From 654fa5d4deec76aa0e7d75ffa46a9f8449347d14 Mon Sep 17 00:00:00 2001 From: endika Date: Fri, 5 Mar 2021 18:02:46 +0100 Subject: [PATCH 1/2] Add initial ldap support to virtual desktop Signed-off-by: endika --- .../charms/virtual-pc-src/actions.yaml | 16 +++++++++ .../charms/virtual-pc-src/src/charm.py | 36 +++++++++++++++++++ .../charms/virtual-pc/actions.yaml | 16 +++++++++ .../charms/virtual-pc/src/charm.py | 35 ++++++++++++++++++ hackfest_virtual-pc_vnfd/virtual-pc_vnfd.yaml | 10 ++++++ 5 files changed, 113 insertions(+) diff --git a/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/actions.yaml b/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/actions.yaml index e4b157ae..d1e5d4f7 100644 --- a/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/actions.yaml +++ b/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/actions.yaml @@ -61,3 +61,19 @@ remove-snap: update-system: description: "Updates all software to latest version." +integrate-ldap: + description: "Adds support for ldap." + params: + ldap_host: + description: "Ip or domain of the ldap host." + type: string + ldap_domain: + description: "Ldap domian." + type: string + ldap_password: + description: "Password for the admin user." + type: string + required: + - ldap_host + - ldap_domain + - ldap_password diff --git a/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/src/charm.py b/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/src/charm.py index 41e3c642..27aa7980 100755 --- a/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/src/charm.py +++ b/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/src/charm.py @@ -70,6 +70,7 @@ class VirtualPCCharm(CharmBase, InstallProgress): self._stored.set_default() self.last_status_update = time.time() + self.state.set_default(ldap_installed=False) # Basic hooks self.framework.observe(self.on.install, self._on_install) @@ -86,6 +87,7 @@ class VirtualPCCharm(CharmBase, InstallProgress): self.framework.observe(self.on["remove-package"].action, self._remove_package) self.framework.observe(self.on["remove-snap"].action, self._remove_snap) self.framework.observe(self.on["update-system"].action, self._update_system) + self.framework.observe(self.on["integrate-ldap"].action, self._ldap_integration) # Relations hooks @@ -201,6 +203,25 @@ class VirtualPCCharm(CharmBase, InstallProgress): upgrade_apt(update=True, progress=self) self.unit.status = self._get_current_status() + def _ldap_integration(self, event): + self.unit.status = MaintenanceStatus("Configuring Ldap autentication") + _configure_ldap(event.params["ldap_host"], + event.params["ldap_domain"], + event.params["ldap_password"]) + if not self.state.ldap_installed: + install_apt(packages=["ldap-auth-client", "nscd"], + update=True, progress=self) + # edit /etc/nsswitch.conf + shell("sudo sed -E -i '/passwd|group/ !b; s/$/ ldap/' /etc/nsswitch.conf") + # restart nscd + shell("sudo systemctl restart nscd") + #create a home directory when user login + shell("echo session required pam_mkhomedir.so skel=/etc/skel umask=077 | sudo tee /etc/pam.d/common-session") + self.state.ldap_installed = True + else: + shell("dpkg-reconfigure -f noninteractive ldap-auth-client") + self.unit.status = ActiveStatus("Ldap autentication configured") + # Relation hooks # Private functions @@ -211,6 +232,21 @@ class VirtualPCCharm(CharmBase, InstallProgress): status_msg = "Ready" return status_type(status_msg) + def _configure_ldap(host, domain, password): + #configure ldap-auth-config with debconf + shell("echo ldap-auth-config ldap-auth-config/rootbindpw password {} | sudo debconf-set-selections".format(password)) + shell("echo ldap-auth-config ldap-auth-config/bindpw password {} | sudo debconf-set-selections".format(password)) + shell("echo ldap-auth-config ldap-auth-config/binddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split("."))) + shell("echo ldap-auth-config ldap-auth-config/dblogin boolean false | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")) + shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://{} | sudo debconf-set-selections".format(host)) + shell("echo ldap-auth-config ldap-auth-config/override boolean true | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3 | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/dbrootlogin