Vagrant: Add openldap stack w/ example data

refs #4218
2013-06-06 12:27:28 +02:00 · 2013-06-06 12:27:28 +02:00 · 59b9a7a448
parent 11f4a5b0b5
commit 59b9a7a448
6 changed files with 177 additions and 2 deletions
--- a/.vagrant-puppet/manifests/default.pp
+++ b/.vagrant-puppet/manifests/default.pp
@ -1,6 +1,7 @@
 include apache
 include mysql
 include pgsql
+include openldap

 Exec { path => '/bin:/usr/bin:/sbin' }

@ -24,8 +25,8 @@ $icinga_packages = [ 'gcc', 'glibc', 'glibc-common', 'gd', 'gd-devel',
  'libdbi-dbd-mysql', 'libdbi-dbd-pgsql' ]
 package { $icinga_packages: ensure => installed }

-php::extension { ['php-mysql', 'php-pgsql']:
-  require => [Class['mysql'], Class['pgsql']]
+php::extension { ['php-mysql', 'php-pgsql', 'php-ldap']:
+  require => [Class['mysql'], Class['pgsql'], Class['openldap']]
 }

 group { 'icinga-cmd':
@ -212,3 +213,30 @@ file { '/usr/local/icinga-mysql/etc/modules/mk-livestatus.cfg':
  require => Cmmi['mk-livestatus'],
  notify  => [Service['icinga-mysql'], Service['ido2db-mysql']]
 }
+
+file { 'openldap/db.ldif':
+  path    => '/usr/share/openldap-servers/db.ldif',
+  source  => 'puppet:///modules/openldap/db.ldif',
+  require => Class['openldap']
+}
+
+file { 'openldap/dit.ldif':
+  path    => '/usr/share/openldap-servers/dit.ldif',
+  source  => 'puppet:///modules/openldap/dit.ldif',
+  require => Class['openldap']
+}
+
+file { 'openldap/users.ldif':
+  path    => '/usr/share/openldap-servers/users.ldif',
+  source  => 'puppet:///modules/openldap/users.ldif',
+  require => Class['openldap']
+}
+
+exec { 'populate-openldap':
+  # TODO: Split the command and use unless instead of trying to populate openldap everytime
+  command => 'sudo ldapadd -c -Y EXTERNAL -H ldapi:/// -f /usr/share/openldap-servers/db.ldif || true && \
+              sudo ldapadd -c -D cn=admin,dc=icinga,dc=org -x -w admin -f /usr/share/openldap-servers/dit.ldif || true && \
+              sudo ldapadd -c -D cn=admin,dc=icinga,dc=org -x -w admin -f /usr/share/openldap-servers/users.ldif || true',
+  require => [Service['slapd'], File['openldap/db.ldif'],
+              File['openldap/dit.ldif'], File['openldap/users.ldif']]
+}
--- a/.vagrant-puppet/modules/openldap/files/db.ldif
+++ b/.vagrant-puppet/modules/openldap/files/db.ldif
@ -0,0 +1,18 @@
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+replace: olcRootPW
+olcRootPW: {SSHA}N/2WMqT8q7cElh7KUQz+p9TJbjmKv/u9
+-
+replace: olcRootDN
+olcRootDN: cn=admin,cn=config
+
+dn: olcDatabase={2}bdb,cn=config
+changetype: modify
+replace: olcRootPW
+olcRootPW: {SSHA}MxMpLBo2/TSymoIBf/Sb5iQac7Wwiur5
+-
+replace: olcSuffix
+olcSuffix: dc=icinga,dc=org
+-
+replace: olcRootDN
+olcRootDN: cn=admin,dc=icinga,dc=org
--- a/.vagrant-puppet/modules/openldap/files/dit.ldif
+++ b/.vagrant-puppet/modules/openldap/files/dit.ldif
@ -0,0 +1,4 @@
+dn: dc=icinga,dc=org
+dc: icinga
+objectClass: top
+objectClass: domain
--- a/.vagrant-puppet/modules/openldap/files/users.ldif
+++ b/.vagrant-puppet/modules/openldap/files/users.ldif
@ -0,0 +1,43 @@
+dn: ou=people,dc=icinga,dc=org
+ou: people
+objectclass: organizationalunit
+
+dn: ou=groups,dc=icinga,dc=org
+ou: groups
+objectclass: organizationalunit
+
+dn: cn=John Doe,ou=people,dc=icinga,dc=org
+objectclass: inetOrgPerson
+cn: John Doe
+sn: Doe
+uid: jdoe
+userpassword: password
+
+dn: cn=Jane Smith,ou=people,dc=icinga,dc=org
+objectclass: inetOrgPerson
+cn: Jane Smith
+sn: Smith
+uid: jsmith
+userpassword: password
+
+dn: cn=John Q. Public,ou=people,dc=icinga,dc=org
+objectclass: inetOrgPerson
+cn: John Q. Public
+sn: Public
+uid: jqpublic
+userpassword: password
+
+dn: cn=Richard Roe,ou=people,dc=icinga,dc=org
+objectclass: inetOrgPerson
+cn: Richard Roe
+sn: Roe
+uid: jroe
+userpassword: password
+
+dn: cn=Users,ou=groups,dc=icinga,dc=org
+objectClass: groupOfUniqueNames
+cn: Users
+uniqueMember: uid=jdoe,ou=people,dc=icinga,dc=rg
+uniqueMember: uid=jsmith,ou=people,dc=icinga,dc=rg
+uniqueMember: uid=jqpublic,ou=people,dc=icinga,dc=rg
+uniqueMember: uid=jroe,ou=people,dc=icinga,dc=rg
--- a/.vagrant-puppet/modules/openldap/manifests/init.pp
+++ b/.vagrant-puppet/modules/openldap/manifests/init.pp
@ -0,0 +1,25 @@
+# Class: openldap
+#
+#   This class installs the openldap servers and clients software.
+#
+# Parameters:
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+#   include openldap
+#
+class openldap {
+
+  package { ['openldap-servers', 'openldap-clients']: 
+    ensure => installed
+  }
+
+  service { 'slapd':
+    ensure  => running,
+    require => Package['openldap-servers']
+  }
+}
--- a/README.md
+++ b/README.md
@ -14,6 +14,10 @@ have to do is install Vagrant and run:

