kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 3 Projects 2 Activity
chef/site-cookbooks/kosmos-dirsrv/resources/instance.rb
Greg Karékinian dc91128eca Use a custom resource to create a 389 Directory Server instance 
This replaces the default recipe and will make it much easier to create
other types of instances, for example for replication
2019-11-29 14:34:52 +01:00

119 lines
3.8 KiB
Ruby
Raw Blame History

resource_name :dirsrv_instance
property :instance_name, String, name_property: true
property :hostname, String, required: true
property :admin_password, String, required: true
property :suffix, String, required: true
property :admin_username, String, default: 'admin'
property :bind_dn, String, default: 'cn=Directory Manager'
property :port, Integer, default: 389
action :create do
include_recipe "apt"
package "389-ds-base"
include_recipe "ulimit"
user_ulimit "dirsrv" do
filehandle_limit 40960
end
config = {
instance_name: new_resource.instance_name,
hostname: new_resource.hostname,
suffix: new_resource.suffix,
port: new_resource.port,
bind_dn: new_resource.bind_dn,
admin_username: new_resource.admin_username,
admin_password: new_resource.admin_password,
base_dir: "/var/lib/dirsrv",
conf_dir: "/etc/dirsrv"
}
inst_dir = "/etc/dirsrv/slapd-#{new_resource.instance_name}"
service_name = "dirsrv@#{new_resource.instance_name}"
unless ::Dir.exists?(inst_dir)
setup_config = "#{config[:conf_dir]}/setup-#{new_resource.instance_name}.inf"
template setup_config do
source "setup.inf.erb"
mode "0600"
owner "root"
group "root"
sensitive true
variables config
end
execute "setup-#{new_resource.instance_name}" do
command "setup-ds --silent --file #{setup_config}"
creates ::File.join inst_dir, 'dse.ldif'
action :nothing
subscribes :run, "template[#{setup_config}]", :immediately
notifies :restart, "service[#{service_name}]", :immediately
notifies :delete, "template[#{setup_config}]", :immediately
notifies :run, "execute[add users group]", :delayed
end
end
service service_name do
action [:enable, :start]
end
cookbook_file "#{Chef::Config[:file_cache_path]}/users.ldif" do
source "users.ldif"
owner "root"
group "root"
end
execute "add users group" do
command "ldapadd -x -w #{new_resource.admin_password} -D '#{new_resource.bind_dn}' -f '#{Chef::Config[:file_cache_path]}/users.ldif' -p #{new_resource.port} -h localhost"
sensitive true
action :nothing
end
unless node.chef_environment == "development"
cookbook_file "#{Chef::Config[:file_cache_path]}/tls.ldif" do
source "tls.ldif"
owner "root"
group "root"
end
include_recipe "kosmos-nginx"
nginx_certbot_site new_resource.hostname do
notifies :run, "execute[generate p12 cert]", :immediately
end
# Merge the full chain and private key into one cert, to import into the
# dirsrv dir
execute "generate p12 cert" do
command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert'"
action :nothing
notifies :run, "execute[import p12 cert]", :immediately
end
execute "import p12 cert" do
command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir}"
action :nothing
notifies :run, "execute[add tls config]", :immediately
end
execute "add tls config" do
command "ldapadd -x -w #{new_resource.admin_password} -D '#{new_resource.bind_dn}' -f '#{Chef::Config[:file_cache_path]}/tls.ldif' -p #{new_resource.port} -h localhost"
sensitive true
action :nothing
end
include_recipe "firewall"
firewall_rule "ldap" do
port [config[:port], 636]
protocol :tcp
command :allow
end
# backup the data dir and the config files
node.override["backup"]["archives"]["dirsrv"] = ["/etc/dirsrv", "/var/lib/dirsrv"]
include_recipe "backup"
end
end
Reference in New Issue View Git Blame Copy Permalink