Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Port OpenBSD LDAP to linux #23

Merged
merged 15 commits into from
Jan 4, 2018
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
WIP: ldap storage changed to docker volumes
harishanand95 committed Jan 1, 2018

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit f80f926db0a7fafe0be3e387c68760e7aa857d50
4 changes: 2 additions & 2 deletions config/ldapd/ldapd.conf
Original file line number Diff line number Diff line change
@@ -18,8 +18,8 @@ schema "/etc/ldap/core.schema"
#schema "/etc/ldap/nis.schema"


listen on eth0 port 389 secure
listen on lo port 389 secure
listen on eth0 port 8389 secure
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

8389 port will be used by LDAP instead of 389.

listen on lo port 8389 secure

namespace "dc=smartcity" {
rootdn "cn=admin,dc=smartcity"
2 changes: 2 additions & 0 deletions delete.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
#!/usr/bin/env bash
cd /data/kong && sudo rm -rf *
cd /data/tomcat && sudo rm -rf *
cd /data/rabbitmq && sudo rm -rf *
cd /data/ldapd && sudo rm -rf *
cd /data/logs/kong && sudo rm -rf *
cd /data/logs/rabbitmq && sudo rm -rf *
cd /data/logs/tomcat && sudo rm -rf *
37 changes: 1 addition & 36 deletions images/Dockerfile.tomcat
Original file line number Diff line number Diff line change
@@ -1,41 +1,6 @@
FROM ansible/ubuntu-ssh
FROM harishanand95/ansible-tomcat
MAINTAINER Harish Anand "https://github.com/harishanand95"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

harishanand95/ansible-tomcat image will contain the tomcat installation steps that were part of the old Dockerfile. This avoids the manual building process that keeps happening.
The current approach will be to download the image at once and reuse it.
(instead of building from the Dockerfile)


RUN apt-get install locales
ENV TOMCAT_VERSION 8.0.46

# Set locales
RUN locale-gen en_GB.UTF-8
ENV LANG en_GB.UTF-8
ENV LC_CTYPE en_GB.UTF-8

# Fix sh
RUN rm /bin/sh && ln -s /bin/bash /bin/sh

# Install dependencies
RUN apt-get update && \
apt-get install -y git build-essential curl wget software-properties-common

# Install JDK 8
RUN \
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | debconf-set-selections && \
add-apt-repository -y ppa:webupd8team/java && \
apt-get update && \
apt-get install -y oracle-java8-installer wget unzip tar && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/cache/oracle-jdk8-installer

# Define commonly used JAVA_HOME variable
ENV JAVA_HOME /usr/lib/jvm/java-8-oracle

# Get Tomcat
RUN wget --quiet --no-cookies http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.46/bin/apache-tomcat-8.0.46.tar.gz -O /tmp/tomcat.tgz && \
tar xzvf /tmp/tomcat.tgz -C /opt && \
mv /opt/apache-tomcat-8.0.46 /opt/tomcat

ENV CATALINA_HOME /opt/tomcat
ENV PATH $PATH:$CATALINA_HOME/bin

EXPOSE 8080

VOLUME "/opt/tomcat/webapps"
1 change: 1 addition & 0 deletions images/Dockerfile.ubuntu.certified.ldapd
Original file line number Diff line number Diff line change
@@ -4,6 +4,7 @@ MAINTAINER Harish Anand "https://github.com/harishanand95"
RUN echo "TrustedUserCAKeys /etc/ssh/ca-user-certificate-key.pub" >> /etc/ssh/sshd_config

EXPOSE 22
EXPOSE 8389
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PORT 8389 is exposed for using apache directory studio. @pct960 IPtables in the server should block based on requirements.

ARG CACHEBUST=1
COPY config/certificate_authority/keys/ca-user-certificate-key.pub /etc/ssh/ca-user-certificate-key.pub
CMD ["/usr/sbin/sshd", "-D"]
16 changes: 1 addition & 15 deletions images/Dockerfile.ubuntu.certified.pushpin
Original file line number Diff line number Diff line change
@@ -1,20 +1,6 @@
FROM ubuntu:16.04
FROM harishanand95/pushpin
MAINTAINER Harish Anand "https://github.com/harishanand95"

RUN apt-get update --fix-missing
RUN apt-get install -y git
RUN apt-get install -y pkg-config qtbase5-dev libzmq3-dev mongrel2-core zurl
RUN git clone git://github.com/fanout/pushpin.git && \
cd pushpin && \
git checkout develop && \
git submodule init && git submodule update && \
./configure --qtselect=5 && \
make && \
make install && \
mkdir /root/pushpin && \
mkdir /root/pushpin/runner && \
mkdir /root/pushpin/runner/certs

COPY config/kong/pushpin.conf /root/pushpin/pushpin.conf
COPY config/kong/pushpin_routes /root/pushpin/routes
COPY config/kong/default_443.key /root/pushpin/runner/certs/default_443.key
31 changes: 18 additions & 13 deletions install.yaml
Original file line number Diff line number Diff line change
@@ -434,28 +434,30 @@
args:
chdir: /home/ansible/libevent-release-1.4.13-stable

