aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmy Fong <amy.fong@windriver.com>2014-07-22 10:07:48 -0400
committerBruce Ashfield <bruce.ashfield@windriver.com>2014-07-30 10:46:55 -0400
commit808b4cc0bd73c68cb1227894b10e52267e43d93d (patch)
tree2ce9787c2799a6348195662ec56c60af521d5205
parentb354844b6c240b5e37b5a4e7067deec665874263 (diff)
downloadmeta-cloud-services-808b4cc0bd73c68cb1227894b10e52267e43d93d.tar.gz
meta-cloud-services-808b4cc0bd73c68cb1227894b10e52267e43d93d.tar.bz2
meta-cloud-services-808b4cc0bd73c68cb1227894b10e52267e43d93d.zip
keystone: openldap packaging
Add openstack specific parts of openldap. openldap's init script initializes the data with the basic tree structures needed for keystone - the Group, User and Role tree. Additionally, we add two variables which can be set in local.conf, LDAP_DN - default DN for ldap default: "dc=my-domain,dc=com" LDAP_DATADIR - default directory for ldap's data directory default: "/etc/openldap-data/" Signed-off-by: Amy Fong <amy.fong@windriver.com>
-rw-r--r--meta-openstack/recipes-support/openldap/files/initscript62
-rw-r--r--meta-openstack/recipes-support/openldap/files/ops-base.ldif28
-rw-r--r--meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend67
3 files changed, 157 insertions, 0 deletions
diff --git a/meta-openstack/recipes-support/openldap/files/initscript b/meta-openstack/recipes-support/openldap/files/initscript
new file mode 100644
index 0000000..f9c343a
--- /dev/null
+++ b/meta-openstack/recipes-support/openldap/files/initscript
@@ -0,0 +1,62 @@
+#! /bin/sh
+#
+# This is an init script for openembedded
+# Copy it to /etc/init.d/openldap and type
+# > update-rc.d openldap defaults 60
+#
+
+
+slapd=/usr/libexec/slapd
+test -x "$slapd" || exit 0
+
+src_data_dir=/etc/openldap/
+data_dir=%LDAP_DATADIR%
+pidfile=%LDAP_DATADIR%/slapd.pid
+
+start()
+{
+ need_init=0
+ if [ ! -e $data_dir/DB_CONFIG ]; then
+ cp $src_data_dir/DB_CONFIG.example $data_dir/DB_CONFIG
+ need_init=1
+ fi
+ echo -n "Starting OpenLDAP: "
+ start-stop-daemon --start --quiet --exec $slapd
+ echo "."
+
+ if [ $need_init -eq 1 ]; then
+ sleep 1
+ ldapadd -x -D "cn=Manager,%DEFAULT_DN%" -w secret -f /etc/openldap/ops-base.ldif -c
+ fi
+}
+
+stop()
+{
+ echo -n "Stopping OpenLDAP: "
+ start-stop-daemon --stop --quiet --pidfile $pidfile
+ echo "."
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ reset)
+ stop
+ sleep 1
+ rm $data_dir/*
+ start
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ *)
+ echo "Usage: /etc/init.d/openldap {start|stop|reset|restart|reset}"
+ exit 1
+esac
+
+exit 0
diff --git a/meta-openstack/recipes-support/openldap/files/ops-base.ldif b/meta-openstack/recipes-support/openldap/files/ops-base.ldif
new file mode 100644
index 0000000..cfbb94b
--- /dev/null
+++ b/meta-openstack/recipes-support/openldap/files/ops-base.ldif
@@ -0,0 +1,28 @@
+dn: dc=my-domain,dc=com
+objectclass: dcObject
+objectclass: top
+objectclass: organization
+o: my-domain Company
+dc: my-domain
+
+dn: cn=Manager,dc=my-domain,dc=com
+objectclass: organizationalRole
+cn: Manager
+description: LDAP administratior
+roleOccupant: dc=my-domain,dc=com
+
+dn: ou=Roles,dc=my-domain,dc=com
+objectclass:organizationalunit
+ou: Roles
+description: generic groups branch
+
+dn: ou=Users,dc=my-domain,dc=com
+objectclass:organizationalunit
+ou: Users
+description: generic groups branch
+
+dn: ou=Groups,dc=my-domain,dc=com
+objectclass:organizationalunit
+ou: Groups
+description: generic groups branch
+
diff --git a/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend b/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend
new file mode 100644
index 0000000..d8166ce
--- /dev/null
+++ b/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend
@@ -0,0 +1,67 @@
+PRINC = "2"
+
+DEPEND_${PN} += "cyrus-sasl"
+RDEPEND_${PN} += "libsasl2-modules"
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+SRC_URI += "file://initscript"
+SRC_URI += "file://ops-base.ldif"
+
+LDAP_DN ?= "dc=my-domain,dc=com"
+LDAP_DATADIR ?= "/etc/openldap-data/"
+
+do_install_append() {
+ install -D -m 0755 ${WORKDIR}/initscript ${D}${sysconfdir}/init.d/openldap
+ sed -i -e 's/%DEFAULT_DN%/${LDAP_DN}/g' ${D}${sysconfdir}/init.d/openldap
+ sed -i -e 's#%LDAP_DATADIR%#${LDAP_DATADIR}#g' ${D}${sysconfdir}/init.d/openldap
+
+ # This is duplicated in /etc/openldap and is for slapd
+ rm -f ${D}${localstatedir}/openldap-data/DB_CONFIG.example
+ rmdir "${D}${localstatedir}/run"
+ rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+
+ # remove symlinks for backends, recreating in postinstall
+ rm ${D}/${libexecdir}/openldap/*.so
+
+ sed -i -e '/^include\s*/a \
+include /etc/openldap/schema/cosine.schema \
+include /etc/openldap/schema/nis.schema \
+include /etc/openldap/schema/inetorgperson.schema \
+include /etc/openldap/schema/misc.schema' \
+ ${D}/etc/openldap/slapd.conf
+
+ sed -i -e '/^# Load dynamic backend modules:/a \
+modulepath /usr/libexec/openldap \
+moduleload back_bdb.la' \
+ ${D}/etc/openldap/slapd.conf
+
+ sed -i -e 's#^pidfile\s*.*$#pidfile ${LDAP_DATADIR}/slapd.pid#' ${D}/etc/openldap/slapd.conf
+ sed -i -e 's#^argsfile\s*.*$#argsfile ${LDAP_DATADIR}/slapd.args#' ${D}/etc/openldap/slapd.conf
+ sed -i -e 's#^directory\s*.*$#directory ${LDAP_DATADIR}/#' ${D}/etc/openldap/slapd.conf
+
+ sed -i -e 's/dc=my-domain,dc=com/${LDAP_DN}/g' ${D}/etc/openldap/slapd.conf
+
+ # modify access perms for ldap/authentication
+ sed -i -e '$a\
+\
+access to attrs=userPassword \
+ by self write \
+ by anonymous auth \
+ by * none \
+\
+access to * \
+ by self write \
+ by * read' \
+ ${D}/etc/openldap/slapd.conf
+
+ install -D -m 0644 ${WORKDIR}/ops-base.ldif ${D}/etc/openldap/ops-base.ldif
+ sed -i -e 's/dc=my-domain,dc=com/${LDAP_DN}/g' ${D}/etc/openldap/ops-base.ldif
+
+ mkdir ${D}/${LDAP_DATADIR}
+}
+
+inherit update-rc.d
+
+INITSCRIPT_NAME = "openldap"
+INITSCRIPT_PARAMS = "defaults"
+