Add initial ldap support to virtual desktop

Signed-off-by: endika <endika.aldecoa@ehu.eus>

hackfest_virtual-pc_vnfd/charms/virtual-pc-src/actions.yaml

@@ -61,3 +61,19 @@ remove-snap:
 update-system:
   description: "Updates all software to latest version."
 
+integrate-ldap:
+  description: "Adds support for ldap."
+  params:
+    ldap_host:
+      description: "Ip or domain of the ldap host."
+      type: string
+    ldap_domain:
+      description: "Ldap domian."
+      type: string
+    ldap_password:
+      description: "Password for the admin user."
+      type: string
+  required:
+    - ldap_host
+    - ldap_domain
+    - ldap_password

hackfest_virtual-pc_vnfd/charms/virtual-pc-src/src/charm.py

@@ -70,6 +70,7 @@ class VirtualPCCharm(CharmBase, InstallProgress):
 
         self._stored.set_default()
         self.last_status_update = time.time()
+        self.state.set_default(ldap_installed=False)
 
         # Basic hooks
         self.framework.observe(self.on.install, self._on_install)
@@ -86,6 +87,7 @@ class VirtualPCCharm(CharmBase, InstallProgress):
         self.framework.observe(self.on["remove-package"].action, self._remove_package)
         self.framework.observe(self.on["remove-snap"].action, self._remove_snap)
         self.framework.observe(self.on["update-system"].action, self._update_system)
+        self.framework.observe(self.on["integrate-ldap"].action, self._ldap_integration)
 
         # Relations hooks
 
@@ -201,6 +203,25 @@ class VirtualPCCharm(CharmBase, InstallProgress):
         upgrade_apt(update=True, progress=self)
         self.unit.status = self._get_current_status()
 
+    def _ldap_integration(self, event):
+        self.unit.status = MaintenanceStatus("Configuring Ldap autentication")
+        _configure_ldap(event.params["ldap_host"],
+                        event.params["ldap_domain"],
+                        event.params["ldap_password"])
+        if not self.state.ldap_installed:
+            install_apt(packages=["ldap-auth-client", "nscd"],
+                        update=True, progress=self)
+            # edit /etc/nsswitch.conf
+            shell("sudo sed -E -i '/passwd|group/ !b; s/$/ ldap/' /etc/nsswitch.conf")
+            # restart nscd
+            shell("sudo systemctl restart nscd")
+            #create a home directory when user login
+            shell("echo session required pam_mkhomedir.so skel=/etc/skel umask=077 | sudo tee /etc/pam.d/common-session")
+            self.state.ldap_installed = True
+        else:
+            shell("dpkg-reconfigure -f noninteractive ldap-auth-client")
+        self.unit.status = ActiveStatus("Ldap autentication configured")
+
     # Relation hooks
 
     # Private functions
@@ -211,6 +232,21 @@ class VirtualPCCharm(CharmBase, InstallProgress):
             status_msg = "Ready"
         return status_type(status_msg)
 
+    def _configure_ldap(host, domain, password):
+        #configure ldap-auth-config with debconf
+        shell("echo ldap-auth-config ldap-auth-config/rootbindpw password {} | sudo debconf-set-selections".format(password))
+        shell("echo ldap-auth-config ldap-auth-config/bindpw password {} | sudo debconf-set-selections".format(password))
+        shell("echo ldap-auth-config ldap-auth-config/binddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")))
+        shell("echo ldap-auth-config ldap-auth-config/dblogin boolean false | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split("."))
+        shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://{} | sudo debconf-set-selections".format(host))
+        shell("echo ldap-auth-config ldap-auth-config/override boolean true | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3 | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/dbrootlogin boolean true | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/ldapns/base-dn string dc={},dc={} | sudo debconf-set-selections".format(domin.split("."))
+        shell("echo ldap-auth-config ldap-auth-config/move-to-debconf boolean true | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/pam_password select clear | sudo debconf-set-selections")
+
 
 if __name__ == "__main__":
     main(VirtualPCCharm)

hackfest_virtual-pc_vnfd/charms/virtual-pc/actions.yaml

@@ -61,3 +61,19 @@ remove-snap:
 update-system:
   description: "Updates all software to latest version."
 
