Before orchestration software existed most places typically automated repetitive tasks with cron. While cron is a great tool, cron jobs are not centralized and need to be configured on every server. Imagine needing to modify the crontab of hundreds of servers whenever a change is made to your automation script. Orchestration tools make these type of changes much easier because it allows for the centralization of tasks in one single location. Some orchestration tools even come with web UIs to make deployments much easier.

Ansible in particular is a great automation tool because:

  • It is agent-less (tasks run through ssh so no agent needs to be installed)
  • Has an open source UI (link)
  • The UI allows for single click deployments
  • Is python based, so it is more user friendly compared to puppet or chef
  • Has less of a learning curve compared to other orchestration tools

Deploying OpenLDAP in particular is a great task for Ansible because new ldap deployments are often cumbersome and time consuming processes. Fortunately over at Rex Consulting we have developed some playbooks to make a basic OpenLDAP installation a breeze.

Installing OpenLDAP

1. Clone the repository

git clone https://github.com/Rex-Consulting/Ansible-OpenLDAP-Basic.git

2. Configure the appropriate variables within roles/openldap-compile/vars/main.yml. Typically the default entries will work fine. However make note of the following:

sudo_cmd may be required to be set to install dependencies. Most environments work well using the default [sudo su -], however in the case where you need to use a script for privilege escalation, you will need to modify your script a bit differently. Mike Mikhail over at his blog has a great article detailing how to modify your privilege escalation scripts to work with ansible.

You will probably want to change the ansible-adm user to whatever user has permission to launch openldap. The base_dir variable should also be changed if you do not have an /apps directory.

This repository comes with the 2.4.49 OpenLDAP code. If you need to use a more current version you can just swap the tgz file inside roles/openldap-compile/files/ for the newer version and update openldap_version.

Last, OpenLDAP is compiled using basic flags. If you need additional features compiled inside the slapd executable consider modifying the openldap_configs_args variable.

3. Update the hosts file. Each line corresponds to a target server and the user you are running the playbook with should be able to ssh into the target server (either through a password or ssh key).

For Example:

ldap1 ansible_host=ansibletest ansible_user=ansible-adm

Ensure that the ansible_user entry can ssh into the target server, which in this case is ansibletest. Notice that ldap1 is just a label for the ansibletest server.

4. From the parent directory, run the following command:

To install openldap:

ansible-playbook -i hosts deploy_openldap.yml -t "check:dependencies,copy:dependencies,install:all"

How This Playbook Works

An ansible playbook requires the following:

inventory – A file that consists of all the target servers that the job will be running on
playbook – The configuration files that calls on the roles that will be used for the job
role – a collection of tasks being used to complete a job

When the above ansible-playbook command gets executed Ansible does the following:

1. Grabs a list of all the targets from the inventory file
2. Parses the playbook configuration and creates temporary files written in python that will be used to execute the tasks
3. Zips all those files
4. Copies over the temporary files to each target server and unzips them
5. Executes the python script which performs

In part 2 of this series we will look into configuring OpenLDAP’s environment.