3
# Stand-alone LDAP Daemon (slapd)
5
# Description: Manages Stand-alone LDAP Daemon (slapd) as an OCF resource in
6
# an high-availability setup.
8
# Authors: Jeroen Koekkoek
12
# License: GNU General Public License (GPL)
13
# Copyright: (C) 2011 Pagelink B.V.
15
# The OCF code was inspired by the Postfix resource script written by
16
# Raoul Bhatia <r.bhatia@ipax.at>.
18
# The code for managing the slapd instance is based on the the slapd init
19
# script found in Debian GNU/Linux 6.0.
23
# OCF_RESKEY_ldapsearch
29
# OCF_RESKEY_watch_suffix
30
# OCF_RESKEY_ignore_suffix
33
# OCF_RESKEY_parameters
34
# OCF_RESKEY_stop_escalate
36
################################################################################
40
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
41
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
43
: ${OCF_RESKEY_slapd="/usr/sbin/slapd"}
44
: ${OCF_RESKEY_ldapsearch="ldapsearch"}
45
: ${OCF_RESKEY_config=""}
46
: ${OCF_RESKEY_pidfile=""}
47
: ${OCF_RESKEY_user=""}
48
: ${OCF_RESKEY_group=""}
49
: ${OCF_RESKEY_services="ldap:///"}
50
: ${OCF_RESKEY_watch_suffix=""}
51
: ${OCF_RESKEY_ignore_suffix=""}
52
: ${OCF_RESKEY_bind_dn=""}
53
: ${OCF_RESKEY_password=""}
54
: ${OCF_RESKEY_parameters=""}
55
: ${OCF_RESKEY_stop_escalate=15}
57
USAGE="Usage: $0 {start|stop|status|monitor|validate-all|meta-data}"
62
################################################################################
72
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
73
<resource-agent name="slapd">
74
<version>0.1</version>
77
Resource script for Stand-alone LDAP Daemon (slapd). It manages a slapd instance as an OCF resource.
79
<shortdesc lang="en">Manages a Stand-alone LDAP Daemon (slapd) instance</shortdesc>
83
<parameter name="slapd" unique="0" required="0">
85
Full path to the slapd binary.
86
For example, "/usr/sbin/slapd".
88
<shortdesc lang="en">Full path to slapd binary</shortdesc>
89
<content type="string" default="/usr/sbin/slapd" />
92
<parameter name="ldapsearch" unique="0" required="0">
94
Full path to the ldapsearch binary.
95
For example, "/usr/bin/ldapsearch".
97
<shortdesc lang="en">Full path to ldapsearch binary</shortdesc>
98
<content type="string" default="ldapsearch" />
101
<parameter name="config" required="0" unique="1">
103
Full path to a slapd configuration directory or a slapd configuration file.
104
For example, "/etc/ldap/slapd.d" or "/etc/ldap/slapd.conf".
106
<shortdesc>Full path to configuration directory or file</shortdesc>
107
<content type="string" default=""/>
110
<parameter name="pidfile" required="0" unique="0">
112
File to read the PID from; read from olcPidFile/pidfile in config if not set.
114
<shortdesc lang="en">File to read PID from</shortdesc>
115
<content type="string" default="" />
118
<parameter name="user" unique="0" required="0">
120
User name or id slapd will run with. The group id is also changed to this
121
user's gid, unless the group parameter is used to override.
123
<shortdesc lang="en">User name or id slapd will run with</shortdesc>
124
<content type="string" default="" />
127
<parameter name="group" unique="0" required="0">
129
Group name or id slapd will run with.
131
<shortdesc lang="en">Group name or id slapd will run with</shortdesc>
132
<content type="string" default="" />
135
<parameter name="services" required="0" unique="1">
137
LDAP (and other scheme) URLs slapd will serve.
138
For example, "ldap://127.0.0.1:389 ldaps:/// ldapi:///"
140
<shortdesc>LDAP (and other scheme) URLs to serve</shortdesc>
141
<content type="string" default="ldap:///"/>
144
<parameter name="watch_suffix" required="0" unique="0">
146
Suffix (database backend) that will be monitored for availability. Multiple
147
suffixes can be specified by providing a space seperated list. By providing one
148
or more suffixes here, the ignore_suffix parameter is discarded. All suffixes
149
will be monitored if left blank.
151
<shortdesc>Suffix that will be monitored for availability.</shortdesc>
152
<content type="string" default=""/>
155
<parameter name="ignore_suffix" required="0" unique="0">
157
Suffix (database backend) that will not be monitored for availability. Multiple
158
suffixes can be specified by providing a space seperated list. No suffix will
159
be excluded if left blank.
