LDAP-Controlled Software Deployment

May 25th, 2006 | Categories: DAD/miniDAD, LDAP, Vmware | Tags:

DAD-miniDADIn DAD and miniDAD, our submission to the great VMware appliance challenge, I designed a bit of a unique setup, which works quite nicely. I've called it LCSD(LDAP-Controlled Software Deployment) because the acronym LSD(Least Significant Digit) already exists ;-)

I designed it to be as flexible as possible in order to provision the miniDAD clients with configuration files when they boot. These are usually files which in some form or other contain (or rather must contain) hard-coded references to services on DAD (think IP address, for example). Since it would otherwise have been impossible to create the miniDADs, we implemented LCSD.

The objectclass miniDADconfig is defined in the LDAP schema created for DAD:

objectclass (miniDADObjectClass:3
     NAME 'miniDADconfig'
     SUP top STRUCTURAL
     MUST ( cn $ dadConfigActive $ dadConfigForce )
     MAY  ( dadConfigData $ dadConfigDataURL $ dadConfigPostCopy $
            dadConfigTarget $ description $ dadConfigXlate )
  )

Objects of class miniDADconfig contain configuration data proper or a pointer to such. All objects under ou=miniDADs,ou=Config are downloaded to the miniDADs when they boot, if the attribute type dadConfigActive is TRUE; they are skipped otherwise. The type dadConfigForce is currently unused but can later be used to not overwrite a file if it already exists.

The configuration data proper is stored as a string in dadConfigData, a type which is defined to carry at most 32Kb of text. This text is copied verbatim to the path at dadConfigTarget, unless dadConfigXlate is TRUE, in which case all tokens in dadConfigData are translated according to a fixed set of rules.

If the data in the configuration entry is larger than 32Kb, or if it is to be determined at run-time, a URL(Uniform Resource Locator) to the data can be assigned to the dadConfigDataURL type. This takes precedence over dadConfigData and points to a URL (something like http://dad.example.com/get/big/file) which is otherwise handled like dadConfigData, including translation if dadConfigXlate is TRUE.

dadConfigPostCopy contains the command which is to be executed after the data is copied to its target. A possible value for this command could be something like chmod 444 /target/path/file, whereby care must be taken in that the command is executed by a shell.

A smallish Perl program which is pulled from the DAD server at boot-time of miniDAD reads these LDAP entries and performs both token substitution (dadConfigXlate) and the actual creation of files.

I like it.

Leave a comment | Trackback
Comments are closed.