[Ovirt-devel] Re: [PATCH] [REPOST] set ldap.yml from dns srv during ovirt-wui-install
Perry N. Myers
pmyers at redhat.com
Fri May 23 05:15:40 UTC 2008
Subject: [PATCH] This patch adds logic to the ovirt-wui-install script to attempt to determine
the ldap server information from dns srv records and then write that info
to the ldap.yml file.
Signed-off-by: Perry Myers <pmyers at redhat.com>
---
wui/scripts/ovirt-wui-install | 66 ++++++++++++++++++++++++++++++++++++++++-
1 files changed, 65 insertions(+), 1 deletions(-)
diff --git a/wui/scripts/ovirt-wui-install b/wui/scripts/ovirt-wui-install
index e0cbbc0..6285b3c 100755
--- a/wui/scripts/ovirt-wui-install
+++ b/wui/scripts/ovirt-wui-install
@@ -11,6 +11,7 @@ PW_FILE=${OVIRT_CFG}/db/dbaccess
STEP_TICKER=0.fedora.pool.ntp.org
STEP_FILE=/etc/ntp/step-tickers
SASL_FILE=/etc/sasl2/libvirt.conf
+LDAP_CFG=${OVIRT_DIR}/config/ldap.yml
DISABLE_SVCS="libvirtd"
ENABLE_SVCS="ntpd httpd postgresql ovirt-host-browser ovirt-host-status \
@@ -23,6 +24,52 @@ usage() {
exit 1
} >&2
+find_srv() {
+ local dnsreply
+
+ # This checks to see if we're running on a bundled/developer install.
+ # If so, the server queried is localhost instead of using resolv.conf.
+ if [ "$(hostname)" == "management.priv.ovirt.org" ]; then
+ local server_flag=@localhost
+ fi
+
+ dnsreply=$(dig $server_flag +short -t srv _$1._$2.$(dnsdomainname))
+ if [ $? -eq 0 ]; then
+ set _ $dnsreply; shift
+ SRV_HOST=$4; SRV_PORT=$3
+ else
+ SRV_HOST=; SRV_PORT=
+ fi
+}
+
+find_ldap_base() {
+ local found=0
+
+ domain=$(echo $SRV_HOST | cut -d. -f 2-)
+ while [ -n "$domain" ]; do
+ base=$(echo $domain | awk -F. '{ for(i=1; i <= NF; i++) { printf("dc=%s", $(i)); if(i<NF) printf(","); } }')
+ ldapsearch -h $SRV_HOST -p $SRV_PORT -x \
+ -b "cn=users,cn=accounts,$base" -LLL uid > /dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ found=1
+ break
+ fi
+
+ if ! echo $domain | grep "\." > /dev/null 2>&1 ; then
+ domain=""
+ else
+ domain=$(echo $domain | cut -d. -f 2-)
+ fi
+ done
+
+ if [ $found -eq 1 ]; then
+ echo $base
+ return 0
+ else
+ return 1
+ fi
+}
+
PASSWD=
for i ; do
case $1 in
@@ -46,10 +93,27 @@ for svc in $ENABLE_SVCS ; do
done
} > /dev/null 2>&1
+# grab ldap server from DNS
+find_srv ldap tcp
+if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
+ SRV_HOST=${SRV_HOST%.}
+ srv_base=$(find_ldap_base)
+ [ $? != 0 ] && echo "Failed to determine base for ldap" && exit 1
+
+ sed -i -e "s/host: .*/host: $SRV_HOST/g" \
+ -e "s/port: .*/port: $SRV_PORT/g" \
+ -e "s/base: .*/base: $srv_base/g" \
+ $LDAP_CFG
+else
+ # FIXME: Eventually this script should prompt for things that can't
+ # be found in DNS SRV records.
+ echo "Failed to get ldap host/port" && exit 1
+fi
+
# setup an NTP step-ticker
if [ -f $STEP_FILE ]; then
if ! grep "^$${STEP_TICKER}$" $STEP_FILE > /dev/null 2>&1 ; then
- echo $STEP_TICKER >> $STEP_FILE
+ echo $STEP_TICKER >> $STEP_FILE
fi
fi
More information about the ovirt-devel
mailing list