openstack/devstack
Code Issues Proposed changes
Files
c072f159cf66ed9b44b1dce90b7f0e86c81571eb
devstack/lib/ldap
Artem Goncharov 06633c6c30 Restart slapd after cleanup 
A bug in openldap mdb (memory database) causes it to crash in an attempt
to delete nonexisting tree, which is exactly what we do in the cleanup.
After the coredump it does not start automatically (what maybe make
sense to change). The fix is merged in
https://bugs.openldap.org/show_bug.cgi?id=10336 but we do not have this
fix in Noble. For now try simply to restart the process.

Change-Id: Iae597aae345d12a2c82f66342ff40ac0a387eddf
Signed-off-by: Artem Goncharov <artem.goncharov@gmail.com>
2025-06-27 15:00:34 +00:00

191 lines
5.4 KiB
Bash
Raw Blame History

#!/bin/bash
#
# lib/ldap
# Functions to control the installation and configuration of **ldap**
# ``lib/keystone`` calls the entry points in this order:
#
# - install_ldap()
# Save trace setting
_XTRACE_LDAP=$(set +o | grep xtrace)
set +o xtrace
LDAP_DOMAIN=${LDAP_DOMAIN:-openstack.org}
# Make an array of domain components
DC=(${LDAP_DOMAIN/./ })
# Leftmost domain component used in top-level entry
LDAP_BASE_DC=${DC[0]}
# Build the base DN
dn=""
for dc in ${DC[*]}; do
dn="$dn,dc=$dc"
done
LDAP_BASE_DN=${dn#,}
LDAP_MANAGER_DN="${LDAP_MANAGER_DN:-cn=Manager,${LDAP_BASE_DN}}"
LDAP_URL=${LDAP_URL:-ldap://localhost}
LDAP_SERVICE_NAME=slapd
if is_ubuntu; then
LDAP_OLCDB_NUMBER=1
LDAP_OLCDB_TYPE=mdb
LDAP_ROOTPW_COMMAND=replace
elif is_fedora; then
LDAP_OLCDB_NUMBER=2
LDAP_OLCDB_TYPE=hdb
LDAP_ROOTPW_COMMAND=add
fi
# Functions
# ---------
# Perform common variable substitutions on the data files
# _ldap_varsubst file
function _ldap_varsubst {
local infile=$1
local slappass=$2
sed -e "
s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER|
s|\${LDAP_OLCDB_TYPE}|$LDAP_OLCDB_TYPE|
s|\${SLAPPASS}|$slappass|
s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|
s|\${BASE_DC}|$LDAP_BASE_DC|
s|\${BASE_DN}|$LDAP_BASE_DN|
s|\${MANAGER_DN}|$LDAP_MANAGER_DN|
" $infile
}
# clean_ldap() - Remove ldap server
function cleanup_ldap {
uninstall_package $(get_packages ldap)
if is_ubuntu; then
uninstall_package slapd ldap-utils libslp1
sudo rm -rf /etc/ldap/ldap.conf /var/lib/ldap
elif is_fedora; then
sudo rm -rf /etc/openldap /var/lib/ldap
fi
}
# init_ldap
# init_ldap() - Initialize databases, etc.
function init_ldap {
local keystone_ldif
local tmp_ldap_dir
tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
# Remove data but not schemas
clear_ldap_state
if is_ubuntu; then
# a bug in OpenLDAP 2.6.7+
# (https://bugs.openldap.org/show_bug.cgi?id=10336) causes slapd crash
# after deleting nonexisting tree. It is fixed upstream, but Ubuntu is
# still not having a fix in Noble. Try temporarily simly restarting the
# process.
sudo service $LDAP_SERVICE_NAME restart
fi
# Add our top level ldap nodes
if ldapsearch -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -b "$LDAP_BASE_DN" | grep -q "Success"; then
printf "LDAP already configured for $LDAP_BASE_DC\n"
else
printf "Configuring LDAP for $LDAP_BASE_DC\n"
# If BASE_DN is changed, the user may override the default file
if [[ -r $FILES/ldap/${LDAP_BASE_DC}.ldif.in ]]; then
local keystone_ldif=${LDAP_BASE_DC}.ldif
else
local keystone_ldif=keystone.ldif
fi
_ldap_varsubst $FILES/ldap/${keystone_ldif}.in >$tmp_ldap_dir/${keystone_ldif}
if [[ -r $tmp_ldap_dir/${keystone_ldif} ]]; then
ldapadd -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -c -f $tmp_ldap_dir/${keystone_ldif}
fi
fi
rm -rf $tmp_ldap_dir
}
# install_ldap
# install_ldap() - Collect source and prepare
function install_ldap {
echo "Installing LDAP inside function"
echo "os_VENDOR is $os_VENDOR"
local tmp_ldap_dir
tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
printf "installing OpenLDAP"
if is_ubuntu; then
configure_ldap
elif is_fedora; then
start_ldap
fi
echo "LDAP_PASSWORD is $LDAP_PASSWORD"
local slappass
slappass=$(slappasswd -s $LDAP_PASSWORD)
printf "LDAP secret is $slappass\n"
# Create manager.ldif and add to olcdb
_ldap_varsubst $FILES/ldap/manager.ldif.in $slappass >$tmp_ldap_dir/manager.ldif
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $tmp_ldap_dir/manager.ldif
# On fedora we need to manually add cosine and inetorgperson schemas
if is_fedora; then
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
fi
rm -rf $tmp_ldap_dir
}
# configure_ldap() - Configure LDAP - reconfigure slapd
function configure_ldap {
sudo debconf-set-selections <<EOF
slapd slapd/internal/generated_adminpw password $LDAP_PASSWORD
slapd slapd/internal/adminpw password $LDAP_PASSWORD
slapd slapd/password2 password $LDAP_PASSWORD
slapd slapd/password1 password $LDAP_PASSWORD
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
slapd slapd/domain string Users
slapd shared/organization string $LDAP_DOMAIN
slapd slapd/backend string ${LDAP_OLCDB_TYPE^^}
slapd slapd/purge_database boolean true
slapd slapd/move_old_database boolean true
slapd slapd/allow_ldap_v2 boolean false
slapd slapd/no_configuration boolean false
slapd slapd/dump_database select when needed
EOF
sudo apt-get install -y slapd ldap-utils
sudo dpkg-reconfigure -f noninteractive $LDAP_SERVICE_NAME
}
# start_ldap() - Start LDAP
function start_ldap {
sudo service $LDAP_SERVICE_NAME restart
}
# stop_ldap() - Stop LDAP
function stop_ldap {
sudo service $LDAP_SERVICE_NAME stop
}
# clear_ldap_state() - Clear LDAP State
function clear_ldap_state {
ldapdelete -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -r "$LDAP_BASE_DN" || :
}
# Restore xtrace
$_XTRACE_LDAP
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End:
View Git Blame Copy Permalink