Monthly Archives: August 2015
Thanks to Cody Bunch and Egle Sigler – and whole bunch of tech reviewers spanning the cloud and OpenStack community, the OpenStack Cloud Computing Cookbook has had its 3rd reboot. We cover configuration of Nova, Neutron, Glance, Keystone, Cinder and Swift. We show you how to use these. We show you how to use Ansible to deploy this in your datacentre. We show you how to use things like Heat and Cloud-Init to automate your cloud application environments as well as the latest and greatest like DVR and FWaaS.
We provide this with an accompanying multi-node Vagrant environment, where you can try out the steps in the book using free and open source stools such as VirtualBox and Vagrant – and we always make the latest versions of OpenStack available here too.
This is the best book in the series by far and now it’s available to buy here.
In order to operate OpenStack Identity service with an external authentication source, it is necessary that one have an external authentication service available. In the OpenStack Cloud Computing Cookbook, we used OpenLDAP. As installing and configuring OpenLDAP is beyond the scope of the book, that information is provided here.
We will be performing an installation and configuration of OpenLDAP on it’s own Ubuntu 14.04 server.
How to do it…
We will break this into two steps: installing OpenLDAP, and configuring it for use with OpenStack.
Once you are logged in, to your Ubuntu 14.04 node, run the following commands to install OpenLDAP:
We set the Ubuntu installer to non-interactive, as we will be providing the configuration values for OpenLDAP prior to installation:
Next we provide an admin password so OpenLDAP will install:
echo -e " \ slapd slapd/internal/generated_adminpw password openstack slapd slapd/password2 password openstack slapd slapd/internal/adminpw password openstack slapd slapd/password1 password openstack " | sudo debconf-set-selections
Finally, we install OpenLDAP via slapd package:
sudo apt-get install -y slapd ldap-utils
OpenStack has a few requirements regarding which attribute types are used for user information. To accomodate this in our OpenLDAP we need to add these values to the new-attributes schema file:
sudo echo " attributetype ( 1.2.840.1135126.96.36.199 NAME 'userAccountControl' SYNTAX '188.8.131.52.4.1.14184.108.40.206.27' )
objectclass ( 1.2.840.1135220.127.116.11 NAME 'user' DESC 'a user' SUP inetOrgPerson STRUCTURAL MUST ( cn ) MAY ( userPassword $ memberOf $ userAccountControl ) )
" >> /etc/ldap/schema/new-attributes.schema
Finally, restart OpenLDAP:
sudo service slapd restart
How it works…
What we have done here is install OpenLDAP on Ubuntu 14.04. Additionally we created an LDAP schema, configuring the userAccountControl property, and configuring a ‘user’ object to provide login authorization.