steffen: server/kolab/kolab kolab.conf, 1.4, 1.5 kolab_bootstrap, 1.49, 1.50
cvs at intevation.de
cvs at intevation.de
Wed Jul 14 23:17:44 CEST 2004
Author: steffen
Update of /kolabrepository/server/kolab/kolab
In directory doto:/tmp/cvs-serv17418/kolab
Modified Files:
kolab.conf kolab_bootstrap
Log Message:
steps towards replicated ldap db
Index: kolab.conf
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab.conf,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- kolab.conf 24 May 2004 13:00:24 -0000 1.4
+++ kolab.conf 14 Jul 2004 21:17:41 -0000 1.5
@@ -7,5 +7,6 @@
bind_dn : cn=manager,@@@kolab_basedn@@@
bind_pw : @@@kolab_passwd@@@
ldap_uri : ldap://127.0.0.1:389
+ldap_master_uri : @@@ldap_master_uri@@@
php_dn : cn=nobody,@@@kolab_basedn@@@
php_pw : @@@nobody_pw@@@
Index: kolab_bootstrap
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab_bootstrap,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -d -r1.49 -r1.50
--- kolab_bootstrap 14 Jul 2004 12:13:51 -0000 1.49
+++ kolab_bootstrap 14 Jul 2004 21:17:41 -0000 1.50
@@ -87,6 +87,13 @@
return $tmp;
}
+# Like system() but echo the line before executing
+sub kolab_system {
+ my $arg = shift;
+ print "$arg\n";
+ system( $arg );
+};
+
# Fetch entry from ldap server or create new entry of none exist
sub newOrExistingLDAPEntry {
my $ldap = shift;
@@ -253,6 +260,7 @@
print $fd "bind_dn : $bind_dn\n";
print $fd "bind_pw : $bind_pw\n";
print $fd "ldap_uri : $ldap_uri\n";
+ print $fd "ldap_master_uri : $ldap_uri\n";
print $fd "php_dn : $php_dn\n";
print $fd "php_pw : $php_pw\n";
undef $fd;
@@ -487,9 +495,9 @@
#system("/kolab/bin/openssl gendsa -out $privreskey dsa-params");
#system("/kolab/bin/openssl dsa -in $privreskey -pubout -out $pubreskey");
print "Creating RSA keypair for resource password encryption\n";
- system("/kolab/bin/openssl genrsa -out $privreskey 1024");
- system("/kolab/bin/openssl rsa -in $privreskey -pubout -out $pubreskey");
- system("chown kolab:kolab-n $pubreskey $privreskey");
+ kolab_system("/kolab/bin/openssl genrsa -out $privreskey 1024");
+ kolab_system("/kolab/bin/openssl rsa -in $privreskey -pubout -out $pubreskey");
+ kolab_system("chown kolab:kolab-n $pubreskey $privreskey");
chmod 0660, $privreskey, $pubreskey;
#unlink( "dsa-params" );
umask $oldmask;
@@ -516,14 +524,14 @@
certificate. You will be prompted for a passphrase for the CA.
################################################################################
EOS
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newca $fqdn");
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/newreq.pem $kolab_prefix/etc/kolab/cert.pem");
- system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
- system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
- system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
- system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
+ kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newca $fqdn");
+ kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
+ kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
+ kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/newreq.pem $kolab_prefix/etc/kolab/cert.pem");
+ kolab_system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
+ kolab_system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
+ kolab_system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
+ kolab_system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
print <<'EOS';
################################################################################
CA and certificate creation complete.
@@ -537,9 +545,9 @@
##### Slave server setup
print "stop running slapd (if any)\n";
- system("$kolab_prefix/bin/openpkg rc openldap stop");
+ kolab_system("$kolab_prefix/bin/openpkg rc openldap stop");
sleep 1;
- system("$kolab_prefix/bin/openpkg rc openldap stop");
+ kolab_system("$kolab_prefix/bin/openpkg rc openldap stop");
sleep 1;
# Make sure that no rogue demons are running
@@ -598,8 +606,6 @@
#EOS
my $master_host = $ldapuri->host();
- # `ssh $master_host`;
-
$fd = IO::File->new($kolab_config, "w+") || die "could not open $kolab_config";
print $fd "fqhostname : $fqdn\n";
@@ -614,6 +620,15 @@
print "done modifying $kolab_config\n\n";
chmod 0600, $kolab_config;
+ print << 'EOS';
+Now the master server needs to be stopped briefly while the contents of the LDAP database
+is copied over to this slave. Please make sure that this slave is entered into the list
+of kolabhosts on the master before proceeding.
