Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Script to put mysqld on a ram disk in ubuntu 10.04. Also addes Active Directory groups to slapd. Runs on every hudson slave boot
sudo cp -r /home/hudson/.ssh /root/;
sudo chown -R root:root /root/.ssh;
sudo service mysql stop;
sudo cp -pRL /var/lib/mysql /dev/shm/mysql;
sudo echo "[mysqld]
datadir = /dev/shm/mysql
" > /tmp/ramdisk.cnf;
sudo mv /tmp/ramdisk.cnf /etc/mysql/conf.d/ramdisk.cnf;
sudo echo "
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>
/usr/sbin/mysqld {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
#include <abstractions/mysql>
#include <abstractions/winbind>
capability dac_override,
capability sys_resource,
capability setgid,
capability setuid,
network tcp,
/etc/hosts.allow r,
/etc/hosts.deny r,
/etc/mysql/*.pem r,
/etc/mysql/conf.d/ r,
/etc/mysql/conf.d/* r,
/etc/mysql/my.cnf r,
/usr/sbin/mysqld mr,
/usr/share/mysql/** r,
/var/log/mysql.log rw,
/var/log/mysql.err rw,
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,
/var/log/mysql/ r,
/var/log/mysql/* rw,
/var/run/mysqld/mysqld.pid w,
/var/run/mysqld/mysqld.sock w,
/sys/devices/system/cpu/ r,
/dev/shm/mysql/ r,
/dev/shm/mysql/** rwk,
}
" > /tmp/usr.sbin.mysqld;
sudo mv /tmp/usr.sbin.mysqld /etc/apparmor.d/usr.sbin.mysqld;
sudo service apparmor restart;
sudo service mysql start;
# Add the group related active directory stuff to slapd
sudo echo "dn: cn=local
objectClass: olcSchemaConfig
cn: local
olcAttributeTypes: {0}( 1.2.840.113556.1.4.750 NAME 'groupType' SYNTAX 1.3.6.1
.4.1.1466.115.121.1.27 EQUALITY integerMatch SINGLE-VALUE )
olcAttributeTypes: {1}( 1.2.840.113556.1.4.656 NAME 'userPrincipalName' SYNTAX
'1.3.6.1.4.1.1466.115.121.1.15' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SINGLE-VALUE )
olcObjectClasses: {0}( 1.2.840.113556.1.5.8 NAME 'group' DESC 'a group of user
s' SUP top STRUCTURAL MUST ( groupType $ cn ) MAY ( member $ distinguishedName ) )
olcObjectClasses: {1}( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson
STRUCTURAL MAY (userPrincipalName $ uid $ userPassword $ mail $ cn $ givenName $
sn $ destinationIndicator $ distinguishedName))
structuralObjectClass: olcSchemaConfig
entryUUID: c0f28d76-1f4d-1031-8b10-3f75436ba2f8
creatorsName: cn=config
createTimestamp: 20120420160054Z
entryCSN: 20120420160054.385566Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120420160054Z" >> local.ldif
sudo chown openldap: local.ldif
sudo mv local.ldif /etc/ldap/slapd.d/cn=config/cn=schema/
# Configure secure ldap
cat > /tmp/slapd.pem << EOF
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC9H9yY4OuDKaXeHCH5+Ez0BKdqs8hTi53qK4UoEA1SF2bOlJ+B
+1FwjPjV8mHLCy8ERLOoYvTCAxVxCUUQwz6iBYx8JwB2LOqcK8Q5czgWVfaMUYNv
KhDiP4qvxZFe5byT5fysBR/AJz0aOce/ga874Gjv8yln5g8aIaldGdaScQIDAQAB
AoGBAJ9LVuLtj3DKg4qw521EVoyx3tFg3DqCPmAeh+lWm+GpFE6roC47ID1Mf8q0
fOooYVGXDDuoHb/MGSM8S4/y46zeWS0kCq/h/RcPz08hnYn+VHrpwzteQdYRCg+b
eVZOgkrHKqcHvV1rcDM46r33KWDvntcuLPlQx75j8T9IyKSBAkEA+xWgw+9Xc5a8
A5l+2FUHv46z3ibS+MumG1uPMhmTVl7qnypOAB0GXIMlE/iJTyXUaooAta4R9ZvE
03BMxPoF4wJBAMDTtKp86ysYP6uf+XNaLEmv2olVnHt8fvwdKspWLEjCT758X90R
sNjDBD4oTCcTT02BaEdn3BvHtK0hTcyWlpsCQQCkIMcuTU4FKQtN7xCTqUGfXlEF
bquKJtU2HOvF/CHr26/Sy3yhZle6MaATJevb6QapffxoxpjGzEQlUstcF3OxAkBg
rgTocieK/OZ3i4cL0gtgir48m2MQ+xPEHm+k8V3UwTAwZrW95q/Pjr/i1luQP/tD
9f0tyCIw/4lUQN18FYi/AkAKBYALeGceSw4cfx6eYvFc4jMq6m4drShly6L/2e+U
51RtvqrFBmg3TTa+H6199EhVriOQf2jfnI2uhmFE+Dss
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIC7zCCAligAwIBAgIJAJlK2geBUkYcMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdJbmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMx
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xMjA1MDMxNDMy
NDNaFw0yMjA1MDExNDMyNDNaMFkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJbmRp
YW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxITAfBgNVBAoTGEludGVybmV0IFdp
ZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvR/cmODr
gyml3hwh+fhM9ASnarPIU4ud6iuFKBANUhdmzpSfgftRcIz41fJhywsvBESzqGL0
wgMVcQlFEMM+ogWMfCcAdizqnCvEOXM4FlX2jFGDbyoQ4j+Kr8WRXuW8k+X8rAUf
wCc9GjnHv4GvO+Bo7/MpZ+YPGiGpXRnWknECAwEAAaOBvjCBuzAdBgNVHQ4EFgQU
LlJV1wmLjYVH87jRhU3nh9dL0iIwgYsGA1UdIwSBgzCBgIAULlJV1wmLjYVH87jR
hU3nh9dL0iKhXaRbMFkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJbmRpYW5hMRUw
EwYDVQQHEwxJbmRpYW5hcG9saXMxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAJlK2geBUkYcMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
gYEAYrAGBWsVD6tPNWuZD4DGTyyOymHrJNUvbwouGpnfCmLzlygyz12KzL8rZqb3
wjDd9oPK4GCX60lQhmEDAUgQWiugwowtZe2KqUo6RTEv/b86RrErTw/4ZtsNQNWk
dBW67R/M5NevIl4m9bjJ003wvVAjjokndARvO+J2Zmos384=
-----END CERTIFICATE-----
EOF
sudo mkdir /etc/ldap/ssl
sudo mv /tmp/slapd.pem /etc/ldap/ssl
sudo chown -R openldap: /etc/ldap/ssl
cat >> /etc/ldap/slapd.d/cn=config.ldif << EOF
olcTLSCACertificateFile: /etc/ldap/ssl/slapd.pem
olcTLSCertificateKeyFile: /etc/ldap/ssl/slapd.pem
olcTLSCertificateFile: /etc/ldap/ssl/slapd.pem
EOF
sed -i 's@SLAPD_SERVICES="ldap:/// ldapi:///"@SLAPD_SERVICES="ldap:/// ldaps:///"@' /etc/default/slapd
sudo /etc/init.d/slapd restart
# Make sure slapd is running
while :
do
if [ "$(pidof slapd)" ]
then
echo 'slapd is running'
break
else
sudo /etc/init.d/slapd start
sleep 1
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment