Compare commits
5 Commits
d7d7f1eae1
...
0cc46e187c
| Author | SHA1 | Date | |
|---|---|---|---|
|
0cc46e187c | ||
|
|
b6fc492881 | ||
|
|
80ee3c7a3d | ||
|
|
98b44dd63c | ||
|
|
b033828165 |
@ -6,24 +6,24 @@
|
||||
#
|
||||
|
||||
|
||||
# error code reference:
|
||||
# 0: exited normally, no errors
|
||||
# 1: unknown startup option passed to script
|
||||
# 2: current user is unauthorized to operate docker
|
||||
# 3: 'params' file not found in same directory as script
|
||||
# 5: specified TLS-related files (cert, key or chain) not found
|
||||
### functions
|
||||
textblock () {
|
||||
printf "%s\n" "$1" | fold -w "$width" -s
|
||||
}
|
||||
|
||||
|
||||
# text formatting presets
|
||||
bold=$(tput bold)
|
||||
cyan=$(tput setaf 6)
|
||||
err=$(tput bold)$(tput setaf 1)
|
||||
magenta=$(tput setaf 5)
|
||||
norm=$(tput sgr0)
|
||||
red=$(tput setaf 1)
|
||||
yellow=$(tput setaf 3)
|
||||
|
||||
width=$(tput cols)
|
||||
|
||||
### parameter defaults
|
||||
scriptName="$( basename "$0" )"
|
||||
clean=false
|
||||
restore=false
|
||||
container_name="ab-openldap"
|
||||
@ -36,65 +36,47 @@ tag=latest
|
||||
|
||||
|
||||
scriptHelp () {
|
||||
printf "\n%s%80s\n" "$magenta" | tr " " "-"
|
||||
printf "%sThis is a simple helper script so you can avoid lengthy typing when working\n" "$norm"
|
||||
printf "with the openLDAP container. The script reads the contents of 'ab-openldap.params'\n"
|
||||
printf "and constructs various 'docker run' commands based on that file. The biggest\n"
|
||||
printf "timesaver is working with certificates. If they are specified in the '.params',\n"
|
||||
printf "file, the script will automatically bind-mount them so openLDAP starts in 'TLS\n"
|
||||
printf "required' mode.\n\n"
|
||||
printf "If you run the script with no parameters, it will execute the container\n"
|
||||
printf "'normally': Run in detached mode with openLDAP automatically launched and\n"
|
||||
printf "logging to stdout. If you specified certificates, openLDAP will require a TLS\n"
|
||||
printf "connection. All modes of operation allow you to enter the container and\n"
|
||||
printf "connect directly using UNIX sockets also.\n"
|
||||
printf "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for\n"
|
||||
printf "testing only. By default, containers run without '--rm' will be restarted\n"
|
||||
printf "automatically unless they are manually stopped via 'docker stop...'\n\n"
|
||||
printf "%sThe script has the following parameters:\n" "$magenta"
|
||||
printf "%s(parameter in cyan) %s(default in yellow)%s\n\n" \
|
||||
"$cyan" "$yellow" "$norm"
|
||||
printf "%s-t|--tag%s\n" "$cyan" "$norm"
|
||||
printf "Change the version of the container downloaded by specifying a particular tag.\n"
|
||||
printf "This can be useful when testing new versions or if you have to roll back to a\n"
|
||||
printf "previous container version.\n"
|
||||
printf "%s(latest)%s\n\n" "$yellow" "$norm"
|
||||
printf "%s-n|--name%s\n" "$cyan" "$norm"
|
||||
printf "Change the name of the container. This is cosmetic and does not affect\n"
|
||||
printf "operation in any way.\n"
|
||||
printf "%s(ab-openldap)%s\n\n" "$yellow" "$norm"
|
||||
printf "%s--data%s\n" "$cyan" "$norm"
|
||||
printf "Change the name of the docker volume used to persist data.\n"
|
||||
printf "%s(ab-openldap_data)%s\n\n" "$yellow" "$norm"
|
||||
printf "%s--ldif%s\n" "$cyan" "$norm"
|
||||
printf "Change the name of the docker volume used to persist LDIFs.\n"
|
||||
printf "%s(ab-openldap_ldif)%s\n\n" "$yellow" "$norm"
|
||||
printf "%s--rm|--remove%s\n" "$cyan" "$norm"
|
||||
printf "Automatically remove the container and volume (unless data is written) after it\n"
|
||||
printf "is exited.\n"
|
||||
printf "%s(off: do not destroy container when stopped)%s\n\n" \
|
||||
"$yellow" "$norm"
|
||||
printf "%s-s|--shell%s\n" "$cyan" "$norm"
|
||||
printf "Enter the container using an interactive POSIX shell. This happens after\n"
|
||||
printf "startup operations but *before* openLDAP (slapd) is actually started. This is\n"
|
||||
printf "a great way to see configuration changes possibly stopping openLDAP from\n"
|
