119 lines
3.8 KiB
Ruby
119 lines
3.8 KiB
Ruby
resource_name :dirsrv_instance
|
|
|
|
property :instance_name, String, name_property: true
|
|
property :hostname, String, required: true
|
|
property :admin_password, String, required: true
|
|
property :suffix, String, required: true
|
|
property :admin_username, String, default: 'admin'
|
|
property :bind_dn, String, default: 'cn=Directory Manager'
|
|
property :port, Integer, default: 389
|
|
|
|
action :create do
|
|
include_recipe "apt"
|
|
package "389-ds-base"
|
|
|
|
include_recipe "ulimit"
|
|
user_ulimit "dirsrv" do
|
|
filehandle_limit 40960
|
|
end
|
|
|
|
config = {
|
|
instance_name: new_resource.instance_name,
|
|
hostname: new_resource.hostname,
|
|
suffix: new_resource.suffix,
|
|
port: new_resource.port,
|
|
bind_dn: new_resource.bind_dn,
|
|
admin_username: new_resource.admin_username,
|
|
admin_password: new_resource.admin_password,
|
|
base_dir: "/var/lib/dirsrv",
|
|
conf_dir: "/etc/dirsrv"
|
|
}
|
|
|
|
inst_dir = "/etc/dirsrv/slapd-#{new_resource.instance_name}"
|
|
service_name = "dirsrv@#{new_resource.instance_name}"
|
|
|
|
unless ::Dir.exists?(inst_dir)
|
|
setup_config = "#{config[:conf_dir]}/setup-#{new_resource.instance_name}.inf"
|
|
template setup_config do
|
|
source "setup.inf.erb"
|
|
mode "0600"
|
|
owner "root"
|
|
group "root"
|
|
sensitive true
|
|
variables config
|
|
end
|
|
|
|
execute "setup-#{new_resource.instance_name}" do
|
|
command "setup-ds --silent --file #{setup_config}"
|
|
creates ::File.join inst_dir, 'dse.ldif'
|
|
action :nothing
|
|
subscribes :run, "template[#{setup_config}]", :immediately
|
|
notifies :restart, "service[#{service_name}]", :immediately
|
|
notifies :delete, "template[#{setup_config}]", :immediately
|
|
notifies :run, "execute[add users group]", :delayed
|
|
end
|
|
end
|
|
|
|
service service_name do
|
|
action [:enable, :start]
|
|
end
|
|
|
|
cookbook_file "#{Chef::Config[:file_cache_path]}/users.ldif" do
|
|
source "users.ldif"
|
|
owner "root"
|
|
group "root"
|
|
end
|
|
|
|
execute "add users group" do
|
|
command "ldapadd -x -w #{new_resource.admin_password} -D '#{new_resource.bind_dn}' -f '#{Chef::Config[:file_cache_path]}/users.ldif' -p #{new_resource.port} -h localhost"
|
|
sensitive true
|
|
action :nothing
|
|
end
|
|
|
|
|
|
unless node.chef_environment == "development"
|
|
cookbook_file "#{Chef::Config[:file_cache_path]}/tls.ldif" do
|
|
source "tls.ldif"
|
|
owner "root"
|
|
group "root"
|
|
end
|
|
|
|
include_recipe "kosmos-nginx"
|
|
|
|
nginx_certbot_site new_resource.hostname do
|
|
notifies :run, "execute[generate p12 cert]", :immediately
|
|
end
|
|
|
|
# Merge the full chain and private key into one cert, to import into the
|
|
# dirsrv dir
|
|
execute "generate p12 cert" do
|
|
command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert'"
|
|
action :nothing
|
|
notifies :run, "execute[import p12 cert]", :immediately
|
|
end
|
|
|
|
execute "import p12 cert" do
|
|
command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir}"
|
|
action :nothing
|
|
notifies :run, "execute[add tls config]", :immediately
|
|
end
|
|
|
|
execute "add tls config" do
|
|
command "ldapadd -x -w #{new_resource.admin_password} -D '#{new_resource.bind_dn}' -f '#{Chef::Config[:file_cache_path]}/tls.ldif' -p #{new_resource.port} -h localhost"
|
|
sensitive true
|
|
action :nothing
|
|
end
|
|
|
|
include_recipe "firewall"
|
|
firewall_rule "ldap" do
|
|
port [config[:port], 636]
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
|
|
# backup the data dir and the config files
|
|
node.override["backup"]["archives"]["dirsrv"] = ["/etc/dirsrv", "/var/lib/dirsrv"]
|
|
include_recipe "backup"
|
|
end
|
|
end
|