--- /dev/null
+~FC001
+~FC014
--- /dev/null
+AllCops:
+ Exclude:
+ - vendor/**/*
+
+AlignParameters:
+ Enabled: false
+LineLength:
+ Enabled: false
+Lint/UnusedBlockArgument:
+ Enabled: false
+Metrics/AbcSize:
+ Enabled: false
+Style/BlockComments:
+ Enabled: false
+Style/BlockDelimiters:
+ Enabled: false
+Style/ExtraSpacing:
+ Enabled: false
+Style/FileName:
+ Enabled: false
+Style/LeadingCommentSpace:
+ Enabled: false
+Style/RescueModifier:
+ Enabled: false
+Style/SpaceBeforeFirstArg:
+ Enabled: false
+Style/TrailingCommaInLiteral:
+ EnforcedStyleForMultiline: comma
+Style/WordArray:
+ Enabled: false
+
+#Style/AccessorMethodName:
+# Enabled: false
+#Style/MethodLength:
+# Max: 30
+#Style/ModuleLength:
+# Max: 150
+Style/PerlBackrefs:
+ Enabled: false
# CHANGELOG for openldap-grid
+0.2.1
+-----
+- Cleanup for FoodCritic and RuboCop.
+
0.2.0
-----
- rename cookbook.
--- /dev/null
+source 'https://rubygems.org'
+
+#gem 'foodcritic'
--- /dev/null
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+require 'foodcritic'
+
+namespace :style do
+ desc 'Run Ruby style checks'
+ RuboCop::RakeTask.new(:ruby)
+
+ desc 'Run Chef style checks'
+ FoodCritic::Rake::LintTask.new(:chef) do |t|
+ t.options = {
+ fail_tags: ['any'],
+ }
+ end
+end
+
+desc 'Run all style checks'
+task style: ['style:chef', 'style:ruby']
+
+desc 'Run ChefSpec examples'
+RSpec::Core::RakeTask.new(:spec)
+
+task default: ['style', 'spec']
default['openldap']['nss-ldapd']['base'] = 'dc=example,dc=net'
#default['openldap']['nss-ldapd']['<nslcd.conf keys>'] = ...
default['openldap']['ldap_lookup_nameservices'] = [] # e.g. ['passwd', 'group']
-#default['openldap'][''] =
+#default['openldap'][''] =
default['openldap']['server']['ldaps'] = false
default['openldap']['server']['KRB5_KTNAME'] = nil # e.g. '/etc/krb5.keytab'
-
+# $ knife supermarket share openldap-grid "Databases"
name 'openldap-grid'
maintainer 'whitestar'
maintainer_email ''
license 'Apache 2.0'
description 'Installs/Configures openldap'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '0.2.0'
+version '0.2.1'
+source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
+issues_url 'https://osdn.jp/projects/metasearch/ticket'
-depends 'ssl_cert', '>= 0.1.5'
+%w( debian ubuntu centos redhat ).each do |os|
+ supports os
+end
+depends 'ssl_cert', '>= 0.1.5'
'TLS_RANDFILE',
'TLS_REQCERT',
'TLS_CRLCHECK',
- 'TLS_CRLFILE'
+ 'TLS_CRLFILE',
]
-if node['openldap']['with_ssl_cert_cookbook'] then
+if node['openldap']['with_ssl_cert_cookbook']
node.override['openldap']['client']['TLS_CACERT'] \
= node['ssl_cert']["#{node['openldap']['ssl_cert']['ca_name']}_cert_path"]
end
-case node[:platform_family]
- when 'debian'
- pkg = 'ldap-utils'
- resources(:package => pkg) rescue package pkg do
- action :install
- end
+case node['platform_family']
+when 'debian'
+ pkg = 'ldap-utils'
+ resources(package: pkg) rescue package pkg do
+ action :install
+ end
- template '/etc/ldap/ldap.conf' do
- source 'etc/ldap/ldap.conf'
- owner 'root'
- group 'root'
- mode '0644'
- variables({'ldap_conf_keys' => ldap_conf_keys})
- end
- when 'rhel'
- pkg = 'openldap-clients'
- resources(:package => pkg) rescue package pkg do
- action :install
- end
+ template '/etc/ldap/ldap.conf' do
+ source 'etc/ldap/ldap.conf'
+ owner 'root'
+ group 'root'
+ mode '0644'
+ variables ldap_conf_keys: ldap_conf_keys
+ end
+when 'rhel'
+ pkg = 'openldap-clients'
+ resources(package: pkg) rescue package pkg do
+ action :install
+ end
- template '/etc/openldap/ldap.conf' do
- source 'etc/openldap/ldap.conf'
