Compare commits

...

10 Commits

Author SHA1 Message Date
Asif Bacchus
15130b87ba cleanup script spacing and bump version number 2020-03-14 19:29:59 -06:00
Asif Bacchus
4298c0c0c6 move TLS file existance check 2020-03-14 19:16:15 -06:00
Asif Bacchus
c23c60e16b remove 'clean' from help 2020-03-14 19:12:53 -06:00
Asif Bacchus
d733687742 remove 'clean' option from script 2020-03-14 19:12:04 -06:00
Asif Bacchus
7a58e1b513 display confirmation loop err in red 2020-03-14 19:11:56 -06:00
Asif Bacchus
17dda2504d use 'force' on all docker related removals 2020-03-14 17:44:20 -06:00
Asif Bacchus
1108797ac2 clean up script spacing for easier reading 2020-03-14 17:40:57 -06:00
Asif Bacchus
c6723b6c54 replace confirmation loops with func prompt_yn 2020-03-14 17:37:54 -06:00
Asif Bacchus
a77b73e835 create and use func consoleError 2020-03-14 17:33:52 -06:00
Asif Bacchus
30bb38672b add note about where volume names are sourced 2020-03-14 17:31:48 -06:00

View File

@ -2,15 +2,42 @@
# #
### start openldap container using params file variables ### start openldap container using params file variables
# version 3.0 # version 3.1
# #
### functions ### functions
consoleError () {
printf "%s\n%s\n" "$err" "$2"
printf "Exiting.\n\n%s" "$norm"
exit "$1"
}
textblock () { textblock () {
printf "%s\n" "$1" | fold -w "$width" -s printf "%s\n" "$1" | fold -w "$width" -s
} }
prompt_yn () {
# confirmation loop
while true; do
printf "%sAre you sure you want to continue? (y/n)%s " \
"$cyan" "$norm"
read -r yn
case "$yn" in
[Yy]*)
break
;;
[Nn]*)
printf "\n"
exit 0
;;
*)
printf "%sPlease answer 'y' or 'n'.%s\n" "$err" "$norm"
;;
esac
done
}
# text formatting presets # text formatting presets
bold=$(tput bold) bold=$(tput bold)
@ -18,13 +45,11 @@ cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1) err=$(tput bold)$(tput setaf 1)
magenta=$(tput setaf 5) magenta=$(tput setaf 5)
norm=$(tput sgr0) norm=$(tput sgr0)
red=$(tput setaf 1)
yellow=$(tput setaf 3) yellow=$(tput setaf 3)
width=$(tput cols) width=$(tput cols)
### parameter defaults ### parameter defaults
scriptName="$( basename "$0" )" scriptName="$( basename "$0" )"
clean=false
restore=false restore=false
container_name="ab-openldap" container_name="ab-openldap"
volume_data="ab-openldap_data" volume_data="ab-openldap_data"
@ -66,9 +91,6 @@ scriptHelp () {
textblock "${cyan}-s|--shell${norm}" textblock "${cyan}-s|--shell${norm}"
textblock "Switch parameter. Enter the container using an interactive POSIX shell. This happens after startup operations but *before* openLDAP (slapd) is started. This is a great way to test out configuration changes or run custom queries. You can combine this with '--rm' for easy configuration checks or LDIF imports." textblock "Switch parameter. Enter the container using an interactive POSIX shell. This happens after startup operations but *before* openLDAP (slapd) is started. This is a great way to test out configuration changes or run custom queries. You can combine this with '--rm' for easy configuration checks or LDIF imports."
printf "\n" printf "\n"
textblock "${cyan}--clean${norm}"
textblock "Switch parameter. This option will stop and remove ALL running openLDAP containers *AND DESTROY ALL VOLUMES*. This is meant to give you a 'clean start' if you've made configuration changes, etc."
printf "\n"
textblock "${cyan}--restore${norm}" textblock "${cyan}--restore${norm}"
textblock "Switch parameter. Restore a 'slapcat' backup to the data and ldif volumes in preparation for mounting them in a normal container. It is strongly recommended you review your '-t' '--data' and '--ldif' settings before proceeding with this option." textblock "Switch parameter. Restore a 'slapcat' backup to the data and ldif volumes in preparation for mounting them in a normal container. It is strongly recommended you review your '-t' '--data' and '--ldif' settings before proceeding with this option."
printf "\n" printf "\n"
@ -85,39 +107,19 @@ scriptHelp () {
# is user root or in the docker group? # is user root or in the docker group?
if [ ! "$( id -u )" -eq 0 ]; then if [ ! "$( id -u )" -eq 0 ]; then
