scripts/ab-openldap.sh

474 lines
18 KiB
Bash
Raw Normal View History

2019-10-19 17:39:35 -06:00
#!/bin/sh
#
### start openldap container using params file variables
#
# error code reference:
# 0: exited normally, no errors
# 1: unknown startup option passed to script
# 2: current user is unauthorized to operate docker
# 3: 'params' file not found in same directory as script
# 5: specified TLS-related files (cert, key or chain) not found
# text formatting presets
cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1)
magenta=$(tput setaf 5)
norm=$(tput sgr0)
red=$(tput setaf 1)
yellow=$(tput setaf 3)
### parameter defaults
clean=false
2020-03-13 02:28:00 -06:00
restore=false
2019-10-19 17:39:35 -06:00
container_name="ab-openldap"
2020-03-13 02:28:00 -06:00
volume_data="ab-openldap_data"
volume_ldif="ab-openldap_ldif"
backup_dir="$(pwd)/restore"
2019-10-21 01:32:53 -06:00
remove=0
2019-10-19 17:39:35 -06:00
shell=false
2020-03-13 02:28:00 -06:00
tag=latest
2019-10-19 17:39:35 -06:00
scriptHelp () {
2020-03-13 02:28:00 -06:00
printf "\n%s%80s\n" "$magenta" | tr " " "-"
printf "%sThis is a simple helper script so you can avoid lengthy typing when working\n" "$norm"
2019-10-19 17:39:35 -06:00
printf "with the openLDAP container. The script reads the contents of 'ab-openldap.params'\n"
printf "and constructs various 'docker run' commands based on that file. The biggest\n"
printf "timesaver is working with certificates. If they are specified in the '.params',\n"
2020-03-13 02:28:00 -06:00
printf "file, the script will automatically bind-mount them so openLDAP starts in 'TLS\n"
2019-10-19 17:39:35 -06:00
printf "required' mode.\n\n"
printf "If you run the script with no parameters, it will execute the container\n"
printf "'normally': Run in detached mode with openLDAP automatically launched and\n"
printf "logging to stdout. If you specified certificates, openLDAP will require a TLS\n"
printf "connection. All modes of operation allow you to enter the container and\n"
2019-10-19 22:27:23 -06:00
printf "connect directly using UNIX sockets also.\n"
printf "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for\n"
printf "testing only. By default, containers run without '--rm' will be restarted\n"
printf "automatically unless they are manually stopped via 'docker stop...'\n\n"
2020-03-13 02:28:00 -06:00
printf "%sThe script has the following parameters:\n" "$magenta"
printf "%s(parameter in cyan) %s(default in yellow)%s\n\n" \
"$cyan" "$yellow" "$norm"
printf "%s-t|--tag%s\n" "$cyan" "$norm"
printf "Change the version of the container downloaded by specifying a particular tag.\n"
printf "This can be useful when testing new versions or if you have to roll back to a\n"
printf "previous container version.\n"
printf "%s(latest)%s\n\n" "$yellow" "$norm"
printf "%s-n|--name%s\n" "$cyan" "$norm"
2019-10-19 17:39:35 -06:00
printf "Change the name of the container. This is cosmetic and does not affect\n"
printf "operation in any way.\n"
2020-03-13 02:28:00 -06:00
printf "%s(ab-openldap)%s\n\n" "$yellow" "$norm"
printf "%s--data%s\n" "$cyan" "$norm"
printf "Change the name of the docker volume used to persist data.\n"
printf "%s(ab-openldap_data)%s\n\n" "$yellow" "$norm"
printf "%s--ldif%s\n" "$cyan" "$norm"
printf "Change the name of the docker volume used to persist LDIFs.\n"
printf "%s(ab-openldap_ldif)%s\n\n" "$yellow" "$norm"
printf "%s--rm|--remove%s\n" "$cyan" "$norm"
2019-10-19 17:39:35 -06:00
printf "Automatically remove the container and volume (unless data is written) after it\n"
printf "is exited.\n"
2020-03-13 02:28:00 -06:00
printf "%s(off: do not destroy container when stopped)%s\n\n" \
"$yellow" "$norm"
printf "%s-s|--shell%s\n" "$cyan" "$norm"
2019-10-19 17:39:35 -06:00
printf "Enter the container using an interactive POSIX shell. This happens after\n"
printf "startup operations but *before* openLDAP (slapd) is actually started. This is\n"
