-
Notifications
You must be signed in to change notification settings - Fork 3
/
fuseLdap.sh
executable file
·142 lines (116 loc) · 6.15 KB
/
fuseLdap.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#!/bin/bash
##########################################################################################################
# Description:
# This example will guide you through a simple Red Hat JBoss Fuse setup with ldap autentication.
# We are going to start 3 docker container: one openldap server with some users and group preloaded,
# one phpldapadmin just to have a conveninent way to visualize and interact with the ldap server,
# and our fuse insance which we are going to configure for autenticating against the ldap server.
#
# Dependencies:
# - docker
# - sshpass, used to avoid typing the pass everytime (not needed if you are invoking the commands manually)
# to install on Fedora/Centos/Rhel:
# sudo yum install -y docker-io sshpass
# - fuse6.1 docker image:
# 1) download docker file:
# wget https://raw.github.com/paoloantinori/dockerfiles/master/centos/fuse/fuse/Dockerfile
#
# 2) download Jboss fuse 6.2.1 from http://www.jboss.org/products/fuse zip and place it in the same directoryof the Dokerfile
# NOTE: you are expected to have either a copy of jboss-fuse-*.zip or a link to that file in the current folder.
#
# 3) check if base image has been updated:
# docker pull pantinor/fuse
#
# 4) build your docker fuse image:
# docker build -rm -t fuse6.2.1 .
#
# Prerequesites:
# - run docker in case it's not already
# sudo service docker start
#
# Notes:
# - if you run the commands, typing them yourself in a shell, you probably won't need all the ssh aliases
# or the various "sleep" invocations
# - as you may see this script is based on sleep commands, that maybe too short if your hardware is much slower than mine.
# increase those sleep time if you have to
#######################################################################################################
################################################################################################
##### Preconfiguration and helper functions. Skip if not interested. #####
################################################################################################
# scary but it's just for better logging if you run with "sh -x"
export PS4='+(${BASH_SOURCE}:${LINENO}): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
# ulimits values needed by the processes inside the container
ulimit -u 4096
ulimit -n 4096
########## docker lab configuration
# remove old docker containers with the same names
docker stop -t 0 root
docker stop -t 0 openldap
docker stop -t 0 phpldapadmin
docker rm root
docker rm openldap
docker rm phpldapadmin
# expose ports to localhost, uncomment to enable always
EXPOSE_PORTS="-P"
if [[ x$EXPOSE_PORTS == xtrue ]] ; then EXPOSE_PORTS=-P ; fi
# halt on errors
set -e
# create your lab
docker run -t -i -p 389:389 -e SERVER_NAME=ldap.my-compagny.com --name openldap -d valdar/ldapfuseusers:1.0.0
# assign ip addresses to env variable, despite they should be constant on the same machine across sessions
IP_LDAP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' openldap)
docker run -t -i -p 6443:443 -e PHPLDAPADMIN_LDAP_HOSTS=$IP_LDAP --name phpldapadmin -d osixia/phpldapadmin:0.6.9
docker run -d -t -i $EXPOSE_PORTS --name root fuse6.3
# assign ip addresses to env variable, despite they should be constant on the same machine across sessions
IP_ROOT=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' root)
########### aliases to preconfigure ssh and scp verbose to type options
# full path of your ssh, used by the following helper aliases
SSH_PATH=$(which ssh)
### ssh aliases to remove some of the visual clutter in the rest of the script
# alias to connect to your docker images
alias ssh2host="$SSH_PATH -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o LogLevel=ERROR fuse@$IP_ROOT"
# alias to connect to the ssh server exposed by JBoss Fuse. uses sshpass to script the password authentication
alias ssh2fabric="sshpass -p admin $SSH_PATH -p 8101 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o LogLevel=ERROR -oHostKeyAlgorithms=+ssh-dss admin@$IP_ROOT"
SSH2FABRIC="sshpass -p admin $SSH_PATH -p 8101 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PreferredAuthentications=password -o LogLevel=ERROR -oHostKeyAlgorithms=+ssh-dss admin@$IP_ROOT"
################################################################################################
##### Tutorial starts here #####
################################################################################################
echo "waiting 10 sec to ssh into the root container"
sleep 10
# start fuse on root node
ssh2host "/opt/rh/jboss-*/bin/start"
echo "waiting the Fuse startup for 30 sec"
sleep 30
############################# here you are starting to interact with Fuse/Karaf
# If you want to type the commands manually you have to connect to Karaf. You can do it either with ssh or with the "client" command.
# Ex.
# ssh2fabric
# create a new fabric
ssh2fabric "fabric:create --clean -r localip -g localip --wait-for-provisioning"
# show current containers
ssh2fabric "container-list"
# create a new version of the configuration
ssh2fabric "fabric:version-create 1.1"
sleep 5
# import ldap configuration using git server in fabric
rm -rf ./tmp-git
git clone -b 1.1 http://admin:admin@$IP_ROOT:8181/git/fabric ./tmp-git
cd ./tmp-git/
git checkout 1.1
#add xml ldap configuration to versio 1.1. of default profile
cp ../ldap-module.xml fabric/profiles/default.profile/
#add configuration of ldaphost
echo "" >> fabric/profiles/default.profile/io.fabric8.jaas.properties
echo "ldaphostserver=$IP_LDAP" >> fabric/profiles/default.profile/io.fabric8.jaas.properties
#add a config line to io.fabric8.agent.properties in versio 1.1. of default profile
printf "\nbundle.ldap-realm=blueprint:profile:ldap-module.xml" >> fabric/profiles/default.profile/io.fabric8.agent.properties
git add *
git config user.email "[email protected]"
git config user.name "Mr Fuse Ldap"
git commit -a -m "Ldap authentication configuration"
git push origin 1.1
cd ..
rm -rf ./tmp-git
sleep 5
#upgrade root container to the new configuration
ssh2fabric "fabric:container-upgrade --all 1.1"