boolean true | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/ldapns/base-dn string dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")) + shell("echo ldap-auth-config ldap-auth-config/move-to-debconf boolean true | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/pam_password select clear | sudo debconf-set-selections") + if __name__ == "__main__": main(VirtualPCCharm) diff --git a/hackfest_virtual-pc_vnfd/charms/virtual-pc/actions.yaml b/hackfest_virtual-pc_vnfd/charms/virtual-pc/actions.yaml index e4b157ae..d1e5d4f7 100644 --- a/hackfest_virtual-pc_vnfd/charms/virtual-pc/actions.yaml +++ b/hackfest_virtual-pc_vnfd/charms/virtual-pc/actions.yaml @@ -61,3 +61,19 @@ remove-snap: update-system: description: "Updates all software to latest version." +integrate-ldap: + description: "Adds support for ldap." + params: + ldap_host: + description: "Ip or domain of the ldap host." + type: string + ldap_domain: + description: "Ldap domian." + type: string + ldap_password: + description: "Password for the admin user." + type: string + required: + - ldap_host + - ldap_domain + - ldap_password diff --git a/hackfest_virtual-pc_vnfd/charms/virtual-pc/src/charm.py b/hackfest_virtual-pc_vnfd/charms/virtual-pc/src/charm.py index 41e3c642..deaa0390 100755 --- a/hackfest_virtual-pc_vnfd/charms/virtual-pc/src/charm.py +++ b/hackfest_virtual-pc_vnfd/charms/virtual-pc/src/charm.py @@ -70,6 +70,7 @@ class VirtualPCCharm(CharmBase, InstallProgress): self._stored.set_default() self.last_status_update = time.time() + self.state.set_default(ldap_installed=False) # Basic hooks self.framework.observe(self.on.install, self._on_install) @@ -201,6 +202,25 @@ class VirtualPCCharm(CharmBase, InstallProgress): upgrade_apt(update=True, progress=self) self.unit.status = self._get_current_status() + def _ldap_integration(self, event): + self.unit.status = MaintenanceStatus("Configuring Ldap autentication") + _configure_ldap(event.params["ldap_host"], + event.params["ldap_domain"], + event.params["ldap_password"]) + if not self.state.ldap_installed: + install_apt(packages=["ldap-auth-client", "nscd"], + update=True, progress=self) + # edit /etc/nsswitch.conf + shell("sudo sed -E -i '/passwd|group/ !b; s/$/ ldap/' /etc/nsswitch.conf") + # restart nscd + shell("sudo systemctl restart nscd") + #create a home directory when user login + shell("echo session required pam_mkhomedir.so skel=/etc/skel umask=077 | sudo tee /etc/pam.d/common-session") + self.state.ldap_installed = True + else: + shell("dpkg-reconfigure -f noninteractive ldap-auth-client") + self.unit.status = ActiveStatus("Ldap autentication configured") + # Relation hooks # Private functions @@ -211,6 +231,21 @@ class VirtualPCCharm(CharmBase, InstallProgress): status_msg = "Ready" return status_type(status_msg) + def _configure_ldap(host, domain, password): + #configure ldap-auth-config with debconf + shell("echo ldap-auth-config ldap-auth-config/rootbindpw password {} | sudo debconf-set-selections".format(password)) + shell("echo ldap-auth-config ldap-auth-config/bindpw password {} | sudo debconf-set-selections".format(password)) + shell("echo ldap-auth-config ldap-auth-config/binddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split("."))) + shell("echo ldap-auth-config ldap-auth-config/dblogin boolean false | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")) + shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://{} | sudo debconf-set-selections".format(host)) + shell("echo ldap-auth-config ldap-auth-config/override boolean true | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3 | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/dbrootlogin boolean true | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/ldapns/base-dn string dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")) + shell("echo ldap-auth-config ldap-auth-config/move-to-debconf boolean true | sudo debconf-set-selections") + shell("echo ldap-auth-config ldap-auth-config/pam_password select clear | sudo debconf-set-selections") + if __name__ == "__main__": main(VirtualPCCharm) diff --git a/hackfest_virtual-pc_vnfd/virtual-pc_vnfd.yaml b/hackfest_virtual-pc_vnfd/virtual-pc_vnfd.yaml index 511baf03..dff3c9d8 100644 --- a/hackfest_virtual-pc_vnfd/virtual-pc_vnfd.yaml +++ b/hackfest_virtual-pc_vnfd/virtual-pc_vnfd.yaml @@ -57,6 +57,16 @@ vnfd: name: package - name: update-system execution-environment-ref: virtual-pc-ee + - name: integrate-ldap + execution-environment-ref: virtual-pc-ee + parameter: + - name: ldap_host + data-type: STRING + - name: ldap_domain + data-type: STRING + - name: ldap_password + data-type: STRING + ext-cpd: - id: virtual-pc-private-ext -- GitLab From aacff4d90029ef38d4b792168735f744fcc1836e Mon Sep 17 00:00:00 2001 From: endika Date: Sat, 6 Mar 2021 01:54:04 +0100 Subject: [PATCH 2/2] Fix ldap support to virtual desktop Signed-off-by: endika --- .../charms/virtual-pc-src/src/charm.py | 20 ++++++++---------- .../charms/virtual-pc/src/charm.py | 21 +++++++++---------- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/src/charm.py b/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/src/charm.py index 27aa7980..50729e74 100755 --- a/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/src/charm.py +++ b/hackfest_virtual-pc_vnfd/charms/virtual-pc-src/src/charm.py @@ -70,7 +70,7 @@ class VirtualPCCharm(CharmBase, InstallProgress): self._stored.set_default() self.last_status_update = time.time() - self.state.set_default(ldap_installed=False) + self._stored.set_default(ldap_installed=False) # Basic hooks self.framework.observe(self.on.install, self._on_install) @@ -205,19 +205,17 @@ class VirtualPCCharm(CharmBase, InstallProgress): def _ldap_integration(self, event): self.unit.status = MaintenanceStatus("Configuring Ldap autentication") - _configure_ldap(event.params["ldap_host"], - event.params["ldap_domain"], - event.params["ldap_password"]) - if not self.state.ldap_installed: + self._configure_ldap(event.params["ldap_host"], event.params["ldap_domain"], event.params["ldap_password"]) + if not self._stored.ldap_installed: install_apt(packages=["ldap-auth-client", "nscd"], update=True, progress=self) # edit /etc/nsswitch.conf - shell("sudo sed -E -i '/passwd|group/ !b; s/$/ ldap/' /etc/nsswitch.conf") + shell("sudo sed -E -i '/passwd|group|shadow/ !b; s/$/ ldap/' /etc/nsswitch.conf") # restart nscd shell("sudo systemctl restart nscd") #create a home directory when user login shell("echo session required pam_mkhomedir.so skel=/etc/skel umask=077 | sudo tee /etc/pam.d/common-session") - self.state.ldap_installed = True + self._stored.ldap_installed = True else: shell("dpkg-reconfigure -f noninteractive ldap-auth-client") self.unit.status = ActiveStatus("Ldap autentication configured") @@ -232,18 +230,18 @@ class VirtualPCCharm(CharmBase, InstallProgress): status_msg = "Ready" return status_type(status_msg) - def _configure_ldap(host, domain, password): + def _configure_ldap(self, host, domain, password): #configure ldap-auth-config with debconf shell("echo ldap-auth-config ldap-auth-config/rootbindpw password {} | sudo debconf-set-selections".format(password)) shell("echo ldap-auth-config ldap-auth-config/bindpw password {} | sudo debconf-set-selections".format(password)) - shell("echo ldap-auth-config ldap-auth-config/binddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split("."))) + shell("echo ldap-auth-config ldap-auth-config/binddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domain.split(".")[0],domain.split(".")[1])) shell("echo ldap-auth-config ldap-auth-config/dblogin boolean false | sudo debconf-set-selections") - shell("echo ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")) + shell("echo ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domain.split(".")[0],domain.split(".")[1])) shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://{} | sudo debconf-set-selections".format(host)) shell("echo ldap-auth-config ldap-auth-config/override boolean true | sudo debconf-set-selections") shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3 | sudo debconf-set-selections") shell("echo ldap-auth-config ldap-auth-config/dbrootlogin boolean true | sudo debconf-set-selections") - shell("echo ldap-auth-config ldap-auth-config/ldapns/base-dn string dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")) + shell("echo ldap-auth-config ldap-auth-config/ldapns/base-dn string dc={},dc={} | sudo debconf-set-selections".format(domain.split(".")[0],domain.split(".")