Compare commits

..

5 Commits

Author SHA1 Message Date
Asif Bacchus
0cc46e187c func textblock, update and use in help 2020-03-14 00:40:28 -06:00
Asif Bacchus
b6fc492881 move error codes to end of file 2020-03-13 23:48:25 -06:00
Asif Bacchus
80ee3c7a3d match script to container version 2020-03-13 23:42:14 -06:00
Asif Bacchus
98b44dd63c update in-script help with removeTLS info 2020-03-13 23:41:44 -06:00
Asif Bacchus
b033828165 get full path to restored cn config file 2020-03-13 23:33:08 -06:00
2 changed files with 69 additions and 71 deletions

View File

@ -6,24 +6,24 @@
#
# error code reference:
# 0: exited normally, no errors
# 1: unknown startup option passed to script
# 2: current user is unauthorized to operate docker
# 3: 'params' file not found in same directory as script
# 5: specified TLS-related files (cert, key or chain) not found
### functions
textblock () {
printf "%s\n" "$1" | fold -w "$width" -s
}
# text formatting presets
bold=$(tput bold)
cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1)
magenta=$(tput setaf 5)
norm=$(tput sgr0)
red=$(tput setaf 1)
yellow=$(tput setaf 3)
width=$(tput cols)
### parameter defaults
scriptName="$( basename "$0" )"
clean=false
restore=false
container_name="ab-openldap"
@ -36,65 +36,47 @@ tag=latest
scriptHelp () {
printf "\n%s%80s\n" "$magenta" | tr " " "-"
printf "%sThis is a simple helper script so you can avoid lengthy typing when working\n" "$norm"
printf "with the openLDAP container. The script reads the contents of 'ab-openldap.params'\n"
printf "and constructs various 'docker run' commands based on that file. The biggest\n"
printf "timesaver is working with certificates. If they are specified in the '.params',\n"
printf "file, the script will automatically bind-mount them so openLDAP starts in 'TLS\n"
printf "required' mode.\n\n"
printf "If you run the script with no parameters, it will execute the container\n"
printf "'normally': Run in detached mode with openLDAP automatically launched and\n"
printf "logging to stdout. If you specified certificates, openLDAP will require a TLS\n"
printf "connection. All modes of operation allow you to enter the container and\n"
printf "connect directly using UNIX sockets also.\n"
printf "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for\n"
printf "testing only. By default, containers run without '--rm' will be restarted\n"
printf "automatically unless they are manually stopped via 'docker stop...'\n\n"
printf "%sThe script has the following parameters:\n" "$magenta"
printf "%s(parameter in cyan) %s(default in yellow)%s\n\n" \
"$cyan" "$yellow" "$norm"
printf "%s-t|--tag%s\n" "$cyan" "$norm"
printf "Change the version of the container downloaded by specifying a particular tag.\n"
printf "This can be useful when testing new versions or if you have to roll back to a\n"
printf "previous container version.\n"
printf "%s(latest)%s\n\n" "$yellow" "$norm"
printf "%s-n|--name%s\n" "$cyan" "$norm"
printf "Change the name of the container. This is cosmetic and does not affect\n"
printf "operation in any way.\n"
printf "%s(ab-openldap)%s\n\n" "$yellow" "$norm"
printf "%s--data%s\n" "$cyan" "$norm"
printf "Change the name of the docker volume used to persist data.\n"
printf "%s(ab-openldap_data)%s\n\n" "$yellow" "$norm"
printf "%s--ldif%s\n" "$cyan" "$norm"
printf "Change the name of the docker volume used to persist LDIFs.\n"
printf "%s(ab-openldap_ldif)%s\n\n" "$yellow" "$norm"
printf "%s--rm|--remove%s\n" "$cyan" "$norm"
printf "Automatically remove the container and volume (unless data is written) after it\n"
printf "is exited.\n"
printf "%s(off: do not destroy container when stopped)%s\n\n" \
"$yellow" "$norm"
printf "%s-s|--shell%s\n" "$cyan" "$norm"
printf "Enter the container using an interactive POSIX shell. This happens after\n"
printf "startup operations but *before* openLDAP (slapd) is actually started. This is\n"
printf "a great way to see configuration changes possibly stopping openLDAP from\n"
printf "starting. You can combine this with '--rm' for easy configuration checks.\n"
printf "%s(off: run in detached mode)%s\n\n" "$yellow" "$norm"
printf "%s--clean%s\n" "$cyan" "$norm"
printf "This option will stop ALL running openLDAP containers *AND DESTROY ALL\n"
printf "VOLUMES*. This is meant to give you a 'clean start' if you've made\n"
printf "configuration changes, etc.\n\n"
printf "%s--restore%s\n" "$cyan" "$norm"
printf "Restore a 'slapcat' backup to the data and ldif volume in preparation for\n"
printf "mounting them in a normal container.\n"
printf "It is strongly recommended you review your '-t' '--data' and '--ldif' settings\n"
printf "before proceeding with this option.\n\n"
printf "%s--backupdir%s\n" "$cyan" "$norm"
printf "Location of the 'slapcat' backup files which you want to restore.\n"
printf "%s(./restore)%s\n\n" "$yellow" "$norm"
printf "%sMore information can be found at:\n" "$yellow"
printf "https://git.asifbacchus.app/ab-docker/openldap/wiki\n"
printf "%s%80s\n\n" "$magenta" | tr " " "-"
printf "\n"
textblock "${bold}Usage: $scriptName [parameters]${norm}"
printf "\n"
textblock "This is a simple helper script so you can avoid lengthy typing when working with the openLDAP container. The script reads the contents of 'ab-openldap.params' and constructs various 'docker run' commands based on that file. The biggest timesaver is working with certificates. If they are specified in the '.params' file, the script will automatically bind-mount them so openLDAP starts in 'TLS required' mode."
printf "\n"
textblock "If you run the script with no parameters, it will execute the container 'normally': Run in detached mode with openLDAP automatically launched and logging to stdout. If you specified certificates, openLDAP will require a TLS connection. All modes of operation allow you to enter the container and connect directly using UNIX sockets also."
printf "\n"
textblock "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for testing only. By default, containers run without '--rm' will be restarted automatically unless they are manually stopped via 'docker stop...'"
printf "\n"
textblock "${magenta}The script has the following parameters:${norm}"
textblock "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}"
printf "\n"
textblock "${cyan}t|--tag ${yellow}(latest)${norm}"
textblock "Change the version of the container downloaded by specifying a particular tag. This can be useful when testing new versions or if you have to roll back to a previous container version."
printf "\n"
textblock "${cyan}-n|--name ${yellow}(ab-openldap)${norm}"
textblock "Change the name of the container. This is cosmetic and does not affect operation in any way."
printf "\n"
textblock "${cyan}--data ${yellow}(ab-openldap_data)${norm}"
textblock "Change the name of the docker volume used to persist data."
printf "\n"
textblock "${cyan}--ldif ${yellow}(ab-openldap_ldif)${norm}"
textblock "Change the name of the docker volume used to persist LDIFs."
printf "\n"
textblock "${cyan}--rm|--remove${norm}"
textblock "Switch parameter. Automatically remove the container and associated volumes (unless data is written) after it exits."
printf "\n"
textblock "${cyan}-s|--shell${norm}"
textblock "Switch parameter. Enter the container using an interactive POSIX shell. This happens after startup operations but *before* openLDAP (slapd) is started. This is a great way to test out configuration changes or run custom queries. You can combine this with '--rm' for easy configuration checks or LDIF imports."
printf "\n"
textblock "${cyan}--clean${norm}"
textblock "Switch parameter. This option will stop and remove ALL running openLDAP containers *AND DESTROY ALL VOLUMES*. This is meant to give you a 'clean start' if you've made configuration changes, etc."
printf "\n"
textblock "${cyan}--restore${norm}"
textblock "Switch parameter. Restore a 'slapcat' backup to the data and ldif volumes in preparation for mounting them in a normal container. It is strongly recommended you review your '-t' '--data' and '--ldif' settings before proceeding with this option."
printf "\n"
textblock "${cyan}--backupdir ${yellow}(./restore)${norm}"
textblock "Location of the 'slapcat' backup files to restore."
printf "\n\n"
textblock "More information about this script and the ab-openLDAP container can be found at ${magenta}https://git.asifbacchus.app/ab-docker/openldap/wiki${norm}"
printf "\n\n"
exit 0
}
@ -472,3 +454,14 @@ fi
### exit gracefully
exit 0
# error code reference:
# 0: exited normally, no errors
# 1: unknown startup option passed to script
# 2: current user is unauthorized to operate docker
# 3: 'params' file not found in same directory as script
# 5: specified TLS-related files (cert, key or chain) not found
#EOF

