jlward/setup_slave.sh

## setup_slave.sh
sudo cp -r /home/hudson/.ssh /root/;
sudo chown -R root:root /root/.ssh;

sudo service mysql stop;
sudo cp -pRL /var/lib/mysql /dev/shm/mysql;
sudo echo "[mysqld]
datadir = /dev/shm/mysql
" > /tmp/ramdisk.cnf;
sudo mv /tmp/ramdisk.cnf /etc/mysql/conf.d/ramdisk.cnf;
sudo echo "
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>

/usr/sbin/mysqld {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>
  #include <abstractions/mysql>
  #include <abstractions/winbind>

  capability dac_override,
  capability sys_resource,
  capability setgid,
  capability setuid,

  network tcp,

  /etc/hosts.allow r,
  /etc/hosts.deny r,

  /etc/mysql/*.pem r,
  /etc/mysql/conf.d/ r,
  /etc/mysql/conf.d/* r,
  /etc/mysql/my.cnf r,
  /usr/sbin/mysqld mr,
  /usr/share/mysql/** r,
  /var/log/mysql.log rw,
  /var/log/mysql.err rw,
  /var/lib/mysql/ r,
  /var/lib/mysql/** rwk,
  /var/log/mysql/ r,
  /var/log/mysql/* rw,
  /var/run/mysqld/mysqld.pid w,
  /var/run/mysqld/mysqld.sock w,

  /sys/devices/system/cpu/ r,
  /dev/shm/mysql/ r,
  /dev/shm/mysql/** rwk,
}
" > /tmp/usr.sbin.mysqld;
sudo mv /tmp/usr.sbin.mysqld /etc/apparmor.d/usr.sbin.mysqld;
sudo service apparmor restart;
sudo service mysql start;

# Add the group related active directory stuff to slapd
sudo echo "dn: cn=local
objectClass: olcSchemaConfig
cn: local
olcAttributeTypes: {0}( 1.2.840.113556.1.4.750 NAME 'groupType' SYNTAX 1.3.6.1
 .4.1.1466.115.121.1.27 EQUALITY integerMatch SINGLE-VALUE )
olcAttributeTypes: {1}( 1.2.840.113556.1.4.656 NAME 'userPrincipalName' SYNTAX
 '1.3.6.1.4.1.1466.115.121.1.15' EQUALITY caseIgnoreMatch SUBSTR
 caseIgnoreSubstringsMatch SINGLE-VALUE )
olcObjectClasses: {0}( 1.2.840.113556.1.5.8 NAME 'group' DESC 'a group of user
 s' SUP top STRUCTURAL MUST ( groupType $ cn ) MAY ( member $ distinguishedName ) )
olcObjectClasses: {1}( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson
 STRUCTURAL MAY (userPrincipalName $ uid $ userPassword $ mail $ cn $ givenName $
 sn $ destinationIndicator $ distinguishedName))
structuralObjectClass: olcSchemaConfig
entryUUID: c0f28d76-1f4d-1031-8b10-3f75436ba2f8
creatorsName: cn=config
createTimestamp: 20120420160054Z
entryCSN: 20120420160054.385566Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120420160054Z" >> local.ldif

sudo chown openldap: local.ldif
sudo mv local.ldif /etc/ldap/slapd.d/cn=config/cn=schema/

