Compare commits
10 Commits
0cc46e187c
...
15130b87ba
| Author | SHA1 | Date | |
|---|---|---|---|
|
15130b87ba | ||
|
|
4298c0c0c6 | ||
|
|
c23c60e16b | ||
|
|
d733687742 | ||
|
|
7a58e1b513 | ||
|
|
17dda2504d | ||
|
|
1108797ac2 | ||
|
|
c6723b6c54 | ||
|
|
a77b73e835 | ||
|
|
30bb38672b |
@ -2,15 +2,42 @@
|
||||
|
||||
#
|
||||
### start openldap container using params file variables
|
||||
# version 3.0
|
||||
# version 3.1
|
||||
#
|
||||
|
||||
|
||||
### functions
|
||||
consoleError () {
|
||||
printf "%s\n%s\n" "$err" "$2"
|
||||
printf "Exiting.\n\n%s" "$norm"
|
||||
exit "$1"
|
||||
}
|
||||
|
||||
textblock () {
|
||||
printf "%s\n" "$1" | fold -w "$width" -s
|
||||
}
|
||||
|
||||
prompt_yn () {
|
||||
# confirmation loop
|
||||
while true; do
|
||||
printf "%sAre you sure you want to continue? (y/n)%s " \
|
||||
"$cyan" "$norm"
|
||||
read -r yn
|
||||
case "$yn" in
|
||||
[Yy]*)
|
||||
break
|
||||
;;
|
||||
[Nn]*)
|
||||
printf "\n"
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
printf "%sPlease answer 'y' or 'n'.%s\n" "$err" "$norm"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
# text formatting presets
|
||||
bold=$(tput bold)
|
||||
@ -18,13 +45,11 @@ cyan=$(tput setaf 6)
|
||||
err=$(tput bold)$(tput setaf 1)
|
||||
magenta=$(tput setaf 5)
|
||||
norm=$(tput sgr0)
|
||||
red=$(tput setaf 1)
|
||||
yellow=$(tput setaf 3)
|
||||
width=$(tput cols)
|
||||
|
||||
### parameter defaults
|
||||
scriptName="$( basename "$0" )"
|
||||
clean=false
|
||||
restore=false
|
||||
container_name="ab-openldap"
|
||||
volume_data="ab-openldap_data"
|
||||
@ -66,9 +91,6 @@ scriptHelp () {
|
||||
textblock "${cyan}-s|--shell${norm}"
|
||||
textblock "Switch parameter. Enter the container using an interactive POSIX shell. This happens after startup operations but *before* openLDAP (slapd) is started. This is a great way to test out configuration changes or run custom queries. You can combine this with '--rm' for easy configuration checks or LDIF imports."
|
||||
printf "\n"
|
||||
textblock "${cyan}--clean${norm}"
|
||||
textblock "Switch parameter. This option will stop and remove ALL running openLDAP containers *AND DESTROY ALL VOLUMES*. This is meant to give you a 'clean start' if you've made configuration changes, etc."
|
||||
printf "\n"
|
||||
textblock "${cyan}--restore${norm}"
|
||||
textblock "Switch parameter. Restore a 'slapcat' backup to the data and ldif volumes in preparation for mounting them in a normal container. It is strongly recommended you review your '-t' '--data' and '--ldif' settings before proceeding with this option."
|
||||
printf "\n"
|
||||
@ -85,39 +107,19 @@ scriptHelp () {
|
||||
# is user root or in the docker group?
|
||||
if [ ! "$( id -u )" -eq 0 ]; then
|
||||
if ! id -Gn | grep docker > /dev/null; then
|
||||
printf "%s\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n%s" "$err" "$norm"
|
||||
exit 2
|
||||
consoleError '2' "You must either be root or in the 'docker' group to run this script since you must be able to actually start the container!"
|
||||
fi
|
||||
fi
|
||||
|
||||
# does the params file exist?
|
||||
if [ ! -f "./ab-openldap.params" ]; then
|
||||
printf "%s\nCannot find 'ab-openldap.params' file in the same directory as this script. Exiting.\n%s" "$err" "$norm"
|
||||
consoleError '3' "Cannot find 'ab-openldap.params' file in the same directory as this script."
