Patchwork contrib: Add tools to help configure OpenLDAP-based NSDB

login
register
mail settings
Submitter Chuck Lever
Date Sept. 25, 2012, 3:39 p.m.
Message ID <20120925153527.23879.35420.stgit@degas.1015granger.net>
Download mbox | patch
Permalink /patch/186839/
State Superseded
Headers show

Comments

Chuck Lever - Sept. 25, 2012, 3:39 p.m.
Setting up an NSDB takes a bunch of detailed steps.  To encourage
adoption of FedFS (or at least broaden our base of testers), we want
to make NSDB set up easier to do.  One of the challenges is that each
LDAP server implementation requires different administrative tools
and procedures.

Thus, for each LDAP server implementation, we can add tools that
set up the FedFS schema, create root suffixes, and so on.  Of course
some server implementations will not succumb to this approach, as
they will still require manual set up on the servers themselves.  We
can but try.

As a first step, create a landing place for server-specific tools,
and introduce a sample tool to add the FedFS schema to an OpenLDAP
server.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---

This is just an RFC prototype.

I'm still debating whether we would be better off with a C tool
here.  It would be harder to write, but it could automate more
of this process (like the changes to the raw schema LDIF) and
wouldn't depend on having the ldap-tools installed.


 configure.ac                      |    1 
 contrib/Makefile.am               |    2 
 contrib/openldap/Makefile.am      |   29 ++++
 contrib/openldap/add-fedfs-entry  |   50 ++++++
 contrib/openldap/add-fedfs-schema |  303 +++++++++++++++++++++++++++++++++++++
 5 files changed, 384 insertions(+), 1 deletions(-)
 create mode 100644 contrib/openldap/Makefile.am
 create mode 100755 contrib/openldap/add-fedfs-entry
 create mode 100755 contrib/openldap/add-fedfs-schema

Patch

diff --git a/configure.ac b/configure.ac
index 31634cb..cebdae3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -160,6 +160,7 @@  AC_SUBST([root_sbindir])
 AC_CONFIG_FILES([Makefile
                  contrib/Makefile
                  contrib/init/Makefile
+                 contrib/openldap/Makefile
                  doc/Makefile
                  doc/ldap/Makefile
                  doc/man/Makefile
diff --git a/contrib/Makefile.am b/contrib/Makefile.am
index ee19f6b..3982781 100644
--- a/contrib/Makefile.am
+++ b/contrib/Makefile.am
@@ -23,7 +23,7 @@ 
 ##	http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
 ##
 
