diff --git a/murano-apps/OpenLDAP2/package/Classes/OpenLDAP.yaml b/murano-apps/OpenLDAP2/package/Classes/OpenLDAP.yaml new file mode 100644 index 0000000..47a2d1b --- /dev/null +++ b/murano-apps/OpenLDAP2/package/Classes/OpenLDAP.yaml @@ -0,0 +1,111 @@ +Namespaces: + =: io.murano.opaas + std: io.murano + res: io.murano.resources + sys: io.murano.system + puppet: io.murano.opaas.puppet + + +Name: OpenLDAP + +Extends: std:Application + +Properties: + instance: + Contract: $.class(puppet:PuppetInstance).notNull() + name: + Contract: $.string().notNull() + domain: + Contract: $.string() + ldapUser: + Contract: $.string() + ldapPass: + Contract: $.string() + +Methods: + initialize: + Body: + - $._environment: $.find(std:Environment).require() + + deploy: + Body: + - If: not $.getAttr(deployed, false) + Then: + - $securityGroupIngress: + - ToPort: 389 + FromPort: 389 + IpProtocol: tcp + External: true + - ToPort: 636 + FromPort: 636 + IpProtocol: tcp + External: true + - $._environment.securityGroupManager.addGroupIngress($securityGroupIngress) + - $._environment.reporter.report($this, 'Creating VM for OpenLDAP {0}'.format($.instance.openstackId)) + - $.instance.deploy() + - $._environment.reporter.report($this, 'VM Created {0}'.format($.instance.openstackId)) + + - $.instance.installPuppetModule('datacentred-ldap') + + - $.createConfiguration() + + + - $resources: new(sys:Resources) + - $template: $resources.yaml('DeployOpenLDAP.template') + - $._environment.reporter.report($this, 'OpenLDAP deploying') + - $.instance.agent.call($template, $resources) + - $._environment.reporter.report($this, format('OpenLDAP is available at {0}', $.instance.floatingIpAddress)) + + - If: $.domain != '' and $.domain != null + Then: + - If: $.ldapUser != '' and $.ldapUser != null + Then: + - $.configureOpenLDAPUser($.domain, $.ldapUser, $.ldapPass) + - $.setAttr(deployed, true) + - $._environment.reporter.report($this, 'OpenLDAP is deployed!') + + createConfiguration: + Body: + - $.instance.setHieraValue('ldap_domain', $.domain) + - $.instance.setHieraValue('ldap_dc', $.domain.split('.')[0]) + - $.instance.setHieraValue('ldap_user', $.ldapUser) + - $.instance.setHieraValue('ldap_password', $.ldapPass) + + - !yaql "$.instance.setHieraValue('ldap::client::uri', 'localhost')" + - !yaql "$.instance.setHieraValue('ldap::server::rootpw', $.ldapPass)" + - !yaql "$.instance.setHieraValue('ldap::client::ssl_cert', '')" + + # + # these values are also supported by puppet module + # + #- !yaql "$.instance.setHieraValue('ldap::client::base', 'dc=example,dc=com')" + #- !yaql "$.instance.setHieraValue('ldap::client::ssl', 'false')" + #- !yaql "$.instance.setHieraValue('ldap::server::suffix', 'dc=example,dc=com')" + #- !yaql "$.instance.setHieraValue('ldap::server::rootdn', 'cn=admin,dc=example,dc=com')" + #- !yaql "$.instance.setHieraValue('ldap::server::ssl', false)" + #- !yaql "$.instance.setHieraValue('ldap::server::ssl_cacert', '')" + #- !yaql "$.instance.setHieraValue('ldap::server::ssl_cert', '')" + #- !yaql "$.instance.setHieraValue('ldap::server::ssl_key', '')" + + configureOpenLDAPUser: + Arguments: + - domain: + Contract: $.string().notNull() + - ldapUser: + Contract: $.string().notNull() + - ldapPass: + Contract: $.string().notNull() + Body: + - $resources: new(sys:Resources) + - $template: $resources.yaml('ConfigureOpenLDAPUser.template').bind(dict( + domain => $domain, + ldapUser => $ldapUser, + ldapPass => $ldapPass + )) + - $.instance.agent.call($template, $resources) + - $._environment.reporter.report($this, 'OpenLDAP user {0} is added'.format($ldapUser)) + + destroy: + Body: + - $.reportDestroyed() + - $.setAttr(deployed, false) diff --git a/murano-apps/OpenLDAP2/package/Resources/ConfigureOpenLDAPUser.template b/murano-apps/OpenLDAP2/package/Resources/ConfigureOpenLDAPUser.template new file mode 100644 index 0000000..b91e88e --- /dev/null +++ b/murano-apps/OpenLDAP2/package/Resources/ConfigureOpenLDAPUser.template @@ -0,0 +1,21 @@ +FormatVersion: 2.0.0 +Version: 1.0.0 +Name: Configure OpenLDAP + +Parameters: + domain: $domain + ldapUser: $ldapUser + ldapPass: $ldapPass + +Body: | + return configure('{0} {1} {2}'.format(args.domain, args.ldapUser, args.ldapPass)).stdout + +Scripts: + configure: + Type: Application + Version: 1.0.0 + EntryPoint: configureOpenLDAPUser.sh + Files: [] + Options: + captureStdout: true + captureStderr: true diff --git a/murano-apps/OpenLDAP2/package/Resources/DeployOpenLDAP.template b/murano-apps/OpenLDAP2/package/Resources/DeployOpenLDAP.template new file mode 100644 index 0000000..ffd48a9 --- /dev/null +++ b/murano-apps/OpenLDAP2/package/Resources/DeployOpenLDAP.template @@ -0,0 +1,18 @@ +FormatVersion: 2.1.0 +Version: 1.0.0 +Name: Deploy OpenLDAP + +Parameters: + +Body: | + return deploy().stdout + +Scripts: + deploy: + Type: Application + Version: 1.0.0 + EntryPoint: deployOpenLDAP.sh + Files: ['site.pp'] + Options: + captureStdout: true + captureStderr: true diff --git a/murano-apps/OpenLDAP2/package/Resources/scripts/configureOpenLDAPUser.sh b/murano-apps/OpenLDAP2/package/Resources/scripts/configureOpenLDAPUser.sh new file mode 100644 index 0000000..a8b64ba --- /dev/null +++ b/murano-apps/OpenLDAP2/package/Resources/scripts/configureOpenLDAPUser.sh @@ -0,0 +1,34 @@ +#!/bin/bash +DOMAIN="$1" +USERNAME="$2" +PASSWORD="$3" + +DOMAIN_PASSWORD=$PASSWORD + +NAME="`echo "$DOMAIN" | cut -d. -f1`" +TLD="`echo "$DOMAIN" | cut -d. -f2`" + + +ldapadd -x -w $DOMAIN_PASSWORD -D "cn=${USERNAME},dc=${NAME},dc=${TLD}" << USER +dn: uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD} +objectClass: top +objectClass: account +objectClass: posixAccount +objectClass: shadowAccount +cn: ${USERNAME} +uid: ${USERNAME} +uidNumber: 1001 +gidNumber: 1001 +homeDirectory: /home/${USERNAME} +loginShell: /bin/bash +gecos: ${USERNAME}@${DOMAIN} +userPassword: {crypt}x +shadowLastChange: 0 +shadowMax: 0 +shadowWarning: 0 +USER + +ldappasswd -w $DOMAIN_PASSWORD -s ${PASSWORD} -D "cn=${USERNAME},dc=${NAME},dc=${TLD}" -x uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD} + +# check if user been created +ldapwhoami -x -w ${PASSWORD} -D uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD} -hlocalhost -p389 \ No newline at end of file diff --git a/murano-apps/OpenLDAP2/package/Resources/scripts/deployOpenLDAP.sh b/murano-apps/OpenLDAP2/package/Resources/scripts/deployOpenLDAP.sh new file mode 100644 index 0000000..77e8eeb --- /dev/null +++ b/murano-apps/OpenLDAP2/package/Resources/scripts/deployOpenLDAP.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils + +# needed to use ldap puppet module +# https://forge.puppetlabs.com/datacentred/ldap +apt-get install ruby-net-ldap + +puppet apply site.pp + +# Open firewall for ldap/ldaps +iptables -I INPUT 1 -p tcp -m tcp --dport 389 -j ACCEPT -m comment --comment "by murano, OpenLDAP server access on port 389" +iptables -I INPUT 1 -p tcp -m tcp --dport 636 -j ACCEPT -m comment --comment "by murano, OpenLDAP server access on port 636" diff --git a/murano-apps/OpenLDAP2/package/Resources/scripts/site.pp b/murano-apps/OpenLDAP2/package/Resources/scripts/site.pp new file mode 100644 index 0000000..970fa4d --- /dev/null +++ b/murano-apps/OpenLDAP2/package/Resources/scripts/site.pp @@ -0,0 +1,43 @@ +node default { + + $dc = hiera("ldap_dc") + $dn = domain2dn(hiera("ldap_domain")) + $user = hiera('ldap_user') + + class { 'ldap::server': + suffix => $dn, + rootdn => "cn=$user,$dn", + rootpw => hiera('ldap_password'), + } + + $ldap_defaults = { + ensure => present, + base => $dn, + host => 'localhost', + port => 389, + ssl => false, + username => "cn=$user,${dn}", + password => hiera('ldap_password') + } + + $ldap_entries = { + "$dn" =>{ + attributes => { + dc => "$dc", + objectClass => ['top','domain'], + description => 'Tree root' + }, + }, + "ou=users,$dn" =>{ + attributes => { + ou => "users", + objectClass=>['top', 'organizationalUnit'], + description=> "Users