    vagrant up

+> **Note** that the first boot of the vm takes a fairly long time because
+> you'll download a plain CentOS base box and Vagrant will automatically
+> provision the environment on the first go.
+
 After you should be able to browse [localhost:8080/icinga2-web](http://localhost:8080/icinga2-web).

 ### Environment 
@ -98,10 +102,63 @@ For **logging into** the Icinga classic web interface use user *icingaadmin* wit
 MK Livestatus is added to the Icinga installation using a MySQL database.

 **Installation path**:
+
 * `/usr/local/icinga-mysql/bin/unixcat`
 * `/usr/local/icinga-mysql/lib/mk-livestatus/livecheck`
 * `/usr/local/icinga-mysql/lib/mk-livestatus/livestatus.o`
 * `/usr/local/icinga-mysql/etc/modules/mk-livestatus.cfg`
 * `/usr/local/icinga-mysql/var/rw/live`

+**Example usage**:

+    echo "GET hosts" | /usr/local/icinga-mysql/bin/unixcat /usr/local/icinga-mysql/var/rw/live
+
+#### LDAP example data
+
+The environment includes a openldap server with example data. *Domain* suffix is **dc=icinga,dc=org**.
+Administrator (*rootDN*) of the slapd configuration database is **cn=admin,cn=config** and the
+administrator (*rootDN*) of our database instance is **cn=admin,dc=icinga,dc=org**. Both share
+the *password* `admin`.
+
+Examples to query the slapd configuration database:
+
+    ldapsearch -x -W -LLL -D cn=admin,cn=config -b cn=config dn
+    ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b cn=config dn
+
+Examples to query our database instance:
+
+    ldapsearch -x -W -LLL -D cn=admin,dc=icinga,dc=org -b dc=icinga,dc=org dn
+    ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b dc=icinga,dc=org dn
+
+This is what the **dc=icinga,dc=org** *DIT* looks like:
+
+> dn: dc=icinga,dc=org
+> 
+> dn: ou=people,dc=icinga,dc=org
+> 
+> dn: ou=groups,dc=icinga,dc=org
+> 
+> dn: cn=Users,ou=groups,dc=icinga,dc=org
+> cn: Users
+> uniqueMember: uid=jdoe,ou=people,dc=icinga,dc=rg
+> uniqueMember: uid=jsmith,ou=people,dc=icinga,dc=rg
+> uniqueMember: uid=jqpublic,ou=people,dc=icinga,dc=rg
+> uniqueMember: uid=jroe,ou=people,dc=icinga,dc=rg
+> 
+> dn: cn=John Doe,ou=people,dc=icinga,dc=org
+> cn: John Doe
+> uid: jdoe
+> 
+> dn: cn=Jane Smith,ou=people,dc=icinga,dc=org
+> cn: Jane Smith
+> uid: jsmith
+> 
+> dn: cn=John Q. Public,ou=people,dc=icinga,dc=org
+> cn: John Q. Public
+> uid: jqpublic
+> 
+> dn: cn=Richard Roe,ou=people,dc=icinga,dc=org
+> cn: Richard Roe
+> uid: jroe
+
+All users share the password `password`.