def recreate_admin_keystore():
os.unlink("/opt/opendj/config/admin-keystore")
addr = guess_serf_addr().split(":")[0]
hostname = socket.getfqdn()
cmd = " ".join([
"keytool -genkeypair",
"-alias admin-cert",
"-keyalg RSA",
"-validity 365",
"-keysize 2048",
"-storetype JKS",
"-keystore /opt/opendj/config/admin-keystore",
"-storepass:file /opt/opendj/config/admin-keystore.pin",
"-keypass:file /opt/opendj/config/admin-keystore.pin",
f"-dname 'CN={addr}, O=Administration Connector RSA Self-Signed Certificate'",
f"-ext san=dns:{hostname},dns:{addr}",
])
out, err, code = exec_cmd(cmd)
if code != 0:
err = err or out
logger.error(
f"Unable to create admin-keystore; reason={err.decode()}")
sys.exit(1)
def configure_serf():
conf_fn = pathlib.Path("/etc/jans/conf/serf.json")
# skip if config exists
if conf_fn.is_file():
return
advertise = guess_serf_addr()
conf = {
"node_name": advertise.split(":")[0],
"tags": {
"role":
"ldap",
"admin_port":
os.environ.get("CN_LDAP_ADVERTISE_ADMIN_PORT", "4444"),
"replication_port":
os.environ.get("CN_LDAP_ADVERTISE_REPLICATION_PORT", "8989"),
"ldaps_port":
os.environ.get("CN_LDAP_ADVERTISE_LDAPS_PORT", "1636"),
},
"log_level": os.environ.get("CN_SERF_LOG_LEVEL", "warn"),
"profile": os.environ.get("CN_SERF_PROFILE", "lan"),
"encrypt_key": resolve_serf_key(),
"advertise": advertise,
}
mcast = as_boolean(os.environ.get("CN_SERF_MULTICAST_DISCOVER", False))
if mcast:
conf["discover"] = "jans-ldap"
conf_fn.write_text(json.dumps(conf))
def main():
manager = get_manager()
addr = guess_serf_addr()
host = addr.split(":")[0]
admin_port = os.environ.get("CN_LDAP_ADVERTISE_ADMIN_PORT", "4444")
deregister_serf_peer(manager, addr)
with admin_password_bound(manager) as password_file:
cmd = " ".join([
"/opt/opendj/bin/dsreplication",
"disable",
"--disableAll",
f"--port {admin_port}",
f"--hostname {host}",
"--adminUID admin",
f"--adminPasswordFile {password_file}",
"-X",
"-n",
"-Q",
])
out, err, code = exec_cmd(cmd)
if code:
err = err or out
logger.warning(
f"Unable to disable replication for current server; reason={err.decode()}"
)
def get_server_info():
server = {}
attempt = 1
logger.info("Getting current server info")
while attempt <= 3:
out, err, code = exec_cmd("serf info -format json")
if code != 0:
err = err or out
logger.warning(f"Unable to get current server info from Serf; reason={err.decode()} ... retrying in 10 seconds")
else:
try:
info = json.loads(out.decode())
server = {
"name": info["agent"]["name"],
"addr": guess_serf_addr(),
"tags": info["tags"],
}
return server
except json.decoder.JSONDecodeError as exc:
logger.warning(f"Unable to decode JSON output from Serf command; reason={exc} ... retrying in 10 seconds")
# bump the counter
time.sleep(10)
attempt += 1
if not server:
logger.error("Unable to get info for current server after 3 attempts ... exiting")
sys.exit(1)
# return the server info
return server
def main():
manager = get_manager()
for addr in peers_from_file():
register_serf_peer(manager, addr)
addr = guess_serf_addr()
register_serf_peer(manager, addr)
mcast = as_boolean(os.environ.get("CN_SERF_MULTICAST_DISCOVER", False))
if mcast:
# join Serf cluster using multicast (no extra code needed)
return
# join Serf cluster manually
peers = " ".join(get_serf_peers(manager))
out, err, code = exec_cmd(f"serf join {peers}")
err = err or out
if code != 0:
logger.warning(f"Unable to join Serf cluster; reason={err}")