# Configure secure ldap
cat > /tmp/slapd.pem << EOF
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC9H9yY4OuDKaXeHCH5+Ez0BKdqs8hTi53qK4UoEA1SF2bOlJ+B
+1FwjPjV8mHLCy8ERLOoYvTCAxVxCUUQwz6iBYx8JwB2LOqcK8Q5czgWVfaMUYNv
KhDiP4qvxZFe5byT5fysBR/AJz0aOce/ga874Gjv8yln5g8aIaldGdaScQIDAQAB
AoGBAJ9LVuLtj3DKg4qw521EVoyx3tFg3DqCPmAeh+lWm+GpFE6roC47ID1Mf8q0
fOooYVGXDDuoHb/MGSM8S4/y46zeWS0kCq/h/RcPz08hnYn+VHrpwzteQdYRCg+b
eVZOgkrHKqcHvV1rcDM46r33KWDvntcuLPlQx75j8T9IyKSBAkEA+xWgw+9Xc5a8
A5l+2FUHv46z3ibS+MumG1uPMhmTVl7qnypOAB0GXIMlE/iJTyXUaooAta4R9ZvE
03BMxPoF4wJBAMDTtKp86ysYP6uf+XNaLEmv2olVnHt8fvwdKspWLEjCT758X90R
sNjDBD4oTCcTT02BaEdn3BvHtK0hTcyWlpsCQQCkIMcuTU4FKQtN7xCTqUGfXlEF
bquKJtU2HOvF/CHr26/Sy3yhZle6MaATJevb6QapffxoxpjGzEQlUstcF3OxAkBg
rgTocieK/OZ3i4cL0gtgir48m2MQ+xPEHm+k8V3UwTAwZrW95q/Pjr/i1luQP/tD
9f0tyCIw/4lUQN18FYi/AkAKBYALeGceSw4cfx6eYvFc4jMq6m4drShly6L/2e+U
51RtvqrFBmg3TTa+H6199EhVriOQf2jfnI2uhmFE+Dss
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIC7zCCAligAwIBAgIJAJlK2geBUkYcMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdJbmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMx
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xMjA1MDMxNDMy
NDNaFw0yMjA1MDExNDMyNDNaMFkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJbmRp
YW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxITAfBgNVBAoTGEludGVybmV0IFdp
ZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvR/cmODr
gyml3hwh+fhM9ASnarPIU4ud6iuFKBANUhdmzpSfgftRcIz41fJhywsvBESzqGL0
wgMVcQlFEMM+ogWMfCcAdizqnCvEOXM4FlX2jFGDbyoQ4j+Kr8WRXuW8k+X8rAUf
wCc9GjnHv4GvO+Bo7/MpZ+YPGiGpXRnWknECAwEAAaOBvjCBuzAdBgNVHQ4EFgQU
LlJV1wmLjYVH87jRhU3nh9dL0iIwgYsGA1UdIwSBgzCBgIAULlJV1wmLjYVH87jR
hU3nh9dL0iKhXaRbMFkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJbmRpYW5hMRUw
EwYDVQQHEwxJbmRpYW5hcG9saXMxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAJlK2geBUkYcMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
gYEAYrAGBWsVD6tPNWuZD4DGTyyOymHrJNUvbwouGpnfCmLzlygyz12KzL8rZqb3
wjDd9oPK4GCX60lQhmEDAUgQWiugwowtZe2KqUo6RTEv/b86RrErTw/4ZtsNQNWk
dBW67R/M5NevIl4m9bjJ003wvVAjjokndARvO+J2Zmos384=
-----END CERTIFICATE-----
EOF

sudo mkdir /etc/ldap/ssl
sudo mv /tmp/slapd.pem /etc/ldap/ssl
sudo chown -R openldap: /etc/ldap/ssl

cat >> /etc/ldap/slapd.d/cn=config.ldif << EOF
olcTLSCACertificateFile: /etc/ldap/ssl/slapd.pem
olcTLSCertificateKeyFile: /etc/ldap/ssl/slapd.pem
olcTLSCertificateFile: /etc/ldap/ssl/slapd.pem
EOF

sed -i 's@SLAPD_SERVICES="ldap:/// ldapi:///"@SLAPD_SERVICES="ldap:/// ldaps:///"@' /etc/default/slapd

sudo /etc/init.d/slapd restart

# Make sure slapd is running
while :
do
  if [ "$(pidof slapd)" ]
  then
    echo 'slapd is running'
    break
  else
    sudo /etc/init.d/slapd start
    sleep 1
  fi
done
	sudo cp -r /home/hudson/.ssh /root/;
	sudo chown -R root:root /root/.ssh;

	sudo service mysql stop;
	sudo cp -pRL /var/lib/mysql /dev/shm/mysql;
	sudo echo "[mysqld]
	datadir = /dev/shm/mysql
	" > /tmp/ramdisk.cnf;
	sudo mv /tmp/ramdisk.cnf /etc/mysql/conf.d/ramdisk.cnf;
	sudo echo "
	# vim:syntax=apparmor
	# Last Modified: Tue Jun 19 17:37:30 2007
	#include <tunables/global>