161
<shortdesc>Suffix that will not be monitored for availability.</shortdesc>
162
<content type="string" default=""/>
165
<parameter name="bind_dn" required="0" unique="0">
167
Distinguished Name used to bind to the LDAP directory for testing. Leave blank
168
to bind to the LDAP directory anonymously.
170
<shortdesc>Distinguished Name used to bind to the LDAP directory for testing.</shortdesc>
171
<content type="string" default=""/>
174
<parameter name="password" required="0" unique="0">
176
Password used to bind to the LDAP directory for testing.
178
<shortdesc>Password used to bind to the LDAP directory for testing.</shortdesc>
179
<content type="string" default=""/>
182
<parameter name="parameters" unique="0" required="0">
184
slapd may be called with additional parameters.
185
Specify any of them here.
187
<shortdesc lang="en">Any additional parameters to slapd.</shortdesc>
188
<content type="string" default="" />
191
<parameter name="stop_escalate" unique="0" required="0">
193
Number of seconds to wait for shutdown (using SIGTERM) before resorting to
196
<shortdesc lang="en">Seconds before stop escalation to KILL</shortdesc>
197
<content type="integer" default="15" />
202
<action name="start" timeout="20s" />
203
<action name="stop" timeout="20s" />
204
<action name="monitor" depth="0" timeout="20s" interval="60s" />
205
<action name="validate-all" timeout="20s" />
206
<action name="meta-data" timeout="5s" />
220
kill -$signal $pid >/dev/null 2>&1; rc=$?
222
while [ \( $rc -eq 0 \) -a \( $recheck -eq 0 -o $waited -lt $recheck \) ]; do
223
kill -0 $pid >/dev/null 2>&1; rc=$?
226
if [ $rc -eq 0 ]; then
231
if [ $rc -ne 0 ]; then
242
if [ -n "$OCF_RESKEY_watch_suffix" ]; then
243
if echo "'$OCF_RESKEY_watch_suffix'" | grep "'$1'" >/dev/null 2>&1; then
249
if echo "'$OCF_RESKEY_ignore_suffix'" | grep "'$1'" >/dev/null 2>&1; then
263
if [ -f "$pid_file" ]; then
264
pid=`head -n 1 "$pid_file" 2>/dev/null`
266
if [ "X$pid" != "X" ]; then
271
ocf_log err "slapd pid file '$pid_file' empty."
272
return $OCF_ERR_GENERIC
275
ocf_log info "slapd pid file '$pid_file' does not exist."
276
return $OCF_NOT_RUNNING
284
if [ $state -eq $OCF_SUCCESS ]; then
286
if ! kill -0 $pid >/dev/null 2>&1; then
287
return $OCF_NOT_RUNNING
303
slapd_status `slapd_pid`; state=$?
305
if [ $state -eq $OCF_SUCCESS ]; then
306
ocf_log info "slapd already running."
308
elif [ $state -eq $OCF_ERR_GENERIC ]; then
312
options="-u $user -g $group"
314
if [ -d "$config" ]; then
315
options="$options -F $config"
316
elif [ -f "$config" ]; then
317
options="$options -f $config"
319
ocf_log err "slapd configuration '$config' does not exist."
320
return $OCF_ERR_INSTALLED
323
if [ -n "$parameters" ]; then
324
options="$options $parameters"
327
if [ -n "$services" ]; then
328
$slapd -h "$services" $options 2>&1; rc=$?
330
$slapd $options 2>&1; rc=$?
333
if [ $rc -ne 0 ]; then
334
ocf_log err "slapd returned error."
336
return $OCF_ERR_GENERIC
341
if [ $? = "$OCF_SUCCESS" ]; then
347
ocf_log info "slapd started."
358
pid=`slapd_pid`; slapd_status $pid; state=$?
360
if [ $state -eq $OCF_NOT_RUNNING ]; then
361
ocf_log info "slapd already stopped."
363
elif [ $state -eq $OCF_ERR_GENERIC ]; then
367
terminate $pid TERM $OCF_RESKEY_stop_escalate; rc=$?
368
if [ $rc -ne 0 ]; then
369
ocf_log err "slapd failed to stop. Escalating to KILL."
370
terminate $pid KILL; rc=$?
373
if [ -f "$pid_file" ]; then
374
rm -f "$pid_file" >/dev/null 2>&1
377
ocf_log info "slapd stopped."
388
local err_option="-info"
390
slapd_status `slapd_pid`; state=$?
