keystone: openldap packaging

Add openstack specific parts of openldap. openldap's init script initializes the data with the basic tree structures needed for keystone - the Group, User and Role tree. Additionally, we add two variables which can be set in local.conf, LDAP_DN - default DN for ldap default: "dc=my-domain,dc=com" LDAP_DATADIR - default directory for ldap's data directory default: "/etc/openldap-data/" Signed-off-by: Amy Fong <amy.fong@windriver.com>
author: Amy Fong <amy.fong@windriver.com> 2014-07-22 10:07:48 -0400
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2014-07-30 00:50:20 -0400
commit: 010135a5b132197a784d3f337748433278f1fad8 (patch)
tree: d858faa9a437fa9ad7ab305d95ce371bb963ffc5 /meta-openstack
parent: f367c5dc967789030d778e81bd4c0340302fd50e (diff)
download: meta-cloud-services-010135a5b132197a784d3f337748433278f1fad8.tar.gz
3 files changed, 157 insertions, 0 deletions
diff --git a/meta-openstack/recipes-support/openldap/files/initscript b/meta-openstack/recipes-support/openldap/files/initscript
new file mode 100644
index 0000000..f9c343a
--- /dev/null
+++ b/meta-openstack/recipes-support/openldap/files/initscript
@@ -0,0 +1,62 @@
+#! /bin/sh
+#
+# This is an init script for openembedded
+# Copy it to /etc/init.d/openldap and type
+# > update-rc.d openldap defaults 60
+#
+slapd=/usr/libexec/slapd
+test -x "$slapd" || exit 0
+src_data_dir=/etc/openldap/
+data_dir=%LDAP_DATADIR%
+pidfile=%LDAP_DATADIR%/slapd.pid
+start()
+{
+        need_init=0
+        if [ ! -e $data_dir/DB_CONFIG ]; then
+                cp $src_data_dir/DB_CONFIG.example $data_dir/DB_CONFIG
+                need_init=1
+        fi
+        echo -n "Starting OpenLDAP: "
+        start-stop-daemon --start --quiet --exec $slapd
+        echo "."
+        if [ $need_init -eq 1 ]; then
+                sleep 1
+                ldapadd -x -D "cn=Manager,%DEFAULT_DN%" -w secret -f /etc/openldap/ops-base.ldif -c
+        fi
+}
+stop()
+{
+        echo -n "Stopping OpenLDAP: "
+        start-stop-daemon --stop --quiet --pidfile $pidfile
+        echo "."
+}
+case "$1" in
+  start)
+    start
+    ;;
+  stop)
+    stop
+    ;;
+  reset)
+    stop
+    sleep 1
+    rm $data_dir/*
+    start
+    ;;
+  restart)
+    stop
+    start
+    ;;
+  *)
+    echo "Usage: /etc/init.d/openldap {start|stop|reset|restart|reset}"
+    exit 1
+esac
+exit 0
diff --git a/meta-openstack/recipes-support/openldap/files/ops-base.ldif b/meta-openstack/recipes-support/openldap/files/ops-base.ldif
new file mode 100644
index 0000000..cfbb94b
--- /dev/null
+++ b/meta-openstack/recipes-support/openldap/files/ops-base.ldif
@@ -0,0 +1,28 @@
+dn: dc=my-domain,dc=com
+objectclass: dcObject
+objectclass: top
+objectclass: organization
+o: my-domain Company
+dc: my-domain
+dn: cn=Manager,dc=my-domain,dc=com
+objectclass: organizationalRole
+cn: Manager
+description: LDAP administratior
+roleOccupant: dc=my-domain,dc=com
+dn: ou=Roles,dc=my-domain,dc=com
+objectclass:organizationalunit
+ou: Roles
+description: generic groups branch
+dn: ou=Users,dc=my-domain,dc=com
+objectclass:organizationalunit
+ou: Users
+description: generic groups branch
+dn: ou=Groups,dc=my-domain,dc=com
+objectclass:organizationalunit
+ou: Groups
+description: generic groups branch
diff --git a/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend b/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend
new file mode 100644
index 0000000..d8166ce
--- /dev/null
+++ b/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend
@@ -0,0 +1,67 @@
+PRINC = "2"
+DEPEND_${PN} += "cyrus-sasl" 
+RDEPEND_${PN} += "libsasl2-modules"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+SRC_URI += "file://initscript"
