-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add LDAP stack to deploy a simple OpenLDAP configuration and its admin server. This can be used in any cookbook to provide Gerrit an LDAP service for authentication. Feature: Issue 12484 Change-Id: I0cc0276ef37c8a044882e85bfa9f0d5c2eff481a
- Loading branch information
Showing
3 changed files
with
156 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
LDAP_TEMPLATE:=cf-ldap.yml | ||
AWS_REGION:=us-east-1 | ||
AWS_FC_COMMAND=export AWS_PAGER=;aws cloudformation | ||
LDAP_STACK_NAME:=gerrit-ldap | ||
HOSTED_ZONE_NAME:=mycompany.com | ||
|
||
.PHONY: ldap delete-ldap | ||
|
||
ldap: | ||
$(AWS_FC_COMMAND) create-stack \ | ||
--stack-name $(LDAP_STACK_NAME) \ | ||
--capabilities CAPABILITY_IAM \ | ||
--template-body file://`pwd`/$(LDAP_TEMPLATE) \ | ||
--region $(AWS_REGION) \ | ||
--parameters \ | ||
ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) | ||
|
||
delete-ldap: | ||
$(AWS_FC_COMMAND) delete-stack \ | ||
--stack-name $(LDAP_STACK_NAME) \ | ||
--region $(AWS_REGION) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# LDAP | ||
|
||
This is a set of Cloud Formation Templates and scripts to spin up a simple LDAP | ||
service and its Admin panel. | ||
|
||
It can be used to provide a simple LDAP instance to be used to integrate with | ||
any Gerrit setup in the different cookbooks. | ||
|
||
## How to run it | ||
|
||
### Prerequisites | ||
|
||
As a prerequisite to run this stack, you will need a registered and correctly | ||
configured domain in [Route53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html) | ||
|
||
### Getting Started | ||
|
||
* Create a key pair to access the EC2 instances in the cluster: | ||
|
||
``` | ||
aws ec2 create-key-pair --key-name gerrit-cluster-keys \ | ||
--query 'KeyMaterial' --output text > gerrit-cluster.pem | ||
``` | ||
|
||
*NOTE: the EC2 key pair are useful when you need to connect to the EC2 instances | ||
for troubleshooting purposes. Store them in a `pem` file to use when ssh-ing into your | ||
instances as follow: `ssh -i yourKeyPairs.pem <ec2_instance_ip>`* | ||
|
||
* Create the LDAP stack: | ||
|
||
``` | ||
make ldap HOSTED_ZONE_NAME=mycompany.com | ||
``` | ||
|
||
The `HOSTED_ZONE_NAME` value is the Hosted Zone Name where a DSN route pointing | ||
to the LDAP service will be created. | ||
|
||
### Cleaning up | ||
|
||
``` | ||
make delete-ldap | ||
``` | ||
|
||
### Access your LDAP instance | ||
|
||
* LDAP Service: | ||
* **URI**: ldap://gerrit-ldap.gerritforgeaws.com | ||
* **Port**: 636 | ||
* LDAP Admin Service: | ||
* **URI**: https://gerrit-ldap.mycompany.com | ||
* **Port**: 6443 | ||
* **Username**: cn=admin,dc=example,dc=org | ||
* **Password**: secret | ||
|
||
The LDAP instance provided already has a Gerrit Admin user baked in with the | ||
following credentials: | ||
|
||
* **Username**: gerritadmin | ||
* **Password**: secret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
--- | ||
AWSTemplateFormatVersion: '2010-09-09' | ||
Description: 'AWS CloudFormation Template to Deploy a single EC2 instance | ||
with OpenLDAP Installed and configured with a Gerrit Admin User' | ||
Parameters: | ||
KeyName: | ||
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance | ||
Type: AWS::EC2::KeyPair::KeyName | ||
Default: gerrit-cluster-keys | ||
ConstraintDescription: must be the name of an existing EC2 KeyPair. | ||
InstanceType: | ||
Description: EC2 instance type | ||
Type: String | ||
Default: t2.micro | ||
HostedZoneName: | ||
Description: The route53 HostedZoneName. | ||
Type: String | ||
Resources: | ||
EC2Instance: | ||
Type: AWS::EC2::Instance | ||
Properties: | ||
InstanceType: !Ref InstanceType | ||
SecurityGroups: | ||
- !Ref InstanceSecurityGroup | ||
KeyName: !Ref KeyName | ||
ImageId: ami-0472cbe99b81a694a | ||
UserData: | ||
Fn::Base64: !Sub | | ||
#!/bin/bash -xe | ||
su - ec2-user bash -c "docker-compose up" | ||
InstanceSecurityGroup: | ||
Type: AWS::EC2::SecurityGroup | ||
Properties: | ||
GroupDescription: Enable SSH access via port 22 | ||
SecurityGroupIngress: | ||
- CidrIp: 0.0.0.0/0 | ||
IpProtocol: -1 | ||
LDAPDnsRecord: | ||
Type: AWS::Route53::RecordSet | ||
Properties: | ||
Name: !Sub 'gerrit-ldap.${HostedZoneName}' | ||
HostedZoneName: !Sub '${HostedZoneName}.' | ||
Comment: DNS name for LDAP Test instance. | ||
Type: A | ||
TTL: '60' | ||
ResourceRecords: | ||
- !GetAtt EC2Instance.PublicIp | ||
Outputs: | ||
InstanceId: | ||
Description: InstanceId of the newly created EC2 instance | ||
Value: | ||
Ref: EC2Instance | ||
AZ: | ||
Description: Availability Zone of the newly created EC2 instance | ||
Value: | ||
Fn::GetAtt: | ||
- EC2Instance | ||
- AvailabilityZone | ||
PublicDNS: | ||
Description: Public DNSName of the newly created EC2 instance | ||
Value: | ||
Fn::GetAtt: | ||
- EC2Instance | ||
- PublicDnsName | ||
PublicIP: | ||
Description: Public IP address of the newly created EC2 instance | ||
Value: | ||
Fn::GetAtt: | ||
- EC2Instance | ||
- PublicIp | ||
LDAPAdminWebUrl: | ||
Description: LDAP Admin URL | ||
Value: !Sub 'https://gerrit-ldap.${HostedZoneName}:6443' | ||
LDAPServiceUrl: | ||
Description: LDAP Service URL | ||
Value: !Sub 'ldap://gerrit-ldap.${HostedZoneName}:636' |