#!/bin/ksh # ALTRAN_PROLOG_BEGIN_TAG # This is an automatically generated prolog. # # Copyright (C) Altran ACT S.A.S. 2017,2018,2021. All rights reserved. # # ALTRAN_PROLOG_END_TAG # # IBM_PROLOG_BEGIN_TAG # This is an automatically generated prolog. # # 61haes_r721 src/43haes/usr/sbin/cluster/cspoc/utilities/cl_ldapp2psr_conf.sh 1.2 # # Licensed Materials - Property of IBM # # COPYRIGHT International Business Machines Corp. 2010,2011 # All Rights Reserved # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # # IBM_PROLOG_END_TAG # @(#) 7d4c34b 43haes/usr/sbin/cluster/cspoc/utilities/cl_ldapp2psr_conf.sh, 726, 2147A_aha726, Feb 05 2021 09:50 PM #Including source function and variables . /usr/es/sbin/cluster/cspoc/cl_federatedsec_source # #Initializing.. fsec_init # SERVER_LIST="$1" ADMIN_DN="$2" ADMIN_DNPW="$3" SUFFIX="$4" LDAP_INST=ldapdb2 PORT_NUM="$5" ADMIN_PORT_NUM="$6" TMP_LDIF_FILE=${FSEC_LOG_DIR}/fsecurity_tmp.$$.ldif LDAP_CONF_DIR="/home/${LDAP_INST}/idsslapd-${LDAP_INST}/etc/ibmslapd.conf" set -A SERVER_LIST_Arr set -A PORT_Arr set -A ADMIN_PORT_Arr SERVER_LIST_CC=`echo $SERVER_LIST|/usr/bin/sed 's/,/ /g'` [[ -z $SERVER_LIST_CC ]] && ret_fail "Server list not found." 3 TDS_SRV_PATH="$7" # Getting server list with communication path i=0 for X in $SERVER_LIST_CC do SERVER_LIST_Arr[i]=`host $(clodmget -q "name = $X AND object = COMMUNICATION_PATH" -f value -n HACMPnode) |awk '{print $3}'|/usr/bin/sed 's/,//g'` [[ -z $SERVER_LIST_Arr[i] ]] && ret_fail "Server list not found." 3 let i=i+1 PORT_Arr[${i}-1]=$(echo $PORT_NUM|awk -F, "{print \$$i}") ADMIN_PORT_Arr[${i}-1]=$(echo $ADMIN_PORT_NUM|awk -F, "{print \$$i}") done SERVER_COUNT="$i" #Changing Server IDs i=0 while [[ $i -lt $SERVER_COUNT ]] do TNODE=`${HA_BASE_PATH}/utilities/cllsif -cp|grep -w "${SERVER_LIST_Arr[${i}]}"|awk -F: '{print $6}'|sort -u` [[ -z $TNODE ]] && ret_fail "First node not found." 3 cl_rsh -n $TNODE "sed 's/ibm-slapdServerId.*/ibm-slapdServerId: Peer$i/g' $LDAP_CONF_DIR 1> ${LDAP_CONF_DIR}1" \ || ret_fail "sed failed with an error" $? cl_rsh -n $TNODE "cp $LDAP_CONF_DIR ${LDAP_CONF_DIR}.bak" || ret_fail "cp failed with an error" $? cl_rsh -n $TNODE "mv ${LDAP_CONF_DIR}1 $LDAP_CONF_DIR" || ret_fail "mv failed with an error" $? let i=i+1 done #Addidng credential entries to conf file i=0 while [[ $i -lt $SERVER_COUNT ]] do j=0 while [[ $j -lt `expr $SERVER_COUNT - 1` ]] do SERVER_Arr_num=`expr $i + $j` if [[ $SERVER_Arr_num -gt $SERVER_COUNT ]] then SERVER_Arr_num=`expr $SERVER_Arr_num - $SERVER_COUNT` fi TNODE=`${HA_BASE_PATH}/utilities/cllsif -cp|grep -w "${SERVER_LIST_Arr[${i}]}"|awk -F: '{print $6}'|sort -u` [[ -z $TNODE ]] && ret_fail "First node not found." 3 cl_rsh -n $TNODE "echo "" >> $LDAP_CONF_DIR" cl_rsh -n $TNODE "echo "dn: cn=Master server, cn=configuration" >> $LDAP_CONF_DIR" cl_rsh -n $TNODE "echo "cn: master server" >> $LDAP_CONF_DIR" cl_rsh -n $TNODE "echo "ibm-slapdMasterDN: cn=bindtoconsumer" >> $LDAP_CONF_DIR" cl_rsh -n $TNODE "echo "ibm-slapdMasterPW: iamsupplier" >> $LDAP_CONF_DIR" cl_rsh -n $TNODE "echo "ibm-slapdMasterReferral: ldap://${SERVER_LIST_Arr[${SERVER_Arr_num}]}:${PORT_Arr[${SERVER_Arr_num}]}" >> $LDAP_CONF_DIR" cl_rsh -n $TNODE "echo "objectclass: ibm-slapdReplication" >> $LDAP_CONF_DIR" let j=j+1 done let i=i+1 done #Restarting server in all Peers SRV_ST_LOG=${FSEC_LOG_DIR}/sr_startstop.log.