def stop_ldap(node, cluster):
try:
# since LDAP nodes are replicated if there's more than 1 node,
# we need to disable the replication agreement first before
# before stopping the opendj server
if len(cluster.ldap_nodes) > 1:
disable_repl_cmd = " ".join([
"{}/bin/dsreplication".format(node.ldapBaseFolder),
"disable",
"--hostname",
node.local_hostname,
"--port",
node.ldap_admin_port,
"--adminUID",
"admin",
# "--adminPassword", cluster.decrypted_admin_pw,
"--adminPasswordFile",
node.ldapPassFn,
"-X",
"-n",
"--disableAll",
])
run("salt {} cmd.run '{}'".format(node.id, disable_repl_cmd))
run("salt {} cmd.run '{}/bin/stop-ds'".format(node.id,
node.ldapBaseFolder))
except SystemExit as exc:
if exc.code == 2:
# executable may not exist or minion is unreachable
pass
print(exc)
def add_ldap_schema(self):
ctx = {
"inumOrgFN": self.cluster.inumOrgFN,
}
for schema_file in self.node.schemaFiles:
# render templates
rendered_content = ""
try:
with codecs.open(schema_file, "r", encoding="utf-8") as fp:
rendered_content = fp.read() % ctx
except Exception as exc:
self.logger.error(exc)
try:
file_basename = os.path.basename(schema_file)
# save to temporary file
local_dest = os.path.join(self.build_dir, file_basename)
with codecs.open(local_dest, "w", encoding="utf-8") as fp:
fp.write(rendered_content)
# copy to minion
remote_dest = os.path.join(self.node.schemaFolder,
file_basename)
self.logger.info("copying {}".format(local_dest))
run("salt-cp {} {} {}".format(self.node.id, local_dest,
remote_dest))
except Exception as exc:
self.logger.error(exc)
finally:
os.unlink(local_dest)
def test_run_error():
import subprocess
from api.helper.common_helper import run
with pytest.raises(SystemExit):
run("random-command")
with pytest.raises(subprocess.CalledProcessError):
run("random-command", exit_on_error=False)
def copy_tomcat_conf(self):
# static template
self.logger.info("copying {}".format(self.node.oxauth_errors_json))
run("salt-cp {} {} {}".format(
self.node.id,
self.node.oxauth_errors_json,
os.path.join(
self. node.tomcat_conf_dir,
os.path.basename(self.node.oxauth_errors_json),
),
))
ctx = {
"inumOrg": self.cluster.inumOrg,
"ldaps_port": self.cluster.ldaps_port,
"certFolder": self.node.cert_folder,
"hostname_oxauth_cluster": self.cluster.hostname_oxauth_cluster,
"inumAppliance": self.cluster.inumAppliance,
"ldap_binddn": self.node.ldap_binddn,
"encoded_ox_ldap_pw": self.cluster.encoded_ox_ldap_pw,
"ldap_hosts": ",".join(self.get_ldap_hosts()),
}
# rendered templates
conf_templates = (
self.node.oxauth_ldap_properties,
self.node.oxauth_config_xml,
self.node.oxauth_static_conf_json,
# self.tomcat_server_xml,
)
for tmpl in conf_templates:
rendered_content = ""
try:
with codecs.open(tmpl, "r", encoding="utf-8") as fp:
rendered_content = fp.read() % ctx
except Exception as exc:
self.logger.error(exc)
file_basename = os.path.basename(tmpl)
local_dest = os.path.join(self.build_dir, file_basename)
remote_dest = os.path.join(self.node.tomcat_conf_dir, file_basename)
try:
with codecs.open(local_dest, "w", encoding="utf-8") as fp:
fp.write(rendered_content)
except Exception as exc:
self.logger.error(exc)
self.logger.info("copying {}".format(local_dest))
run("salt-cp {} {} {}".format(self.node.id, local_dest,
remote_dest))
def write_salt_file(self):
self.logger.info("writing salt file")
try:
local_dest = os.path.join(self.build_dir, "salt")
with codecs.open(local_dest, "w", encoding="utf-8") as fp:
fp.write("encodeSalt = {}".format(self.cluster.passkey))
remote_dest = os.path.join(self.node.tomcat_conf_dir, "salt")
run("salt-cp {} {} {}".format(self.node.id, local_dest, remote_dest))
except Exception as exc:
self.logger.error(exc)
finally:
os.unlink(local_dest)
def copy_httpd_conf(self):
ctx = {
"hostname": self.cluster.hostname_oxauth_cluster,
"ip": self.node.ip,
"httpdCertFn": self.node.httpd_crt,
"httpdKeyFn": self.node.httpd_key,
}
tmpl = self.node.apache2_ssl_conf
rendered_content = ""
self.saltlocal.cmd(
self.node.id,
["cmd.run", "cmd.run"],
[
["mkdir -p /etc/apache2/sites-available"],
["mkdir -p /etc/apache2/sites-enabled"],
],
)
try:
with codecs.open(tmpl, "r", encoding="utf-8") as fp:
rendered_content = fp.read() % ctx
except Exception as exc:
self.logger.error(exc)
file_basename = os.path.basename(tmpl)
local_dest = os.path.join(self.build_dir, file_basename)
remote_dest = os.path.join("/etc/apache2/sites-available",
file_basename)
try:
with codecs.open(local_dest, "w", encoding="utf-8") as fp:
fp.write(rendered_content)
except Exception as exc:
self.logger.error(exc)
self.logger.info("copying {}".format(local_dest))
run("salt-cp {} {} {}".format(self.node.id, local_dest,
remote_dest))