+EOS
+ kolab_system("ssh -CA $master_host $kolab_prefix/bin/openpkg rc openldap stop");
+ kolab_system("ssh -CA $master_host $kolab_prefix/lib/openpkg/tar -C $kolab_prefix/var/openldap -pcf - openldap-data | $kolab_prefix/lib/openpkg/tar -C $kolab_prefix/var/openldap -pxf -");
+ kolab_system("ssh -CA $master_host $kolab_prefix/bin/openpkg rc openldap start");
+
print "Updating configuration, please ignore any initial errors from kolabconf\n\n";
my $cfg;
open(FH, "<$kolab_prefix/etc/rc.conf") || die;
@@ -621,7 +636,8 @@
close(FH);
$cfg =~ s/\n((openldap_url|sasl_authmech|openldap_enable)\S*=[^\n]*)/#$1\n/sg;
- $cfg .= "openldap_enable=\"no\"\nopenldap_url=\"\"\nsasl_authmech=\"ldap\"\n";
+ # $cfg .= "openldap_enable=\"no\"\nopenldap_url=\"\"\nsasl_authmech=\"ldap\"\n";
+ $cfg .= "\nopenldap_url=\"ldap:// ldaps://\"\nsasl_authmech=\"ldap\"\n";
open(FH, ">$kolab_prefix/etc/rc.conf") || die;
print FH $cfg;
@@ -653,18 +669,18 @@
EOS
# Create cert req
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
- system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
+ kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
+ kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
# Log into master and sign cert request
- system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
- system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
- system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
- system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
+ kolab_system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
+ kolab_system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
+ kolab_system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
+ kolab_system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
die("Creation of $kolab_prefix/etc/kolab/cert.pem failed") unless -f "$kolab_prefix/etc/kolab/cert.pem";
- system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/key.pem;");
- system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
- system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/cert.pem;");
- system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
+ kolab_system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/key.pem;");
+ kolab_system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
+ kolab_system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/cert.pem;");
+ kolab_system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
print <<'EOS';
################################################################################
@@ -678,12 +694,27 @@
we need to copy the RSA keypair used for that purpose from the master server.
EOS
- system("scp $master_host:$kolab_prefix/etc/kolab/res_priv.pem "
+ kolab_system("scp $master_host:$kolab_prefix/etc/kolab/res_priv.pem "
."$master_host:$kolab_prefix/etc/kolab/res_pub.pem "
."$kolab_prefix/etc/kolab/");
- system("chgrp @l_ngrp@ $kolab_prefix/etc/kolab/res_priv.pem $kolab_prefix/etc/kolab/res_priv.pem;");
+ kolab_system("chgrp @l_ngrp@ $kolab_prefix/etc/kolab/res_priv.pem $kolab_prefix/etc/kolab/res_priv.pem;");
+
+ kolab_system("$kolab_prefix/sbin/kolabconf -n");
+
+ $fd = IO::File->new($kolab_config, "w+") || die "could not open $kolab_config";
+ print $fd "fqhostname : $fqdn\n";
+ print $fd "is_master : $is_master\n";
+ print $fd "base_dn : $base_dn\n";
+ print $fd "bind_dn : $bind_dn\n";
+ print $fd "bind_pw : $bind_pw\n";
+ print $fd "ldap_uri : ldap://127.0.0.1\n";
+ print $fd "ldap_master_uri : $ldap_uri\n";
+ print $fd "php_dn : $php_dn\n";
+ print $fd "php_pw : $php_pw\n";
+ undef $fd;
+ print "done modifying $kolab_config\n\n";
+ chmod 0600, $kolab_config;
- system("$kolab_prefix/sbin/kolabconf -n");
} else {
die "Error contacting LDAP server\n";
}
More information about the commits
mailing list