$$ i=0 while [[ $i -lt $SERVER_COUNT ]] do TNODE=`${HA_BASE_PATH}/utilities/cllsif -cp|grep -w "${SERVER_LIST_Arr[${i}]}"|awk -F: '{print $6}'|sort -u` [[ -z $TNODE ]] && ret_fail "First node not found." 3 dspmsg -s 129 cspoc.cat 97 "Restarting server on %s node, please wait...\n" "$TNODE" timer=0 while [[ $timer -le 60 ]] do cl_rsh -n $TNODE "ps -eo 'args'|grep ibmslapd|grep -vw grep|grep -w $LDAP_INST" > /dev/null 2>&1 || break if [[ $? -eq 0 ]] && [[ $timer == 0 ]] then cl_rsh -n $TNODE "${TDS_SRV_PATH}/bin/ibmdirctl -D $ADMIN_DN -w $ADMIN_DNPW -p ${ADMIN_PORT_Arr[${i}]} stop" >> $SRV_ST_LOG 2>&1 \ || ret_fail "Not able to stop ibmslapd." $? fi let timer=timer+1 sleep 1 done if [[ $timer == 61 ]] then ret_fail "ibmslapd failed to stop." 3 fi timer=0 while [[ $timer -le 60 ]] do cl_rsh -n $TNODE "ps -eo 'args'|grep ibmdiradm|grep -vw grep|grep -w $LDAP_INST" > /dev/null 2>&1 || break if [[ $? -eq 0 ]] && [[ $timer == 0 ]] then cl_rsh -n $TNODE "${TDS_SRV_PATH}/bin/ibmdirctl -D $ADMIN_DN -w $ADMIN_DNPW -p ${ADMIN_PORT_Arr[${i}]} admstop" >>$SRV_ST_LOG 2>&1 \ || ret_fail "Not able to stop ibmdiradm" $? fi let timer=timer+1 sleep 1 done if [[ $timer == 61 ]] then ret_fail "ibmdiradm failed to stop." 3 fi timer=0 while [[ $timer -le 60 ]] do cl_rsh -n $TNODE "${TDS_SRV_PATH}/bin/ibmdirctl -D $ADMIN_DN -w $ADMIN_DNPW -p ${ADMIN_PORT_Arr[${i}]} status" >/dev/null 2>&1 && break if [[ $timer == 0 ]] then cl_rsh -n $TNODE "${TDS_SRV_PATH}/sbin/ibmdiradm -I $LDAP_INST" >> $SRV_ST_LOG 2>&1 \ || ret_fail "Not able to start ibmdiradm" $? fi let timer=timer+1 sleep 1 done if [[ $timer == 61 ]] then ret_fail "ibmdiradm failed to start." 3 fi timer=0 while [[ $timer -le 60 ]] do cl_rsh -n $TNODE "${TDS_SRV_PATH}/bin/ldapsearch -p ${PORT_Arr[${i}]} -b \"\" -s base "objectclass=*" 2>/dev/null |grep -w 'ldapdb2'" >/dev/null 2>&1 && break if [[ $timer == 0 ]] then cl_rsh -n $TNODE "${TDS_SRV_PATH}/sbin/ibmslapd -n -I $LDAP_INST" >> $SRV_ST_LOG 2>&1 \ || ret_fail "Not able to start ibmslapd" $? fi let timer=timer+1 sleep 1 done if [[ $timer == 61 ]] then ret_fail "ibmslapd failed to start." 3 fi let i=i+1 done #Creating replication context in P2P ldif file echo "dn: `echo $SUFFIX |/usr/bin/sed 's/,/, /g'`" > $TMP_LDIF_FILE echo "changetype: modify" >> $TMP_LDIF_FILE echo "add: objectclass" >> $TMP_LDIF_FILE echo "objectclass: ibm-replicationContext" >> $TMP_LDIF_FILE echo "" >> $TMP_LDIF_FILE echo "dn: ibm-replicaGroup=default, `echo $SUFFIX |/usr/bin/sed 's/,/, /g'`" >> $TMP_LDIF_FILE echo "changetype: add" >> $TMP_LDIF_FILE echo "objectclass: top" >> $TMP_LDIF_FILE echo "objectclass: ibm-replicaGroup" >> $TMP_LDIF_FILE echo "ibm-replicaGroup: default" >> $TMP_LDIF_FILE #Addidng subentry for all Peers in P2P ldif file i=1 while [[ $i -le $SERVER_COUNT ]] do echo "" >> $TMP_LDIF_FILE echo "dn: ibm-replicaServerId=Peer${i}, ibm-replicaGroup=default, `echo $SUFFIX |/usr/bin/sed 