+integrate-ldap:
+  description: "Adds support for ldap."
+  params:
+    ldap_host:
+      description: "Ip or domain of the ldap host."
+      type: string
+    ldap_domain:
+      description: "Ldap domian."
+      type: string
+    ldap_password:
+      description: "Password for the admin user."
+      type: string
+  required:
+    - ldap_host
+    - ldap_domain
+    - ldap_password

hackfest_virtual-pc_vnfd/charms/virtual-pc/src/charm.py

@@ -70,6 +70,7 @@ class VirtualPCCharm(CharmBase, InstallProgress):
 
         self._stored.set_default()
         self.last_status_update = time.time()
+        self.state.set_default(ldap_installed=False)
 
         # Basic hooks
         self.framework.observe(self.on.install, self._on_install)
@@ -201,6 +202,25 @@ class VirtualPCCharm(CharmBase, InstallProgress):
         upgrade_apt(update=True, progress=self)
         self.unit.status = self._get_current_status()
 
+    def _ldap_integration(self, event):
+        self.unit.status = MaintenanceStatus("Configuring Ldap autentication")
+        _configure_ldap(event.params["ldap_host"],
+                        event.params["ldap_domain"],
+                        event.params["ldap_password"])
+        if not self.state.ldap_installed:
+            install_apt(packages=["ldap-auth-client", "nscd"],
+                        update=True, progress=self)
+            # edit /etc/nsswitch.conf
+            shell("sudo sed -E -i '/passwd|group/ !b; s/$/ ldap/' /etc/nsswitch.conf")
+            # restart nscd
+            shell("sudo systemctl restart nscd")
+            #create a home directory when user login
+            shell("echo session required pam_mkhomedir.so skel=/etc/skel umask=077 | sudo tee /etc/pam.d/common-session")
+            self.state.ldap_installed = True
+        else:
+            shell("dpkg-reconfigure -f noninteractive ldap-auth-client")
+        self.unit.status = ActiveStatus("Ldap autentication configured")
+
     # Relation hooks
 
     # Private functions
@@ -211,6 +231,21 @@ class VirtualPCCharm(CharmBase, InstallProgress):
             status_msg = "Ready"
         return status_type(status_msg)
 
+    def _configure_ldap(host, domain, password):
+        #configure ldap-auth-config with debconf
+        shell("echo ldap-auth-config ldap-auth-config/rootbindpw password {} | sudo debconf-set-selections".format(password))
+        shell("echo ldap-auth-config ldap-auth-config/bindpw password {} | sudo debconf-set-selections".format(password))
+        shell("echo ldap-auth-config ldap-auth-config/binddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")))
+        shell("echo ldap-auth-config ldap-auth-config/dblogin boolean false | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split("."))
+        shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://{} | sudo debconf-set-selections".format(host))
+        shell("echo ldap-auth-config ldap-auth-config/override boolean true | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3 | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/dbrootlogin boolean true | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/ldapns/base-dn string dc={},dc={} | sudo debconf-set-selections".format(domin.split("."))
+        shell("echo ldap-auth-config ldap-auth-config/move-to-debconf boolean true | sudo debconf-set-selections")
+        shell("echo ldap-auth-config ldap-auth-config/pam_password select clear | sudo debconf-set-selections")
+
 
 if __name__ == "__main__":
     main(VirtualPCCharm)

hackfest_virtual-pc_vnfd/virtual-pc_vnfd.yaml

@@ -57,6 +57,16 @@ vnfd:
               name: package
           - name: update-system
             execution-environment-ref: virtual-pc-ee
+          - name: integrate-ldap
+            execution-environment-ref: virtual-pc-ee
+            parameter:
+            - name: ldap_host
+              data-type: STRING
+            - name: ldap_domain
+              data-type: STRING
+            - name: ldap_password
+              data-type: STRING
+
 
   ext-cpd:
   - id: virtual-pc-private-ext