Compare commits

...

5 Commits

Author SHA1 Message Date
Asif Bacchus
0cc46e187c func textblock, update and use in help 2020-03-14 00:40:28 -06:00
Asif Bacchus
b6fc492881 move error codes to end of file 2020-03-13 23:48:25 -06:00
Asif Bacchus
80ee3c7a3d match script to container version 2020-03-13 23:42:14 -06:00
Asif Bacchus
98b44dd63c update in-script help with removeTLS info 2020-03-13 23:41:44 -06:00
Asif Bacchus
b033828165 get full path to restored cn config file 2020-03-13 23:33:08 -06:00
2 changed files with 69 additions and 71 deletions

View File

@ -6,24 +6,24 @@
# #
# error code reference: ### functions
# 0: exited normally, no errors textblock () {
# 1: unknown startup option passed to script printf "%s\n" "$1" | fold -w "$width" -s
# 2: current user is unauthorized to operate docker }
# 3: 'params' file not found in same directory as script
# 5: specified TLS-related files (cert, key or chain) not found
# text formatting presets # text formatting presets
bold=$(tput bold)
cyan=$(tput setaf 6) cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1) err=$(tput bold)$(tput setaf 1)
magenta=$(tput setaf 5) magenta=$(tput setaf 5)
norm=$(tput sgr0) norm=$(tput sgr0)
red=$(tput setaf 1) red=$(tput setaf 1)
yellow=$(tput setaf 3) yellow=$(tput setaf 3)
width=$(tput cols)
### parameter defaults ### parameter defaults
scriptName="$( basename "$0" )"
clean=false clean=false
restore=false restore=false
container_name="ab-openldap" container_name="ab-openldap"
@ -36,65 +36,47 @@ tag=latest
scriptHelp () { scriptHelp () {
printf "\n%s%80s\n" "$magenta" | tr " " "-" printf "\n"
printf "%sThis is a simple helper script so you can avoid lengthy typing when working\n" "$norm" textblock "${bold}Usage: $scriptName [parameters]${norm}"
printf "with the openLDAP container. The script reads the contents of 'ab-openldap.params'\n" printf "\n"
printf "and constructs various 'docker run' commands based on that file. The biggest\n" textblock "This is a simple helper script so you can avoid lengthy typing when working with the openLDAP container. The script reads the contents of 'ab-openldap.params' and constructs various 'docker run' commands based on that file. The biggest timesaver is working with certificates. If they are specified in the '.params' file, the script will automatically bind-mount them so openLDAP starts in 'TLS required' mode."
printf "timesaver is working with certificates. If they are specified in the '.params',\n" printf "\n"
printf "file, the script will automatically bind-mount them so openLDAP starts in 'TLS\n" textblock "If you run the script with no parameters, it will execute the container 'normally': Run in detached mode with openLDAP automatically launched and logging to stdout. If you specified certificates, openLDAP will require a TLS connection. All modes of operation allow you to enter the container and connect directly using UNIX sockets also."
printf "required' mode.\n\n" printf "\n"
printf "If you run the script with no parameters, it will execute the container\n" textblock "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for testing only. By default, containers run without '--rm' will be restarted automatically unless they are manually stopped via 'docker stop...'"
printf "'normally': Run in detached mode with openLDAP automatically launched and\n" printf "\n"
printf "logging to stdout. If you specified certificates, openLDAP will require a TLS\n" textblock "${magenta}The script has the following parameters:${norm}"
printf "connection. All modes of operation allow you to enter the container and\n" textblock "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}"
printf "connect directly using UNIX sockets also.\n" printf "\n"
printf "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for\n" textblock "${cyan}t|--tag ${yellow}(latest)${norm}"
printf "testing only. By default, containers run without '--rm' will be restarted\n" textblock "Change the version of the container downloaded by specifying a particular tag. This can be useful when testing new versions or if you have to roll back to a previous container version."
printf "automatically unless they are manually stopped via 'docker stop...'\n\n" printf "\n"
printf "%sThe script has the following parameters:\n" "$magenta" textblock "${cyan}-n|--name ${yellow}(ab-openldap)${norm}"
printf "%s(parameter in cyan) %s(default in yellow)%s\n\n" \ textblock "Change the name of the container. This is cosmetic and does not affect operation in any way."
