/
Playbooks
Playbooks
- Chris Sanchez
Owned by Chris Sanchez
The following playbooks are available:
- deploy-docker.sh - Deploys custom schemas for Docker configuration
- deploy-opendj.sh - Deploys custom schemas for OpenDJ configuration
- deploy-servers-sh - Main script to deploy new servers to a ziNet
- deploy-sshldap.sh - Deploys custom schemas for sshldap configuration
- deploy-tenant.sh - Deploys custom schemas for a new tenant space
Script: deploy-docker.sh
This script will add Docker schema to the Directory Server.
Prerequisite: OpenDJ must have been deployed and running.
Result: 0 for success
| Parameter | Description | Default | Mandatory |
|---|---|---|---|
| -z ziD | The ziD of the ziNet instance. | N/A | Yes |
| -C docker config file | A docker config file. See this page for reference. This file will be sources prior to configuring the Docker schema in the Directory Server | N/A | Yes |
| -D admin user DN | An admin user bind DN. This user must be able to perform modifies to any parts of the Directory Server specified in the Docker config file. | N/A | Yes |
| -w admin user password | Admin user password. | N/A | No |
| -W | Prompt for a password. The default behavior will be to prompt for a password. | true | No |
| -y admin user password file | A file containing the admin user's password | N/A | No |
Script: deploy-opendj.sh
This script deploys OpenDJ schema to the Directory Server.
Prerequisite: ziNet PKI module and
| Parameter | Description | Default | Mandatory |
|---|---|---|---|
| -z ziD | The ziD of the ziNet instance. | N/A | Yes |
| -C docker config file | A opendj config file. See this page for reference. This file will be sources prior to configuring the OpenDJ schema in the Directory Server | N/A | Yes |
| -D admin user DN | An admin user bind DN. This user must be able to perform modifies to any parts of the Directory Server specified in the OpenDJ config file. | N/A | Yes |
| -w admin user password | Admin user password. | N/A | No |
| -W | Prompt for a password. The default behavior will be to prompt for a password. | true | No |
| -y admin user password file | A file containing the admin user's password | N/A | No |
Script: deploy-servers.sh
This script deploys a set of servers to a ziNet network fabric.
Prerequisite: Servers must have been deployed in AWS already. See this page for How-To Deploy New Servers.
| Parameter | Description | Default | Mandatory |
|---|---|---|---|
| -i Inventory File | The inventory file containing server configuration | N/A | Yes |
| -r Repo folder | A repository folder containing the following:
| N/A | Yes |
| -w service_sshldap account password | This is the password for the default service account defined by this DN: uid=service_sshldap,${SSHLDAP_SVCS_OPS_DN}. Is this is not passed in, then the default behavior of the Directory Server must be to allow anonymous binds. In addition, you should set SSHLDAP_ACI_DN_TYPE=userdn and SSHLDAP_ACI_DN=anyone | N/A | No |
| -y service_sshldap account password file | A file containing the password for the default service account. The same rules apply as the '-w' parameter. | N/A | No |
| -Y opendj password file | A file containing two (2) passwords. The first line of the file should be the Directory Administrator's password. The second line contains the Admin User password. If a password file is not passed, then the user will be promoted for the required passwords. | N/A | No |
Inventory File Format
An ".ini" formatted file with the following directives.
| Directive | Description | Example | Mandatory |
|---|---|---|---|
| Repository Variables | |||
| repo.[0..9]* | A Git repository that will be fetched on the target host being installed. Note: Repos are processed in order according to the numeric value. | [repo.1] [repo.2] | Yes. At least one repo is required. |
| REPO_URI | The URI of the repository that will be exported. e.g. git archive --remote=${REPO_URI} ${theBranch} | tar -x -C /tmp/ | git@bitbucket.org:zibernetics/zinet.git | Yes |
| REPO_BRANCH | The branch that will be fetched | master | No. If not provided the HEAD branch of the Git repo will be exported |
| REPO_ROOT | The root of the git repo that will be fetched. e.g. git archive --remote=${REPO_URI} ${theBranch}:${REPO_ROOT} | tar -x -C /tmp/ | prod | No. If not provided the root of the Git branch will be exported. |
| Global Variables | |||
| global | A single entry containing global variables that are applied to each server entry. | [global] | Yes |
| ziD | The ziNet identifier for the site. | zId=zibernetics | Yes |
| ziTenantId | The tenant ID used by the OpenDJ module and SSHLDAP module. | ziTenantId=acme | Yes |
| CA_HOST_NAME | The host name for the server running the CA | CA_HOST_NAME=ca.ops.zibernetics.io | No. If not defined, then server certificate requests can't be signed. i.e. no certs for SSL config. |
| REPO_KEY_SCAN | The host name for the Git server. This will be used to perform a ssh-keyscan so that unattended Git exports can be performed. | REPO_KEY_SCAN=bitbucket.org | No |