-SUBDIRS			= init
+SUBDIRS			= init openldap
 
 CLEANFILES		= cscope.in.out cscope.out cscope.po.out *~
 DISTCLEANFILES		= Makefile.in
diff --git a/contrib/openldap/Makefile.am b/contrib/openldap/Makefile.am
new file mode 100644
index 0000000..25f8988
--- /dev/null
+++ b/contrib/openldap/Makefile.am
@@ -0,0 +1,29 @@ 
+##
+## @file contrib/openldap/Makefile.am
+## @brief Process this file with automake to produce contrib/Makefile.in
+##
+
+##
+## Copyright 2012 Oracle.  All rights reserved.
+##
+## This file is part of fedfs-utils.
+##
+## fedfs-utils is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License version 2.0 as
+## published by the Free Software Foundation.
+##
+## fedfs-utils is distributed in the hope that it will be useful, but
+## WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License version 2.0 for more details.
+##
+## You should have received a copy of the GNU General Public License
+## version 2.0 along with fedfs-utils.  If not, see:
+##
+##	http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+##
+
+EXTRA_DIST		= add-fedfs-schema
+
+CLEANFILES		= cscope.in.out cscope.out cscope.po.out *~
+DISTCLEANFILES		= Makefile.in
diff --git a/contrib/openldap/add-fedfs-entry b/contrib/openldap/add-fedfs-entry
new file mode 100755
index 0000000..82de095
--- /dev/null
+++ b/contrib/openldap/add-fedfs-entry
@@ -0,0 +1,50 @@ 
+#!/bin/bash
+#
+# @file contrib/openldap/add-fedfs-entry
+# @brief Add an "o=fedfs" entry
+#
+# Copyright 2012 Oracle.  All rights reserved.
+#
+# This file is part of fedfs-utils.
+#
+# fedfs-utils is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2.0 as
+# published by the Free Software Foundation.
+#
+# fedfs-utils is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License version 2.0 for more details.
+#
+# You should have received a copy of the GNU General Public License
+# version 2.0 along with fedfs-utils.  If not, see:
+#
+#	http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+#
+
+LDAPMODIFY=`which ldapmodify`
+if [[ $? != 0 ]];
+then
+  echo "ldapmodify command not found on this system"
+  exit 1
+fi
+LDAPSEARCH=`which ldapsearch`
+if [[ $? != 0 ]];
+then
+  echo "ldapsearch command not found on this system"
+  exit 1
+fi
+
+if [[ $# -lt 2 ]];
+then
+  echo "add-fedfs-entry <LDAP server's hostname> <LDAP server's admin DN>"
+  echo " "
+  echo "Add an 'o=fedfs' entry to an LDAP server."
+  exit 1
+fi
+
+${LDAPMODIFY} -a -x -W -h $1 -D $2 <<EOF
+dn: o=fedfs
+objectClass: organization
+o: fedfs
+EOF
diff --git a/contrib/openldap/add-fedfs-schema b/contrib/openldap/add-fedfs-schema
new file mode 100755
index 0000000..7cc38b5
--- /dev/null
+++ b/contrib/openldap/add-fedfs-schema
@@ -0,0 +1,303 @@ 
+#!/bin/bash
+#
+# @file contrib/openldap/add-fedfs-schema
+# @brief Add the FedFS schema to an OpenLDAP server via OLConfig
+#
+# Copyright 2012 Oracle.  All rights reserved.
+#
+# This file is part of fedfs-utils.
+#
+# fedfs-utils is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2.0 as
+# published by the Free Software Foundation.
+#
+# fedfs-utils is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License version 2.0 for more details.
+#
+# You should have received a copy of the GNU General Public License
+# version 2.0 along with fedfs-utils.  If not, see:
+#
+#	http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+#
+
+#
+# Updating this script should be necessary only when the FedFS
+# schema changes.  The FedFS schema LDIF below is formed by
+# copying and editing doc/ldap/fedfs-schema.ldif
+#
+#   1.  add the "dn", "objectClass", and "cn" lines below
+#   2.  :%s/attributeTypes:/olcAttributeTypes:/g
+#   3.  :%s/objectClasses:/olcObjectClasses:/g
+#   4.  optionally remove any lines that begin with "#"
+#
+# Then add the result to this script as a "here" document
+#
+
+LDAPMODIFY=`which ldapmodify`
+if [[ $? != 0 ]];
+then
+  echo "ldapmodify command not found on this system"
+  exit 1
+fi
+LDAPSEARCH=`which ldapsearch`
+if [[ $? != 0 ]];
+then
+  echo "ldapsearch command not found on this system"
+  exit 1
+fi
+
+if [[ $# -lt 2 ]];
+then
+  echo "add-fedfs-schema <LDAP server's hostname> <LDAP server's admin DN>"
+  echo " "
+  echo "Add the FedFS schema to an OpenLDAP server via its OLConfig"
+  echo "administrative interface."
+  exit 1
+fi
+
+#
+# Insurance: Make certain we are talking to something that groks OLConfig
+#
+${LDAPSEARCH} > /dev/null -x -W -h $1 -D $2 -b cn=config "(objectClass=olcGlobal)"
+if [[ $? != 0 ]];
+then
+  echo $1 "does not look like an OpenLDAP server"
+  exit 1
+fi
+
+${LDAPMODIFY} -a -x -W -h $1 -D $2 <<EOF
