#!/usr/bin/perl use warnings; use strict; ######################################################################## # Copyright 2008 Sun Microsystems, Inc. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # - Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # - Redistribution in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # Neither the name of Sun Microsystems, Inc. or the names of # contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # This software is provided "AS IS," without a warranty of any # kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND # WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY # EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY # DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR # DISTRIBUTING THE SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN # OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, # OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR # PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF # LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE, # EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. # # You acknowledge that Software is not designed, licensed or # intended for use in the design, construction, operation or # maintenance of any nuclear facility. ########################################################################## #################### #How to use this script #This script assumes that: #a.) ZIP version of DS6.2 unzipped #b.) DSCC created, installed and running #c.) CACAO installed and running. #This script will create multiple instances of DS6 with one suffix per instance, # unless the instance name is 'misc' #This script is designed to be run, once per host #Each host in the data center has the same alphabetic name and is distinguished #by the last two digits. #Thus the hostname is hardcoded as a variable in the script and the unique digit #s are supplied on the commandline. #Thus to run the script on server SERVER101, proceed as follows: #1. Change the hostname variable to SERVER #2. Set the dmnan password in the password file and the variable in the script #4. Execute the script as follows 'perl unixscript.pl 101' where '101' are the #last three numbers of the server hostname #################### ########################################################################## #### Files used by the script ######### # # Log file of activity the script performs my $scriptlog = "dsinstall.log"; #open log file open(LOGFILE, "> $scriptlog") || die ("Can't write $scriptlog: $!"); ########################################################################## ######################################################################### #### Global variables # Hostname variable set by ARGV[0] my $hostname=""; # Number of suffixes # This is the number of suffixes stored in the two dimensional array below. # This example contains five suffixes, which translates to four columns since arrays begin at column 0, not 1. my $numsuffix; $numsuffix = 5; # Array row of LDAP port (no need to change this, used for script readability) my $ldapport=0; $ldapport=1; # Array row of LDAPS port (no need to change this, used for script readability) my $ldapsport=0; $ldapsport=2; # DSEE log files, modified by dsconf my $aclog = ""; # access log my $erlog = ""; # error log my $adlog = ""; # audit log ##### Paths # Location of Directory Server commands my $ldapbase = "/zfs/dsee6/ds6/bin/"; # Location of DSCC commands my $dsccbase = "/zfs/dsee6/dscc6/bin/"; # Path for configuration data my $confpath = "/export/home/jgershat/"; # Location of instances my $instdir = "/zfs/dsee6/script/"; # Location of instances my $instpath = ""; # Location of instance logs my $instlog = ""; # Location of 'ldapsearch' my $dsrkbase = "/usr/bin/"; ############################################################################ ######################################################################### ### Directory Server credentials #Directory Server manager login name my $dm=""; $dm = '"cn=directory manager"'; # File containing Directory Server manager password my $dmpassfile=""; $dmpassfile = $confpath."dman.txt"; ######################################################################### ### LDIF files # custom schema added to each Directory Server instance my $schema=""; $schema=$confpath."customschema.ldif"; # LDIF file with user data to be imported into each Directory Server instance my $users=""; $users="users.ldif"; ######################################################################## ########################################################################### ### Arrays used by