- name: openbsd-ldapd-portable bootstrap
- name: Openbsd-ldapd-portable bootstrap
command: ./bootstrap
args:
chdir: /home/ansible/openbsd-ldapd-portable

- name: openbsd-ldapd-portable bootstrap configure
- name: Openbsd-ldapd-portable configure
command: ./configure
args:
chdir: /home/ansible/openbsd-ldapd-portable

- name: openbsd-ldapd-portable bootstrap make
- name: Openbsd-ldapd-portable make
command: make
args:
chdir: /home/ansible/openbsd-ldapd-portable

- name: openbsd-ldapd-portable bootstrap make install
- name: Openbsd-ldapd-portable make install
command: make install
args:
chdir: /home/ansible/openbsd-ldapd-portable
become: true

- name: Link libevent-1.4.so.2
file: src=/usr/local/lib/libevent-1.4.so.2 dest=/usr/lib/libevent-1.4.so.2 state=link
become: true

- name: Create ldapd.conf file
copy:
@@ -476,6 +478,12 @@
- name: Create /etc/ldap directory
file: path=/etc/ldap state=directory

- name: Create LDAP /var/db directory
file: path=/var/db state=directory

- name: Create MongoDB /var/db/ldap directory
file: path=/var/db/ldap state=directory

- name: Create core.schema file
copy:
src: config/ldapd/core.schema
@@ -487,23 +495,20 @@
comment: "LDAP daemon"
home: /var/db/ldap
shell: /sbin/nologin

- name: Create /var/db directory
file: path=/var/db state=directory group=_ldapd owner=_ldapd

- name: Create /var/db/ldap directory
file: path=/var/db/ldap state=directory group=_ldapd owner=_ldapd
group: root
become: true

- name: Start ldapd
command: ldapd
shell: ldapd
become: true

- name: Add smartcity.ldif
command: ldapmodify -h 127.0.0.1 -p 389 -x -D cn=admin,dc=smartcity -w {{ ldapd_password }} -f smartcity.ldif
command: ldapmodify -h 127.0.0.1 -p 8389 -x -D cn=admin,dc=smartcity -w {{ ldapd_password }} -f smartcity.ldif
args:
chdir: /home/ansible/

- name: Add devices.ldif
command: ldapmodify -h 127.0.0.1 -p 389 -x -D cn=admin,dc=smartcity -w {{ ldapd_password }} -f devices.ldif
command: ldapmodify -h 127.0.0.1 -p 8389 -x -D cn=admin,dc=smartcity -w {{ ldapd_password }} -f devices.ldif
args:
chdir: /home/ansible/

17 changes: 15 additions & 2 deletions modules/install.py
Original file line number Diff line number Diff line change
@@ -303,7 +303,7 @@ def docker_setup(log_file, config_path="middleware.conf"):

ip, port, details = create_instance("ldapd", "ansible/ubuntu-certified-ldapd:1.0",
storage_host=ldapd_storage,
storage_guest="/var/db/ldap",
storage_guest="/var/db",
log_file=log_file)
instance_details["ldapd"] = [ip, port]
output_ok("Created LDAP docker instance. \n " + details)
@@ -400,7 +400,7 @@ def create_instance(server, image, log_file, storage_host="", storage_guest=""):
error_message=traceback.format_exc())
exit()

elif server == "hypercat" or server == "ldapd": # separate data storage needed
elif server == "hypercat": # separate data storage needed
cmd = "docker run -d -P --net=mynet --hostname={0} -v {2}:{3} --cap-add=NET_ADMIN --name={0} {1}".\
format(server, image, storage_host, storage_guest)

@@ -414,7 +414,20 @@ def create_instance(server, image, log_file, storage_host="", storage_guest=""):
"\n Check logs {0} for more details.".format(log_file),
error_message=traceback.format_exc())
exit()
elif server == "ldapd": # separate data storage needed
cmd = "docker run -d -P --net=mynet --hostname={0} --volumes-from datacontainer --cap-add=NET_ADMIN --name={0} {1}".\
format(server, image, storage_host, storage_guest)

try:
out, err = subprocess_popen(cmd,
log_file,
failure_msg="Creation of {0} docker instance failed.".format(server))
container_id = out
except OSError:
output_error("Creation of {0} docker instance failed.".format(server) +
"\n Check logs {0} for more details.".format(log_file),
error_message=traceback.format_exc())
exit()
else:
cmd = "docker run -d -P --net=mynet --hostname={0} --cap-add=NET_ADMIN --name={0} {1}".format(server, image)
try:
2 changes: 1 addition & 1 deletion modules/utils.py
Original file line number Diff line number Diff line change
@@ -9,7 +9,7 @@
# later), or the GNU General Public License, version 2 (GPLv2), in all
# cases as published by the Free Software Foundation.
#
# Updated to systemd print format Copyright (c) 2017 2017 by Harish Anand (harishanand 95 at gmail com)
# Updated to systemd print format Copyright (c) 2017 by Harish Anand (harishanand 95 at gmail com)
#

import logging