This organisation needed to build a lightweight directory access protocol (LDAP) farm to provide authentication services for thousands of users. The directory required a log in function into various ITS-managed systems, including high performance computing (HPC) clusters and clouds, and to utilise technologies from their existing toolkit only – namely Puppet.
Not only does this new system need to support a large number of users, it also has to be secure, reliable and updatable; once built, it will be completely replacing their existing LDAP infrastructure. In order to properly align this new system with their existing configuration management system, a configuration management tool is needed to deploy and manage the entire system. It was also a request of the customer that no new technologies were to be introduced into their existing system that weren’t being used elsewhere.
The Aptira Solution
The customer’s existing DevOps toolkit used puppet. With our expertise and love of Open Source technology, we were already ahead of the game when utilising Puppet for this solution. Puppet has several useful features – from configuration management to defining infrastructure as code and managing multiple servers simultaneously.
We developed Puppet modules to install OpenLDAP masters in active-active mode, and local slaves that are used for user authentication. There are remote slaves which are not in the same network as the masters and these remote slaves connect to the masters via LDAP proxies. The remote slaves are used by clients that do not have direct network access to the network where masters are hosted. We have setup and tested LDAP clients on various Operating Systems, including CentOS/RHEL, Ubuntu and SLES.
Aptira staff have run several hand-over sessions to demonstrate how the system is designed as well as how it is used and operated. The LDAP farm are running in production now, offering authentication service to HPC users, cloud users and other ITS system users.
We have also provided complete documentation for the build and provided this to key staff who will be managing the system internally in future. Further to this, our staff run Puppet training courses to help external system architects, system administrators and DevOps staff to fully manage puppet. This course covers all the essentials of puppet, including writing manifests and leveraging the full toolset of the puppet languages.