the script. # (Remember that arrays begin at 0, thus a four element array is denoted [0][1][2][3]) # One dimensional array of the Directory Server instances created. my @instances = ("ins1" ,"ins2", "ins3", "ins4","ins5"); # One dimensional array of the replica ID numbers to ensure each suffix gets a unique replica ID my @replicaIDs = (1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25); # Two dimensional array of the suffixes and related data. # Each column contains unique values for a suffix # Row 0 - suffix name # Row 1 - LDAP port # Row 2 - LDAPS port my @ldapdata = (["dc=example,dc=com","ou=usa,dc=example,dc=com","ou=eu,dc=example,dc=com","ou=aipac,dc=example,dc=com","ou=americas,dc=example,dc=com"], [11389,2389,3389,4389,5389], [11636,2636,3636,4636,5636],); ##################### #Start of script ###################### $hostname=$ARGV[0]; print LOGFILE "Processing host" .$hostname.":\n"; print LOGFILE "$0: Start time: ".localtime(time)."\n"; ############################################ #For each instance do the following: #1. Create an instance #2. Start it #3. Modify schema ############################################ #For each suffix on each of the above instances do the following: #1. Create the suffix #2. Enable replication #3. Create an index #4. Reindex #5. Set import cache size #6. Configure logs #7. Set max-disk-space-size to unlimited #8. Set password policy to DS6-mode # ############################################# my $y=0; for (my $x=0; $x<$numsuffix; $x++) { $instpath = $instdir.$instances[$x]; $instlog = $instpath."/logs/"; #mkdir $instlog; #logs $aclog = $instlog."access"; $erlog = $instlog."errors"; $adlog = $instlog."audit"; #Create instance command my $create=""; $create = $ldapbase."dsadm create -h ".$hostname." -i -D $dm -w ".$dmpassfile." -p ".$ldapdata[$ldapport][$x] ." -P ".$ldapdata[$ldapsport][$x]." ".$instpath; #Create Instance (Server) &doSystemCommand($create); #Start server command my $start=""; $start = $ldapbase."dsadm start -i ".$instpath; #Start Instance (Server) &doSystemCommand($start); #Register in DSCC my $dscc=""; $dscc = $dsccbase."dsccreg add-server -i -D ".$dm." --pwd-file ".$dmpassfile." -G " .$dmpassfile." ".$instpath; &doSystemCommand($dscc); #Add Custom Schema my $schemacmd=""; $schemacmd = $dsrkbase."ldapmodify -h ".$hostname." -p ".$ldapdata[$ldapport][$x]." -D ".$dm." -j ".$dmpassfile." -f ".$schema; &doSystemCommand($schemacmd); #subloop to create suffixes on each instance for (my $z=0; $z<$numsuffix;$z++) { #Create Suffixes my $createsuffix=""; $createsuffix=$ldapbase."dsconf create-suffix -h ".$hostname." -p ".$ldapdata[$ldapport][$x]." -e -i -D ".$dm." -w ".$dmpassfile." ".$ldapdata[0][$z]; &doSystemCommand($createsuffix); #Enable replication - unique replica ID!! my $enablerepl=""; my $replicaID=$replicaIDs[$z]+$y; $enablerepl= $ldapbase."dsconf enable-repl -h ".$hostname." -e -i -p ".$ldapdata[$ldapport][$x]." -D ".$dm." -w ".$dmpassfile." -d ".$replicaID." master ".$ldapdata[0][$z]; &doSystemCommand($enablerepl); $y++; #Create indexes my $createindex=""; $createindex=$ldapbase."dsconf create-index -h ".$hostname." -D ".$dm." -w ".$dmpassfile." -p ".$ldapdata[$ldapport][$x]." -e -i ".$ldapdata[0][$z]."mynewAttribute"; &doSystemCommand($createindex); #Reindex my $reindex=""; $reindex=$ldapbase."dsconf reindex -h ".$hostname." -D ".$dm." -w ".$dmpassfile." -p ".$ldapdata[$ldapport][$x]." -e -i ".$ldapdata[0][$z]; &doSystemCommand($reindex); #ACIs my $acifile = "acis.ldif"; #open aci file open(ACIFILE, "> $acifile") || die ("Can't write $acifile: $!"); print ACIFILE "dn:".$ldapdata[0][$z]."\n"; print ACIFILE "changetype: modify\n"; print ACIFILE "replace: aci\n"; print ACIFILE "aci: (target=\"ldap:///".$ldapdata[0][$z].'"'.") (targetattr !=\"userPassword\") (version 3.0; acl \"allow self read search compare\"; allow(read,search,compare) userdn = \"ldap:///self\";)\n"; my $acis=""; $acis="ldapmodify -h ".$hostname." -p ".$ldapdata[$ldapport][$x]." -D $dm -j ".$dmpassfile." -f ".$acifile; &doSystemCommand($acis); close (ACIFILE); } # end of subloop #Set import cache my $importcache=""; $importcache=$ldapbase."dsconf set-server-prop -h ".$hostname." -e -i -p ".$ldapdata[$ldapport][$x]." -D ".$dm." -w ".$dmpassfile." import-cache-size:200M"; &doSystemCommand($importcache); # Set log properties my $logprop1=""; $logprop1=$ldapbase."dsconf set-log-prop -h ".$hostname." -D ".$dm." -w ".$dmpassfile." -p ".$ldapdata[$ldapport][$x]." -e -i access enabled:on path:".$aclog." rotation-time:2330 rotation-interval:24h max-size:unlimited max-file-count:5 level:acc-timing"; &doSystemCommand($logprop1); my $logprop2=""; $logprop2=$ldapbase."dsconf set-log-prop -h ".