"$cyan" "$yellow" "$norm" printf "\n"
printf "%s-t|--tag%s\n" "$cyan" "$norm" textblock "${cyan}--data ${yellow}(ab-openldap_data)${norm}"
printf "Change the version of the container downloaded by specifying a particular tag.\n" textblock "Change the name of the docker volume used to persist data."
printf "This can be useful when testing new versions or if you have to roll back to a\n" printf "\n"
printf "previous container version.\n" textblock "${cyan}--ldif ${yellow}(ab-openldap_ldif)${norm}"
printf "%s(latest)%s\n\n" "$yellow" "$norm" textblock "Change the name of the docker volume used to persist LDIFs."
printf "%s-n|--name%s\n" "$cyan" "$norm" printf "\n"
printf "Change the name of the container. This is cosmetic and does not affect\n" textblock "${cyan}--rm|--remove${norm}"
printf "operation in any way.\n" textblock "Switch parameter. Automatically remove the container and associated volumes (unless data is written) after it exits."
printf "%s(ab-openldap)%s\n\n" "$yellow" "$norm" printf "\n"
printf "%s--data%s\n" "$cyan" "$norm" textblock "${cyan}-s|--shell${norm}"
printf "Change the name of the docker volume used to persist data.\n" textblock "Switch parameter. Enter the container using an interactive POSIX shell. This happens after startup operations but *before* openLDAP (slapd) is started. This is a great way to test out configuration changes or run custom queries. You can combine this with '--rm' for easy configuration checks or LDIF imports."
printf "%s(ab-openldap_data)%s\n\n" "$yellow" "$norm" printf "\n"
printf "%s--ldif%s\n" "$cyan" "$norm" textblock "${cyan}--clean${norm}"
printf "Change the name of the docker volume used to persist LDIFs.\n" textblock "Switch parameter. This option will stop and remove ALL running openLDAP containers *AND DESTROY ALL VOLUMES*. This is meant to give you a 'clean start' if you've made configuration changes, etc."
printf "%s(ab-openldap_ldif)%s\n\n" "$yellow" "$norm" printf "\n"
printf "%s--rm|--remove%s\n" "$cyan" "$norm" textblock "${cyan}--restore${norm}"
printf "Automatically remove the container and volume (unless data is written) after it\n" textblock "Switch parameter. Restore a 'slapcat' backup to the data and ldif volumes in preparation for mounting them in a normal container. It is strongly recommended you review your '-t' '--data' and '--ldif' settings before proceeding with this option."
printf "is exited.\n" printf "\n"
printf "%s(off: do not destroy container when stopped)%s\n\n" \ textblock "${cyan}--backupdir ${yellow}(./restore)${norm}"
"$yellow" "$norm" textblock "Location of the 'slapcat' backup files to restore."
printf "%s-s|--shell%s\n" "$cyan" "$norm" printf "\n\n"
printf "Enter the container using an interactive POSIX shell. This happens after\n" textblock "More information about this script and the ab-openLDAP container can be found at ${magenta}https://git.asifbacchus.app/ab-docker/openldap/wiki${norm}"
printf "startup operations but *before* openLDAP (slapd) is actually started. This is\n" printf "\n\n"
printf "a great way to see configuration changes possibly stopping openLDAP from\n"
printf "starting. You can combine this with '--rm' for easy configuration checks.\n"
printf "%s(off: run in detached mode)%s\n\n" "$yellow" "$norm"
printf "%s--clean%s\n" "$cyan" "$norm"
printf "This option will stop ALL running openLDAP containers *AND DESTROY ALL\n"
printf "VOLUMES*. This is meant to give you a 'clean start' if you've made\n"
printf "configuration changes, etc.\n\n"
printf "%s--restore%s\n" "$cyan" "$norm"
printf "Restore a 'slapcat' backup to the data and ldif volume in preparation for\n"
printf "mounting them in a normal container.\n"
printf "It is strongly recommended you review your '-t' '--data' and '--ldif' settings\n"
printf "before proceeding with this option.\n\n"
printf "%s--backupdir%s\n" "$cyan" "$norm"
printf "Location of the 'slapcat' backup files which you want to restore.\n"
printf "%s(./restore)%s\n\n" "$yellow" "$norm"
printf "%sMore information can be found at:\n" "$yellow"
printf "https://git.asifbacchus.app/ab-docker/openldap/wiki\n"
printf "%s%80s\n\n" "$magenta" | tr " " "-"
exit 0 exit 0
} }
@ -472,3 +454,14 @@ fi
### exit gracefully ### exit gracefully
exit 0 exit 0
# error code reference:
# 0: exited normally, no errors
# 1: unknown startup option passed to script
# 2: current user is unauthorized to operate docker
# 3: 'params' file not found in same directory as script
# 5: specified TLS-related files (cert, key or chain) not found
#EOF