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# read .params file
|
||||
. ./ab-openldap.params
|
||||
|
||||
# check for certs if using TLS
|
||||
if [ "$TLS_CERT" ]; then
|
||||
if [ ! -f "$TLS_CERT" ]; then
|
||||
printf "%s\nCannot find specified TLS certificate file. Exiting.%s\n" \
|
||||
"$err" "$norm"
|
||||
exit 5
|
||||
fi
|
||||
if [ ! -f "$TLS_KEY" ]; then
|
||||
printf "%s\nCannot find specified TLS private key file. Exiting.%s\n" \
|
||||
"$err" "$norm"
|
||||
exit 5
|
||||
fi
|
||||
if [ ! -f "$TLS_CHAIN" ]; then
|
||||
printf "%s\nCannot find specified TLS certificate chain file. Exiting.%s\n" \
|
||||
"$err" "$norm"
|
||||
exit 5
|
||||
fi
|
||||
fi
|
||||
|
||||
# process startup parameters
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
@ -134,10 +136,6 @@ while [ $# -gt 0 ]; do
|
||||
# start shell instead of default CMD
|
||||
shell=true
|
||||
;;
|
||||
--clean)
|
||||
# stop if necessary, delete volumes
|
||||
clean=true
|
||||
;;
|
||||
--restore)
|
||||
# restore backup
|
||||
restore=true
|
||||
@ -145,9 +143,7 @@ while [ $# -gt 0 ]; do
|
||||
-n|--name)
|
||||
# container name
|
||||
if [ -z "$2" ]; then
|
||||
printf "%s\nNo container name specified. Exiting.\n%s" \
|
||||
"$err" "$norm"
|
||||
exit 1
|
||||
consoleError '1' 'No container name specified.'
|
||||
fi
|
||||
container_name="$2"
|
||||
shift
|
||||
@ -155,9 +151,7 @@ while [ $# -gt 0 ]; do
|
||||
--data)
|
||||
# data volume name
|
||||
if [ -z "$2" ]; then
|
||||
printf "%s\nNo name specified for data volume. Exiting.\n%s" \
|
||||
"$err" "$norm"
|
||||
exit 1
|
||||
consoleError '1' 'No name specified for data volume.'
|
||||
fi
|
||||
volume_data="$2"
|
||||
shift
|
||||
@ -165,9 +159,7 @@ while [ $# -gt 0 ]; do
|
||||
--ldif)
|
||||
# ldif volume name
|
||||
if [ -z "$2" ]; then
|
||||
printf "%s\nNo name specified for LDIF volume. Exiting.\n%s" \
|
||||
"$err" "$norm"
|
||||
exit 1
|
||||
consoleError '1' 'No name specified for LDIF volume.'
|
||||
fi
|
||||
volume_ldif="$2"
|
||||
shift
|
||||
@ -175,9 +167,7 @@ while [ $# -gt 0 ]; do
|
||||
--backupdir)
|
||||
# location of backup files to restore
|
||||
if [ -z "$2" ]; then
|
||||
printf "%s\nLocation of your backup files not provided. Exiting.\n%s" \
|
||||
"$err" "$norm"
|
||||
exit 1
|
||||
consoleError '1' 'Location of your backup files not provided.'
|
||||
fi
|
||||
backup_dir="$2"
|
||||
shift
|
||||
@ -185,9 +175,7 @@ while [ $# -gt 0 ]; do
|
||||
-t|--tag)
|
||||
# specify container tag
|
||||
if [ -z "$2" ]; then
|
||||
printf "%s\nNo tag specified. Exiting.\n%s" \
|
||||
"$err" "$norm"
|
||||
exit 1
|
||||
consoleError '1' 'No tag specified.'
|
||||
fi
|
||||
tag="$2"
|
||||
shift
|
||||
@ -202,93 +190,19 @@ while [ $# -gt 0 ]; do
|
||||
done
|
||||
|
||||
|
||||
# cleanup containers and volumes
|
||||
if [ $clean = true ]; then
|
||||
# display warning and confirm user's intentions
|
||||
printf "\nThis will stop and remove all ab-openldap containers %sAND REMOVE ALL PERSISTENT DATA VOLUMES%s. Please ensure you have a backup and understand how to restore your data.\n" \
|
||||
"$red" "$norm"
|
||||
printf "%sThis action CANNOT be undone!%s\n\n" \
|
||||
"$red" "$norm"
|
||||
|
||||
# confirmation loop
|
||||
while true; do
|
||||
printf "%sAre you sure you want to continue? (yes/no)%s " \
|
||||
"$cyan" "$norm"
|
||||
read -r yn
|
||||
case "$yn" in
|
||||
[Yy]*)
|
||||
break
|
||||
;;
|
||||
[Nn]*)
|
||||
printf "\n"
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
printf "Please answer 'y' or 'n'.\n"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# get all ab-openldap containers
|
||||
containers=$(docker ps -a --no-trunc --filter "label=org.label-schema.name=ab-openldap" --format "{{ .Names }}")
|
||||
# check for null value -- no containers to remove
|
||||
if [ -z "$containers" ]; then
|
||||
printf "%sNo openldap containers to remove. Exiting.%s\n\n" \
|
||||
"$err" "$norm"
|
||||
exit 0
|
||||
fi
|
||||
### process main operations
|
