Page Menu
Home
ClusterLabs Projects
Search
Configure Global Search
Log In
Files
F3155260
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
14 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/heartbeat/slapd b/heartbeat/slapd
index d5761f255..042187061 100755
--- a/heartbeat/slapd
+++ b/heartbeat/slapd
@@ -1,572 +1,579 @@
#!/bin/bash
#
# Stand-alone LDAP Daemon (slapd)
#
# Description: Manages Stand-alone LDAP Daemon (slapd) as an OCF resource in
# an high-availability setup.
#
# Authors: Jeroen Koekkoek
# nozawat@gmail.com
# John Keith Hohm
#
# License: GNU General Public License (GPL)
# Copyright: (C) 2011 Pagelink B.V.
#
# The OCF code was inspired by the Postfix resource script written by
# Raoul Bhatia <r.bhatia@ipax.at>.
#
# The code for managing the slapd instance is based on the the slapd init
# script found in Debian GNU/Linux 6.0.
#
# OCF parameters:
# OCF_RESKEY_slapd
# OCF_RESKEY_ldapsearch
# OCF_RESKEY_config
# OCF_RESKEY_pidfile
# OCF_RESKEY_user
# OCF_RESKEY_group
# OCF_RESKEY_services
# OCF_RESKEY_watch_suffix
# OCF_RESKEY_ignore_suffix
# OCF_RESKEY_bind_dn
# OCF_RESKEY_password
# OCF_RESKEY_parameters
# OCF_RESKEY_stop_escalate
#
################################################################################
# Initialization:
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
: ${OCF_RESKEY_slapd="/usr/sbin/slapd"}
: ${OCF_RESKEY_ldapsearch="ldapsearch"}
: ${OCF_RESKEY_config=""}
: ${OCF_RESKEY_pidfile=""}
: ${OCF_RESKEY_user=""}
: ${OCF_RESKEY_group=""}
: ${OCF_RESKEY_services="ldap:///"}
: ${OCF_RESKEY_watch_suffix=""}
: ${OCF_RESKEY_ignore_suffix=""}
: ${OCF_RESKEY_bind_dn=""}
: ${OCF_RESKEY_password=""}
: ${OCF_RESKEY_parameters=""}
: ${OCF_RESKEY_stop_escalate=15}
USAGE="Usage: $0 {start|stop|status|monitor|validate-all|meta-data}"
ORIG_IFS=$IFS
NEWLINE='
'
################################################################################
usage() {
echo $USAGE >&2
}
meta_data()
{
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="slapd">
<version>0.1</version>
<longdesc lang="en">
Resource script for Stand-alone LDAP Daemon (slapd). It manages a slapd instance as an OCF resource.
</longdesc>
<shortdesc lang="en">Manages a Stand-alone LDAP Daemon (slapd) instance</shortdesc>
<parameters>
<parameter name="slapd" unique="0" required="0">
<longdesc lang="en">
Full path to the slapd binary.
For example, "/usr/sbin/slapd".
</longdesc>
<shortdesc lang="en">Full path to slapd binary</shortdesc>
<content type="string" default="/usr/sbin/slapd" />
</parameter>
<parameter name="ldapsearch" unique="0" required="0">
<longdesc lang="en">
Full path to the ldapsearch binary.
For example, "/usr/bin/ldapsearch".
</longdesc>
<shortdesc lang="en">Full path to ldapsearch binary</shortdesc>
<content type="string" default="ldapsearch" />
</parameter>
<parameter name="config" required="0" unique="1">
<longdesc lang="en">
Full path to a slapd configuration directory or a slapd configuration file.
For example, "/etc/ldap/slapd.d" or "/etc/ldap/slapd.conf".
</longdesc>
<shortdesc>Full path to configuration directory or file</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="pidfile" required="0" unique="0">
<longdesc lang="en">
File to read the PID from; read from olcPidFile/pidfile in config if not set.
</longdesc>
<shortdesc lang="en">File to read PID from</shortdesc>
<content type="string" default="" />
</parameter>
<parameter name="user" unique="0" required="0">
<longdesc lang="en">
User name or id slapd will run with. The group id is also changed to this
user's gid, unless the group parameter is used to override.
