1

尝试部署与 LDAP 集成的 BOSH Director 并遇到问题。这是我的步骤。

  1. 克隆最新的存储库:

git 克隆https://github.com/cloudfoundry/bosh-deployment

  1. 创建 vars 文件并填充它。

  2. 修改 ldap 的 opsfile

文件:ldap.yml

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.enabled?
  value: "true"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.profile_type
  value: "search-and-bind"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.url
  value: "ldap://XXXX.XXXXXXX.XXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.userDNPatternDelimiter
  value:  ";"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.userDN
  value: "XXXXX\\XXXXXXXXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.userPassword
  value: "XXXXXXXXXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.searchBase
  value: "dc=XXX,dc=XXXXXXX,dc=XXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.searchFilter
  value: "cn={0}"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.passwordAttributeName
  value: "userPassword"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.passwordEncoder
  value: "org.cloudfoundry.identity.uaa.ldap.DynamicPasswordComparator"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.sslCertificate
  value: ""

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.ssl.skipVerification?
  value: "true"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.ssl.tls
  value: "none"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.mailAttributeName
  value: "mail"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.mailSubstitute
  value: ""

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.mailSubstituteOverrridesLdap?
  value: "false"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.referral
  value: "follow"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.groups.profile_type
  value: "groups-map-to-scopes"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.groups.searchBase
  value: "dc=XXX,dc=XXXXXXXXX,dc=XXX"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.groups.groupRoleAttribute
  value: "member"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.groupSearchFilter
  value: "member={0}"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.searchSubtree?
  value: "true"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.maxSearchDepth
  value: "1"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.emailDomain
  value: ""

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.attributeMappings
  value:
    user.attribute.name-of-attribute-in-uaa-id-token: name-of-attribute-in-ldap-record
    user.attribute.name-of-other-attribute-in-uaa-id-token: name-of-other-attribute-in-ldap-record

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.storeCustomAttributes?
  value: "true"

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.externalGroupWhitelist?
  value: ""

- type: replace
  path: /instance_groups/name=bosh/jobs/uaa/properties/uaa.ldap.add_shadow_user_on_login?
  value: "true"

运行部署脚本:

#!/bin/bash
bosh create-env bosh-deployment/bosh.yml \
    --state=state.json \
    --vars-store=creds.yml \
    --vars-file=vars.yml \
    -o bosh-deployment/vsphere/cpi.yml \
    -o bosh-deployment/uaa.yml \
    -o bosh-deployment/ldap.yml \
    -o bosh-deployment/misc/dns.yml \
    -o bosh-deployment/misc/ntp.yml \
    -o bosh-deployment/jumpbox-user.yml

得到错误:

Deployment manifest: '/Users/user1/workarea/bosh-1/bosh-deployment/bosh.yml'
Deployment state: 'state.json'

Started validating
Failed validating (00:00:00)

Parsing release set manifest '/Users/user1/workarea/bosh-1/bosh-deployment/bosh.yml':
  Evaluating manifest:
    Expected to find a map at path '/instance_groups/name=bosh/jobs/uaa' but found '[]interface {}'

Exit code 1

如果我删除用于 LDAP 集成的 ops 文件(bosh-deployment/ldap.yml)一切正常 - 部署 BOSH、UAA 等。我不明白它为什么会抱怨。UAA 正在 BOSH 中创建工作,我正在一个接一个地传递 opsuaa.yml文件。它应该已经能够在 BOSH 部署中创建 UAA 作业。

有什么提示吗?

非常感谢!!

4

1 回答 1

1

回答我自己的问题。我必须?/-输入路径,以便可以创建 ldap 下的新元素。一旦我把它放进去,我就可以使用新的 OpsFile 部署环境。

- type: replace
  path: /instance_groups/name=bosh/jobs/name=uaa/properties/ldap?/-
  value:
    enabled: true
    profile_type: "search-and-bind"
    url: "ldap://ldap.localnet.com"
    userDN: 'XXXX\\XXXXXXX'
    userPassword: 'XXXXXXXXXX'
    searchBase: "dc=local,dc=localnet,dc=com"
    searchFilter: "cn={0}"
    passwordAttributeName: "userPassword"
    passwordEncoder: "org.cloudfoundry.identity.DynamicPasswordComparator"
    sslCertificate: ""
    ssl:
     skipVerification: "true"
     tls: "none"
    mailAttributeName: "mail"
    mailSubstitute: ""
    mailSubstituteOverrridesLdap: "false"
    referral: "follow"
    groups:
     profile_type: "groups-map-to-scopes"
     searchBase: "dc=local,dc=localnet,dc=com"
     groupRoleAttribute: "member"
    groupSearchFilter: "member={0}"
    searchSubtree: "true"
    maxSearchDepth: "10"
    emailDomain: ""
    storeCustomAttributes: "true"
    externalGroupWhitelist: ""
    add_shadow_user_on_login: "true"
于 2018-12-10T15:41:33.867 回答