	/usr/sbin/mysqld {
	#include <abstractions/base>
	#include <abstractions/nameservice>
	#include <abstractions/user-tmp>
	#include <abstractions/mysql>
	#include <abstractions/winbind>

	capability dac_override,
	capability sys_resource,
	capability setgid,
	capability setuid,

	network tcp,

	/etc/hosts.allow r,
	/etc/hosts.deny r,

	/etc/mysql/*.pem r,
	/etc/mysql/conf.d/ r,
	/etc/mysql/conf.d/* r,
	/etc/mysql/my.cnf r,
	/usr/sbin/mysqld mr,
	/usr/share/mysql/** r,
	/var/log/mysql.log rw,
	/var/log/mysql.err rw,
	/var/lib/mysql/ r,
	/var/lib/mysql/** rwk,
	/var/log/mysql/ r,
	/var/log/mysql/* rw,
	/var/run/mysqld/mysqld.pid w,
	/var/run/mysqld/mysqld.sock w,

	/sys/devices/system/cpu/ r,
	/dev/shm/mysql/ r,
	/dev/shm/mysql/** rwk,
	}
	" > /tmp/usr.sbin.mysqld;
	sudo mv /tmp/usr.sbin.mysqld /etc/apparmor.d/usr.sbin.mysqld;
	sudo service apparmor restart;
	sudo service mysql start;

	# Add the group related active directory stuff to slapd
	sudo echo "dn: cn=local
	objectClass: olcSchemaConfig
	cn: local
	olcAttributeTypes: {0}( 1.2.840.113556.1.4.750 NAME 'groupType' SYNTAX 1.3.6.1
	.4.1.1466.115.121.1.27 EQUALITY integerMatch SINGLE-VALUE )
	olcAttributeTypes: {1}( 1.2.840.113556.1.4.656 NAME 'userPrincipalName' SYNTAX
	'1.3.6.1.4.1.1466.115.121.1.15' EQUALITY caseIgnoreMatch SUBSTR
	caseIgnoreSubstringsMatch SINGLE-VALUE )
	olcObjectClasses: {0}( 1.2.840.113556.1.5.8 NAME 'group' DESC 'a group of user
	s' SUP top STRUCTURAL MUST ( groupType $ cn ) MAY ( member $ distinguishedName ) )
	olcObjectClasses: {1}( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson
	STRUCTURAL MAY (userPrincipalName $ uid $ userPassword $ mail $ cn $ givenName $
	sn $ destinationIndicator $ distinguishedName))
	structuralObjectClass: olcSchemaConfig
	entryUUID: c0f28d76-1f4d-1031-8b10-3f75436ba2f8
	creatorsName: cn=config
	createTimestamp: 20120420160054Z
	entryCSN: 20120420160054.385566Z#000000#000#000000
	modifiersName: cn=config
	modifyTimestamp: 20120420160054Z" >> local.ldif

	sudo chown openldap: local.ldif
	sudo mv local.ldif /etc/ldap/slapd.d/cn=config/cn=schema/

