steffen: server/kolab/kolab kolab.conf, 1.4, 1.5 kolab_bootstrap, 1.49, 1.50

cvs at intevation.de cvs at intevation.de
Wed Jul 14 23:17:44 CEST 2004


Author: steffen

Update of /kolabrepository/server/kolab/kolab
In directory doto:/tmp/cvs-serv17418/kolab

Modified Files:
	kolab.conf kolab_bootstrap 
Log Message:
steps towards replicated ldap db

Index: kolab.conf
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab.conf,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- kolab.conf	24 May 2004 13:00:24 -0000	1.4
+++ kolab.conf	14 Jul 2004 21:17:41 -0000	1.5
@@ -7,5 +7,6 @@
 bind_dn : cn=manager,@@@kolab_basedn@@@
 bind_pw : @@@kolab_passwd@@@
 ldap_uri : ldap://127.0.0.1:389
+ldap_master_uri : @@@ldap_master_uri@@@
 php_dn : cn=nobody,@@@kolab_basedn@@@
 php_pw : @@@nobody_pw@@@

Index: kolab_bootstrap
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab_bootstrap,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -d -r1.49 -r1.50
--- kolab_bootstrap	14 Jul 2004 12:13:51 -0000	1.49
+++ kolab_bootstrap	14 Jul 2004 21:17:41 -0000	1.50
@@ -87,6 +87,13 @@
   return $tmp;
 }
 
+# Like system() but echo the line before executing
+sub kolab_system {
+  my $arg = shift;
+  print "$arg\n";
+  system( $arg );
+};
+
 # Fetch entry from ldap server or create new entry of none exist
 sub newOrExistingLDAPEntry {
   my $ldap = shift;
@@ -253,6 +260,7 @@
     print $fd "bind_dn : $bind_dn\n";
     print $fd "bind_pw : $bind_pw\n";
     print $fd "ldap_uri : $ldap_uri\n";
+    print $fd "ldap_master_uri : $ldap_uri\n";
     print $fd "php_dn : $php_dn\n";
     print $fd "php_pw : $php_pw\n";
     undef $fd;
@@ -487,9 +495,9 @@
     #system("/kolab/bin/openssl gendsa -out $privreskey dsa-params");
     #system("/kolab/bin/openssl dsa -in $privreskey -pubout -out $pubreskey");
     print "Creating RSA keypair for resource password encryption\n";
-    system("/kolab/bin/openssl genrsa -out $privreskey 1024");
-    system("/kolab/bin/openssl rsa -in $privreskey -pubout -out $pubreskey");
-    system("chown kolab:kolab-n $pubreskey $privreskey");
+    kolab_system("/kolab/bin/openssl genrsa -out $privreskey 1024");
+    kolab_system("/kolab/bin/openssl rsa -in $privreskey -pubout -out $pubreskey");
+    kolab_system("chown kolab:kolab-n $pubreskey $privreskey");
     chmod 0660, $privreskey, $pubreskey;
     #unlink( "dsa-params" );
     umask $oldmask;
@@ -516,14 +524,14 @@
 certificate. You will be prompted for a passphrase for the CA.
 ################################################################################
 EOS
-    system("$kolab_prefix/etc/kolab/kolab_ca.sh -newca $fqdn");
-    system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
-    system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
-    system("$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/newreq.pem $kolab_prefix/etc/kolab/cert.pem");
-    system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
-    system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
-    system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
-    system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
+    kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newca $fqdn");
+    kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
+    kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
+    kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/newreq.pem $kolab_prefix/etc/kolab/cert.pem");
+    kolab_system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/key.pem;");
+    kolab_system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
+    kolab_system("chgrp @l_rusr@ $kolab_prefix/etc/kolab/cert.pem;");
+    kolab_system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
     print <<'EOS';
 ################################################################################
 CA and certificate creation complete.
@@ -537,9 +545,9 @@
   ##### Slave server setup
 
   print "stop running slapd (if any)\n";
-  system("$kolab_prefix/bin/openpkg rc openldap stop");
+  kolab_system("$kolab_prefix/bin/openpkg rc openldap stop");
   sleep 1;
-  system("$kolab_prefix/bin/openpkg rc openldap stop");
+  kolab_system("$kolab_prefix/bin/openpkg rc openldap stop");
   sleep 1;
 