View File

@ -2,7 +2,7 @@
# #
### backup openLDAP configuration and frontend database(s) ### backup openLDAP configuration and frontend database(s)
# version 3.0 # version 3.1
# #
@ -167,6 +167,9 @@ scriptHelp () {
textblock "${cyan}-e, --extract${norm}" textblock "${cyan}-e, --extract${norm}"
textblock "Switch parameter. Extract your backup file (MUST be supplied using the --backupfile parameter) to the 'restore' subdirectory of the current directory or as specified using the '--output' parameter. This switch will log error code 8 if you try to extract an encrypted backup archive. In that case, use --decrypt instead." textblock "Switch parameter. Extract your backup file (MUST be supplied using the --backupfile parameter) to the 'restore' subdirectory of the current directory or as specified using the '--output' parameter. This switch will log error code 8 if you try to extract an encrypted backup archive. In that case, use --decrypt instead."
printf "\n" printf "\n"
textblock "${cyan}--removeTLS${norm}"
textblock "Switch parameter. Remove olcTLS configuration parameters from your config DIT LDIF file. This is the only approved way to disable/change your TLS settings. Consult the openLDAP documentation or the repo wiki for more information."
printf "\n"
textblock "${cyan}--manualdecryption${norm}" textblock "${cyan}--manualdecryption${norm}"
textblock "Display instructions on how to manually decrypt and extract your backup archive." textblock "Display instructions on how to manually decrypt and extract your backup archive."
printf "\n\n" printf "\n\n"
@ -210,6 +213,8 @@ quickHelp () {
textblock "Decrypt and extract specified backup file to 'restore' subdirectory of current path/specified path (--output parameter)." textblock "Decrypt and extract specified backup file to 'restore' subdirectory of current path/specified path (--output parameter)."
textblock "${cyan}-e, --extract${norm}" textblock "${cyan}-e, --extract${norm}"
textblock "Extract specified backup file to 'restore' subdirectory of current path/specified path (--output parameter)." textblock "Extract specified backup file to 'restore' subdirectory of current path/specified path (--output parameter)."
textblock "${cyan}--removeTLS${norm}"
textblock "Remove all olcTLS configuration settings from your config DIT LDIF restore file."
textblock "${cyan}--manualdecryption${norm}" textblock "${cyan}--manualdecryption${norm}"
textblock "Display instructions on manually decrypting and extracting your backup archive." textblock "Display instructions on manually decrypting and extracting your backup archive."
printf "\n" printf "\n"
@ -467,12 +472,12 @@ if [ $extract = 'true' ]; then
# remove TLS configuration # remove TLS configuration
if [ "$removeTLS" = 'true' ]; then if [ "$removeTLS" = 'true' ]; then
# get newest config-? file in outputLocation/restore directory # get newest config-? file in outputLocation/restore directory
cnConfigFile=$( ls "${outputLocation%/}/restore" -t | head -n1 ) cnConfigFile=$( ls -Adt ${outputLocation%/}/restore/config-* | head -n1 )
# remove TLS configuration entries # remove TLS configuration entries
logInfo 'task' "Removing TLS configuration $cnConfigFile... " logInfo 'task' "Removing TLS configuration from '$cnConfigFile'"
sed -i -e '/^olcTLS/d' "$cnConfigFile" sed -i -e '/^olcTLS/d' "$cnConfigFile" 2>> "$logfile"
# check our work # check our work
if ! grep -q '^olcTLS' "$cnConfigFile"; then if ! grep -q '^olcTLS' "$cnConfigFile" 2>> "$logfile"; then
logInfo 'done' logInfo 'done'
else else
logInfo 'err' logInfo 'err'