View File

@ -2,7 +2,7 @@
#
### backup openLDAP configuration and frontend database(s)
# version 3.0
# version 3.1
#
@ -167,6 +167,9 @@ scriptHelp () {
textblock "${cyan}-e, --extract${norm}"
textblock "Switch parameter. Extract your backup file (MUST be supplied using the --backupfile parameter) to the 'restore' subdirectory of the current directory or as specified using the '--output' parameter. This switch will log error code 8 if you try to extract an encrypted backup archive. In that case, use --decrypt instead."
printf "\n"
textblock "${cyan}--removeTLS${norm}"
textblock "Switch parameter. Remove olcTLS configuration parameters from your config DIT LDIF file. This is the only approved way to disable/change your TLS settings. Consult the openLDAP documentation or the repo wiki for more information."
printf "\n"
textblock "${cyan}--manualdecryption${norm}"
textblock "Display instructions on how to manually decrypt and extract your backup archive."
printf "\n\n"
@ -210,6 +213,8 @@ quickHelp () {
textblock "Decrypt and extract specified backup file to 'restore' subdirectory of current path/specified path (--output parameter)."
textblock "${cyan}-e, --extract${norm}"
textblock "Extract specified backup file to 'restore' subdirectory of current path/specified path (--output parameter)."
textblock "${cyan}--removeTLS${norm}"
textblock "Remove all olcTLS configuration settings from your config DIT LDIF restore file."
textblock "${cyan}--manualdecryption${norm}"
textblock "Display instructions on manually decrypting and extracting your backup archive."
printf "\n"
@ -467,12 +472,12 @@ if [ $extract = 'true' ]; then
# remove TLS configuration
if [ "$removeTLS" = 'true' ]; then
# get newest config-? file in outputLocation/restore directory
cnConfigFile=$( ls "${outputLocation%/}/restore" -t | head -n1 )
cnConfigFile=$( ls -Adt ${outputLocation%/}/restore/config-* | head -n1 )
# remove TLS configuration entries
logInfo 'task' "Removing TLS configuration $cnConfigFile... "
sed -i -e '/^olcTLS/d' "$cnConfigFile"
logInfo 'task' "Removing TLS configuration from '$cnConfigFile'"
sed -i -e '/^olcTLS/d' "$cnConfigFile" 2>> "$logfile"
# check our work
if ! grep -q '^olcTLS' "$cnConfigFile"; then
if ! grep -q '^olcTLS' "$cnConfigFile" 2>> "$logfile"; then
logInfo 'done'
else
logInfo 'err'