||||
printf "starting. You can combine this with '--rm' for easy configuration checks.\n"
|
||||
printf "%s(off: run in detached mode)%s\n\n" "$yellow" "$norm"
|
||||
printf "%s--clean%s\n" "$cyan" "$norm"
|
||||
printf "This option will stop ALL running openLDAP containers *AND DESTROY ALL\n"
|
||||
printf "VOLUMES*. This is meant to give you a 'clean start' if you've made\n"
|
||||
printf "configuration changes, etc.\n\n"
|
||||
printf "%s--restore%s\n" "$cyan" "$norm"
|
||||
printf "Restore a 'slapcat' backup to the data and ldif volume in preparation for\n"
|
||||
printf "mounting them in a normal container.\n"
|
||||
printf "It is strongly recommended you review your '-t' '--data' and '--ldif' settings\n"
|
||||
printf "before proceeding with this option.\n\n"
|
||||
printf "%s--backupdir%s\n" "$cyan" "$norm"
|
||||
printf "Location of the 'slapcat' backup files which you want to restore.\n"
|
||||
printf "%s(./restore)%s\n\n" "$yellow" "$norm"
|
||||
printf "%sMore information can be found at:\n" "$yellow"
|
||||
printf "https://git.asifbacchus.app/ab-docker/openldap/wiki\n"
|
||||
printf "%s%80s\n\n" "$magenta" | tr " " "-"
|
||||
printf "\n"
|
||||
textblock "${bold}Usage: $scriptName [parameters]${norm}"
|
||||
printf "\n"
|
||||
textblock "This is a simple helper script so you can avoid lengthy typing when working with the openLDAP container. The script reads the contents of 'ab-openldap.params' and constructs various 'docker run' commands based on that file. The biggest timesaver is working with certificates. If they are specified in the '.params' file, the script will automatically bind-mount them so openLDAP starts in 'TLS required' mode."
|
||||
printf "\n"
|
||||
textblock "If you run the script with no parameters, it will execute the container 'normally': Run in detached mode with openLDAP automatically launched and logging to stdout. If you specified certificates, openLDAP will require a TLS connection. All modes of operation allow you to enter the container and connect directly using UNIX sockets also."
|
||||
printf "\n"
|
||||
textblock "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for testing only. By default, containers run without '--rm' will be restarted automatically unless they are manually stopped via 'docker stop...'"
|
||||
printf "\n"
|
||||
textblock "${magenta}The script has the following parameters:${norm}"
|
||||
textblock "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}"
|
||||
printf "\n"
|
||||
textblock "${cyan}t|--tag ${yellow}(latest)${norm}"
|
||||
textblock "Change the version of the container downloaded by specifying a particular tag. This can be useful when testing new versions or if you have to roll back to a previous container version."
|
||||
printf "\n"
|
||||
textblock "${cyan}-n|--name ${yellow}(ab-openldap)${norm}"
|
||||
textblock "Change the name of the container. This is cosmetic and does not affect operation in any way."
|
||||
printf "\n"
|
||||
textblock "${cyan}--data ${yellow}(ab-openldap_data)${norm}"
|
||||
textblock "Change the name of the docker volume used to persist data."
|
||||
printf "\n"
|
||||
textblock "${cyan}--ldif ${yellow}(ab-openldap_ldif)${norm}"
|
||||
textblock "Change the name of the docker volume used to persist LDIFs."
|
||||
printf "\n"
|
||||
textblock "${cyan}--rm|--remove${norm}"
|
||||
textblock "Switch parameter. Automatically remove the container and associated volumes (unless data is written) after it exits."
|
||||
printf "\n"
|
||||
textblock "${cyan}-s|--shell${norm}"
|
||||
textblock "Switch parameter. Enter the container using an interactive POSIX shell. This happens after startup operations but *before* openLDAP (slapd) is started. This is a great way to test out configuration changes or run custom queries. You can combine this with '--rm' for easy configuration checks or LDIF imports."
|
||||
printf "\n"
|
||||
textblock "${cyan}--clean${norm}"
|
||||
textblock "Switch parameter. This option will stop and remove ALL running openLDAP containers *AND DESTROY ALL VOLUMES*. This is meant to give you a 'clean start' if you've made configuration changes, etc."
