Ovirt devel - May 2008 - [PATCH] set ldap.yml from dns srv during ovirt-wui-install

Doing the DNS SRV lookup from Ruby directly is where we want to be (and 
with Darryl's patches we're almost there) but I decided it wouldn't
hurt
to edit ldap.yml as part of the install.  dig is used to look up the srv 
record and then if one is found, ldap.yml is edited.

I've tested this and verified that it does set the yml file correctly, but 
even with that set correctly I still can't get the grant_admin_privileges 
   to work properly.

Signed-off-by: Perry Myers <pmyers at redhat.com>

diff --git a/wui/scripts/ovirt-wui-install b/wui/scripts/ovirt-wui-install
index e0cbbc0..f0f8b3e 100755
--- a/wui/scripts/ovirt-wui-install
+++ b/wui/scripts/ovirt-wui-install
@@ -11,6 +11,7 @@ PW_FILE=${OVIRT_CFG}/db/dbaccess
 STEP_TICKER=0.fedora.pool.ntp.org
 STEP_FILE=/etc/ntp/step-tickers
 SASL_FILE=/etc/sasl2/libvirt.conf
+LDAP_CFG=${OVIRT_DIR}/config/ldap.yml
 
 DISABLE_SVCS="libvirtd" 
 ENABLE_SVCS="ntpd httpd postgresql ovirt-host-browser ovirt-host-status \
@@ -23,6 +24,17 @@ usage() {
     exit 1
 } >&2
 
+find_srv() {
+    local dnsreply
+    dnsreply=$(dig +short -t srv _$1._$2.$(dnsdomainname))
+    if [ $? -eq 0 ]; then
+        set _ $dnsreply; shift
+        SRV_HOST=$4; SRV_PORT=$3
+    else
+        SRV_HOST=; SRV_PORT+    fi
+}
+
 PASSWD for i ; do
     case $1 in
@@ -46,6 +58,18 @@ for svc in $ENABLE_SVCS ; do
 done
 } > /dev/null 2>&1
 
+# grab ldap server from DNS
+find_srv ldap tcp
+if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
+    SRV_HOST=${SRV_HOST%.}
+    SRV_BASE=$(echo $SRV_HOST | awk -F. '{ for(i=2; i <= NF; i++) {
printf("dc=%s", $(i)); if(i<NF) printf(","); } }')
+    
+    sed -i -e "s/host: .*/host: $SRV_HOST/g" \
+        -e "s/port: .*/port: $SRV_PORT/g" \
+        -e "s/base: .*/base: $SRV_BASE/g" \
+        $LDAP_CFG
+fi
+
 # setup an NTP step-ticker
 if [ -f $STEP_FILE ]; then
     if ! grep "^$${STEP_TICKER}$" $STEP_FILE > /dev/null
2>&1 ; then

[This email is either empty or too large to be displayed at this time]

Subject: [PATCH] This patch adds logic to the ovirt-wui-install script to
attempt to determine
 the ldap server information from dns srv records and then write that info
 to the ldap.yml file.

Signed-off-by: Perry Myers <pmyers at redhat.com>
---
 wui/scripts/ovirt-wui-install |   66 ++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 65 insertions(+), 1 deletions(-)

diff --git a/wui/scripts/ovirt-wui-install b/wui/scripts/ovirt-wui-install
index e0cbbc0..6285b3c 100755
--- a/wui/scripts/ovirt-wui-install
+++ b/wui/scripts/ovirt-wui-install
@@ -11,6 +11,7 @@ PW_FILE=${OVIRT_CFG}/db/dbaccess
 STEP_TICKER=0.fedora.pool.ntp.org
 STEP_FILE=/etc/ntp/step-tickers
 SASL_FILE=/etc/sasl2/libvirt.conf
+LDAP_CFG=${OVIRT_DIR}/config/ldap.yml
 
 DISABLE_SVCS="libvirtd" 
 ENABLE_SVCS="ntpd httpd postgresql ovirt-host-browser ovirt-host-status \
@@ -23,6 +24,52 @@ usage() {
     exit 1
 } >&2
 
+find_srv() {
+    local dnsreply
+    
+    # This checks to see if we're running on a bundled/developer install.  
+    # If so, the server queried is localhost instead of using resolv.conf.  
+    if [ "$(hostname)" == "management.priv.ovirt.org" ];
then
+        local server_flag=@localhost
+    fi
+
+    dnsreply=$(dig $server_flag +short -t srv _$1._$2.$(dnsdomainname))
+    if [ $? -eq 0 ]; then
+        set _ $dnsreply; shift
+        SRV_HOST=$4; SRV_PORT=$3
+    else
+        SRV_HOST=; SRV_PORT+    fi
+}
+
+find_ldap_base() {
+    local found=0
+    
+    domain=$(echo $SRV_HOST | cut -d. -f 2-)
+    while [ -n "$domain" ]; do
+        base=$(echo $domain | awk -F. '{ for(i=1; i <= NF; i++) {
printf("dc=%s", $(i)); if(i<NF) printf(","); } }')
+        ldapsearch -h $SRV_HOST -p $SRV_PORT -x \
+            -b "cn=users,cn=accounts,$base" -LLL uid > /dev/null
2>&1
+        if [ $? -eq 0 ]; then
+            found=1
+            break
+        fi
+        
+        if ! echo $domain | grep "\." > /dev/null 2>&1 ;
then
+            domain=""
+        else
+            domain=$(echo $domain | cut -d. -f 2-)
+        fi
+    done
+    
+    if [ $found -eq 1 ]; then
+        echo $base
+        return 0
+    else
+        return 1
+    fi   
+}
+
 PASSWD for i ; do
     case $1 in
@@ -46,10 +93,27 @@ for svc in $ENABLE_SVCS ; do
 done
 } > /dev/null 2>&1
 
+# grab ldap server from DNS
+find_srv ldap tcp
+if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
+    SRV_HOST=${SRV_HOST%.}
+    srv_base=$(find_ldap_base)
+    [ $? != 0 ] && echo "Failed to determine base for ldap"
&& exit 1
+    
+    sed -i -e "s/host: .*/host: $SRV_HOST/g" \
+        -e "s/port: .*/port: $SRV_PORT/g" \
+        -e "s/base: .*/base: $srv_base/g" \
+        $LDAP_CFG
+else
+    # FIXME: Eventually this script should prompt for things that can't
+    # be found in DNS SRV records.
+    echo "Failed to get ldap host/port" && exit 1
+fi
+
 # setup an NTP step-ticker
 if [ -f $STEP_FILE ]; then
     if ! grep "^$${STEP_TICKER}$" $STEP_FILE > /dev/null
2>&1 ; then
-    echo $STEP_TICKER >> $STEP_FILE
+        echo $STEP_TICKER >> $STEP_FILE
     fi
 fi