Add master gomplate file.

files/root/cn-config-to-git.sh

@@ -12,9 +12,16 @@ CONFIG_DUMP_DIR=$(mktemp -d /tmp/configdump.XXXX)
 GIT_REPO_DIR=$(mktemp -d /tmp/git.XXXX)
 GIT_REPO_CONFIG='/etc/ldap-git-config/config'
 USERNAME=${SUDO_USER:-$USER}
+USERID=$(echo USERNAME | sed 's/.root//')
 
 GIT_REPO_URL=$(grep 'git_url:' ${GIT_REPO_CONFIG} | sed 's/^.*: //')
 GIT_REPO_SSHKEY=$(grep 'ssh_key:' ${GIT_REPO_CONFIG} | sed 's/^.*: //')
+LDAP_ROLE=$(grep 'git_url:' ${GIT_REPO_CONFIG}  | cut -d'/' -f2 -)
+
+# Change master config to cloud shadow master config
+export OLC_SYNCREPL='olcSyncrepl: {0}rid=100 provider=ldap://{{.Env.LDAP_MASTER}}:389 bindmethod=sasl timeout=0 network-timeout=0 saslmech=gssapi realm=stanford.edu keepalive=0:0:0 starttls=no filter="(objectclass=*)" searchbase="dc=stanford,dc=edu" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" logbase="cn=accesslog" scope=sub schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog'
+export OLC_UPDATEREF='olcUpdateRef: {{.Env.LDAP_MASTER}}'
+export LDAP_DB='dn:\s+olcDatabase=\{2\}mdb\,cn=config'
 
 # Need this for git operations
 export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${GIT_REPO_SSHKEY}"
@@ -38,16 +45,22 @@ function git_publish () {
     cd ${GIT_REPO_DIR}
     git add ${CONFIG_FILE} ${CONFIG_FILE}.tmpl
     git -c user.name=${USERNAME} \
-	    -c user.email=${USERNAME}@stanford.edu commit -m "${COMMIT_MSG}"
+	    -c user.email=${USERID}@stanford.edu commit -m "${COMMIT_MSG}"
     git push 
 }
 
 # Generate GKE template cn=config
 function update_config_tmpl () {
-    echo "#!gomplate" > ${CONFIG_FILE}.tmpl 
-    perl -p -e 's#^olcSyncrepl:\s+\{0\}rid=\d+\s+#olcSyncrepl: \{0\}rid={{.Env.RID}} #' ${CONFIG_FILE} >> $CONFIG_FILE.tmpl
-    perl -pi -e 's#provider=ldap://.*:389#provider=ldap://{{.Env.MASTER}}:389#' ${CONFIG_FILE}.tmpl
-    perl -pi -e 's#^olcUpdateRef:\s+ldap://.*$#olcUpdateRef: ldap://{{.Env.MASTER}}#' ${CONFIG_FILE}.tmpl
+    echo "#!gomplate" > ${CONFIG_FILE}.tmpl
+    if [[ "${LDAP_ROLE}" = "ldap-replica-config" ]]; then
+        perl -p -e 's#^olcSyncrepl:\s+\{0\}rid=\d+\s+#olcSyncrepl: \{0\}rid={{.Env.RID}} #' ${CONFIG_FILE} >> ${CONFIG_FILE}.tmpl
+        perl -pi -e 's#provider=ldap://.*:389#provider=ldap://{{.Env.MASTER}}:389#' ${CONFIG_FILE}.tmpl
+        perl -pi -e 's#^olcUpdateRef:\s+ldap://.*$#olcUpdateRef: ldap://{{.Env.MASTER}}#' ${CONFIG_FILE}.tmpl
+    elif [[ "${LDAP_ROLE}" = "ldap-master-config" ]]; then
+        perl -p -e '/$ENV{LDAP_DB}/ and $_.="$ENV{OLC_SYNCREPL}\n$ENV{OLC_UPDATEREF}\n"' ${CONFIG_FILE} >> ${CONFIG_FILE}.tmpl
+    else
+        abort "Unknown ldap role: ${LDAP_ROLE}"
+    fi
 }
 
 # Main