
|
$bin_dir = "${plnxtools::apacheds::opt_dir}/${plnxtools::apacheds::appname}/bin"
|
|
|
|
file {"/opt/plnxtools/ads/$title.instance":
|
|
ensure => file
|
|
}->
|
|
service {"apacheds_${title}":
|
|
start => "$bin_dir/apacheds.sh $title start",
|
|
stop => "$bin_dir/apacheds.sh $title stop",
|
|
status => "$bin_dir/apacheds.sh $title status | grep 'is running'",
|
|
ensure => $ensure,
|
|
}->
|
|
exec{"set_passwd":
|
|
# To sleep 20 secs is an ugly hack, better would be to wait somehow
|
|
# til the port is ready
|
|
command => "/bin/sleep 30 && /usr/bin/printf \
|
|
'dn: uid=admin,ou=system\nchangetype: modify\nreplace: userPassword\nuserPassword: $admin_password'\
|
|
| ldapmodify -c -h localhost -p $ldap_port -D uid=admin,ou=system -w secret",
|
|
creates => "$ads_instances/$title/conf/config.ldif_migrated"
|
|
}
|
|
}
|
|
else{
|
|
$bin_dir = "${plnxtools::apacheds::opt_dir}/${plnxtools::apacheds::appname}/bin"
|
|
service {"apacheds_${title}":
|
|
start => "$bin_dir/apacheds.sh $title start",
|
|
stop => "$bin_dir/apacheds.sh $title stop",
|
|
status => "$bin_dir/apacheds.sh $title status | grep 'is running'",
|
|
ensure => stopped,
|
|
} ->
|
|
file {"/opt/plnxtools/ads/$title.instance":
|
|
ensure => absent
|
|
} ->
|
|
file{"$ads_instances/$title":
|
|
ensure => absent,
|
|
force => true
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
define plnxtools::apacheds::syncrepl(
|
|
$parition,
|
|
$consumerid,
|
|
$ldap_password,
|
|
$ldap_port = 389,
|
|
|
|
$provider_port = 10389
|
|
)
|
|
{
|
|
$params = "\
|
|
ads-replSearchTimeOut: 0
|
|
ads-replSearchScope: sub
|
|
ads-searchBaseDN: dc=example,dc=com
|
|
ads-replProvHostName: localhost
|
|
ads-replStrictCertValidation: FALSE
|
|
ads-replRefreshNPersist: TRUE
|
|
ads-replUseTls: FALSE
|
|
ads-replUserDn: uid=admin,ou=system
|
|
ads-replProvPort: $provider_port
|
|
ads-replRefreshInterval: 60000
|
|
ads-enabled: TRUE
|
|
ads-replConsumerId: consumer1
|
|
ads-replUserPassword: secret
|
|
ads-replSearchSizeLimit: 0
|
|
ads-replAttributes: *
|
|
ads-replSearchFilter: (objectClass=*)
|
|
ads-replAliasDerefMode: never
|
|
objectClass: top
|
|
objectClass: ads-base
|
|
objectClass: ads-replConsumer
|
|
|
|
"
|
|
$del_params = "\
|
|
dn: ads-replConsumerId=${$title},ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
|
|
changetype: delete
|
|
|
|
"
|
|
$add_params = "\
|
|
dn: ads-replConsumerId=${$title},ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
|
|
changetype: add
|
|
$params
|
|
|
|
"
|
|
|
|
|
|
|
|
file {"/tmp/$title-add":
|
|
ensure => file,
|
|
content => $add_params
|
|
}
|
|
file {"/tmp/$title-del":
|
|
ensure => file,
|
|
content => $del_params
|
|
}
|
|
|
|
exec {"get_ldap$title":
|
|
command => "\
|
|
/usr/local/bin/ldapsearch -LLL -h localhost -p 389 -D uid=admin,ou=system -w $ldap_password \
|
|
-b ou=replConsumers,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config ads-replConsumerId=$title > /tmp/syncrepl-$title"
|
|
}
|
|
|
|
$dnp="\
|
|
dn: ads-replConsumerId=$title,ou=replConsumers,ads-serverId=ldapServer,ou=s
|
|
ervers,ads-directoryServiceId=default,ou=config
|
|
"
|
|
|
|
file {"/tmp/syncrepl-$title":
|
|
ensure => file,
|
|
content => "$dnp$params",
|
|
require => Exec["get_ldap$title"]
|
|
}
|
|
|
|
|
|
|
|
$mps = $facts['ads_syncrepls']
|
|
$ldapmodify = "/usr/local/bin/ldapmodify"
|
|
|
|
if $title in $mps {
|
|
exec{"syscrepl_del_$title":
|
|
command => "$ldapmodify -c -h localhost -p $ldap_port -D uid=admin,ou=system -w $ldap_password -f /tmp/$title-del",
|
|
refreshonly=>true,
|
|
subscribe => File["/tmp/syncrepl-$title"]
|
|
} ->
|
|
exec{"syscrepl_exec_$title":
|
|
command => "$ldapmodify -c -h localhost -p $ldap_port -D uid=admin,ou=system -w $ldap_password -f /tmp/$title-add",
|
|
refreshonly=>true,
|
|
subscribe => File["/tmp/syncrepl-$title"]
|
|
} ->
|
|
file {"/opt/plnxtools/ads/$title.syncrepl":
|
|
ensure => file
|
|
}
|
|
} else {
|
|
|
|
exec{"syscrepl_exec_$title":
|
|
command => "$ldapmodify -c -h localhost -p $ldap_port -D uid=admin,ou=system -w $ldap_password -f /tmp/$title-add",
|
|
refreshonly=>true,
|
|
subscribe => File["/tmp/syncrepl-$title"]
|
|
} ->
|
|
file {"/opt/plnxtools/ads/$title.syncrepl":
|
|
ensure => file
|
|
}
|
|
|
|
}
|
|
}
|