for ${dn}", + } + }, + } + + create_resources('ldap_entry', $ldap_entries,$ldap_defaults) +} + + diff --git a/murano-apps/OpenLDAP2/package/UI/ui.yaml b/murano-apps/OpenLDAP2/package/UI/ui.yaml new file mode 100644 index 0000000..04bbb5a --- /dev/null +++ b/murano-apps/OpenLDAP2/package/UI/ui.yaml @@ -0,0 +1,104 @@ +Version: 2 + +Application: + ?: + type: io.murano.opaas.OpenLDAP + name: $.appConfiguration.name + domain: $.appConfiguration.domain + ldapUser: $.appConfiguration.ldapUser + ldapPass: $.appConfiguration.ldapPass + instance: + ?: + type: io.murano.opaas.puppet.PuppetInstance + name: generateHostname($.instanceConfiguration.unitNamingPattern, 1) + flavor: $.instanceConfiguration.flavor + image: $.instanceConfiguration.osImage + keyname: $.instanceConfiguration.keyPair + availabilityZone: $.instanceConfiguration.availabilityZone + assignFloatingIp: $.appConfiguration.assignFloatingIP + +Forms: + - appConfiguration: + fields: + - name: name + type: string + label: Application Name + initial: OpenLDAP + description: >- + Enter a desired name for the application. Just A-Z, a-z, 0-9, dash + and underline are allowed + - name: domain + type: string + label: Domain + initial: domain.tld + required: false + descriptionTitle: Domain + description: >- + Please, provide domain for the OpenLDAP instance + - name: ldapUser + type: string + label: Username + required: false + descriptionTitle: LDAP User + description: >- + Please, provide username + - name: ldapPass + type: password + label: Password + required: false + descriptionTitle: LDAP Password + description: >- + Please, provide password + - name: assignFloatingIP + type: boolean + label: Assign Floating IP + description: >- + Select to true to assign floating IP automatically + initial: true + required: false + - instanceConfiguration: + fields: + - name: title + type: string + required: false + hidden: true + description: Specify some instance parameters on which the application would be created + - name: flavor + type: flavor + label: Instance flavor + description: >- + Select registered in Openstack flavor. Consider that application performance + depends on this parameter. + initial: m1.tiny + required: false + - name: osImage + type: image + imageType: linux + label: Instance image + description: >- + Select a valid image for the application. Image should already be prepared and + registered in glance. + - name: keyPair + type: keypair + label: Key Pair + description: >- + Select a Key Pair to control access to instances. You can login to + instances using this KeyPair after the deployment of application. + required: false + - name: availabilityZone + type: azone + label: Availability zone + description: Select availability zone where the application would be installed. + required: false + - name: unitNamingPattern + type: string + label: Instance Naming Pattern + required: false + maxLength: 200 + regexpValidator: '^[-_\w]+$' + errorMessages: + invalid: Just letters, numbers, underscores and hyphens are allowed. + helpText: Just letters, numbers, underscores and hyphens are allowed. + description: >- + Specify a string, that will be used in instance hostname. + Just A-Z, a-z, 0-9, dash and underline are allowed. diff --git a/murano-apps/OpenLDAP2/package/logo.png b/murano-apps/OpenLDAP2/package/logo.png new file mode 100644 index 0000000..7d8e7db Binary files /dev/null and b/murano-apps/OpenLDAP2/package/logo.png differ diff --git a/murano-apps/OpenLDAP2/package/manifest.yaml b/murano-apps/OpenLDAP2/package/manifest.yaml new file mode 100644 index 0000000..5f2a227 --- /dev/null +++ b/murano-apps/OpenLDAP2/package/manifest.yaml @@ -0,0 +1,12 @@ +Format: 1.0 +Type: Application +FullName: io.murano.opaas.OpenLDAP +Name: OpenLDAP-Puppet +Description: | + OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol. +Author: 'Mirantis, Inc' +Tags: [Server, LDAP] +Classes: + io.murano.opaas.OpenLDAP: OpenLDAP.yaml +UI: ui.yaml +Logo: logo.png