[1])) shell("echo ldap-auth-config ldap-auth-config/move-to-debconf boolean true | sudo debconf-set-selections") shell("echo ldap-auth-config ldap-auth-config/pam_password select clear | sudo debconf-set-selections") diff --git a/hackfest_virtual-pc_vnfd/charms/virtual-pc/src/charm.py b/hackfest_virtual-pc_vnfd/charms/virtual-pc/src/charm.py index deaa0390..50729e74 100755 --- a/hackfest_virtual-pc_vnfd/charms/virtual-pc/src/charm.py +++ b/hackfest_virtual-pc_vnfd/charms/virtual-pc/src/charm.py @@ -70,7 +70,7 @@ class VirtualPCCharm(CharmBase, InstallProgress): self._stored.set_default() self.last_status_update = time.time() - self.state.set_default(ldap_installed=False) + self._stored.set_default(ldap_installed=False) # Basic hooks self.framework.observe(self.on.install, self._on_install) @@ -87,6 +87,7 @@ class VirtualPCCharm(CharmBase, InstallProgress): self.framework.observe(self.on["remove-package"].action, self._remove_package) self.framework.observe(self.on["remove-snap"].action, self._remove_snap) self.framework.observe(self.on["update-system"].action, self._update_system) + self.framework.observe(self.on["integrate-ldap"].action, self._ldap_integration) # Relations hooks @@ -204,19 +205,17 @@ class VirtualPCCharm(CharmBase, InstallProgress): def _ldap_integration(self, event): self.unit.status = MaintenanceStatus("Configuring Ldap autentication") - _configure_ldap(event.params["ldap_host"], - event.params["ldap_domain"], - event.params["ldap_password"]) - if not self.state.ldap_installed: + self._configure_ldap(event.params["ldap_host"], event.params["ldap_domain"], event.params["ldap_password"]) + if not self._stored.ldap_installed: install_apt(packages=["ldap-auth-client", "nscd"], update=True, progress=self) # edit /etc/nsswitch.conf - shell("sudo sed -E -i '/passwd|group/ !b; s/$/ ldap/' /etc/nsswitch.conf") + shell("sudo sed -E -i '/passwd|group|shadow/ !b; s/$/ ldap/' /etc/nsswitch.conf") # restart nscd shell("sudo systemctl restart nscd") #create a home directory when user login shell("echo session required pam_mkhomedir.so skel=/etc/skel umask=077 | sudo tee /etc/pam.d/common-session") - self.state.ldap_installed = True + self._stored.ldap_installed = True else: shell("dpkg-reconfigure -f noninteractive ldap-auth-client") self.unit.status = ActiveStatus("Ldap autentication configured") @@ -231,18 +230,18 @@ class VirtualPCCharm(CharmBase, InstallProgress): status_msg = "Ready" return status_type(status_msg) - def _configure_ldap(host, domain, password): + def _configure_ldap(self, host, domain, password): #configure ldap-auth-config with debconf shell("echo ldap-auth-config ldap-auth-config/rootbindpw password {} | sudo debconf-set-selections".format(password)) shell("echo ldap-auth-config ldap-auth-config/bindpw password {} | sudo debconf-set-selections".format(password)) - shell("echo ldap-auth-config ldap-auth-config/binddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split("."))) + shell("echo ldap-auth-config ldap-auth-config/binddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domain.split(".")[0],domain.split(".")[1])) shell("echo ldap-auth-config ldap-auth-config/dblogin boolean false | sudo debconf-set-selections") - shell("echo ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")) + shell("echo ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc={},dc={} | sudo debconf-set-selections".format(domain.split(".")[0],domain.split(".")[1])) shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://{} | sudo debconf-set-selections".format(host)) shell("echo ldap-auth-config ldap-auth-config/override boolean true | sudo debconf-set-selections") shell("echo ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3 | sudo debconf-set-selections") shell("echo ldap-auth-config ldap-auth-config/dbrootlogin boolean true | sudo debconf-set-selections") - shell("echo ldap-auth-config ldap-auth-config/ldapns/base-dn string dc={},dc={} | sudo debconf-set-selections".format(domin.split(".")) + shell("echo ldap-auth-config ldap-auth-config/ldapns/base-dn string dc={},dc={} | sudo debconf-set-selections".format(domain.split(".")[0],domain.split(".")[1])) shell("echo ldap-auth-config ldap-auth-config/move-to-debconf boolean true | sudo debconf-set-selections") shell("echo ldap-auth-config ldap-auth-config/pam_password select clear | sudo debconf-set-selections") -- GitLab