Hi, Charlie, That depends on what you want to do. My objective was to recreate the "install 389-ds on a fresh machine" process as closely as I could without actually wiping and reinstalling the whole machine. I wrote the script to work out an automated installation process at home, over many iterations. I then adapted the script *enormously* to use in the Production environment that was the goal of the exercise. :-)
David > On Jan 10, 2016, at 10:24, Charlie Mordant <[email protected]> wrote: > > Hi David, hi Alan, > > I've the nearly same approach, well done for these scripts ;) (I did about > the same). > > But don't you think it would be far easier to do this kind of things: > * remove-ds-admin.pl <http://admin.pl/> -y -f -y > * yum remove -y 389-ds-base-base-libs > * yum install 389-ds 389-admin 389-adminutil > * setup-ds-admin.pl <http://setup-ds-admin.pl/> -s -f /tmp/ldap.inf > * stuff... > > But that would be a 389-ds task > > > Regards, > > 2016-01-10 18:54 GMT+01:00 David Barr <[email protected] > <mailto:[email protected]>>: > I have a straight up bash script at > https://github.com/dafydd2277/systemAdmin/blob/master/ldap/99_389dsCleanInstall.sh > > <https://github.com/dafydd2277/systemAdmin/blob/master/ldap/99_389dsCleanInstall.sh> > that exactly this. You're welcome to use as a starting point. > > David > > >> On Jan 10, 2016, at 08:43, Charlie Mordant <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi census experts! >> >> At first, I wanted to thank you for that wonderful technology, providing >> secure (tls ready, acl ready, clusterable) product: you're the only one >> driving annuary (directory) as mature as this. >> >> I'm encountering an untraditional issue: I'm trying to make a kind of cloud >> service all ldap centric: all my services are consuming ldap to give user >> credentials (jenkins, webmail, nexus, etc...). >> >> I'm able to make a first-time ldap installation that fits all my needs but >> not able to makes it repeatable. >> >> The issues are that: >> * docker image are really difficult to tackle: >> mains parts are on the same db: netscaperoot things, ssl configuration, >> maxbersize, as well as the users db (dc=mydn, dc=people), so splitting >> concerns are difficult. >> * remove-ds.pl <http://remove-ds.pl/> then setup-ds.pl <http://setup-ds.pl/> >> does not make admin-ds recognizable within the new ldap. >> * remove-ds-admin.pl <http://remove-ds-admin.pl/> removes some rpm mandatory >> files, so yum erase (389-ds-base, 389-admin, 389-adminutil), yum install is >> mandatory (but it looks like its not sufficient, and can cause some side >> effect: removing other deps). >> >> So how can I make a repeatable 389 install? >> What I want to achieve: >> * Install a 389 server importing a personal CA and certs >> * Securizing access (my cloud has prices depending on the number of users) >> so my cloud adds users to 'dc=mycompany,ou=people, ou=company' but company >> can add users to 'dc=mycompany,ou=people, ou=webmail,ou=contacts' >> * Making it repeatable (exporting contacts data, yum erase 389-ds, yum >> install 389-ds then configure stuff and importing contacts data should >> lead to the same result as before), and I'm not able to do that after 3 >> month of work. >> >> I've a sample Opscode Chef recipe mounting all this stuff, but >> re-provisioning machine leads to errors, I can give access to one of your >> dev if wanted. >> >> Can 389 can be improved to uninstall ds then reinstall an installation >> (without the admin things) and being as complete as before? >> >> >> Best regards >> >> -- >> Charlie Mordant >> >> Full OSGI/EE stack made with Karaf: >> https://github.com/OsgiliathEnterprise/net.osgiliath.parent >> <https://github.com/OsgiliathEnterprise/net.osgiliath.parent> >> -- >> 389 users mailing list >> 389-users@%(host_name)s >> http://lists.fedoraproject.org/admin/lists/[email protected] >> <http://lists.fedoraproject.org/admin/lists/[email protected]> > -- > > David - Offbeat > dafydd - Online http://pgp.mit.edu/ <http://pgp.mit.edu/> > > ----5----1----5----2----5----3----5----4----5----5----5----6----5----7-- > > The most dangerous phrase is, 'We've always done it this way.' –RADM Grace > Hopper > > > -- > 389 users mailing list > 389-users@%(host_name)s > http://lists.fedoraproject.org/admin/lists/[email protected] > <http://lists.fedoraproject.org/admin/lists/[email protected]> > > > > -- > Charlie Mordant > > Full OSGI/EE stack made with Karaf: > https://github.com/OsgiliathEnterprise/net.osgiliath.parent > <https://github.com/OsgiliathEnterprise/net.osgiliath.parent> > -- > 389 users mailing list > 389-users@%(host_name)s > http://lists.fedoraproject.org/admin/lists/[email protected] -- David - Offbeat dafydd - Online http://pgp.mit.edu/ ----5----1----5----2----5----3----5----4----5----5----5----6----5----7-- Werner Heisenberg is driving down the autobahn. A police officer pulls him over. The officer says, "Excuse me, sir, do you know how fast you were going?" "No," replies Dr. Heisenberg, "but I know where I am."
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/[email protected]
