CD2H gitForager

Mirantis/fuel-plugin-openldap

Name: fuel-plugin-openldap

Owner: Mirantis Inc.

Description: null

Created: 2015-12-21 13:00:39.0

Updated: 2016-02-16 13:03:32.0

Pushed: 2016-06-07 18:27:17.0

Homepage: null

Size: 5032

Language: Puppet

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

Plugin Openldap

Intended to implement Openldap backend for keystone identity. Use standalone HW node for openldap master server, MOS controller nodes are slaves. See diagram Appendix-A.

Requirements

 Plugin openldap currently compatible only with Mirantis OpenStack 7.0

Limitations

It is required to update openldap master node deployment settings via cli in order to configure networking properly (additional script which doing so shipped with plugin) Only Identity stored in LDAP

Additional info

You can use built package provided in this directory. Or you can built plugin yourself. Please make sure that you use modified version of plugin builder wich allows post install script execution.

Where you can find modified plugin builder:

https://github.com/sheva-serg/fuel-plugins

Short instruction for plugin Builder

Install system packages fpb module reiles on:
If you use Ubuntu, install packages createrepo rpm dpkg-dev
If you use CentOS, install packages createrepo dpkg-devel dpkg-dev rpm rpm-build

Install fpb using pip. It's a good idea to install it into a virtualenv env:

pip install -e 'git+https://github.com/sheva-serg/fuel-plugins.git#egg=fuel_plugin_builder&subdirectory=fuel_plugin_builder'

How to create a self-signed SSL certificate

enssl genrsa -des3 -out server.key 1024
rating RSA private key, 1024 bit long modulus
.++++++
+++
 65537 (0x10001)
r pass phrase for server.key:****
fying - Enter pass phrase for server.key:****

Step 2: Generate a CSR (Certificate Signing Request)

enssl req -new -key server.key -out server.csr
r pass phrase for server.key: ****
are about to be asked to enter information that will be incorporated

 your certificate request.
 you are about to enter is what is called a Distinguished Name or a DN.
e are quite a few fields but you can leave some blank
some fields there will be a default value,

ou enter '.', the field will be left blank.
try Name (2 letter code) [XX]:RU
e or Province Name (full name) []:Moscow
lity Name (eg, city) [Default City]:Moscow
nization Name (eg, company) [Default Company Ltd]:Mirantis-IT
nizational Unit Name (eg, section) []:Service
on Name (eg, your name or your server's hostname) []:domain.tld
l Address []:akirilochkin@mirantis.com

Step 3: Remove Passphrase from Key

enssl rsa -in server.key.domain.tld -out server.key
r pass phrase for server.key.domain.tld:
ing RSA key

Step 4: Generating a Self-Signed Certificate

enssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

ature ok
ect=/C=RU/ST=Moscow/L=Moscow/O=Mirantis-IT/OU=Service/CN=domain.tld/emailAddress=akirilochkin@mirantis.com
ing Private key

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.