's/,/, /g'`" >> $TMP_LDIF_FILE echo "changetype: add" >> $TMP_LDIF_FILE echo "objectclass: top" >> $TMP_LDIF_FILE echo "objectclass: ibm-replicaSubentry" >> $TMP_LDIF_FILE echo "ibm-replicaServerId: Peer${i}" >> $TMP_LDIF_FILE echo "ibm-replicationServerIsMaster: true" >> $TMP_LDIF_FILE echo "cn: Peer${i}" >> $TMP_LDIF_FILE echo "description: Subentry for Peer${i}." >> $TMP_LDIF_FILE let i=i+1 done #Adding bind credentials in P2P ldif file echo "" >> $TMP_LDIF_FILE echo "dn: cn=ReplicaBindCredentials, `echo $SUFFIX |/usr/bin/sed 's/,/, /g'`" >> $TMP_LDIF_FILE echo "changetype: add" >> $TMP_LDIF_FILE echo "objectclass: ibm-replicationCredentialsSimple" >> $TMP_LDIF_FILE echo "cn: ReplicaBindCredentials" >> $TMP_LDIF_FILE echo "replicaBindDN: cn=bindtoconsumer" >> $TMP_LDIF_FILE echo "replicaCredentials: iamsupplier" >> $TMP_LDIF_FILE echo "description: Bind Credentials on Peers to bind to each other." >> $TMP_LDIF_FILE #Adding replication context between all Peers in P2P ldif file i=0 while [[ $i -lt $SERVER_COUNT ]] do j=0 while [[ $j -lt `expr $SERVER_COUNT - 1` ]] do SERVER_Arr_num=`expr $i + $j` if [[ $SERVER_Arr_num -gt $SERVER_COUNT ]] then SERVER_Arr_num=`expr $SERVER_Arr_num - $SERVER_COUNT` fi echo "" >> $TMP_LDIF_FILE echo "dn: cn=Peer${SERVER_Arr_num}, ibm-replicaServerId=Peer${i}, ibm-replicaGroup=default, `echo $SUFFIX |/usr/bin/sed 's/,/, /g'`" >> $TMP_LDIF_FILE echo "changetype: add" >> $TMP_LDIF_FILE echo "objectclass: top" >> $TMP_LDIF_FILE echo "objectclass: ibm-replicationAgreement" >> $TMP_LDIF_FILE echo "cn: Peer${SERVER_Arr_num}" >> $TMP_LDIF_FILE echo "ibm-replicaConsumerId: Peer${SERVER_Arr_num}" >> $TMP_LDIF_FILE echo "ibm-replicaUrl: ldap://${SERVER_LIST_Arr[${SERVER_Arr_num}]}:${PORT_Arr[${SERVER_Arr_num}]}" >> $TMP_LDIF_FILE echo "ibm-replicaCredentialsDN: cn=ReplicaBindCredentials, `echo $SUFFIX |/usr/bin/sed 's/,/, /g'`" >> $TMP_LDIF_FILE echo "description: Replication agreement from Peer$i to Peer${SERVER_Arr_num}." >> $TMP_LDIF_FILE let j=j+1 done let i=i+1 done #Loading the P2P ldif file ${TDS_SRV_PATH}/bin/idsldapmodify -h ${SERVER_LIST_Arr[0]} -D $ADMIN_DN -w $ADMIN_DNPW -p ${PORT_Arr[0]} -i $TMP_LDIF_FILE -k -l -c >/dev/null \ || ret_fail "idsldapmodify p2p failed with an error" $? #loading replication context if not exist in all other servers echo "dn: `echo $SUFFIX |/usr/bin/sed 's/,/, /g'`" > $TMP_LDIF_FILE echo "changetype: modify" >> $TMP_LDIF_FILE echo "add: objectclass" >> $TMP_LDIF_FILE echo "objectclass: ibm-replicationContext" >> $TMP_LDIF_FILE echo " " >> $TMP_LDIF_FILE i=1 while [[ $i -lt $SERVER_COUNT ]] do ${TDS_SRV_PATH}/bin/idsldapmodify -h ${SERVER_LIST_Arr[$i]} -D $ADMIN_DN -w $ADMIN_DNPW -p ${PORT_Arr[$i]} -i $TMP_LDIF_FILE -k -l -c >/dev/null \ || ret_fail "idsldapmodify p2p failed with an error" $? let i=i+1 done #Loading the topology in replica ${TDS_SRV_PATH}/bin/idsldapexop -h ${SERVER_LIST_Arr[0]} -D $ADMIN_DN -w $ADMIN_DNPW -p ${PORT_Arr[0]} -op repltopology -rc $SUFFIX \ || ret_fail "idsldapexop failed with an error" $? rm -r $TMP_LDIF_FILE run_on_allnode "rm -rf $FSEC_LOG_DIR" || ret_fail "Removing log directory failed." $? exit 0