</longdesc>
<shortdesc lang="en">User name or id slapd will run with</shortdesc>
<content type="string" default="" />
</parameter>
<parameter name="group" unique="0" required="0">
<longdesc lang="en">
Group name or id slapd will run with.
</longdesc>
<shortdesc lang="en">Group name or id slapd will run with</shortdesc>
<content type="string" default="" />
</parameter>
<parameter name="services" required="0" unique="1">
<longdesc lang="en">
LDAP (and other scheme) URLs slapd will serve.
For example, "ldap://127.0.0.1:389 ldaps:/// ldapi:///"
</longdesc>
<shortdesc>LDAP (and other scheme) URLs to serve</shortdesc>
<content type="string" default="ldap:///"/>
</parameter>
<parameter name="watch_suffix" required="0" unique="0">
<longdesc lang="en">
Suffix (database backend) that will be monitored for availability. Multiple
suffixes can be specified by providing a space seperated list. By providing one
or more suffixes here, the ignore_suffix parameter is discarded. All suffixes
will be monitored if left blank.
</longdesc>
<shortdesc>Suffix that will be monitored for availability.</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="ignore_suffix" required="0" unique="0">
<longdesc lang="en">
Suffix (database backend) that will not be monitored for availability. Multiple
suffixes can be specified by providing a space seperated list. No suffix will
be excluded if left blank.
</longdesc>
<shortdesc>Suffix that will not be monitored for availability.</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="bind_dn" required="0" unique="0">
<longdesc lang="en">
Distinguished Name used to bind to the LDAP directory for testing. Leave blank
to bind to the LDAP directory anonymously.
</longdesc>
<shortdesc>Distinguished Name used to bind to the LDAP directory for testing.</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="password" required="0" unique="0">
<longdesc lang="en">
Password used to bind to the LDAP directory for testing.
</longdesc>
<shortdesc>Password used to bind to the LDAP directory for testing.</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="parameters" unique="0" required="0">
<longdesc lang="en">
slapd may be called with additional parameters.
Specify any of them here.
</longdesc>
<shortdesc lang="en">Any additional parameters to slapd.</shortdesc>
<content type="string" default="" />
</parameter>
<parameter name="stop_escalate" unique="0" required="0">
<longdesc lang="en">
Number of seconds to wait for shutdown (using SIGTERM) before resorting to
SIGKILL
</longdesc>
<shortdesc lang="en">Seconds before stop escalation to KILL</shortdesc>
<content type="integer" default="15" />
</parameter>
</parameters>
<actions>
<action name="start" timeout="20s" />
<action name="stop" timeout="20s" />
<action name="monitor" depth="0" timeout="20s" interval="60s" />
<action name="validate-all" timeout="20s" />
<action name="meta-data" timeout="5s" />
</actions>
</resource-agent>
END
}
terminate()
{
local pid=$1
local signal=$2
local recheck=${3-0}
local result
local waited=0
kill -$signal $pid >/dev/null 2>&1; result=$?
while [ \( $result -eq 0 \) -a \( $recheck -eq 0 -o $waited -lt $recheck \) ]; do
kill -0 $pid >/dev/null 2>&1; result=$?
let "waited += 1"
if [ $result -eq 0 ]; then
sleep 1
fi
done
if [ $result -ne 0 ]; then
return 0
fi
return 1
}
watch_suffix()
{
local result
if [ -n "$OCF_RESKEY_watch_suffix" ]; then
if echo "'$OCF_RESKEY_watch_suffix'" | grep "'$1'" >/dev/null 2>&1; then
result=0
else
result=1
fi
else
if echo "'$OCF_RESKEY_ignore_suffix'" | grep "'$1'" >/dev/null 2>&1; then
result=1
else
result=0
fi
fi
return $result
}
slapd_pid()
{
local pid
if [ -f "$pid_file" ]; then
pid=`head -n 1 "$pid_file" 2>/dev/null`
if [ "X$pid" != "X" ]; then
echo "$pid"
return $OCF_SUCCESS
fi
ocf_log err "slapd pid file '$pid_file' empty."
