For a Debian based DX system, the openldap instance on controller-0
currently sync replicates with peer on controller-1 on insecure
port, while instance on controller-1 sync replicates with peer on
controller-0 on secure port.
This is because openldap syncrepl on controller-0 is configured
during bootstrap where it takes the default provider_uri value
(which has the insecure port) from controller hieradata. This change
moved the default value from controller hieradata to ldap puppet
params class, with different protocols for CentOS and Debian.
Test Plan:
PASS: DX system deployment
PASS: Check syncrepl section in slapd.conf.backup, on each controller,
it should contain:
provider=ldaps://<controller>
tls_cert="/etc/ldap/certs/openldap-cert.crt"
tls_key="/etc/ldap/certs/openldap-cert.key"
tls_cacert="/etc/ssl/certs/ca-certificates.crt"
tls_reqsan=demand
PASS: On one controller, add a new openldap user, and check the
newly added user exists on the other controller by:
ldapsearch -xH ldaps://<the other controller>
-b 'ou=people,dc=cgcs,dc=local' '(objectclass=*)' |
grep <the newly added user>
PASS: After active controller swact, repeat TC #3 again.
Closes-Bug: 1989725
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: Iedb5ff0af78814b21be2ebc6fac2b809335d2a3c
126d9a197e