+SRC_URI += "file://ops-base.ldif"
+LDAP_DN ?= "dc=my-domain,dc=com"
+LDAP_DATADIR ?= "/etc/openldap-data/"
+do_install_append() {
+    install -D -m 0755 ${WORKDIR}/initscript ${D}${sysconfdir}/init.d/openldap
+    sed -i -e 's/%DEFAULT_DN%/${LDAP_DN}/g' ${D}${sysconfdir}/init.d/openldap
+    sed -i -e 's#%LDAP_DATADIR%#${LDAP_DATADIR}#g' ${D}${sysconfdir}/init.d/openldap
+    # This is duplicated in /etc/openldap and is for slapd
+    rm -f ${D}${localstatedir}/openldap-data/DB_CONFIG.example
+    rmdir "${D}${localstatedir}/run"
+    rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+    # remove symlinks for backends, recreating in postinstall
+    rm ${D}/${libexecdir}/openldap/*.so
+    sed -i -e '/^include\s*/a \
+include         /etc/openldap/schema/cosine.schema \
+include         /etc/openldap/schema/nis.schema \
+include         /etc/openldap/schema/inetorgperson.schema \
+include         /etc/openldap/schema/misc.schema' \
+        ${D}/etc/openldap/slapd.conf
+    sed -i -e '/^# Load dynamic backend modules:/a \
+modulepath      /usr/libexec/openldap \
+moduleload      back_bdb.la' \
+        ${D}/etc/openldap/slapd.conf
+    sed -i -e 's#^pidfile\s*.*$#pidfile ${LDAP_DATADIR}/slapd.pid#' ${D}/etc/openldap/slapd.conf
+    sed -i -e 's#^argsfile\s*.*$#argsfile ${LDAP_DATADIR}/slapd.args#' ${D}/etc/openldap/slapd.conf
+    sed -i -e 's#^directory\s*.*$#directory ${LDAP_DATADIR}/#' ${D}/etc/openldap/slapd.conf
+    sed -i -e 's/dc=my-domain,dc=com/${LDAP_DN}/g' ${D}/etc/openldap/slapd.conf
+    # modify access perms for ldap/authentication
+    sed -i -e '$a\
+\
+access to attrs=userPassword \
+        by self write \
+        by anonymous auth \
+        by * none \
+\
+access to * \
+        by self write \
+        by * read' \
+        ${D}/etc/openldap/slapd.conf
+    install -D -m 0644 ${WORKDIR}/ops-base.ldif ${D}/etc/openldap/ops-base.ldif
+    sed -i -e 's/dc=my-domain,dc=com/${LDAP_DN}/g' ${D}/etc/openldap/ops-base.ldif
+    mkdir ${D}/${LDAP_DATADIR}
+}
+inherit update-rc.d
+INITSCRIPT_NAME = "openldap"
+INITSCRIPT_PARAMS = "defaults"
author	Amy Fong <amy.fong@windriver.com>	2014-07-22 10:07:48 -0400
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2014-07-30 00:50:20 -0400
commit	010135a5b132197a784d3f337748433278f1fad8 (patch)
tree	d858faa9a437fa9ad7ab305d95ce371bb963ffc5 /meta-openstack
parent	f367c5dc967789030d778e81bd4c0340302fd50e (diff)
download	meta-cloud-services-010135a5b132197a784d3f337748433278f1fad8.tar.gz

diff --git a/meta-openstack/recipes-support/openldap/files/initscript b/meta-openstack/recipes-support/openldap/files/initscript new file mode 100644 index 0000000..f9c343a --- /dev/null +++ b/meta-openstack/recipes-support/openldap/files/initscript
@@ -0,0 +1,62 @@
	1	#! /bin/sh
	2	#
	3	# This is an init script for openembedded
	4	# Copy it to /etc/init.d/openldap and type
	5	# > update-rc.d openldap defaults 60
	6	#
	7
	8
	9	slapd=/usr/libexec/slapd
	10	test -x "$slapd" \|\| exit 0
	11
	12	src_data_dir=/etc/openldap/
	13	data_dir=%LDAP_DATADIR%
	14	pidfile=%LDAP_DATADIR%/slapd.pid
	15
	16	start()
	17	{
	18	need_init=0
	19	if [ ! -e $data_dir/DB_CONFIG ]; then
	20	cp $src_data_dir/DB_CONFIG.example $data_dir/DB_CONFIG
	21	need_init=1
	22	fi
	23	echo -n "Starting OpenLDAP: "
	24	start-stop-daemon --start --quiet --exec $slapd
	25	echo "."
	26
	27	if [ $need_init -eq 1 ]; then
	28	sleep 1
	29	ldapadd -x -D "cn=Manager,%DEFAULT_DN%" -w secret -f /etc/openldap/ops-base.ldif -c
	30	fi
	31	}
	32
	33	stop()
	34	{
	35	echo -n "Stopping OpenLDAP: "
	36	start-stop-daemon --stop --quiet --pidfile $pidfile
	37	echo "."