+dn: cn=fedfs,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: fedfs
+olcObjectClasses: (
+ 1.3.6.1.4.1.31103.1.1001 
+ NAME 'fedfsNsdbContainerInfo' 
+ DESC 'Describes NCE location' 
+ SUP top 
+ AUXILIARY 
+ MUST ( fedfsNceDN ) 
+ MAY ( fedfsAnnotation $ fedfsDescr ) 
+ )
+olcObjectClasses: (
+ 1.3.6.1.4.1.31103.1.1002 
+ NAME 'fedfsFsn' 
+ DESC 'Represents a fileset' 
+ SUP top 
+ STRUCTURAL 
+ MUST ( fedfsFsnUuid $ fedfsFsnTTL ) 
+ MAY ( fedfsAnnotation $ fedfsDescr ) 
+ )
+olcObjectClasses: (
+ 1.3.6.1.4.1.31103.1.1003 
+ NAME 'fedfsFsl' 
+ DESC 'A physical location of a fileset' 
+ SUP top 
+ ABSTRACT 
+ MUST ( fedfsFslUuid $ fedfsFsnUuid ) 
+ MAY ( fedfsAnnotation $ fedfsDescr ) 
+ )
+olcObjectClasses: (
+ 1.3.6.1.4.1.31103.1.1004 
+ NAME 'fedfsNfsFsl' 
+ DESC 'An NFS location of a fileset' 
+ SUP fedfsFsl 
+ STRUCTURAL 
+ MUST ( fedfsNfsURI $ fedfsNfsCurrency $ fedfsNfsGenFlagWritable $ fedfsNfsGenFlagGoing $ fedfsNfsGenFlagSplit $ fedfsNfsTransFlagRdma $ fedfsNfsClassSimul $ fedfsNfsClassHandle $ fedfsNfsClassFileid $ fedfsNfsClassWritever $ fedfsNfsClassChange $ fedfsNfsClassReaddir $ fedfsNfsReadRank $ fedfsNfsReadOrder $ fedfsNfsWriteRank $ fedfsNfsWriteOrder $ fedfsNfsVarSub $ fedfsNfsValidFor ) 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.1 
+ NAME 'fedfsUuid' 
+ DESC 'A UUID used by NSDB' 
+ EQUALITY uuidMatch 
+ ORDERING uuidOrderingMatch 
+ SYNTAX 1.3.6.1.1.16.1 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.4 
+ NAME 'fedfsFsnUuid' 
+ DESC 'The FSN UUID component of an FSN' 
+ SUP fedfsUuid 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.11 
+ NAME 'fedfsFsnTTL' 
+ DESC 'Time to live of an FSN tree' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.14 
+ NAME 'fedfsNceDN' 
+ DESC 'NCE Distinguished Name' 
+ EQUALITY distinguishedNameMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.8 
+ NAME 'fedfsFslUuid' 
+ DESC 'UUID of an FSL' 
+ SUP fedfsUuid 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.12 
+ NAME 'fedfsAnnotation' 
+ DESC 'Annotation of an object' 
+ SUP name 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.13 
+ NAME 'fedfsDescr' 
+ DESC 'Description of an object' 
+ SUP name 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.120 
+ NAME 'fedfsNfsURI' 
+ DESC 'Location of fileset' 
+ SUP labeledURI 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.103 
+ NAME 'fedfsNfsCurrency' 
+ DESC 'up-to-date measure of the data' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.104 
+ NAME 'fedfsNfsGenFlagWritable' 
+ DESC 'Indicates if the filesystem is writable' 
+ EQUALITY booleanMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.105 
+ NAME 'fedfsNfsGenFlagGoing' 
+ DESC 'Indicates if the filesystem is going' 
+ EQUALITY booleanMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.106 
+ NAME 'fedfsNfsGenFlagSplit' 
+ DESC 'Indicates if there are multiple filesystems' 
+ EQUALITY booleanMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.107 
+ NAME 'fedfsNfsTransFlagRdma' 
+ DESC 'Indicates if the transport supports RDMA' 
+ EQUALITY booleanMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.108 
+ NAME 'fedfsNfsClassSimul' 
+ DESC 'The simultaneous-use class of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.109 
+ NAME 'fedfsNfsClassHandle' 
+ DESC 'The handle class of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.110 
+ NAME 'fedfsNfsClassFileid' 
+ DESC 'The fileid class of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.111 
+ NAME 'fedfsNfsClassWritever' 
+ DESC 'The write-verifier class of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.112 
+ NAME 'fedfsNfsClassChange' 
+ DESC 'The change class of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.113 
+ NAME 'fedfsNfsClassReaddir' 
+ DESC 'The readdir class of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.114 
+ NAME 'fedfsNfsReadRank' 
+ DESC 'The read rank of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.115 
+ NAME 'fedfsNfsReadOrder' 
+ DESC 'The read order of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.116 
+ NAME 'fedfsNfsWriteRank' 
+ DESC 'The write rank of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.117 
+ NAME 'fedfsNfsWriteOrder' 
+ DESC 'The write order of the filesystem' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.118 
+ NAME 'fedfsNfsVarSub' 
+ DESC 'Indicates if variable substitution is present' 
+ EQUALITY booleanMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
+ SINGLE-VALUE 
+ )
+olcAttributeTypes: (
+ 1.3.6.1.4.1.31103.1.19 
+ NAME 'fedfsNfsValidFor' 
+ DESC 'Valid for time' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 
+ SINGLE-VALUE 
+ )
+EOF