printf "a great way to see configuration changes possibly stopping openLDAP from\n"
printf "starting. You can combine this with '--rm' for easy configuration checks.\n"
2020-03-13 02:28:00 -06:00
printf "%s(off: run in detached mode)%s\n\n" "$yellow" "$norm"
printf "%s--clean%s\n" "$cyan" "$norm"
2019-10-19 17:39:35 -06:00
printf "This option will stop ALL running openLDAP containers *AND DESTROY ALL\n"
printf "VOLUMES*. This is meant to give you a 'clean start' if you've made\n"
printf "configuration changes, etc.\n\n"
2020-03-13 02:28:00 -06:00
printf "%s--restore%s\n" "$cyan" "$norm"
printf "Restore a 'slapcat' backup to the data and ldif volume in preparation for\n"
printf "mounting them in a normal container.\n"
printf "It is strongly recommended you review your '-t' '--data' and '--ldif' settings\n"
printf "before proceeding with this option.\n\n"
printf "%s--backupdir%s\n" "$cyan" "$norm"
printf "Location of the 'slapcat' backup files which you want to restore.\n"
printf "%s(./restore)%s\n\n" "$yellow" "$norm"
printf "%sMore information can be found at:\n" "$yellow"
2019-10-19 17:39:35 -06:00
printf "https://git.asifbacchus.app/ab-docker/openldap/wiki\n"
2020-03-13 02:28:00 -06:00
printf "%s%80s\n\n" "$magenta" | tr " " "-"
2019-10-19 17:39:35 -06:00
exit 0
}
### pre-requisite checks
# is user root or in the docker group?
if [ ! "$( id -u )" -eq 0 ]; then
if ! id -Gn | grep docker > /dev/null; then
2020-03-13 02:28:00 -06:00
printf "%s\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n%s" "$err" "$norm"
2019-10-19 17:39:35 -06:00
exit 2
fi
fi
# does the params file exist?
if [ ! -f "./ab-openldap.params" ]; then
2020-03-13 02:28:00 -06:00
printf "%s\nCannot find 'ab-openldap.params' file in the same directory as this script. Exiting.\n%s" "$err" "$norm"
2019-10-19 17:39:35 -06:00
exit 3
fi
# read .params file
. ./ab-openldap.params
# check for certs if using TLS
if [ "$TLS_CERT" ]; then
if [ ! -f "$TLS_CERT" ]; then
2020-03-13 02:28:00 -06:00
printf "%s\nCannot find specified TLS certificate file. Exiting.%s\n" \
"$err" "$norm"
2019-10-19 17:39:35 -06:00
exit 5
fi
if [ ! -f "$TLS_KEY" ]; then
2020-03-13 02:28:00 -06:00
printf "%s\nCannot find specified TLS private key file. Exiting.%s\n" \
"$err" "$norm"
2019-10-19 17:39:35 -06:00
exit 5
fi
if [ ! -f "$TLS_CHAIN" ]; then
2020-03-13 02:28:00 -06:00
printf "%s\nCannot find specified TLS certificate chain file. Exiting.%s\n" \
"$err" "$norm"
2019-10-19 17:39:35 -06:00
exit 5
fi
fi
# process startup parameters
while [ $# -gt 0 ]; do
case "$1" in
-h|-\?|--help)
# display help
scriptHelp
exit 0
;;
--rm|--remove)
# remove container on exit
2019-10-19 22:27:23 -06:00
remove=1
2019-10-19 17:39:35 -06:00
;;
-s|--shell)
# start shell instead of default CMD
shell=true
;;
--clean)
# stop if necessary, delete volumes
clean=true
;;
2020-03-13 02:28:00 -06:00
--restore)
# restore backup
restore=true
;;
2019-10-19 17:39:35 -06:00
-n|--name)
# container name
if [ -z "$2" ]; then
2020-03-13 02:28:00 -06:00
printf "%s\nNo container name specified. Exiting.\n%s" \
"$err" "$norm"
2019-10-19 17:39:35 -06:00
exit 1
fi
container_name="$2"
shift
;;
2020-03-13 02:28:00 -06:00
--data)
# data volume name
if [ -z "$2" ]; then
printf "%s\nNo name specified for data volume. Exiting.\n%s" \
"$err" "$norm"
exit 1
fi
volume_data="$2"
shift
;;
--ldif)
# ldif volume name
if [ -z "$2" ]; then
printf "%s\nNo name specified for LDIF volume. Exiting.\n%s" \
"$err" "$norm"
exit 1
fi
volume_ldif="$2"
shift
;;
--backupdir)
# location of backup files to restore
if [ -z "$2" ]; then
printf "%s\nLocation of your backup files not provided. Exiting.\n%s" \
"$err" "$norm"
exit 1
fi
backup_dir="$2"
shift
;;
-t|--tag)
# specify container tag
if [ -z "$2" ]; then
printf "%s\nNo tag specified. Exiting.\n%s" \
"$err" "$norm"
exit 1
fi
tag="$2"
shift
;;
2019-10-19 17:39:35 -06:00
*)
2020-03-13 02:28:00 -06:00