| DIR_MGR_DN | The OpenDJ module Directory Manager DN | DIR_MGR_DN="cn=Directory Manager" | Yes |
| SEARCH_DOMAINS | A list of DNS search domains to configure servers with quoted and separated by spaces if more than one search domain. | SEARCH_DOMAINS="ops.zibernetics.io "zibernetics.io" | No |
| Server Variables | |||
| server.[0..9]* | A server that will be setup with one or more ziNet module. See below for individual module directives. | [server.10] | Yes |
| Core ziNet Module Directives | |||
| INSTALL_ZINET | Install the core ziNet module | INSTALL_ZINET=[ true | false ] | No |
| ZINET_TARGET_HOSTNAME | The host name to configure the server. Note: DNS should be able to resolve the server. This merely set the Linux host name. | ZINET_TARGET_HOSTNAME=prod-itops1.ops.zibernetics.io | Yes |
| ZINET_STORAGE_DEV | This is a file system device attached to the server will be formatted using ext4. | ZINET_STORAGE_DEV=/dev/xvdb | No |
| ZINET_DATA_DIR= | This is the mount point that will be used to symlink ziNet configuration directory in /etc/${ziD}. When used in conjunction with ZINET_STORAGE_DEV, this has the effect of using a separate partition to hold all ziNet data. | ZINET_DATA_DIR=/data | No |
| ziNet PKI Module Directives | |||
| INSTALL_PKI | Install the ziNet PKI Module | INSTALL_PKI=[ true | false ] | No |
| PKI_CERT_SUBJECT_ALIASES | A comma separated list of DNS aliases to use when creating the SSL certificate request. | PKI_CERT_SUBJECT_ALIASES=prod-itops1,prod-ca1.ops.zibernetics.io,prod-ca1 | No |
| PKI_CERT_SUBJECTNAME | The SSL certificate subject name to use when creating the SSL certificate request. | PKI_CERT_SUBJECTNAME=prod-itops1.ops.zibernetics.io | No. If not provided then the value returned from $(hostname) will be used. |
| INSTALL_CA | Install a CA on the target server. | INSTALL_CA==[ true | false ] | No. However, at least one CA server should have been setup previously and identified with the global variable: CA_HOST_NAME |
| zinet SSHLDAP Module Directives | |||
| INSTALL_SSHLDAP | Install the ziNet SSHLDAP Module | INSTALL_SSHLDAP=[ true | false ] | No |
| SSHLDAP_FABRIC_HOST_ID | This is the SSHLDAP Fabric hostID for the target server. | SSHLDAP_FABRIC_HOST_ID=ops-prv-101002-server | Yes |
| DEPLOY_SSHLDAP | Flag to deploy the SSHLDAP schema. | DEPLOY_SSHLDAP=[ true | false ] | Yes for the initial setup of the SSHLDAP environment |
| ziNet Docker Module Directives | |||
| INSTALL_DOCKER | Install the ziNet Docker Module | INSTALL_DOCKER=[ true | false ] | No |
| DEPLOY_DOCKER | Flag to deploy the Docker schema. | DEPLOY_DOCKER=[ true | false ] | Yes for the initial setup of the Docker environment |
| ziNet Java Module Directives | |||
| INSTALL_JAVA | Install the ziNet Java Module | INSTALL_JAVA=[ true | false ] | No |
| JAVA_REPO_FILENAME | The Oracle JDK archive file that will be installed. If not specified, the the OpenDJK will be installed and configured. | JAVA_REPO_FILENAME=jdk-7u79-linux-x64.tar.gz | No |
| ziNet OpenDJ Module Directives | |||
| INSTALL_OPENDJ | Install the ziNet OpenDJ Module | INSTALL_OPENDJ=[ true | false ] | No |
| OPENDJ_ZIP_ARCHIVE | The OpenDJ archive file that will be installed. | OPENDJ_ZIP_ARCHIVE=OpenDJ-2.6.2.zip | Yes |
| CONFIGURE_OPENDJ | Flag to run the initial configuration on a node. | CONFIGURE_OPENDJ=[ true | false ] | Yes for the initial setup of the main OpenDJ node (cluster or stand-alone) |
| DEPLOY_OPENDJ | Flag to deploy the OpenDJ schema. | DEPLOY_OPENDJ=[ true | false ] | Yes for the initial setup of the main OpenDJ node (cluster or stand-alone) |
| DEPLOY_TENANT | Flag to deploy a tenant space | DEPLOY_TENANT=[ true | false ] | Yes for the initial setup of the main OpenDJ node (cluster or stand-alone) |
Script: deploy-sshldap.sh
This script deploys SSHLDAP schema to the Directory Server.
| Parameter | Description | Default | Mandatory |
|---|---|---|---|
| -z ziD | The ziD of the ziNet instance. | N/A | Yes |
| -C docker config file | A sshldap config file. See this page for reference. This file will be sources prior to configuring the sshldap schema in the Directory Server | N/A | Yes |
| -D admin user DN | An admin user bind DN. This user must be able to perform modifies to any parts of the Directory Server specified in the sshldap config file. | N/A | Yes |
| -w admin user password | Admin user password. | N/A | No |
| -W | Prompt for a password. The default behavior will be to prompt for a password. | true | No |
| -y admin user password file | A file containing the admin user's password | N/A | No |
Related content
How-To Deploy a New Server - AWS
How-To Deploy a New Server - AWS
More like this
ziNet Home
ziNet Home
More like this
SSHLDAP Setup
SSHLDAP Setup
More like this
ziNet License
ziNet License
More like this
Linux Server Fabric
Linux Server Fabric
More like this
SSHLDAP Runtime
SSHLDAP Runtime
More like this