# TODO: when to run httpd service?
symlink_cmd = "ln -s /etc/apache2/sites-available/{0} " \
"/etc/apache2/sites-enabled/{0}".format(file_basename)
self.logger.info("symlinking {}".format(file_basename))
self.saltlocal.cmd(self.node.id, "cmd.run", [symlink_cmd])
def write_ldap_pw(self):
self.logger.info("writing temporary LDAP password")
try:
local_dest = os.path.join(self.build_dir, ".pw")
with codecs.open(local_dest, "w", encoding="utf-8") as fp:
fp.write(self.cluster.decrypted_admin_pw)
self.saltlocal.cmd(
self.node.id,
"cmd.run",
["mkdir -p {}".format(os.path.dirname(self.node.ldapPassFn))],
)
run("salt-cp {} {} {}".format(self.node.id, local_dest,
self.node.ldapPassFn))
except Exception as exc:
self.logger.error(exc)
finally:
os.unlink(local_dest)
def stop_ldap(node, cluster):
try:
# since LDAP nodes are replicated if there's more than 1 node,
# we need to disable the replication agreement first before
# before stopping the opendj server
if len(cluster.ldap_nodes) > 1:
disable_repl_cmd = " ".join([
"{}/bin/dsreplication".format(node.ldapBaseFolder), "disable",
"--hostname", node.local_hostname,
"--port", node.ldap_admin_port,
"--adminUID", "admin",
# "--adminPassword", cluster.decrypted_admin_pw,
"--adminPasswordFile", node.ldapPassFn,
"-X", "-n", "--disableAll",
])
run("salt {} cmd.run '{}'".format(node.id, disable_repl_cmd))
run("salt {} cmd.run '{}/bin/stop-ds'".format(node.id, node.ldapBaseFolder))
except SystemExit as exc:
if exc.code == 2:
# executable may not exist or minion is unreachable
pass
print(exc)
def copy_tomcat_conf(self):
# copy static template
remote_dest_dir = os.path.join(self.node.tomcat_conf_dir, "template", "conf")
self.logger.info("copying {}".format(self.node.oxtrust_cache_refresh_properties))
self.saltlocal.cmd(self.node.id, "cmd.run", ["mkdir -p {}".format(remote_dest_dir)])
run("salt-cp {} {} {}".format(
self.node.id,
self.node.oxtrust_cache_refresh_properties,
os.path.join(
remote_dest_dir,
os.path.basename(self.node.oxtrust_cache_refresh_properties),
),
))
ctx = {
"inumOrg": self.cluster.inumOrg,
"inumOrgFN": self.cluster.inumOrgFN,
"ldaps_port": self.cluster.ldaps_port,
"hostname_oxtrust_cluster": self.cluster.hostname_oxtrust_cluster,
"hostname_oxauth_cluster": self.cluster.hostname_oxauth_cluster,
"inumAppliance": self.cluster.inumAppliance,
"inumApplianceFN": self.cluster.inumApplianceFN,
"ldap_binddn": self.node.ldap_binddn,
"orgName": self.cluster.orgName,
"orgShortName": self.cluster.orgShortName,
"admin_email": self.cluster.admin_email,
"tomcat_log_folder": self.node.tomcat_log_folder,
"shibJksPass": self.node.shib_jks_pass,
"shibJksFn": self.node.shib_jks_fn,
"oxTrustConfigGeneration": self.node.oxtrust_config_generation,
"oxauth_client_id": self.cluster.oxauth_client_id,
"encoded_ox_ldap_pw": self.cluster.encoded_ox_ldap_pw,
"encoded_shib_jks_pw": self.node.encoded_shib_jks_pw,
"oxauthClient_encoded_pw": self.cluster.oxauth_client_encoded_pw,
"ldap_hosts": ",".join(self.get_ldap_hosts()),