return $OCF_ERR_GENERIC
fi
ocf_log info "slapd pid file '$pid_file' does not exist."
return $OCF_NOT_RUNNING
}
slapd_status()
{
local pid=$1
local state=$?
if [ $state -eq $OCF_SUCCESS ]; then
if ! kill -0 $pid >/dev/null 2>&1; then
return $OCF_NOT_RUNNING
else
return $OCF_SUCCESS
fi
fi
return $state
}
slapd_start()
{
local options
local reason
local result
local state
slapd_status `slapd_pid`; state=$?
if [ $state -eq $OCF_SUCCESS ]; then
ocf_log info "slapd already running."
return $state
elif [ $state -eq $OCF_ERR_GENERIC ]; then
return $state
fi
options="-u $user -g $group"
if [ -d "$config" ]; then
options="$options -F $config"
elif [ -f "$config" ]; then
options="$options -f $config"
else
ocf_log err "slapd configuration '$config' does not exist."
return $OCF_ERR_INSTALLED
fi
if [ -n "$parameters" ]; then
options="$options $parameters"
fi
if [ -n "$services" ]; then
$slapd -h "$services" $options 2>&1; result=$?
else
$slapd $options 2>&1; result=$?
fi
if [ $result -ne 0 ]; then
ocf_log err "slapd returned error."
return $OCF_ERR_GENERIC
fi
while true; do
slapd_monitor start
if [ $? = "$OCF_SUCCESS" ]; then
break
fi
sleep 1
done
ocf_log info "slapd started."
return $OCF_SUCCESS
}
slapd_stop()
{
local pid
local result
local state
pid=`slapd_pid`; slapd_status $pid; state=$?
if [ $state -eq $OCF_NOT_RUNNING ]; then
ocf_log info "slapd already stopped."
return $OCF_SUCCESS
elif [ $state -eq $OCF_ERR_GENERIC ]; then
return $state
fi
terminate $pid TERM $OCF_RESKEY_stop_escalate; result=$?
if [ $result -ne 0 ]; then
ocf_log err "slapd failed to stop. Escalating to KILL."
terminate $pid KILL; result=$?
fi
if [ -f "$pid_file" ]; then
rm -f "$pid_file" >/dev/null 2>&1
fi
ocf_log info "slapd stopped."
return $OCF_SUCCESS
}
slapd_monitor()
{
local options
local result
local state
local suffix
local suffixes
local err_option="-err"
slapd_status `slapd_pid`; state=$?
if [ $state -eq $OCF_NOT_RUNNING ]; then
if [ -z "$1" ];then
if ! ocf_is_probe; then
ocf_log err "slapd process not found."
fi
fi
return $state
elif [ $state -ne $OCF_SUCCESS ]; then
ocf_log err "slapd returned error."
return $state
fi
if [ -d "$config" ]; then
for suffix in `find "$config"/'cn=config' -type f -name olcDatabase* -exec \
sed -ne 's/^[[:space:]]*olcSuffix:[[:space:]]\+\(.\+\)/\1/p' {} \;`
do
suffix=${suffix#\"*}
suffix=${suffix%\"*}
if watch_suffix $suffix; then
suffixes="$suffixes $suffix"
fi
done
elif [ -f "$config" ]; then
for suffix in `sed -ne 's/^[[:space:]]*suffix[[:space:]]\+\(.\+\)/\1/p' "$config"`
do
suffix=${suffix#\"*}
suffix=${suffix%\"*}
if watch_suffix $suffix; then
suffixes="$suffixes $suffix"
fi
done
else
ocf_log err "slapd configuration '$config' does not exist."
return $OCF_ERR_INSTALLED
fi
options="-LLL -s base -x"
if [ -n "$bind_dn" ]; then
options="$options -D '$bind_dn' -w '$password'"
fi
[ -z "$1" ] && err_option=""
for suffix in $suffixes; do
ocf_run -q $err_option "$ldapsearch" -H "$services" -b "$suffix" $options >/dev/null 2>&1; result=$?