391
if [ $state -eq $OCF_NOT_RUNNING ]; then
393
if ! ocf_is_probe; then
394
ocf_log err "slapd process not found."
398
elif [ $state -ne $OCF_SUCCESS ]; then
399
ocf_log err "slapd returned error."
403
if [ -d "$config" ]; then
404
for suffix in `find "$config"/'cn=config' -type f -name olcDatabase* -exec \
405
sed -ne 's/^[[:space:]]*olcSuffix:[[:space:]]\+\(.\+\)/\1/p' {} \;`
410
if watch_suffix $suffix; then
411
suffixes="$suffixes $suffix"
415
elif [ -f "$config" ]; then
416
for suffix in `sed -ne 's/^[[:space:]]*suffix[[:space:]]\+\(.\+\)/\1/p' "$config"`
421
if watch_suffix $suffix; then
422
suffixes="$suffixes $suffix"
427
if ocf_is_probe; then
428
ocf_log info "slapd configuration '$config' does not exist during probe."
430
ocf_log err "slapd configuration '$config' does not exist."
431
return $OCF_ERR_INSTALLED
435
options="-LLL -s base -x"
437
if [ -n "$bind_dn" ]; then
438
options="$options -D $bind_dn -w $password"
441
[ -z "$1" ] && err_option=""
442
for suffix in $suffixes; do
443
ocf_run -q $err_option "$ldapsearch" -H "$services" -b "$suffix" $options >/dev/null 2>&1; rc=$?
447
ocf_log debug "slapd database with suffix '$suffix' reachable"
450
ocf_log err "slapd database with suffix '$suffix' unreachable. Invalid credentials."
451
return $OCF_ERR_CONFIGURED
454
if [ -z "$1" ] || [ -n "$1" -a $rc -ne 1 ]; then
455
ocf_log err "slapd database with suffix '$suffix' unreachable. exit code ($rc)"
457
state=$OCF_ERR_GENERIC
467
check_binary "$slapd"
468
check_binary "$ldapsearch"
470
if [ -z "$pid_file" ]; then
471
if [ -d "$config" ]; then
473
's/^olcPidFile:[[:space:]]\+\(.\+\)[[:space:]]*/\1/p' \
474
"$config"/'cn=config.ldif' 2>/dev/null`
475
elif [ -f "$config" ]; then
477
's/^pidfile[[:space:]]\+\(.\+\)/\1/p' \
478
"$config" 2>/dev/null`
480
if ocf_is_probe; then
481
ocf_log info "slapd configuration '$config' does not exist during probe."
483
ocf_log err "slapd configuration '$config' does not exist."
484
return $OCF_ERR_INSTALLED
489
if [ -z "$user" ]; then
490
user=`id -nu 2>/dev/null`
491
elif ! id "$user" >/dev/null 2>&1; then
492
ocf_log err "slapd user '$user' does not exist"
493
return $OCF_ERR_INSTALLED
496
if [ -z "$group" ]; then
497
group=`id -ng 2>/dev/null`
498
elif ! grep "^$group:" /etc/group >/dev/null 2>&1; then
499
ocf_log err "slapd group '$group' does not exist"
500
return $OCF_ERR_INSTALLED
503
pid_dir=`dirname "$pid_file"`
504
if [ ! -d "$pid_dir" ]; then
506
chown -R "$user" "$pid_dir"
507
chgrp -R "$group" "$pid_dir"
517
slapd=$OCF_RESKEY_slapd
518
ldapsearch=$OCF_RESKEY_ldapsearch
519
config=$OCF_RESKEY_config
520
user=$OCF_RESKEY_user
521
group=$OCF_RESKEY_group
522
services=$OCF_RESKEY_services
523
bind_dn=$OCF_RESKEY_bind_dn
524
password=$OCF_RESKEY_password
525
parameters=$OCF_RESKEY_parameters
526
pid_file=$OCF_RESKEY_pidfile
528
if [ -z "$config" ]; then
529
if [ -e "/etc/ldap/slapd.d" ]; then
530
config="/etc/ldap/slapd.d"
532
config="/etc/ldap/slapd.conf"
536
if [ $# -ne 1 ]; then
554
[ $rc -eq $OCF_SUCCESS ] || exit $rc
558
slapd_status `slapd_pid`; state=$?
560
if [ $state -eq $OCF_SUCCESS ]; then
561
ocf_log debug "slapd is running."
562
elif [ $state -eq $OCF_NOT_RUNNING ]; then
563
ocf_log debug "slapd is stopped."
577
slapd_monitor; state=$?
585
exit $OCF_ERR_UNIMPLEMENTED
added
removed
heartbeat/slapd