- owner 'root'
- group 'root'
- mode '0644'
- variables({'ldap_conf_keys' => ldap_conf_keys})
- end
+ template '/etc/openldap/ldap.conf' do
+ source 'etc/openldap/ldap.conf'
+ owner 'root'
+ group 'root'
+ mode '0644'
+ variables ldap_conf_keys: ldap_conf_keys
+ end
end
'tls_key',
'pagesize',
'nss_initgroups_ignoreusers',
- 'pam_authz_search'
+ 'pam_authz_search',
]
-if node['openldap']['with_ssl_cert_cookbook'] then
+if node['openldap']['with_ssl_cert_cookbook']
node.override['openldap']['nss-ldapd']['tls_cacertfile'] \
= node['ssl_cert']["#{node['openldap']['ssl_cert']['ca_name']}_cert_path"]
end
-case node[:platform_family]
- when 'debian'
- %w{
- libnss-ldapd
- nscd
- }.each {|pkg|
- package pkg do
- action :install
- end
- }
-
- service 'nslcd' do
- action [:enable]
- supports :status => true, :restart => true, :reload => false
+case node['platform_family']
+when 'debian'
+ %w(
+ libnss-ldapd
+ nscd
+ ).each {|pkg|
+ package pkg do
+ action :install
end
+ }
- resources(:service => 'nscd') rescue service 'nscd' do
- action [:enable]
- supports :status => true, :restart => true, :reload => false
- end
+ service 'nslcd' do
+ action [:enable]
+ supports status: true, restart: true, reload: false
+ end
- template '/etc/nslcd.conf' do
- source 'etc/nslcd.conf'
- owner 'root'
- group 'nslcd'
- mode '0640'
- variables({'nslcd_conf_keys' => nslcd_conf_keys})
- notifies :restart, 'service[nslcd]'
- notifies :restart, 'service[nscd]'
- end
- when 'rhel'
- package 'nss-pam-ldapd' do
- action :install
- end
+ resources(service: 'nscd') rescue service 'nscd' do
+ action [:enable]
+ supports status: true, restart: true, reload: false
+ end
- service 'nslcd' do
- action [:enable]
- supports :status => true, :restart => true, :reload => true
- end
+ template '/etc/nslcd.conf' do
+ source 'etc/nslcd.conf'
+ owner 'root'
+ group 'nslcd'
+ mode '0640'
+ variables nslcd_conf_keys: nslcd_conf_keys
+ notifies :restart, 'service[nslcd]'
+ notifies :restart, 'service[nscd]'
+ end
+when 'rhel'
+ package 'nss-pam-ldapd' do
+ action :install
+ end
- resources(:service => 'nscd') rescue service 'nscd' do
- action [:enable]
- supports :status => true, :restart => true, :reload => true
- end
+ service 'nslcd' do
+ action [:enable]
+ supports status: true, restart: true, reload: true
+ end
- template '/etc/nslcd.conf' do
- source 'etc/nslcd.conf'
- owner 'root'
- group 'root'
- mode '0600'
- variables({'nslcd_conf_keys' => nslcd_conf_keys})
- notifies :restart, 'service[nslcd]'
- notifies :restart, 'service[nscd]'
- end
+ resources(service: 'nscd') rescue service 'nscd' do
+ action [:enable]
+ supports status: true, restart: true, reload: true
+ end
+
+ template '/etc/nslcd.conf' do
+ source 'etc/nslcd.conf'
+ owner 'root'
+ group 'root'
+ mode '0600'
+ variables nslcd_conf_keys: nslcd_conf_keys
+ notifies :restart, 'service[nslcd]'
+ notifies :restart, 'service[nscd]'
+ end
end
ruby_block 'configuring_nameservices' do
block do
conf_file = '/etc/nsswitch.conf'
nameservices = node['openldap']['ldap_lookup_nameservices']
- if !nameservices.nil? && !nameservices.empty? then
+ if !nameservices.nil? && !nameservices.empty?
open(conf_file, 'r+') {|file|
file.flock(File::LOCK_EX)
is_modified = false
buf = ''
file.each {|line|
- if line =~ /^(\w+):\s+(.*)$/ then
+ if line =~ /^(\w+):\s+(.*)$/
if nameservices.include?($1) && !$2.include?('ldap')
line.chomp! << " ldap\n"
is_modified = true
end
buf << line
}
- if is_modified then
+ if is_modified
print "\nnew #{conf_file}: [#{buf}]"