$hostname." -D ".$dm." -w ".$dmpassfile." -p ".$ldapdata[$ldapport][$x]." -e -i error enabled:on path:".$erlog." rotation-time:2330 rotation-interval:24h max-size:unlimited max-file-count:5"; &doSystemCommand($logprop2); my $logprop3=""; $logprop3=$ldapbase."dsconf set-log-prop -h ".$hostname." -D ".$dm." -w ".$dmpassfile." -p ".$ldapdata[$ldapport][$x]." -e -i audit enabled:on path:".$adlog." rotation-time:2330 rotation-interval:24h max-size:unlimited max-file-count:5"; &doSystemCommand($logprop3); # Set password compatibility my $pwcompat1=""; $pwcompat1=$ldapbase."dsconf pwd-compat -h ".$hostname." -e -i -p ".$ldapdata[$ldapport][$x]." -D ".$dm." -w ".$dmpassfile." to-DS6-migration-mode"; &doSystemCommand($pwcompat1); } #end of loop 'x #### CREATE REPLICATION AGREEMENT #### # array is row, column for (my $column=0; $column<$numsuffix; $column++) { #Create replication agreement - dsconf create-repl-agmt [-h host] [-p port] [-A PROTOCOL] SUFFIX_DN HOST:PORT [HOST:PORT ...] # 11389 to 2389, 3389, 4389, 5389 my $createrepl=""; $createrepl= $ldapbase."dsconf create-repl-agmt -c -h ".$hostname." -p ".$ldapdata[1][0]." -D ".$dm." -w ".$dmpassfile." ".$ldapdata[0][$column]." ".$hostname.":".$ldapdata[1][1]." ".$hostname.":".$ldapdata[1][2]." ".$hostname.":".$ldapdata[1][3]." ".$hostname.":".$ldapdata[1][4]; &doSystemCommand($createrepl); # 2389 to 11389, 3389, 4389, 5389 $createrepl= $ldapbase."dsconf create-repl-agmt -c -h ".$hostname." -p ".$ldapdata[1][1]." -D ".$dm." -w ".$dmpassfile." ".$ldapdata[0][$column]." ".$hostname.":".$ldapdata[1][0]." ".$hostname.":".$ldapdata[1][2]." ".$hostname.":".$ldapdata[1][3]." ".$hostname.":".$ldapdata[1][4]; &doSystemCommand($createrepl); # 3389 to 2389, 11389, 4389, 5389 $createrepl= $ldapbase."dsconf create-repl-agmt -c -h ".$hostname." -p ".$ldapdata[1][2]." -D ".$dm." -w ".$dmpassfile." ".$ldapdata[0][$column]." ".$hostname.":".$ldapdata[1][0]." ".$hostname.":".$ldapdata[1][1]." ".$hostname.":".$ldapdata[1][3]." ".$hostname.":".$ldapdata[1][4]; &doSystemCommand($createrepl); # 4389 to 2389, 11389, 4389, 5389 $createrepl= $ldapbase."dsconf create-repl-agmt -c -h ".$hostname." -p ".$ldapdata[1][3]." -D ".$dm." -w ".$dmpassfile." ".$ldapdata[0][$column]." ".$hostname.":".$ldapdata[1][1]." ".$hostname.":".$ldapdata[1][2]." ".$hostname.":".$ldapdata[1][0]." ".$hostname.":".$ldapdata[1][4]; &doSystemCommand($createrepl); # 5389 to 2389, 11389, 4389, 3389 $createrepl= $ldapbase."dsconf create-repl-agmt -c -h ".$hostname." -p ".$ldapdata[1][4]." -D ".$dm." -w ".$dmpassfile." ".$ldapdata[0][$column]." ".$hostname.":".$ldapdata[1][1]." ".$hostname.":".$ldapdata[1][2]." ".$hostname.":".$ldapdata[1][3]." ".$hostname.":".$ldapdata[1][0]; &doSystemCommand($createrepl); ############################## } #end of loop ####################################################### #### INITIALIZE REMOTE REPLICA #dsconf init-repl-dest [-h host] [-p port] [-a] SUFFIX_DN HOST:PORT [HOST:PORT ...] #Initializes a destination replicated suffix from a destination suffix. for (my $column=0; $column<$numsuffix; $column++) { #$column=0; #Initialize replication - dsconf init-repl-dest [-h host] [-p port] [-A PROTOCOL] SUFFIX_DN HOST:PORT [HOST:PORT ...] my $initrepl=""; $initrepl= $ldapbase."dsconf init-repl-dest -c -h ".$hostname." -p ".$ldapdata[$ldapport][0]." -D ".$dm." -w ".$dmpassfile." ".$ldapdata[0][$column]." ".$hostname.":".$ldapdata[$ldapport][1]." ".$hostname.":".$ldapdata[$ldapport][2]." ".$hostname.":".$ldapdata[$ldapport][3]." ".$hostname.":".$ldapdata[$ldapport][4]; &doSystemCommand($initrepl); } #end of loop ###############IMPORT USERS my $importusers=""; $importusers= "ldapmodify -h ".$hostname." -p ".$ldapdata[$ldapport][0]." -D ".$dm." -j ".$dmpassfile." -a -f ".$users; &doSystemCommand($importusers); ######################################################## ###################END of commands #close log file print LOGFILE "$0: End time: ".localtime(time)."\n"; close(LOGFILE); ############################################################################################################################ # # Subroutines # ############################################################################################################################ sub doSystemCommand { my $systemCommand = $_[0]; print LOGFILE "$0: Executing [$systemCommand] \n"; my $returnCode = system( $systemCommand ); if ( $returnCode != 0 ) { die "Failed executing [$systemCommand]\n"; } } ##############################################################################################