[OpenLDAP] Puppet based version

The new version of OpenLDAP application which has
the same functionality but uses puppet module to
deploy OpenLDAP
https://forge.puppetlabs.com/datacentred/ldap

Change-Id: I04328dbf596487bdd16a0db24d3b5268c658dfd9

murano-apps/OpenLDAP2/package/Classes/OpenLDAP.yaml

@@ -0,0 +1,111 @@
+Namespaces:
+  =: io.murano.opaas
+  std: io.murano
+  res: io.murano.resources
+  sys: io.murano.system
+  puppet: io.murano.opaas.puppet
+
+
+Name: OpenLDAP
+
+Extends: std:Application
+
+Properties:
+  instance:
+    Contract: $.class(puppet:PuppetInstance).notNull()
+  name:
+    Contract: $.string().notNull()
+  domain:
+    Contract: $.string()
+  ldapUser:
+    Contract: $.string()
+  ldapPass:
+    Contract: $.string()
+
+Methods:
+  initialize:
+    Body:
+      - $._environment: $.find(std:Environment).require()
+
+  deploy:
+    Body:
+      - If: not $.getAttr(deployed, false)
+        Then:
+          - $securityGroupIngress:
+              - ToPort: 389
+                FromPort: 389
+                IpProtocol: tcp
+                External: true
+              - ToPort: 636
+                FromPort: 636
+                IpProtocol: tcp
+                External: true
+          - $._environment.securityGroupManager.addGroupIngress($securityGroupIngress)
+          - $._environment.reporter.report($this, 'Creating VM for OpenLDAP {0}'.format($.instance.openstackId))
+          - $.instance.deploy()
+          - $._environment.reporter.report($this, 'VM Created {0}'.format($.instance.openstackId))
+
+          - $.instance.installPuppetModule('datacentred-ldap')
+
+          - $.createConfiguration()
+
+
+          - $resources: new(sys:Resources)
+          - $template: $resources.yaml('DeployOpenLDAP.template')
+          - $._environment.reporter.report($this, 'OpenLDAP deploying')
+          - $.instance.agent.call($template, $resources)
+          - $._environment.reporter.report($this, format('OpenLDAP is available at {0}', $.instance.floatingIpAddress))
+
+          - If: $.domain != '' and $.domain != null
+            Then:
+              - If: $.ldapUser != '' and $.ldapUser != null
+                Then:
+                  - $.configureOpenLDAPUser($.domain, $.ldapUser, $.ldapPass)
+          - $.setAttr(deployed, true)
+          - $._environment.reporter.report($this, 'OpenLDAP is deployed!')
+
+  createConfiguration:
+    Body:
+      - $.instance.setHieraValue('ldap_domain', $.domain)
+      - $.instance.setHieraValue('ldap_dc', $.domain.split('.')[0])
+      - $.instance.setHieraValue('ldap_user', $.ldapUser)
+      - $.instance.setHieraValue('ldap_password', $.ldapPass)
+
+      - !yaql "$.instance.setHieraValue('ldap::client::uri', 'localhost')"
+      - !yaql "$.instance.setHieraValue('ldap::server::rootpw', $.ldapPass)"
+      - !yaql "$.instance.setHieraValue('ldap::client::ssl_cert', '')"
+
+      #
+      # these values are also supported by puppet module
+      #
+      #- !yaql "$.instance.setHieraValue('ldap::client::base', 'dc=example,dc=com')"
+      #- !yaql "$.instance.setHieraValue('ldap::client::ssl', 'false')"
+      #- !yaql "$.instance.setHieraValue('ldap::server::suffix', 'dc=example,dc=com')"
+      #- !yaql "$.instance.setHieraValue('ldap::server::rootdn', 'cn=admin,dc=example,dc=com')"
+      #- !yaql "$.instance.setHieraValue('ldap::server::ssl', false)"
+      #- !yaql "$.instance.setHieraValue('ldap::server::ssl_cacert', '')"
+      #- !yaql "$.instance.setHieraValue('ldap::server::ssl_cert', '')"
+      #- !yaql "$.instance.setHieraValue('ldap::server::ssl_key', '')"
+
+  configureOpenLDAPUser:
+    Arguments:
+      - domain:
+          Contract: $.string().notNull()
+      - ldapUser:
+          Contract: $.string().notNull()
+      - ldapPass:
+          Contract: $.string().notNull()
+    Body:
+      - $resources: new(sys:Resources)
+      - $template: $resources.yaml('ConfigureOpenLDAPUser.template').bind(dict(
+            domain => $domain,
+            ldapUser => $ldapUser,
+            ldapPass => $ldapPass
+          ))
+      - $.instance.agent.call($template, $resources)
+      - $._environment.reporter.report($this, 'OpenLDAP user {0} is added'.format($ldapUser))
+
+  destroy:
+    Body:
+      - $.reportDestroyed()
+      - $.setAttr(deployed, false)