printf "%s\nUnknown option: %s\n" "$err" "$1"
printf "Use '--help' for valid options.\n\n%s" "$norm"
2019-10-19 17:39:35 -06:00
exit 1
;;
esac
shift
done
2020-03-13 02:28:00 -06:00
# cleanup containers and volumes
2019-10-19 17:39:35 -06:00
if [ $clean = true ]; then
2020-03-13 02:28:00 -06:00
# display warning and confirm user's intentions
printf "\nThis will stop and remove all ab-openldap containers %sAND REMOVE ALL PERSISTENT DATA VOLUMES%s. Please ensure you have a backup and understand how to restore your data.\n" \
"$red" "$norm"
printf "%sThis action CANNOT be undone!%s\n\n" \
"$red" "$norm"
# confirmation loop
while true; do
printf "%sAre you sure you want to continue? (yes/no)%s " \
"$cyan" "$norm"
read -r yn
case "$yn" in
[Yy]*)
break
;;
[Nn]*)
printf "\n"
exit 0
;;
*)
printf "Please answer 'y' or 'n'.\n"
;;
esac
done
2019-10-19 17:39:35 -06:00
# get all ab-openldap containers
containers=$(docker ps -a --no-trunc --filter "label=org.label-schema.name=ab-openldap" --format "{{ .Names }}")
# check for null value -- no containers to remove
if [ -z "$containers" ]; then
2020-03-13 02:28:00 -06:00
printf "%sNo openldap containers to remove. Exiting.%s\n\n" \
"$err" "$norm"
2019-10-19 17:39:35 -06:00
exit 0
fi
# iterate containers, stop them and remove straggling volumes
set -- dummy $containers
shift
for container; do
2020-03-13 02:28:00 -06:00
printf "\n%sFound %s -- processing:%s\n" \
"$cyan" "$container" "$norm"
# stop container
printf "\t%sStopping container...%s\n" "$red" "$norm"
2019-10-19 17:39:35 -06:00
docker stop ${container} > /dev/null 2>&1
2020-03-13 02:28:00 -06:00
# find volumes
volumes=$(docker inspect --format '{{ range .Mounts }}{{ println .Name }}{{ end }}' ${container})
# remove container
printf "\t%sRemoving container...%s\n" "$red" "$norm"
2019-10-19 17:39:35 -06:00
docker rm ${container} > /dev/null 2>&1
2020-03-13 02:28:00 -06:00
# pause to allow write flushing
sleep 3
# iterate volumes
set -- dummy2 $volumes
shift
for volume; do
printf "\t%sRemoving volume '%s'...%s\n" "$red" "$volume" "$norm"
docker volume rm ${volume} > /dev/null 2>&1
done
printf "%s...done%s\n" "$cyan" "$norm"
2019-10-19 17:39:35 -06:00
done
2020-03-13 02:28:00 -06:00
elif [ $restore = true ]; then
# restore backup
printf "%s\n*** Restoring Backup ***\n\n%s" "$magenta" "$norm"
printf "To avoid errors due to existing files, this script will delete any volumes that have the following names:\n"
printf "\t%s\n\t%s\n" "$volume_data" "$volume_ldif"
# confirmation loop
while true; do
printf "%sDo you want to continue? (yes/no)%s " \
"$cyan" "$norm"
read -r yn
case "$yn" in
[Yy]*)
break
;;
[Nn]*)
printf "\n"
exit 0
;;
*)
printf "Please answer 'y' or 'n'.\n"
;;
esac
done
# delete any conflicting volumes
docker volume rm ${volume_data} > /dev/null 2>&1
docker volume rm ${volume_ldif} > /dev/null 2>&1
# run temporary container to merge backup data into volumes
docker run --rm \
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
-v "$backup_dir":/restore \
docker.asifbacchus.app/ldap/ab-openldap:${tag} \
cat /var/openldap/data/restore.log
printf "\nPlease review the log output on your screen to determine if the restore was successful or what errors need to be corrected. If everything was successful, your data volumes can be used in a new container started normally.\n"
2019-10-19 17:39:35 -06:00
# run without TLS
elif [ -z "$TLS_CERT" ]; then
if [ $shell = true ]; then
# exec shell
2020-03-13 02:28:00 -06:00
printf "%s\nRunning SHELL on %s...%s\n" \
"$cyan" "$container_name" "$norm"
2019-10-20 22:47:50 -06:00
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run --rm -it --name ${container_name} \
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-v "$MY_LDIF":/etc/openldap/customLDIF \
-p 389:389 -p 636:636 \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag} /bin/sh
2019-10-20 22:47:50 -06:00
else
docker run --rm -it --name ${container_name} \
