UNPKG

masson

Version:

Module execution engine for cluster deployments.

github.com/adaltas/node-masson

adaltas/node-masson

86 lines (70 loc) 2.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# OpenLDAP Client Install Install and configure the OpenLDAP client utilities. The file "/etc/openldap/ldap.conf" is configured by the "openldap_client.config" object property. The property "openldap\_client.ca\_cert" may reference a certificate to upload. export default header: 'OpenLDAP Client Install', handler: ({options}) -> ## Package @service name: 'openldap-clients' ## Configuration @file header: 'Configure' write: for k, v of options.config v = v.join(' ') if Array.isArray v match: new RegExp "^#{k}.*$", 'mg' replace: "#{k} #{v}" append: true target: '/etc/openldap/ldap.conf' eof: true ## Upload certificate SSL certifcate could be defined in "/etc/ldap.conf" by the "TLS\_CACERT" or the "TLS\_CACERTDIR" properties. When using "TLS_CACERTDIR", the name of the file must be the certicate hash with a numeric suffix. Here's an example showing how to place the certificate inside "TLS\_CACERTDIR": ```bash hash=`openssl x509 -noout -hash -in cert.pem` mv cert.pem /etc/openldap/cacerts/$hash.0 ``` Important, when changing the certificate for a server, we had to remove the old certificate, not sure why. Certificates are temporarily uploaded to the "/tmp" folder and registered with the command `authconfig --update --ldaploadcacert={file}`. @call header: 'Certificate', handler: -> for certificate in options.certificates then do (certificate) => filename = null if certificate.local hash = crypto.createHash('md5').update(certificate.source).digest('hex') @file.download source: certificate.source target: "/tmp/#{hash}" mode: 0o0640 shy: true @system.execute cmd: "openssl x509 -noout -hash -in /tmp/#{hash}; rm -rf /tmp/#{hash}" shy: true , (err, data) -> filename = data.stdout.trim() unless err # Clean up uploaded certificate # TODO: always execute this action, even on error @system.remove target: "/tmp/#{hash}" shy: true @call -> @file source: certificate.source local: true target: "#{options.config.TLS_CACERTDIR}/#{filename}.0" else @system.execute cmd: "openssl x509 -noout -hash -in #{certificate.source}" shy: true , (err, data) -> filename = data.stdout.trim() unless err @call -> @file source: certificate.source target: "#{options.config.TLS_CACERTDIR}/#{filename}.0" ## Dependencies crypto = require 'crypto' each = require 'each'