Ansible roles to install ForgeRock's OpenDJ LDAP server

Ansible is a really nice "dev-ops" automation tool in the spirit of Chef, Puppet, etc.  It's virtues are simplicity, an "agentless" installation model and a very active and growing community.

One of the neat features of Ansible is the concept of "roles". These are reusable chunks of dev-ops code that perform a specific task. Ansible "Playbooks" orchestrate a number of roles together to perform software installation and configuration.

Roles by themselves are not sufficient to drive reusability.  We need a way to collaborate and share roles.    Enter Ansible Galaxy, the central repository for Ansible roles.

If you have ever used apt or yum, galaxy will appear quite familiar. For example, to install and use the "opendj" role, you issue the following command:

$ ansible-galaxy install warren.strange.opendj

(Roles are prefixed with a contributor name to avoid name collisions).

If you want to install ForgeRock's OpenDJ server, here are two new Ansible roles:

  • opendj  - Downloads and installs the OpenDJ server
  • opendj-replication - sets up replication between two OpenDJ instances.

Here is a sample Ansible playbook that installs two instances on a single host and replicates between them:

# Example of installing two OpenDJ instances on the same host (different ports)
# and enabling replication between them
# Most of the variables here are defaulted (see the role opendj/defaults/main.yml for defaults)
- remote_user: fr
  sudo: yes
  hosts: ois
   - { role: warren.strange.opendj, install_root: "/opt/a" }
   - { role: warren.strange.opendj, install_root: "/opt/b", opendj_admin_port: 1444, opendj_ldap_port: 2389,
            opendj_ldaps_port: 2636 , opendj_jmx_port: 2689, opendj_service_name: "opendj2" }
   - { role: warren.strange.opendj-replication, install_root: "/opt/a", opendj_host2: localhost, opendj_admin_port2: 1444 }

This is my first attempt at an Ansible role. Feedback is most welcome! 

Post a Comment

Popular posts from this blog

Apache reverse proxy with LDAP authentication

Stupid Oracle vktm tricks to improve VirtualBox performance

SAML Federation in OAM 11g R2