   # Make sure that no rogue demons are running
@@ -598,8 +606,6 @@
 #EOS
 
     my $master_host = $ldapuri->host();
-    # `ssh $master_host`;
-
 
     $fd = IO::File->new($kolab_config, "w+") || die "could not open $kolab_config";
     print $fd "fqhostname : $fqdn\n";
@@ -614,6 +620,15 @@
     print "done modifying $kolab_config\n\n";
     chmod 0600, $kolab_config;
 
+    print << 'EOS';
+Now the master server needs to be stopped briefly while the contents of the LDAP database
+is copied over to this slave. Please make sure that this slave is entered into the list 
+of kolabhosts on the master before proceeding.
+EOS
+    kolab_system("ssh -CA $master_host $kolab_prefix/bin/openpkg rc openldap stop");
+    kolab_system("ssh -CA $master_host $kolab_prefix/lib/openpkg/tar -C $kolab_prefix/var/openldap -pcf - openldap-data | $kolab_prefix/lib/openpkg/tar -C $kolab_prefix/var/openldap -pxf -");
+    kolab_system("ssh -CA $master_host $kolab_prefix/bin/openpkg rc openldap start");
+
     print "Updating configuration, please ignore any initial errors from kolabconf\n\n";
     my $cfg;
     open(FH, "<$kolab_prefix/etc/rc.conf") || die;
@@ -621,7 +636,8 @@
     close(FH);
 
     $cfg =~ s/\n((openldap_url|sasl_authmech|openldap_enable)\S*=[^\n]*)/#$1\n/sg;
-    $cfg .= "openldap_enable=\"no\"\nopenldap_url=\"\"\nsasl_authmech=\"ldap\"\n";
+    # $cfg .= "openldap_enable=\"no\"\nopenldap_url=\"\"\nsasl_authmech=\"ldap\"\n";
+    $cfg .= "\nopenldap_url=\"ldap:// ldaps://\"\nsasl_authmech=\"ldap\"\n";
 
     open(FH, ">$kolab_prefix/etc/rc.conf") || die;
     print FH $cfg;
@@ -653,18 +669,18 @@
 EOS
 
       # Create cert req
-      system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
-      system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
+      kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
+      kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
       # Log into master and sign cert request
-      system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
-      system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
-      system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
-      system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
+      kolab_system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
+      kolab_system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
+      kolab_system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
+      kolab_system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
       die("Creation of $kolab_prefix/etc/kolab/cert.pem failed") unless -f "$kolab_prefix/etc/kolab/cert.pem";
-      system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/key.pem;");
-      system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
-      system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/cert.pem;");
-      system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
+      kolab_system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/key.pem;");
+      kolab_system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
+      kolab_system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/cert.pem;");
+      kolab_system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
 
       print <<'EOS';
 ################################################################################
@@ -678,12 +694,27 @@
 we need to copy the RSA keypair used for that purpose from the master server.
 EOS
 
-    system("scp $master_host:$kolab_prefix/etc/kolab/res_priv.pem "
+    kolab_system("scp $master_host:$kolab_prefix/etc/kolab/res_priv.pem "
 	   ."$master_host:$kolab_prefix/etc/kolab/res_pub.pem "
 	   ."$kolab_prefix/etc/kolab/");
-    system("chgrp @l_ngrp@ $kolab_prefix/etc/kolab/res_priv.pem $kolab_prefix/etc/kolab/res_priv.pem;");
+    kolab_system("chgrp @l_ngrp@ $kolab_prefix/etc/kolab/res_priv.pem $kolab_prefix/etc/kolab/res_priv.pem;");
+
+    kolab_system("$kolab_prefix/sbin/kolabconf -n");
+
+    $fd = IO::File->new($kolab_config, "w+") || die "could not open $kolab_config";
+    print $fd "fqhostname : $fqdn\n";
+    print $fd "is_master : $is_master\n";
+    print $fd "base_dn : $base_dn\n";
+    print $fd "bind_dn : $bind_dn\n";
+    print $fd "bind_pw : $bind_pw\n";
+    print $fd "ldap_uri : ldap://127.0.0.1\n";
+    print $fd "ldap_master_uri : $ldap_uri\n";
+    print $fd "php_dn : $php_dn\n";
+    print $fd "php_pw : $php_pw\n";
+    undef $fd;
+    print "done modifying $kolab_config\n\n";
+    chmod 0600, $kolab_config;
 
-    system("$kolab_prefix/sbin/kolabconf -n");
   } else {
     die "Error contacting LDAP server\n";
   }





More information about the commits mailing list