|
||||
printf "\n"
|
||||
textblock "${cyan}--restore${norm}"
|
||||
textblock "Switch parameter. Restore a 'slapcat' backup to the data and ldif volumes in preparation for mounting them in a normal container. It is strongly recommended you review your '-t' '--data' and '--ldif' settings before proceeding with this option."
|
||||
printf "\n"
|
||||
textblock "${cyan}--backupdir ${yellow}(./restore)${norm}"
|
||||
textblock "Location of the 'slapcat' backup files to restore."
|
||||
printf "\n\n"
|
||||
textblock "More information about this script and the ab-openLDAP container can be found at ${magenta}https://git.asifbacchus.app/ab-docker/openldap/wiki${norm}"
|
||||
printf "\n\n"
|
||||
exit 0
|
||||
}
|
||||
|
||||
@ -472,3 +454,14 @@ fi
|
||||
|
||||
### exit gracefully
|
||||
exit 0
|
||||
|
||||
|
||||
# error code reference:
|
||||
# 0: exited normally, no errors
|
||||
# 1: unknown startup option passed to script
|
||||
# 2: current user is unauthorized to operate docker
|
||||
# 3: 'params' file not found in same directory as script
|
||||
# 5: specified TLS-related files (cert, key or chain) not found
|
||||
|
||||
|
||||
#EOF
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
#
|
||||
### backup openLDAP configuration and frontend database(s)
|
||||
# version 3.0
|
||||
# version 3.1
|
||||
#
|
||||
|
||||
|
||||
@ -167,6 +167,9 @@ scriptHelp () {
|
||||
textblock "${cyan}-e, --extract${norm}"
|
||||
textblock "Switch parameter. Extract your backup file (MUST be supplied using the --backupfile parameter) to the 'restore' subdirectory of the current directory or as specified using the '--output' parameter. This switch will log error code 8 if you try to extract an encrypted backup archive. In that case, use --decrypt instead."
|
||||
printf "\n"
|
||||
textblock "${cyan}--removeTLS${norm}"
|
||||
textblock "Switch parameter. Remove olcTLS configuration parameters from your config DIT LDIF file. This is the only approved way to disable/change your TLS settings. Consult the openLDAP documentation or the repo wiki for more information."
|
||||
printf "\n"
|
||||
textblock "${cyan}--manualdecryption${norm}"
|
||||
textblock "Display instructions on how to manually decrypt and extract your backup archive."
|
||||
printf "\n\n"
|
||||
@ -210,6 +213,8 @@ quickHelp () {
|
||||
textblock "Decrypt and extract specified backup file to 'restore' subdirectory of current path/specified path (--output parameter)."
|
||||
textblock "${cyan}-e, --extract${norm}"
|
||||
textblock "Extract specified backup file to 'restore' subdirectory of current path/specified path (--output parameter)."
|
||||
textblock "${cyan}--removeTLS${norm}"
|
||||
textblock "Remove all olcTLS configuration settings from your config DIT LDIF restore file."
|
||||
textblock "${cyan}--manualdecryption${norm}"
|
||||
textblock "Display instructions on manually decrypting and extracting your backup archive."
|
||||
printf "\n"
|
||||
@ -467,12 +472,12 @@ if [ $extract = 'true' ]; then
|
||||
# remove TLS configuration
|
||||
if [ "$removeTLS" = 'true' ]; then
|
||||
# get newest config-? file in outputLocation/restore directory
|
||||
cnConfigFile=$( ls "${outputLocation%/}/restore" -t | head -n1 )
|
||||
cnConfigFile=$( ls -Adt ${outputLocation%/}/restore/config-* | head -n1 )
|
||||
# remove TLS configuration entries
|
||||
logInfo 'task' "Removing TLS configuration $cnConfigFile... "
|
||||
sed -i -e '/^olcTLS/d' "$cnConfigFile"
|
||||
logInfo 'task' "Removing TLS configuration from '$cnConfigFile'"
|
||||
sed -i -e '/^olcTLS/d' "$cnConfigFile" 2>> "$logfile"
|
||||
# check our work
|
||||
if ! grep -q '^olcTLS' "$cnConfigFile"; then
|
||||
if ! grep -q '^olcTLS' "$cnConfigFile" 2>> "$logfile"; then
|
||||
logInfo 'done'
|
||||
else
|
||||
logInfo 'err'
|
||||
|
||||
Loading…
Reference in New Issue
Block a user