||||
|
||||
# iterate containers, stop them and remove straggling volumes
|
||||
set -- dummy $containers
|
||||
shift
|
||||
for container; do
|
||||
printf "\n%sFound %s -- processing:%s\n" \
|
||||
"$cyan" "$container" "$norm"
|
||||
# stop container
|
||||
printf "\t%sStopping container...%s\n" "$red" "$norm"
|
||||
docker stop ${container} > /dev/null 2>&1
|
||||
# find volumes
|
||||
volumes=$(docker inspect --format '{{ range .Mounts }}{{ println .Name }}{{ end }}' ${container})
|
||||
# remove container
|
||||
printf "\t%sRemoving container...%s\n" "$red" "$norm"
|
||||
docker rm ${container} > /dev/null 2>&1
|
||||
# pause to allow write flushing
|
||||
sleep 3
|
||||
# iterate volumes
|
||||
set -- dummy2 $volumes
|
||||
shift
|
||||
for volume; do
|
||||
printf "\t%sRemoving volume '%s'...%s\n" "$red" "$volume" "$norm"
|
||||
docker volume rm ${volume} > /dev/null 2>&1
|
||||
done
|
||||
printf "%s...done%s\n" "$cyan" "$norm"
|
||||
done
|
||||
elif [ $restore = true ]; then
|
||||
# restore backup
|
||||
printf "%s\n*** Restoring Backup ***\n\n%s" "$magenta" "$norm"
|
||||
printf "To avoid errors due to existing files, this script will delete any volumes that have the following names:\n"
|
||||
printf "\t%s\n\t%s\n" "$volume_data" "$volume_ldif"
|
||||
# confirmation loop
|
||||
while true; do
|
||||
printf "%sDo you want to continue? (yes/no)%s " \
|
||||
"$cyan" "$norm"
|
||||
read -r yn
|
||||
case "$yn" in
|
||||
[Yy]*)
|
||||
break
|
||||
;;
|
||||
[Nn]*)
|
||||
printf "\n"
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
printf "Please answer 'y' or 'n'.\n"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
if [ $restore = true ]; then
|
||||
# automatically restore backups using a temp container to create volumes
|
||||
printf "%s\n*** Restoring Backup ***\n\n%s" "$magenta" "$norm"
|
||||
printf "To avoid errors due to existing files, this script will delete any volumes that have the following names (based on --data and --ldif):\n"
|
||||
printf "\t%s\n\t%s\n" "$volume_data" "$volume_ldif"
|
||||
prompt_yn
|
||||
|
||||
# delete any conflicting volumes
|
||||
docker volume rm ${volume_data} > /dev/null 2>&1
|
||||
docker volume rm ${volume_ldif} > /dev/null 2>&1
|
||||
docker volume rm -f ${volume_data} > /dev/null 2>&1
|
||||
docker volume rm -f ${volume_ldif} > /dev/null 2>&1
|
||||
|
||||
# run temporary container to merge backup data into volumes
|
||||
docker run --rm \
|
||||
-v "$volume_data":/var/openldap/data \
|
||||
@ -297,8 +211,9 @@ printf "\t%s\n\t%s\n" "$volume_data" "$volume_ldif"
|
||||
docker.asifbacchus.app/ldap/ab-openldap:${tag} \
|
||||
cat /var/openldap/data/restore.log
|
||||
printf "\nPlease review the log output on your screen to determine if the restore was successful or what errors need to be corrected. If everything was successful, your data volumes can be used in a new container started normally.\n"
|
||||
# run without TLS
|
||||
elif [ -z "$TLS_CERT" ]; then
|
||||
|
||||
elif [ -z "$TLS_CERT" ]; then
|
||||
# run container without TLS
|
||||
if [ $shell = true ]; then
|
||||
# exec shell
|
||||
printf "%s\nRunning SHELL on %s...%s\n" \
|
||||
@ -364,8 +279,21 @@ elif [ -z "$TLS_CERT" ]; then
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
# run with TLS
|
||||
|
||||
elif [ "$TLS_CERT" ] && [ "$TLS_KEY" ] && [ "$TLS_CHAIN" ]; then
|
||||
# run container with TLS
|
||||
# verify certificate files exist
|
||||
if [ "$TLS_CERT" ]; then
|
||||
if [ ! -f "$TLS_CERT" ]; then
|
||||
consoleError '5' 'Cannot find specified TLS certificate file.'
|
||||
fi
|
||||
if [ ! -f "$TLS_KEY" ]; then
|
||||
consoleError '5' 'Cannot find specified TLS private key file.'
|
||||
fi
|
||||
if [ ! -f "$TLS_CHAIN" ]; then
|
||||
consoleError '5' 'Cannot find specified TLS certificate chain file.'
|
||||
fi
|
||||
fi
|
||||
if [ $shell = true ]; then
|
||||
# exec shell
|
||||
printf "%s\nRunning SHELL on %s (TLS)...%s\n" \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user