#!/bin/sh
#
# Description: Manages a LDAP Server provided by NTT OSSC as an
# OCF High-Availability resource under Heartbeat/LinuxHA control
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA.
#
#
#
#######################################################################
# OCF parameters:
# OCF_RESKEY_ldap_bin : Executable file
# OCF_RESKEY_ldap_conf : Configuration file
# OCF_RESKEY_ldap_pidfile: Process id file
# OCF_RESKEY_ldap_port : Port number
# OCF_RESKEY_ldap_user : Ldap user
# OCF_RESKEY_ldap_urls : LDAP URL's (ldap and/or ldaps)
#
# OCF_RESKEY_ldap_bin, OCF_RESKEY_ldap_conf, OCF_RESKEY_ldap_pidfile
# OCF_RESKEY_ldap_port OCF_RESKEY_ldap_user must be specified.
###############################################################################
. ${OCF_ROOT}/resource.d/heartbeat/.ocf-shellfuncs
#########INITIALIZATION HERE###################################################
LDAP_CONF="${OCF_RESKEY_ldap_conf-/etc/openldap/slapd.conf}"
LDAP_BIN="${OCF_RESKEY_ldap_bin-/usr/sbin/slapd}"
LDAP_PIDFILE="${OCF_RESKEY_ldap_pidfile-/var/run/openldap/slapd.pid}"
LDAP_PORT="${OCF_RESKEY_ldap_port-389}"
LDAP_USER="${OCF_RESKEY_ldap_user-ldap}"
LDAP_URLS="${OCF_RESKEY_ldap_urls-ldap}" #Must be set to ldap (ldap:///) or
ldaps (ldaps:///)
LDAP_OPTS="${OCF_RESKEY_ldap_opts}"
LDAP_NAME="${OCF_RESKEY_ldap_opts-ldap}"
##############################################################################
usage()
{
cat <<-!
usage: $0 action
action:
start : start a new LDAP instance
stop : stop the running LDAP instance
status : return the status of LDAP, run or down
monitor : return TRUE if the LDAP appears to be working.
meta-data : show meta data message
validate-all : validate the instance parameters
!
return $OCF_ERR_ARGS
}
metadata_ldap() {
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="ldap">
<version>1.0</version>
<longdesc lang="en">The OCF resource agent of ldap</longdesc>
<shortdesc lang="en">The RA for ldap</shortdesc>
<parameters>
<parameter name="ldap_bin" required="1" unique="0">
<longdesc lang="en">
This is a required parameter. This parameter specifies ldap's
bin file
</longdesc>
<shortdesc>Binary</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="ldap_conf" required="0" unique="1">
<longdesc lang="en">
This is a required parameter. This parameter specifies a configuration file
for a ldap instance managed by this RA
</longdesc>
<shortdesc>Configuration file</shortdesc>
<content type="string" default="/etc/openldap/slapd.conf"/>
</parameter>
<parameter name="ldap_pidfile" required="1" unique="1">
<longdesc lang="en">
This is a required parameter. This parameter specifies a process id file
for a ldap instance managed by this RA.
</longdesc>
<shortdesc>Pidfile</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="ldap_port" required="1" unique="1">
<longdesc lang="en">
This is a required parameter. This parameter specifies a port number
for a ldap instance managed by this RA. If plural ports are used,
you must specifiy the only one of them.
</longdesc>
<shortdesc>Port number</shortdesc>
<content type="integer" default=""/>
</parameter>
<parameter name="ldap_user" required="1" unique="1">
<longdesc lang="en">
This is a required parameter. This parameter specifies a user
to start the ldap instance managed by this RA.