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-p 389:389 -p 636:636 \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag} /bin/sh
2019-10-20 22:47:50 -06:00
fi
2019-10-19 17:39:35 -06:00
else
# exec normally
2020-03-13 02:28:00 -06:00
printf "%s\nRunning OPENLDAP on %s...%s\n" \
"$cyan" "$container_name" "$norm"
2019-10-19 22:27:23 -06:00
if [ "$remove" -eq 1 ]; then
2019-10-20 22:47:50 -06:00
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run --rm -d --name ${container_name} \
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-v "$MY_LDIF":/etc/openldap/customLDIF \
-p 389:389 -p 636:636 \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag}
2019-10-20 22:47:50 -06:00
else
docker run --rm -d --name ${container_name} \
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-p 389:389 -p 636:636 \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag}
2019-10-20 22:47:50 -06:00
fi
2019-10-19 22:27:23 -06:00
else
2019-10-20 22:47:50 -06:00
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run -d --name ${container_name} \
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-v "$MY_LDIF":/etc/openldap/customLDIF \
-p 389:389 -p 636:636 \
--restart unless-stopped \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag}
2019-10-20 22:47:50 -06:00
else
docker run -d --name ${container_name} \
2019-10-19 22:27:23 -06:00
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-19 22:27:23 -06:00
-p 389:389 -p 636:636 \
--restart unless-stopped \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag}
2019-10-20 22:47:50 -06:00
fi
2019-10-19 22:27:23 -06:00
fi
2019-10-19 17:39:35 -06:00
fi
# run with TLS
elif [ "$TLS_CERT" ] && [ "$TLS_KEY" ] && [ "$TLS_CHAIN" ]; then
if [ $shell = true ]; then
# exec shell
2020-03-13 02:28:00 -06:00
printf "%s\nRunning SHELL on %s (TLS)...%s\n" \
"$cyan" "$container_name" "$norm"
2019-10-20 22:47:50 -06:00
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run --rm -it --name ${container_name} \
2019-10-19 22:27:23 -06:00
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-v "$MY_LDIF":/etc/openldap/customLDIF \
2019-10-19 22:27:23 -06:00
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag} /bin/sh
2019-10-19 22:27:23 -06:00
else
2019-10-20 22:47:50 -06:00
docker run --rm -it --name ${container_name} \
2019-10-19 22:27:23 -06:00
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-19 22:27:23 -06:00
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag} /bin/sh
2019-10-20 22:47:50 -06:00
fi
else
# exec normally
2020-03-13 02:28:00 -06:00
printf "%s\nRunning OPENLDAP on %s (TLS)...%s\n" \
"$cyan" "$container_name" "$norm"
2019-10-20 22:47:50 -06:00
if [ "$remove" -eq 1 ]; then
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run --rm -d --name ${container_name} \
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-v "$MY_LDIF":/etc/openldap/customLDIF \
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag}
2019-10-20 22:47:50 -06:00
else
docker run --rm -d --name ${container_name} \
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag}
2019-10-20 22:47:50 -06:00
fi
else
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run -d --name ${container_name} \
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-v "$MY_LDIF":/etc/openldap/customLDIF \
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
--restart unless-stopped \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag}
2019-10-20 22:47:50 -06:00
else
docker run -d --name ${container_name} \
--env-file ab-openldap.params \
2020-03-13 02:28:00 -06:00
-v "$volume_data":/var/openldap/data \
-v "$volume_ldif":/etc/openldap/ldif \
2019-10-20 22:47:50 -06:00
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
--restart unless-stopped \
2020-03-13 02:28:00 -06:00
docker.asifbacchus.app/ldap/ab-openldap:${tag}
2019-10-20 22:47:50 -06:00
fi
2019-10-19 22:27:23 -06:00
fi
2019-10-19 17:39:35 -06:00
fi
fi
### exit gracefully
exit 0