Use a custom resource to create a 389 Directory Server instance

This replaces the default recipe and will make it much easier to create other types of instances, for example for replication
2019-11-29 14:34:52 +01:00
parent 65eca52b75
commit dc91128eca
6 changed files with 146 additions and 143 deletions
--- a/site-cookbooks/kosmos-dirsrv/recipes/default.rb
+++ b/site-cookbooks/kosmos-dirsrv/recipes/default.rb
@@ -24,110 +24,10 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.

-include_recipe "apt"
-package "389-ds-base"
+credentials = data_bag_item("credentials", "dirsrv")

-include_recipe "ulimit"
-user_ulimit "dirsrv" do
-  filehandle_limit 40960
-end
-
-credentials = data_bag_item("credentials", "389")
-
-config = {
-  instance:    node[:hostname],
-  suffix:      "dc=kosmos,dc=org",
-  port:        389,
-  credentials: credentials,
-  base_dir: "/var/lib/dirsrv",
-  conf_dir: "/etc/dirsrv"
-}
-
-inst_dir = "/etc/dirsrv/slapd-#{config[:instance]}"
-service_name = "dirsrv@#{config[:instance]}"
-
-unless ::Dir.exists?(inst_dir)
-  setup_config = "#{config[:conf_dir]}/setup-#{config[:instance]}.inf"
-  template setup_config do
-    source "setup.inf.erb"
-    mode "0600"
-    owner "root"
-    group "root"
-    sensitive true
-    variables config
-  end
-
-  execute "setup-#{config[:instance]}" do
-    command "setup-ds --silent --file #{setup_config}"
-    creates ::File.join inst_dir, 'dse.ldif'
-    action :nothing
-    subscribes :run, "template[#{setup_config}]", :immediately
-    notifies :restart, "service[#{service_name}]", :immediately
-    notifies :delete, "template[#{setup_config}]", :immediately
-    notifies :run, "execute[add users group]", :delayed
-  end
-end
-
-service service_name do
-  action [:enable, :start]
-end
-
-cookbook_file "#{Chef::Config[:file_cache_path]}/users.ldif" do
-  source "users.ldif"
-  owner "root"
-  group "root"
-end
-
-execute "add users group" do
-  command "ldapadd -x -w #{credentials['password']} -D 'cn=Directory Manager' -f '#{Chef::Config[:file_cache_path]}/users.ldif'"
-  sensitive true
-  action :nothing
-end
-
-
-unless node.chef_environment == "development"
-  cookbook_file "#{Chef::Config[:file_cache_path]}/tls.ldif" do
-    source "tls.ldif"
-    owner "root"
-    group "root"
-  end
-
-  include_recipe "kosmos-nginx"
-
-  domain = node["kosmos-dirsrv"]["nginx"]["domain"]
-
-  nginx_certbot_site domain do
-    notifies :run, "execute[generate p12 cert]", :immediately
-  end
-
-  # Merge the full chain and private key into one cert, to import into the
-  # dirsrv dir
-  execute "generate p12 cert" do
-    command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{domain}/fullchain.pem -inkey /etc/letsencrypt/live/#{domain}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{domain}.p12 -name 'Server-Cert'"
-    action :nothing
-    notifies :run, "execute[import p12 cert]", :immediately
-  end
-
-  execute "import p12 cert" do
-    command "pk12util -i #{Chef::Config[:file_cache_path]}/#{domain}.p12 -d #{inst_dir}"
-    action :nothing
-    notifies :run, "execute[add tls config]", :immediately
-  end
-
-  execute "add tls config" do
-    command "ldapadd -x -w #{credentials['password']} -D 'cn=Directory Manager' -f '#{Chef::Config[:file_cache_path]}/tls.ldif'"
-    sensitive true
-    action :nothing
-  end
-
-  include_recipe "firewall"
-  firewall_rule "ldap" do
-    port     [config[:port], 636]
-    protocol :tcp
-    command  :allow
-  end
-
-  # backup the data dir and the config files
-  node.override["backup"]["archives"]["dirsrv"] = ["/etc/dirsrv", "/var/lib/dirsrv"]
-  include_recipe "backup"
+dirsrv_instance "master" do
+  hostname "ldap.kosmos.org"
+  admin_password credentials['admin_password']
+  suffix "dc=kosmos,dc=org"
 end