if ! id -Gn | grep docker > /dev/null; then if ! id -Gn | grep docker > /dev/null; then
printf "%s\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n%s" "$err" "$norm" consoleError '2' "You must either be root or in the 'docker' group to run this script since you must be able to actually start the container!"
exit 2
fi fi
fi fi
# does the params file exist? # does the params file exist?
if [ ! -f "./ab-openldap.params" ]; then if [ ! -f "./ab-openldap.params" ]; then
printf "%s\nCannot find 'ab-openldap.params' file in the same directory as this script. Exiting.\n%s" "$err" "$norm" consoleError '3' "Cannot find 'ab-openldap.params' file in the same directory as this script."
exit 3 exit 3
fi fi
# read .params file # read .params file
. ./ab-openldap.params . ./ab-openldap.params
# check for certs if using TLS
if [ "$TLS_CERT" ]; then
if [ ! -f "$TLS_CERT" ]; then
printf "%s\nCannot find specified TLS certificate file. Exiting.%s\n" \
"$err" "$norm"
exit 5
fi
if [ ! -f "$TLS_KEY" ]; then
printf "%s\nCannot find specified TLS private key file. Exiting.%s\n" \
"$err" "$norm"
exit 5
fi
if [ ! -f "$TLS_CHAIN" ]; then
printf "%s\nCannot find specified TLS certificate chain file. Exiting.%s\n" \
"$err" "$norm"
exit 5
fi
fi
# process startup parameters # process startup parameters
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
case "$1" in case "$1" in
@ -134,10 +136,6 @@ while [ $# -gt 0 ]; do
# start shell instead of default CMD # start shell instead of default CMD
shell=true shell=true
;; ;;
--clean)
# stop if necessary, delete volumes
clean=true
;;
--restore) --restore)
# restore backup # restore backup
restore=true restore=true
@ -145,9 +143,7 @@ while [ $# -gt 0 ]; do
-n|--name) -n|--name)
# container name # container name
if [ -z "$2" ]; then if [ -z "$2" ]; then
printf "%s\nNo container name specified. Exiting.\n%s" \ consoleError '1' 'No container name specified.'
"$err" "$norm"
exit 1
fi fi
container_name="$2" container_name="$2"
shift shift
@ -155,9 +151,7 @@ while [ $# -gt 0 ]; do
--data) --data)
# data volume name # data volume name
if [ -z "$2" ]; then if [ -z "$2" ]; then
printf "%s\nNo name specified for data volume. Exiting.\n%s" \ consoleError '1' 'No name specified for data volume.'
"$err" "$norm"
exit 1
fi fi
volume_data="$2" volume_data="$2"
shift shift
@ -165,9 +159,7 @@ while [ $# -gt 0 ]; do
--ldif) --ldif)
# ldif volume name # ldif volume name
if [ -z "$2" ]; then if [ -z "$2" ]; then
printf "%s\nNo name specified for LDIF volume. Exiting.\n%s" \ consoleError '1' 'No name specified for LDIF volume.'
"$err" "$norm"
exit 1
fi fi
volume_ldif="$2" volume_ldif="$2"
shift shift
@ -175,9 +167,7 @@ while [ $# -gt 0 ]; do
--backupdir) --backupdir)
# location of backup files to restore # location of backup files to restore
if [ -z "$2" ]; then if [ -z "$2" ]; then
printf "%s\nLocation of your backup files not provided. Exiting.\n%s" \ consoleError '1' 'Location of your backup files not provided.'
"$err" "$norm"
exit 1
fi fi
backup_dir="$2" backup_dir="$2"
shift shift
@ -185,9 +175,7 @@ while [ $# -gt 0 ]; do
-t|--tag) -t|--tag)
# specify container tag # specify container tag
if [ -z "$2" ]; then if [ -z "$2" ]; then
printf "%s\nNo tag specified. Exiting.\n%s" \ consoleError '1' 'No tag specified.'
"$err" "$norm"
exit 1
fi fi
tag="$2" tag="$2"
shift shift
@ -202,93 +190,19 @@ while [ $# -gt 0 ]; do
done done
# cleanup containers and volumes ### process main operations
if [ $clean = true ]; then
# display warning and confirm user's intentions
printf "\nThis will stop and remove all ab-openldap containers %sAND REMOVE ALL PERSISTENT DATA VOLUMES%s. Please ensure you have a backup and understand how to restore your data.\n" \
"$red" "$norm"
printf "%sThis action CANNOT be undone!%s\n\n" \
"$red" "$norm"
# confirmation loop
while true; do
printf "%sAre you sure you want to continue? (yes/no)%s " \
"$cyan" "$norm"
read -r yn
case "$yn" in
[Yy]*)
break
;;
[Nn]*)
printf "\n"
exit 0
;;
*)
printf "Please answer 'y' or 'n'.\n"
;;
esac
done
# get all ab-openldap containers
containers=$(docker ps -a --no-trunc --filter "label=org.label-schema.name=ab-openldap" --format "{{ .Names }}")