case "$result" in
"0")
ocf_log debug "slapd database with suffix '$suffix' reachable"
;;
"49")
ocf_log err "slapd database with suffix '$suffix' unreachable. Invalid credentials."
return $OCF_ERR_CONFIGURED
;;
*)
if [ -z "$1" ] || [ -n "$1" -a $result -ne 1 ]; then
ocf_log err "slapd database with suffix '$suffix' unreachable. exit code ($result)"
state=$OCF_ERR_GENERIC
fi
;;
esac
done
return $state
}
slapd_validate_all()
{
check_binary "$slapd"
check_binary "$ldapsearch"
if [ -z "$pid_file" ]; then
if [ -d "$config" ]; then
pid_file=`sed -ne \
's/^olcPidFile:[[:space:]]\+\(.\+\)[[:space:]]*/\1/p' \
"$config"/'cn=config.ldif' 2>/dev/null`
elif [ -f "$config" ]; then
pid_file=`sed -ne \
's/^pidfile[[:space:]]\+\(.\+\)/\1/p' \
"$config" 2>/dev/null`
else
ocf_log err "slapd configuration '$config' does not exist."
return $OCF_ERR_INSTALLED
fi
fi
if [ -z "$user" ]; then
user=`id -nu 2>/dev/null`
elif ! id "$user" >/dev/null 2>&1; then
ocf_log err "slapd user '$user' does not exist"
return $OCF_ERR_INSTALLED
fi
if [ -z "$group" ]; then
group=`id -ng 2>/dev/null`
elif ! grep "^$group:" /etc/group >/dev/null 2>&1; then
ocf_log err "slapd group '$group' does not exist"
return $OCF_ERR_INSTALLED
fi
+ pid_dir=`dirname "$pid_file"`
+ if [ ! -d "$pid_dir" ]; then
+ mkdir -p "$pid_dir"
+ chown -R "$user" "$pid_dir"
+ chgrp -R "$group" "$pid_dir"
+ fi
+
return $OCF_SUCCESS
}
#
# Main
#
slapd=$OCF_RESKEY_slapd
ldapsearch=$OCF_RESKEY_ldapsearch
config=$OCF_RESKEY_config
user=$OCF_RESKEY_user
group=$OCF_RESKEY_group
services=$OCF_RESKEY_services
bind_dn=$OCF_RESKEY_bind_dn
password=$OCF_RESKEY_password
parameters=$OCF_RESKEY_parameters
pid_file=$OCF_RESKEY_pidfile
if [ -z "$config" ]; then
if [ -e "/etc/ldap/slapd.d" ]; then
config="/etc/ldap/slapd.d"
else
config="/etc/ldap/slapd.conf"
fi
fi
if [ $# -ne 1 ]; then
usage
exit $OCF_ERR_ARGS
fi
case $1 in
meta-data)
meta_data
exit $OCF_SUCCESS
;;
usage|help)
usage
exit $OCF_SUCCESS
;;
esac
slapd_validate_all
rc=$?
[ $rc -eq $OCF_SUCCESS ] || exit $rc
case $1 in
status)
slapd_status `slapd_pid`; state=$?
if [ $state -eq $OCF_SUCCESS ]; then
ocf_log debug "slapd is running."
elif [ $state -eq $OCF_NOT_RUNNING ]; then
ocf_log debug "slapd is stopped."
fi
exit $state
;;
start)
slapd_start
exit $?
;;
stop)
slapd_stop
exit $?
;;
monitor)
slapd_monitor; state=$?
exit $state
;;
validate-all)
exit $OCF_SUCCESS
;;
*)
usage
exit $OCF_ERR_UNIMPLEMENTED
;;
esac
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Wed, Feb 26, 8:48 PM (7 h, 17 m ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1460674
Default Alt Text
(14 KB)
Attached To
Mode
rR Resource Agents
Attached
Detach File
Event Timeline
Log In to Comment