}
# rendered templates
conf_templates = (
self.node.oxtrust_properties,
self.node.oxtrust_ldap_properties,
self.node.oxtrust_log_rotation_configuration,
self.node.oxauth_static_conf_json,
)
for tmpl in conf_templates:
rendered_content = ""
try:
with codecs.open(tmpl, "r", encoding="utf-8") as fp:
rendered_content = fp.read() % ctx
except Exception as exc:
self.logger.error(exc)
file_basename = os.path.basename(tmpl)
local_dest = os.path.join(self.build_dir, file_basename)
remote_dest = os.path.join(self.node.tomcat_conf_dir, file_basename)
try:
with codecs.open(local_dest, "w", encoding="utf-8") as fp:
fp.write(rendered_content)
except Exception as exc:
self.logger.error(exc)
self.logger.info("copying {}".format(local_dest))
run("salt-cp {} {} {}".format(self.node.id, local_dest,
remote_dest))
def test_run():
from api.helper.common_helper import run
result = run("echo gluu")
assert result.strip() == "gluu"
def import_ldif(self):
# template's context
ctx = {
"oxauth_client_id": self.cluster.oxauth_client_id,
"oxauthClient_encoded_pw": self.cluster.oxauth_client_encoded_pw,
"encoded_ldap_pw": self.cluster.encoded_ldap_pw,
"encoded_ox_ldap_pw": self.cluster.encoded_ox_ldap_pw,
"inumAppliance": self.cluster.inumAppliance,
"hostname": self.node.local_hostname,
"hostname_oxauth_cluster": self.cluster.hostname_oxauth_cluster,
"ldaps_port": self.node.ldaps_port,
"ldap_binddn": self.node.ldap_binddn,
"inumOrg": self.cluster.inumOrg,
"inumOrgFN": self.cluster.inumOrgFN,
"orgName": self.cluster.orgName,
}
ldifFolder = '%s/ldif' % self.node.ldapBaseFolder
self.saltlocal.cmd(self.node.id, "cmd.run",
["mkdir -p {}".format(ldifFolder)])
for ldif_file in self.node.ldif_files:
# render templates
rendered_content = ""
try:
with codecs.open(ldif_file, "r", encoding="utf-8") as fp:
rendered_content = fp.read() % ctx
except Exception as exc:
self.logger.error(exc)
try:
file_basename = os.path.basename(ldif_file)
# save to temporary file
local_dest = os.path.join(self.build_dir, file_basename)
with codecs.open(local_dest, "w", encoding="utf-8") as fp:
fp.write(rendered_content)
# copy to minion
remote_dest = os.path.join(ldifFolder, file_basename)
self.logger.info("copying {}".format(local_dest))
run("salt-cp {} {} {}".format(self.node.id, local_dest,
remote_dest))
# self.saltlocal.cmd(
# self.node.id,
# 'cmd.run',
# ['chown ldap:ldap {}'.format(remote_dest)],
# )
if file_basename == "o_site.ldif":
backend_id = "site"
else:
backend_id = "userRoot"
importCmd = " ".join([
self.node.importLdifCommand,
'--ldifFile',
remote_dest,
'--backendID',
backend_id,
'--hostname',
self.node.local_hostname,
'--port',
self.node.ldap_admin_port,
'--bindDN',
'"%s"' % self.node.ldap_binddn,
'-j',
self.node.ldapPassFn,
'--append',
'--trustAll',
])
self.saltlocal.cmd(self.node.id, 'cmd.run', [importCmd])
self.logger.debug("{}".format(importCmd))
time.sleep(1)
except Exception as exc:
self.logger.error(exc)
finally:
# remove temporary file
os.unlink(local_dest)