[fedfs-utils] [PATCH] FedFS - simple setup howto

Chuck Lever chuck.lever at oracle.com
Mon Sep 24 10:40:05 PDT 2012 

Hi-

On Aug 27, 2012, at 5:28 AM, Ian Kent wrote:

> +Setup an NSDB (NameSpace DataBase)
> +==================================
> +
> +1. Set parameters for NSDB connections:
> +	# nsdbparams(8) is used to set NSDB connection parameters
> +	nsdbparams update -e "dc=fedfs,dc=org" \
> +			  -D "cn=Manager,dc=fedfs,dc=org" \
> +			  zeus.fedfs.org
> +
> +2. Setup an OpenLDAP instance for fedfs.org:
> +	service slapd stop
> +or
> +	systemctl stop slapd.service
> +
> +Create /etc/openldap/slapd.conf as:
> +        include         /etc/openldap/schema/core.schema
> +        include         /etc/openldap/schema/cosine.schema
> +        include         /etc/openldap/schema/inetorgperson.schema
> +        include         /etc/openldap/schema/nis.schema
> +	# Get this from the FedFS distribution
> +        include         /etc/openldap/schema/fedfs.schema
> +
> +        pidfile         /var/run/openldap/slapd.pid
> +        argsfile        /var/run/openldap/slapd.args
> +
> +        database        bdb
> +        suffix          "dc=fedfs,dc=org"
> +        rootdn          "cn=Manager,dc=fedfs,dc=org"
> +        rootpw          secret
> +        directory       /var/lib/ldap
> +
> +        index objectClass                       eq,pres
> +        index ou,cn,mail,surname,givenname      eq,pres,sub
> +        index uidNumber,gidNumber,loginShell    eq,pres
> +        index uid,memberUid                     eq,pres,sub
> +        index nisMapName,nisMapEntry            eq,pres,sub
> +
> +Create fedfs.org-naming-context.ldif as:
> +	dn: dc=fedfs,dc=org
> +	objectClass: domain
> +	dc: fedfs
> +	description: naming context
> +
> +Create an OpenLDAP instance for fedfs.org:
> +	# Ensure that /etc/openldap/ldap.conf is setup to use fedfs.org
> +	# by commenting out any other URI and BASE directives and then
> +	# add definitions to the end of the configuration.
> +	echo "URI ldap://zeus.fedfs.org/" >> /etc/openldap/ldap.conf
> +	echo "BASE dc=fedfs,dc=org" >> /etc/openldap/ldap.conf
> +
> +	# Setup OpenLDAP for fedfs.org
> +	cd /etc/openldap
> +	restorecon -v slapd.conf
> +
> +	rm -f /var/lib/ldap/*
> +	# supress warnings that this file does not exist
> +	touch /var/lib/ldap/DB_CONFIG
> +
> +	rm -rf slapd.d
> +	slaptest -F slapd.d -f slapd.conf
> +	# I think this will restore the correct ownership
> +	# of the configuration directory tree but it may
> +	# be necessary to chmod -R ldap.ldap slapd.d also.
> +	restorecon -R -v slapd.d
> +
> +	slapadd -l fedfs.org-naming-context.ldif
> +	chown ldap.ldap /var/lib/ldap/*
> +	restorecon -v /var/lib/ldap/*
> +
> +	service slapd start
> +or
> +	systemctl start slapd.service
> +
> +4. Add NCI (NSDB Container information) attributes to the
> +   naming context LDAP entry:
> +	nsdb-update-nci -l zeus.fedfs.org \
> +		-D "cn=Manager,dc=fedfs,dc=org" \
> +		-e "dc=fedfs,dc=org"

I'm new to OpenLDAP, but you have inspired me to try it out as an NSDB.  I used your instructions.

It looks like OpenLDAP is in the middle of a major conversion from the old-school slapd.conf way of configuration to a new "OnLine Config" thingie.  I think our instructions and tools should take advantage of the new method.

We can build some simple tools that operate against a generic OpenLDAP install:

1.  Add the FedFS schema via an ldapmodify command

2.  Set up either an "o=fedfs" suffix and database, or add an "ou=fedfs" domain entry

3.  We already have the nsdb-update-nci tool that can take it from there

That might make all of this a lot easier.  1. and 2. would reside under the contrib/ directory in the fedfs-utils source tree.

What do you think?

-- 
Chuck Lever
chuck[dot]lever[at]oracle[dot]com

More information about the fedfs-utils-devel mailing list