I really enjoy OpenLDAP. I think folks really don’t understand the power of OpenLDAP, concerning its robustness (i.e. use multiple back-ends), speed and efficiency.
I think its important to have sandboxes to test various technologies. The “cloud” is the best place for this. To test out the latest builds provided by OpenLDAP (via git), I created a cloud-init script that allows me to configure, build, and install an OpenLDAP sandbox environment in the cloud (on-premise and/or public). This script has been tested on AWS and Eucalyptus using Ubuntu Precise 12.04 LTS. This blog entry is a compliment to my past blog regarding overlays, MDB and OpenLDAP.
Lean Requirements – Script, Image, and Cloud
When thinking about this setup, there were three goals in mind:
- Ease of configuration – this is why cloud-init was used. Its very powerful in regards to bootstrapping instances as they boot up. You can use Puppet, Chef or others (e.g. Salt Stack, Juju, etc.), but I decided to go with cloud-init. The script does the following:
- Downloads all the prerequisites for building OpenLDAP from source, including euca2ools.
- Downloads OpenLDAP using Git
- Set up ephemeral storage to be the installation point for OpenLDAP (e.g. configuration, storage, etc.)
- Adds information into /etc/rc.local to make sure ephemeral gets re-mounted on reboots of the instance, and hostname is set.
- Configures, builds and installs OpenLDAP.
- Cloud image that is ready to go – Ubuntu has done a wonderful job with their cloud images. They have made it really easy to access them on AWS. These images can be used on Eucalyptus as well.
- Public and Private Cloud Deployment – Since Eucalyptus follows the AWS EC2 API very closely, it makes it really easy to test on both AWS and Eucalyptus.
Now that the background has been covered a bit, the next section will cover deploying the sandbox on AWS and/or Eucalyptus.
Deploy the Sandbox
To set the sandbox setup, use the following steps:
- Make sure and have an account on AWS and/or Eucalyptus (and the correct AWS/Eucalyptus IAM policies are in place so that you can bundle, upload and register images to AWS S3 and Eucalyptus Walrus).
- Make sure you have access to a registered AMI/EMI that runs Ubuntu Precise 12.04 LTS. *NOTE* If you are using AWS, you can just go to the Ubuntu Precise Cloud Image download page, and select the AMI in the region that you have access to.
- Download the openldap cloud-init recipe from Eucalyptus/recipes repository.
- Download and install the latest Euca2ools (I used the command-line tool euca-run-instances to run these instances).
- After you have downloaded your credentials from AWS/Eucalyptus, define your global environments by either following the documentation for AWS EC2 or the documentation for Eucalyptus.
- Use euca-run-instances with the –user-data-file option to launch the instance:
euca-run-instances -k hspencer.pem .... --user-data-file cloud-init-openldap.config [AMI | EMI]
After the instance is launched, ssh into the instance, and you will see something similar to the following:
ubuntu@euca-10-106-69-149:~$ df -ah Filesystem Size Used Avail Use% Mounted on /dev/vda1 1.4G 1.2G 188M 86% / proc 0 0 0 - /proc sysfs 0 0 0 - /sys none 0 0 0 - /sys/fs/fuse/connections none 0 0 0 - /sys/kernel/debug none 0 0 0 - /sys/kernel/security udev 494M 12K 494M 1% /dev devpts 0 0 0 - /dev/pts tmpfs 200M 232K 199M 1% /run none 5.0M 0 5.0M 0% /run/lock none 498M 0 498M 0% /run/shm /dev/vda2 8.0G 159M 7.5G 3% /opt/openldap
Your sandbox environment is now set up. From here, just following the instructions in the OpenLDAP Administrator’s Guide on configuring your openldap server, or continue from the “Setup – OLC and MDB” section located in my previous blog. *NOTE* As you configure your openldap server, make sure and use euca-authorize to control access to your instance.