	38	}
	39
	40	case "$1" in
	41	start)
	42	start
	43	;;
	44	stop)
	45	stop
	46	;;
	47	reset)
	48	stop
	49	sleep 1
	50	rm $data_dir/*
	51	start
	52	;;
	53	restart)
	54	stop
	55	start
	56	;;
	57	*)
	58	echo "Usage: /etc/init.d/openldap {start\|stop\|reset\|restart\|reset}"
	59	exit 1
	60	esac
	61
	62	exit 0


diff --git a/meta-openstack/recipes-support/openldap/files/ops-base.ldif b/meta-openstack/recipes-support/openldap/files/ops-base.ldif new file mode 100644 index 0000000..cfbb94b --- /dev/null +++ b/meta-openstack/recipes-support/openldap/files/ops-base.ldif
@@ -0,0 +1,28 @@
	1	dn: dc=my-domain,dc=com
	2	objectclass: dcObject
	3	objectclass: top
	4	objectclass: organization
	5	o: my-domain Company
	6	dc: my-domain
	7
	8	dn: cn=Manager,dc=my-domain,dc=com
	9	objectclass: organizationalRole
	10	cn: Manager
	11	description: LDAP administratior
	12	roleOccupant: dc=my-domain,dc=com
	13
	14	dn: ou=Roles,dc=my-domain,dc=com
	15	objectclass:organizationalunit
	16	ou: Roles
	17	description: generic groups branch
	18
	19	dn: ou=Users,dc=my-domain,dc=com
	20	objectclass:organizationalunit
	21	ou: Users
	22	description: generic groups branch
	23
	24	dn: ou=Groups,dc=my-domain,dc=com
	25	objectclass:organizationalunit
	26	ou: Groups
	27	description: generic groups branch
	28


diff --git a/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend b/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend new file mode 100644 index 0000000..d8166ce --- /dev/null +++ b/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend
@@ -0,0 +1,67 @@
	1	PRINC = "2"
	2
	3	DEPEND_${PN} += "cyrus-sasl"
	4	RDEPEND_${PN} += "libsasl2-modules"
	5
	6	FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
	7	SRC_URI += "file://initscript"
	8	SRC_URI += "file://ops-base.ldif"
	9
	10	LDAP_DN ?= "dc=my-domain,dc=com"
	11	LDAP_DATADIR ?= "/etc/openldap-data/"
	12
	13	do_install_append() {
	14	install -D -m 0755 ${WORKDIR}/initscript ${D}${sysconfdir}/init.d/openldap
	15	sed -i -e 's/%DEFAULT_DN%/${LDAP_DN}/g' ${D}${sysconfdir}/init.d/openldap
	16	sed -i -e 's#%LDAP_DATADIR%#${LDAP_DATADIR}#g' ${D}${sysconfdir}/init.d/openldap
	17
	18	# This is duplicated in /etc/openldap and is for slapd
	19	rm -f ${D}${localstatedir}/openldap-data/DB_CONFIG.example
	20	rmdir "${D}${localstatedir}/run"
	21	rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
	22
	23	# remove symlinks for backends, recreating in postinstall
	24	rm ${D}/${libexecdir}/openldap/*.so
	25
	26	sed -i -e '/^include\s*/a \
	27	include /etc/openldap/schema/cosine.schema \
	28	include /etc/openldap/schema/nis.schema \
	29	include /etc/openldap/schema/inetorgperson.schema \
	30	include /etc/openldap/schema/misc.schema' \
	31	${D}/etc/openldap/slapd.conf
	32
	33	sed -i -e '/^# Load dynamic backend modules:/a \
	34	modulepath /usr/libexec/openldap \
	35	moduleload back_bdb.la' \
	36	${D}/etc/openldap/slapd.conf
	37
	38	sed -i -e 's#^pidfile\s.$#pidfile ${LDAP_DATADIR}/slapd.pid#' ${D}/etc/openldap/slapd.conf
	39	sed -i -e 's#^argsfile\s.$#argsfile ${LDAP_DATADIR}/slapd.args#' ${D}/etc/openldap/slapd.conf
	40	sed -i -e 's#^directory\s.$#directory ${LDAP_DATADIR}/#' ${D}/etc/openldap/slapd.conf
	41
	42	sed -i -e 's/dc=my-domain,dc=com/${LDAP_DN}/g' ${D}/etc/openldap/slapd.conf
	43
	44	# modify access perms for ldap/authentication
	45	sed -i -e '$a\
	46	\
	47	access to attrs=userPassword \
	48	by self write \
	49	by anonymous auth \
	50	by * none \
	51	\
	52	access to * \
	53	by self write \
	54	by * read' \
	55	${D}/etc/openldap/slapd.conf
	56
	57	install -D -m 0644 ${WORKDIR}/ops-base.ldif ${D}/etc/openldap/ops-base.ldif
	58	sed -i -e 's/dc=my-domain,dc=com/${LDAP_DN}/g' ${D}/etc/openldap/ops-base.ldif
	59
	60	mkdir ${D}/${LDAP_DATADIR}
	61	}
	62
	63	inherit update-rc.d
	64
	65	INITSCRIPT_NAME = "openldap"
	66	INITSCRIPT_PARAMS = "defaults"
	67