	# Configure secure ldap
	cat > /tmp/slapd.pem << EOF
	-----BEGIN RSA PRIVATE KEY-----
	MIICXQIBAAKBgQC9H9yY4OuDKaXeHCH5+Ez0BKdqs8hTi53qK4UoEA1SF2bOlJ+B
	+1FwjPjV8mHLCy8ERLOoYvTCAxVxCUUQwz6iBYx8JwB2LOqcK8Q5czgWVfaMUYNv
	KhDiP4qvxZFe5byT5fysBR/AJz0aOce/ga874Gjv8yln5g8aIaldGdaScQIDAQAB
	AoGBAJ9LVuLtj3DKg4qw521EVoyx3tFg3DqCPmAeh+lWm+GpFE6roC47ID1Mf8q0
	fOooYVGXDDuoHb/MGSM8S4/y46zeWS0kCq/h/RcPz08hnYn+VHrpwzteQdYRCg+b
	eVZOgkrHKqcHvV1rcDM46r33KWDvntcuLPlQx75j8T9IyKSBAkEA+xWgw+9Xc5a8
	A5l+2FUHv46z3ibS+MumG1uPMhmTVl7qnypOAB0GXIMlE/iJTyXUaooAta4R9ZvE
	03BMxPoF4wJBAMDTtKp86ysYP6uf+XNaLEmv2olVnHt8fvwdKspWLEjCT758X90R
	sNjDBD4oTCcTT02BaEdn3BvHtK0hTcyWlpsCQQCkIMcuTU4FKQtN7xCTqUGfXlEF
	bquKJtU2HOvF/CHr26/Sy3yhZle6MaATJevb6QapffxoxpjGzEQlUstcF3OxAkBg
	rgTocieK/OZ3i4cL0gtgir48m2MQ+xPEHm+k8V3UwTAwZrW95q/Pjr/i1luQP/tD
	9f0tyCIw/4lUQN18FYi/AkAKBYALeGceSw4cfx6eYvFc4jMq6m4drShly6L/2e+U
	51RtvqrFBmg3TTa+H6199EhVriOQf2jfnI2uhmFE+Dss
	-----END RSA PRIVATE KEY-----
	-----BEGIN CERTIFICATE-----
	MIIC7zCCAligAwIBAgIJAJlK2geBUkYcMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
	BAYTAlVTMRAwDgYDVQQIEwdJbmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMx
	ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xMjA1MDMxNDMy
	NDNaFw0yMjA1MDExNDMyNDNaMFkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJbmRp
	YW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxITAfBgNVBAoTGEludGVybmV0IFdp
	ZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvR/cmODr
	gyml3hwh+fhM9ASnarPIU4ud6iuFKBANUhdmzpSfgftRcIz41fJhywsvBESzqGL0
	wgMVcQlFEMM+ogWMfCcAdizqnCvEOXM4FlX2jFGDbyoQ4j+Kr8WRXuW8k+X8rAUf
	wCc9GjnHv4GvO+Bo7/MpZ+YPGiGpXRnWknECAwEAAaOBvjCBuzAdBgNVHQ4EFgQU
	LlJV1wmLjYVH87jRhU3nh9dL0iIwgYsGA1UdIwSBgzCBgIAULlJV1wmLjYVH87jR
	hU3nh9dL0iKhXaRbMFkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJbmRpYW5hMRUw
	EwYDVQQHEwxJbmRpYW5hcG9saXMxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMg
	UHR5IEx0ZIIJAJlK2geBUkYcMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
	gYEAYrAGBWsVD6tPNWuZD4DGTyyOymHrJNUvbwouGpnfCmLzlygyz12KzL8rZqb3
	wjDd9oPK4GCX60lQhmEDAUgQWiugwowtZe2KqUo6RTEv/b86RrErTw/4ZtsNQNWk
	dBW67R/M5NevIl4m9bjJ003wvVAjjokndARvO+J2Zmos384=
	-----END CERTIFICATE-----
	EOF

	sudo mkdir /etc/ldap/ssl
	sudo mv /tmp/slapd.pem /etc/ldap/ssl
	sudo chown -R openldap: /etc/ldap/ssl

	cat >> /etc/ldap/slapd.d/cn=config.ldif << EOF
	olcTLSCACertificateFile: /etc/ldap/ssl/slapd.pem
	olcTLSCertificateKeyFile: /etc/ldap/ssl/slapd.pem
	olcTLSCertificateFile: /etc/ldap/ssl/slapd.pem
	EOF

	sed -i 's@SLAPD_SERVICES="ldap:/// ldapi:///"@SLAPD_SERVICES="ldap:/// ldaps:///"@' /etc/default/slapd

	sudo /etc/init.d/slapd restart

	# Make sure slapd is running
	while :
	do
	if [ "$(pidof slapd)" ]
	then
	echo 'slapd is running'
	break
	else
	sudo /etc/init.d/slapd start
	sleep 1
	fi
	done