murano-apps/OpenLDAP2/package/Resources/ConfigureOpenLDAPUser.template

@@ -0,0 +1,21 @@
+FormatVersion: 2.0.0
+Version: 1.0.0
+Name: Configure OpenLDAP
+
+Parameters:
+  domain: $domain
+  ldapUser: $ldapUser
+  ldapPass: $ldapPass
+
+Body: |
+  return configure('{0} {1} {2}'.format(args.domain, args.ldapUser, args.ldapPass)).stdout
+
+Scripts:
+  configure:
+    Type: Application
+    Version: 1.0.0
+    EntryPoint: configureOpenLDAPUser.sh
+    Files: []
+    Options:
+      captureStdout: true
+      captureStderr: true

murano-apps/OpenLDAP2/package/Resources/DeployOpenLDAP.template

@@ -0,0 +1,18 @@
+FormatVersion: 2.1.0
+Version: 1.0.0
+Name: Deploy OpenLDAP
+
+Parameters:
+
+Body: |
+  return deploy().stdout
+
+Scripts:
+  deploy:
+    Type: Application
+    Version: 1.0.0
+    EntryPoint: deployOpenLDAP.sh
+    Files: ['site.pp']
+    Options:
+      captureStdout: true
+      captureStderr: true

murano-apps/OpenLDAP2/package/Resources/scripts/configureOpenLDAPUser.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+DOMAIN="$1"
+USERNAME="$2"
+PASSWORD="$3"
+
+DOMAIN_PASSWORD=$PASSWORD
+
+NAME="`echo "$DOMAIN" | cut -d. -f1`"
+TLD="`echo "$DOMAIN" | cut -d. -f2`"
+
+
+ldapadd -x -w $DOMAIN_PASSWORD -D "cn=${USERNAME},dc=${NAME},dc=${TLD}" << USER
+dn: uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD}
+objectClass: top
+objectClass: account
+objectClass: posixAccount
+objectClass: shadowAccount
+cn: ${USERNAME}
+uid: ${USERNAME}
+uidNumber: 1001
+gidNumber: 1001
+homeDirectory: /home/${USERNAME}
+loginShell: /bin/bash
+gecos: ${USERNAME}@${DOMAIN}
+userPassword: {crypt}x
+shadowLastChange: 0
+shadowMax: 0
+shadowWarning: 0
+USER
+
+ldappasswd -w $DOMAIN_PASSWORD -s ${PASSWORD} -D "cn=${USERNAME},dc=${NAME},dc=${TLD}" -x uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD}
+
+# check if user been created
+ldapwhoami -x -w ${PASSWORD} -D uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD} -hlocalhost -p389

murano-apps/OpenLDAP2/package/Resources/scripts/deployOpenLDAP.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils
+
+# needed to use ldap puppet module
+# https://forge.puppetlabs.com/datacentred/ldap
+apt-get install ruby-net-ldap
+
+puppet apply site.pp
+
+# Open firewall for ldap/ldaps
+iptables -I INPUT 1 -p tcp -m tcp --dport 389 -j ACCEPT -m comment --comment "by murano, OpenLDAP server access on port 389"
+iptables -I INPUT 1 -p tcp -m tcp --dport 636 -j ACCEPT -m comment --comment "by murano, OpenLDAP server access on port 636"

murano-apps/OpenLDAP2/package/Resources/scripts/site.pp

@@ -0,0 +1,43 @@
+node default {
+
+  $dc = hiera("ldap_dc")
+  $dn = domain2dn(hiera("ldap_domain"))
+  $user = hiera('ldap_user')
+
+  class { 'ldap::server':
+    suffix  => $dn,
+    rootdn  => "cn=$user,$dn",
+    rootpw  => hiera('ldap_password'),
+  }
+
+  $ldap_defaults = {
+    ensure   => present,
+    base     => $dn,
+    host     => 'localhost',
+    port     => 389,
+    ssl      => false,
+    username => "cn=$user,${dn}",
+    password => hiera('ldap_password')
+  }
+
+  $ldap_entries = {
+    "$dn"                   =>{
+      attributes => {
+        dc          => "$dc",
+        objectClass => ['top','domain'],
+        description => 'Tree root'
+      },
+    },
+    "ou=users,$dn"          =>{
+      attributes => {
+        ou         => "users",
+        objectClass=>['top', 'organizationalUnit'],
+        description=> "Users for ${dn}",
+      }
+    },
+  }
+
+  create_resources('ldap_entry', $ldap_entries,$ldap_defaults)
+}
+
+

murano-apps/OpenLDAP2/package/UI/ui.yaml

@@ -0,0 +1,104 @@
+Version: 2
+
+Application:
+  ?:
+    type: io.murano.opaas.OpenLDAP
+  name: $.appConfiguration.name
+  domain: $.appConfiguration.domain
+  ldapUser: $.appConfiguration.ldapUser
+  ldapPass: $.appConfiguration.ldapPass
+  instance:
+    ?:
+      type: io.murano.opaas.puppet.PuppetInstance
+    name: generateHostname($.instanceConfiguration.unitNamingPattern, 1)
+    flavor: $.instanceConfiguration.flavor
+    image: $.instanceConfiguration.osImage
+    keyname: $.instanceConfiguration.keyPair
+    availabilityZone: $.instanceConfiguration.availabilityZone
+    assignFloatingIp: $.appConfiguration.assignFloatingIP
+
+Forms:
+  - appConfiguration:
+      fields:
+        - name: name
+          type: string
+          label: Application Name
+          initial: OpenLDAP
+          description: >-
+            Enter a desired name for the application. Just A-Z, a-z, 0-9, dash
+            and underline are allowed
+        - name: domain
+          type: string
+          label: Domain
+          initial: domain.tld
+          required: false
+          descriptionTitle: Domain
+          description: >-
+            Please, provide domain for the OpenLDAP instance
+        - name: ldapUser
+          type: string
+          label: Username
+          required: false
+          descriptionTitle: LDAP User
+          description: >-
+            Please, provide username
+        - name: ldapPass
+          type: password
+          label: Password
+          required: false
+          descriptionTitle: LDAP Password
+          description: >-
+            Please, provide password
+        - name: assignFloatingIP
+          type: boolean
+          label: Assign Floating IP
+          description: >-
+             Select to true to assign floating IP automatically
+          initial: true
+          required: false
+  - instanceConfiguration:
+      fields:
+        - name: title
+          type: string
+          required: false
+          hidden: true
+          description: Specify some instance parameters on which the application would be created
+        - name: flavor
+          type: flavor
+          label: Instance flavor
+          description: >-
+            Select registered in Openstack flavor. Consider that application performance
+            depends on this parameter.
+          initial: m1.tiny
+          required: false
+        - name: osImage
+          type: image
+          imageType: linux
+          label: Instance image
+          description: >-
+            Select a valid image for the application. Image should already be prepared and
+            registered in glance.
+        - name: keyPair
+          type: keypair
+          label: Key Pair
+          description: >-
+            Select a Key Pair to control access to instances. You can login to
+            instances using this KeyPair after the deployment of application.
+          required: false
+        - name: availabilityZone
+          type: azone
+          label: Availability zone
+          description: Select availability zone where the application would be installed.
+          required: false
+        - name: unitNamingPattern
+          type: string
+          label: Instance Naming Pattern
+          required: false
+          maxLength: 200
+          regexpValidator: '^[-_\w]+$'
+          errorMessages:
+            invalid: Just letters, numbers, underscores and hyphens are allowed.
+          helpText: Just letters, numbers, underscores and hyphens are allowed.
+          description: >-
+            Specify a string, that will be used in instance hostname.
+            Just A-Z, a-z, 0-9, dash and underline are allowed.

murano-apps/OpenLDAP2/package/manifest.yaml

@@ -0,0 +1,12 @@
+Format: 1.0
+Type: Application
+FullName: io.murano.opaas.OpenLDAP
+Name: OpenLDAP-Puppet
+Description: |
+ OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol.
+Author: 'Mirantis, Inc'
+Tags: [Server, LDAP]
+Classes:
+ io.murano.opaas.OpenLDAP: OpenLDAP.yaml
+UI: ui.yaml
+Logo: logo.png