file.rewind
file.puts buf
# limitations under the License.
#
-case node[:platform_family]
- when 'debian'
- [
- 'slapd',
- 'ldap-utils',
- 'ssl-cert',
- ].each {|pkg|
- resources(:package => pkg) rescue package pkg do
- action :install
- end
- }
-
- # for SSL server key access
- group 'ssl-cert' do
- action :modify
- members 'openldap'
- append true
+case node['platform_family']
+when 'debian'
+ [
+ 'slapd',
+ 'ldap-utils',
+ 'ssl-cert',
+ ].each {|pkg|
+ resources(package: pkg) rescue package pkg do
+ action :install
end
+ }
- template "/etc/default/slapd" do
- source "etc/default/slapd"
- owner 'root'
- group 'root'
- mode '0644'
- end
- when 'rhel'
- [
- 'openldap-servers',
- 'openldap-clients',
- ].each {|pkg|
- resources(:package => pkg) rescue package pkg do
- action :install
- end
- }
+ # for SSL server key access
+ group 'ssl-cert' do
+ action :modify
+ members 'openldap'
+ append true
+ end
- # for SSL server key access
- if node['openldap']['with_ssl_cert_cookbook'] \
- && node['ssl_cert']['rhel']['key_access_group'] != 'root' then
- group node['ssl_cert']['rhel']['key_access_group'] do
- action :modify
- members 'ldap'
- append true
- end
+ template '/etc/default/slapd' do
+ source 'etc/default/slapd'
+ owner 'root'
+ group 'root'
+ mode '0644'
+ end
+when 'rhel'
+ [
+ 'openldap-servers',
+ 'openldap-clients',
+ ].each {|pkg|
+ resources(package: pkg) rescue package pkg do
+ action :install
end
+ }
- template "/etc/sysconfig/ldap" do
- source "etc/sysconfig/ldap"
- owner 'root'
- group 'root'
- mode '0644'
- end
+ # for SSL server key access
+ group node['ssl_cert']['rhel']['key_access_group'] do
+ action :modify
+ members 'ldap'
+ append true
+ only_if {
+ node['openldap']['with_ssl_cert_cookbook'] \
+ && node['ssl_cert']['rhel']['key_access_group'] != 'root'
+ }
+ end
+
+ template '/etc/sysconfig/ldap' do
+ source 'etc/sysconfig/ldap'
+ owner 'root'
+ group 'root'
+ mode '0644'
+ end
end
# deploy ldif file for TLS settings.
-if node['openldap']['with_ssl_cert_cookbook'] then
+if node['openldap']['with_ssl_cert_cookbook']
[
'00_olc-add-ldaps.ldif',
'00_olc-mod-ldaps.ldif',
service 'slapd' do
#action [:enable, :start]
action [:enable]
- supports :status => true, :restart => true, :reload => false
+ supports status: true, restart: true, reload: false
end
log <<-EOM
edit /etc/openldap/slap.d configurations
$ sudo service slapd restart
EOM
-
it 'renders /etc/ldap/ldap.conf on debian family.' do
expected = expect(chef_run_on_debian)
- expected.to render_file('/etc/ldap/ldap.conf').
- with_content(%r|^URI\s+ldap://ldap\.example\.com$|)
- expected.to render_file('/etc/ldap/ldap.conf').
- with_content(%r|^BASE\s+dc=example,dc=com$|)
+ expected.to render_file('/etc/ldap/ldap.conf')
+ .with_content(%r{^URI\s+ldap://ldap\.example\.com$})
+ expected.to render_file('/etc/ldap/ldap.conf')
+ .with_content(/^BASE\s+dc=example,dc=com$/)
end
let(:chef_run_on_rhel) {
it 'renders /etc/openldap/ldap.conf on rhel family.' do
expected = expect(chef_run_on_rhel)
- expected.to render_file('/etc/openldap/ldap.conf').
- with_content(%r|^URI\s+ldap://ldap\.example\.com$|)
- expected.to render_file('/etc/openldap/ldap.conf').
- with_content(%r|^BASE\s+dc=example,dc=com$|)
+ expected.to render_file('/etc/openldap/ldap.conf')
+ .with_content(%r{^URI\s+ldap://ldap\.example\.com$})
+ expected.to render_file('/etc/openldap/ldap.conf')
+ .with_content(/^BASE\s+dc=example,dc=com$/)
end
end
-
it 'renders /etc/nslcd.conf on debian family.' do
expected = expect(chef_run_on_debian)
- expected.to render_file('/etc/nslcd.conf').
- with_content(%r|^base\s+dc=example,dc=net$|)
- expected.to_not render_file('/etc/nslcd.conf').
- with_content(%r|^invalid_key\s+value$|)
+ expected.to render_file('/etc/nslcd.conf')
+ .with_content(/^base\s+dc=example,dc=net$/)
+ expected.to_not render_file('/etc/nslcd.conf')
+ .with_content(/^invalid_key\s+value$/)
end
it 'notifies nslcd and nscd service\'s restart after rendering on debian family.' do
it 'renders /etc/nslcd.conf on rhel family.' do
expected = expect(chef_run_on_rhel)
expected.to create_template('/etc/nslcd.conf').with(mode: '0600')
- expected.to render_file('/etc/nslcd.conf').
- with_content(%r|^base\s+dc=example,dc=net$|)
- expected.to_not render_file('/etc/nslcd.conf').
- with_content(%r|^invalid_key\s+value$|)
+ expected.to render_file('/etc/nslcd.conf')
+ .with_content(/^base\s+dc=example,dc=net$/)
+ expected.to_not render_file('/etc/nslcd.conf')
+ .with_content(/^invalid_key\s+value$/)
end
it 'notifies nslcd and nscd service\'s restart after rendering on rhel family.' do
expected.to notify('service[nscd]').to(:restart).delayed
end
end
-