</longdesc>
<shortdesc>User</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="ldap_urls" required="1" unique="1">
<longdesc lang="en">
This is a required parameter. This parameter specifies if you
want to run yout ldap in normal or TLS mode ldap or using ssl ldaps
</longdesc>
<shortdesc>URLS</shortdesc>
<content type="string" default=""/>
</parameter>
</parameters>
<actions>
<action name="start" timeout="20s" />
<action name="stop" timeout="20s" />
<action name="status" timeout="60" />
<action name="monitor" depth="0" timeout="30s" interval="10s" start-delay="10s"
/>
<action name="meta-data" timeout="10s" />
<action name="validate-all" timeout="10" />
</actions>
</resource-agent>
END
exit $OCF_SUCCESS
}
get_pid()
{
LDAP_PID=$(netstat -laputen | awk
'/.*[0-9]+\.[0-9]+\.+[0-9]+\.[0-9]+:'$LDAP_PORT'[^0-9].*LISTEN/ {print $9}' |
cut -d '/' -f 1)
}
is_pid_found()
{
get_pid
if [ -n "${LDAP_PID}" ] ; then
return $OCF_SUCCESS
else
return 1
fi
}
is_ldap_dead()
{
get_pid
if [[ -z "${LDAP_PID}" ]] && [[ -f "${LDAP_PIDFILE}" ]]; then
return $OCF_SUCCESS
elif [[ -n "${LDAP_PID}" ]] && [[ ! -f "${LDAP_PIDFILE}" ]]; then
return $OCF_NOT_RUNNING
else
return 1
fi
}
monitor_ldap()
{
get_pid
if is_ldap_dead; then
return $OCF_ERR_GENERIC
elif is_pid_found; then
return $OCF_SUCCESS
else
return $OCF_NOT_RUNNING
fi
}
start_ldap()
{
typeset status
monitor_ldap
status=$?
if [[ $status != $OCF_NOT_RUNNING ]]; then
return $status
fi
set -- "$LDAP_OPTS"
ocf_run $LDAP_BIN -f $LDAP_CONF -h "$LDAP_URLS:///" -u $LDAP_USER "$@"
status=$?
sleep 1
if [[ $status != $OCF_SUCCESS ]]; then
return $status
fi
while true; do
get_pid
if is_pid_found; then
return $OCF_SUCCESS
else
ocf_log info "$LDAP_BIN:No pid found after start"
fi
done
return $OCF_ERR_GENERIC
}
stop_ldap()
{
monitor_ldap
`kill $LDAP_PID`
while true; do
sleep 1
get_pid
if [ is_ldap_dead != "1" ]; then
rm -f ${LDAP_PIDFILE}
return $OCF_SUCCESS
fi
ocf_log info "LDAP stopped"
done
}
status_ldap()
{
monitor_ldap
return $?
}
validate_all_ldap()
{
return $OCF_SUCCESS
}
if [ -z "$LDAP_CONF" ]; then
ocf_log err "LDAP_CONF is not defined"
exit $OCF_ERR_CONFIGURED
fi
if [ -z "$LDAP_BIN" ]; then
ocf_log err "LDAP_BIN is not defined"
exit $OCF_ERR_CONFIGURED
fi
if [ ! -x "$LDAP_BIN" ]; then
ocf_log err "$LDAP_BIN is not found"
exit $OCF_ERR_CONFIGURED
fi
if [ -z "$LDAP_PIDFILE" ]; then
ocf_log err "LDAP_PIDFILE is not defined"
exit $OCF_ERR_CONFIGURED
fi
if [ -z "$LDAP_PORT" ]; then
ocf_log err "LDAP_PORT is not defined"
exit $OCF_ERR_CONFIGURED
fi
if [ -z "$LDAP_USER" ]; then
ocf_log err "LDAP_USER is not defined"
exit $OCF_ERR_CONFIGURED
fi
if [ -z "$LDAP_URLS" ]; then
ocf_log err "LDAP_URLS is not defined"
exit $OCF_ERR_CONFIGURED
fi
COMMAND=$1
case "$COMMAND" in
start)
start_ldap
status=$?
exit $status
;;
stop)
stop_ldap
status=$?
exit $status
;;
status)
status_ldap
status=$?
if status; then
ocf_log info "slapd is running"
elif [status -eq 7]; then
ocf_log info "slapd is stopped"
else
ocf_log info "slapd is dead"
fi
;;
monitor)
monitor_ldap
status=$?
exit $status
;;
meta-data)
metadata_ldap
;;
validate-all)
validate_all_ldap
exit $?
;;
*)
usage
;;
esac
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