# check for null value -- no containers to remove
if [ -z "$containers" ]; then
printf "%sNo openldap containers to remove. Exiting.%s\n\n" \
"$err" "$norm"
exit 0
fi
# iterate containers, stop them and remove straggling volumes if [ $restore = true ]; then
set -- dummy $containers # automatically restore backups using a temp container to create volumes
shift printf "%s\n*** Restoring Backup ***\n\n%s" "$magenta" "$norm"
for container; do printf "To avoid errors due to existing files, this script will delete any volumes that have the following names (based on --data and --ldif):\n"
printf "\n%sFound %s -- processing:%s\n" \ printf "\t%s\n\t%s\n" "$volume_data" "$volume_ldif"
"$cyan" "$container" "$norm" prompt_yn
# stop container
printf "\t%sStopping container...%s\n" "$red" "$norm"
docker stop ${container} > /dev/null 2>&1
# find volumes
volumes=$(docker inspect --format '{{ range .Mounts }}{{ println .Name }}{{ end }}' ${container})
# remove container
printf "\t%sRemoving container...%s\n" "$red" "$norm"
docker rm ${container} > /dev/null 2>&1
# pause to allow write flushing
sleep 3
# iterate volumes
set -- dummy2 $volumes
shift
for volume; do
printf "\t%sRemoving volume '%s'...%s\n" "$red" "$volume" "$norm"
docker volume rm ${volume} > /dev/null 2>&1
done
printf "%s...done%s\n" "$cyan" "$norm"
done
elif [ $restore = true ]; then
# restore backup
printf "%s\n*** Restoring Backup ***\n\n%s" "$magenta" "$norm"
printf "To avoid errors due to existing files, this script will delete any volumes that have the following names:\n"
printf "\t%s\n\t%s\n" "$volume_data" "$volume_ldif"
# confirmation loop
while true; do
printf "%sDo you want to continue? (yes/no)%s " \
"$cyan" "$norm"
read -r yn
case "$yn" in
[Yy]*)
break
;;
[Nn]*)
printf "\n"
exit 0
;;
*)
printf "Please answer 'y' or 'n'.\n"
;;
esac
done
# delete any conflicting volumes # delete any conflicting volumes
docker volume rm ${volume_data} > /dev/null 2>&1 docker volume rm -f ${volume_data} > /dev/null 2>&1
docker volume rm ${volume_ldif} > /dev/null 2>&1 docker volume rm -f ${volume_ldif} > /dev/null 2>&1
# run temporary container to merge backup data into volumes # run temporary container to merge backup data into volumes
docker run --rm \ docker run --rm \
-v "$volume_data":/var/openldap/data \ -v "$volume_data":/var/openldap/data \
@ -297,8 +211,9 @@ printf "\t%s\n\t%s\n" "$volume_data" "$volume_ldif"
docker.asifbacchus.app/ldap/ab-openldap:${tag} \ docker.asifbacchus.app/ldap/ab-openldap:${tag} \
cat /var/openldap/data/restore.log cat /var/openldap/data/restore.log
printf "\nPlease review the log output on your screen to determine if the restore was successful or what errors need to be corrected. If everything was successful, your data volumes can be used in a new container started normally.\n" printf "\nPlease review the log output on your screen to determine if the restore was successful or what errors need to be corrected. If everything was successful, your data volumes can be used in a new container started normally.\n"
# run without TLS
elif [ -z "$TLS_CERT" ]; then elif [ -z "$TLS_CERT" ]; then
# run container without TLS
if [ $shell = true ]; then if [ $shell = true ]; then
# exec shell # exec shell
printf "%s\nRunning SHELL on %s...%s\n" \ printf "%s\nRunning SHELL on %s...%s\n" \
@ -364,8 +279,21 @@ elif [ -z "$TLS_CERT" ]; then
fi fi
fi fi
fi fi
# run with TLS
elif [ "$TLS_CERT" ] && [ "$TLS_KEY" ] && [ "$TLS_CHAIN" ]; then elif [ "$TLS_CERT" ] && [ "$TLS_KEY" ] && [ "$TLS_CHAIN" ]; then
# run container with TLS
# verify certificate files exist
if [ "$TLS_CERT" ]; then
if [ ! -f "$TLS_CERT" ]; then
consoleError '5' 'Cannot find specified TLS certificate file.'
fi
if [ ! -f "$TLS_KEY" ]; then
consoleError '5' 'Cannot find specified TLS private key file.'
fi
if [ ! -f "$TLS_CHAIN" ]; then
consoleError '5' 'Cannot find specified TLS certificate chain file.'
fi
fi
if [ $shell = true ]; then if [ $shell = true ]; then
# exec shell # exec shell
printf "%s\nRunning SHELL on %s (TLS)...%s\n" \ printf "%s\nRunning SHELL on %s (TLS)...%s\n" \