OpenStack Cloud Computing Cookbook

http://www.openstackcookbook.com/

Monthly Archives: August 2015

The OpenStack Cloud Computing Cookbook – Third Edition – is now available to purchase!

Thanks to Cody Bunch and Egle Sigler – and whole bunch of tech reviewers spanning the cloud and OpenStack community, the OpenStack Cloud Computing Cookbook has had its 3rd reboot. We coverĀ configuration of Nova, Neutron, Glance, Keystone, Cinder and Swift. We show you how to use these. We show you how to use Ansible to deploy this in your datacentre. We show you how to use things like Heat and Cloud-Init to automate your cloud application environments as well as the latest and greatest like DVR and FWaaS.

We provide this with an accompanying multi-node Vagrant environment, where you can try out the steps in the book using free and open source stools such as VirtualBox and Vagrant – and we always make the latest versions of OpenStack available here too.

This is the best book in the series by far and now it’s availableĀ to buy here.

-Kevin Jackson

Advertisements

Installing and Configuring OpenLDAP

In order to operate OpenStack Identity service with an external authentication source, it is necessary that one have an external authentication service available. In the OpenStack Cloud Computing Cookbook, we used OpenLDAP. As installing and configuring OpenLDAP is beyond the scope of the book, that information is provided here.

Getting ready

We will be performing an installation and configuration of OpenLDAP on it’s own Ubuntu 14.04 server.

How to do it…

We will break this into two steps: installing OpenLDAP, and configuring it for use with OpenStack.

Installing OpenLDAP

Once you are logged in, to your Ubuntu 14.04 node, run the following commands to install OpenLDAP:
We set the Ubuntu installer to non-interactive, as we will be providing the configuration values for OpenLDAP prior to installation:

export DEBIAN_FRONTEND=noninteractive

Next we provide an admin password so OpenLDAP will install:

echo -e " \
slapd slapd/internal/generated_adminpw password openstack
slapd slapd/password2 password openstack
slapd slapd/internal/adminpw password openstack
slapd slapd/password1 password openstack
" | sudo debconf-set-selections

Finally, we install OpenLDAP via slapd package:

sudo apt-get install -y slapd ldap-utils

Configuring

OpenStack has a few requirements regarding which attribute types are used for user information. To accomodate this in our OpenLDAP we need to add these values to the new-attributes schema file:

sudo echo "
 attributetype ( 1.2.840.113556.1.4.8 NAME 'userAccountControl'
 SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )
objectclass ( 1.2.840.113556.1.5.9 NAME 'user'
 DESC 'a user'
 SUP inetOrgPerson STRUCTURAL
 MUST ( cn )
 MAY ( userPassword $ memberOf $ userAccountControl ) )
" >> /etc/ldap/schema/new-attributes.schema

Finally, restart OpenLDAP:

sudo service slapd restart

How it works…

What we have done here is install OpenLDAP on Ubuntu 14.04. Additionally we created an LDAP schema, configuring the userAccountControl property, and configuring a ‘user’ object to provide login authorization.