#!/bin/sh # ### start openldap container using params file variables # # error code reference: # 0: exited normally, no errors # 1: unknown startup option passed to script # 2: current user is unauthorized to operate docker # 3: 'params' file not found in same directory as script # 5: specified TLS-related files (cert, key or chain) not found # text formatting presets cyan=$(tput setaf 6) err=$(tput bold)$(tput setaf 1) magenta=$(tput setaf 5) norm=$(tput sgr0) red=$(tput setaf 1) yellow=$(tput setaf 3) ### parameter defaults clean=false container_name="ab-openldap" unset remove shell=false scriptHelp () { printf "\n${magenta}%80s\n" | tr " " "-" printf "${norm}This is a simple helper script so you can avoid lengthy typing when working\n" printf "with the openLDAP container. The script reads the contents of 'ab-openldap.params'\n" printf "and constructs various 'docker run' commands based on that file. The biggest\n" printf "timesaver is working with certificates. If they are specified in the '.params',\n" printf "the script will automatically bind-mount them so openLDAP starts in 'TLS\n" printf "required' mode.\n\n" printf "If you run the script with no parameters, it will execute the container\n" printf "'normally': Run in detached mode with openLDAP automatically launched and\n" printf "logging to stdout. If you specified certificates, openLDAP will require a TLS\n" printf "connection. All modes of operation allow you to enter the container and\n" printf "connect directly using UNIX sockets also.\n" printf "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for\n" printf "testing only. By default, containers run without '--rm' will be restarted\n" printf "automatically unless they are manually stopped via 'docker stop...'\n\n" printf "${magenta}The script has the following parameters:\n" printf "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}\n\n" printf "${cyan}-n|--name${norm}\n" printf "Change the name of the container. This is cosmetic and does not affect\n" printf "operation in any way.\n" printf "${yellow}(ab-openldap)${norm}\n\n" printf "${cyan}--rm|--remove${norm}\n" printf "Automatically remove the container and volume (unless data is written) after it\n" printf "is exited.\n" printf "${yellow}(off: do not destroy container when stopped)${norm}\n\n" printf "${cyan}-s|--shell${norm}\n" printf "Enter the container using an interactive POSIX shell. This happens after\n" printf "startup operations but *before* openLDAP (slapd) is actually started. This is\n" printf "a great way to see configuration changes possibly stopping openLDAP from\n" printf "starting. You can combine this with '--rm' for easy configuration checks.\n" printf "${yellow}(off: run in detached mode)${norm}\n\n" printf "${cyan}--clean${norm}\n" printf "This option will stop ALL running openLDAP containers *AND DESTROY ALL\n" printf "VOLUMES*. This is meant to give you a 'clean start' if you've made\n" printf "configuration changes, etc.\n\n" printf "${yellow}More information can be found at:\n" printf "https://git.asifbacchus.app/ab-docker/openldap/wiki\n" printf "${magenta}%80s\n\n" | tr " " "-" exit 0 } ### pre-requisite checks # is user root or in the docker group? if [ ! "$( id -u )" -eq 0 ]; then if ! id -Gn | grep docker > /dev/null; then printf "${err}\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n${norm}" exit 2 fi fi # does the params file exist? if [ ! -f "./ab-openldap.params" ]; then printf "${err}\nCannot find 'ab-openldap.params' file in the same directory as this script. Exiting.\n${norm}" exit 3 fi # read .params file . ./ab-openldap.params # check for certs if using TLS if [ "$TLS_CERT" ]; then if [ ! -f "$TLS_CERT" ]; then printf "${err}\nCannot find specified TLS certificate file. Exiting.${norm}\n" exit 5 fi if [ ! -f "$TLS_KEY" ]; then printf "${err}\nCannot find specified TLS private key file. Exiting.${norm}\n" exit 5 fi if [ ! -f "$TLS_CHAIN" ]; then printf "${err}\nCannot find specified TLS certificate chain file. Exiting.${norm}\n" exit 5 fi fi # process startup parameters while [ $# -gt 0 ]; do case "$1" in -h|-\?|--help) # display help scriptHelp exit 0 ;; --rm|--remove) # remove container on exit remove=1 ;; -s|--shell) # start shell instead of default CMD shell=true ;; --clean) # stop if necessary, delete volumes clean=true ;; -n|--name) # container name if [ -z "$2" ]; then printf "${err}\nNo container name specified. Exiting.\n${norm}" exit 1 fi container_name="$2" shift ;; *) printf "${err}\nUnknown option: %s\n" "$1" printf "Use '--help' for valid options.\n\n${norm}" exit 1 ;; esac shift done # cleanup any running containers and volumes if [ $clean = true ]; then # get all ab-openldap containers containers=$(docker ps -a --no-trunc --filter "label=org.label-schema.name=ab-openldap" --format "{{ .Names }}") # check for null value -- no containers to remove if [ -z "$containers" ]; then printf "${err}No openldap containers to remove. Exiting.${norm}\n\n" exit 0 fi # iterate containers, stop them and remove straggling volumes set -- dummy $containers shift for container; do printf "\n${cyan}Found %s -- processing:${norm}\n" ${container} volume=$(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/openldap/data" }}{{ .Name }}{{ end }}{{ end }}' ${container}) printf "\t${red}Stopping container...${norm}\n" docker stop ${container} > /dev/null 2>&1 printf "\t${red}Removing container...${norm}\n" docker rm ${container} > /dev/null 2>&1 printf "\t${red}Removing volume...${norm}\n" docker volume rm ${volume} > /dev/null 2>&1 printf "${cyan}...done${norm}\n" done # run without TLS elif [ -z "$TLS_CERT" ]; then if [ $shell = true ]; then # exec shell printf "${cyan}\nRunning SHELL on %s...${norm}\n" "$container_name" if [ -d "$MY_LDIF" ]; then # bind-mount custom LDIFs if specified docker run --rm -it --name ${container_name} \ --env-file ab-openldap.params \ -v "$MY_LDIF":/etc/openldap/customLDIF \ -p 389:389 -p 636:636 \ docker.asifbacchus.app/ldap/ab-openldap:latest /bin/sh else docker run --rm -it --name ${container_name} \ --env-file ab-openldap.params \ -p 389:389 -p 636:636 \ docker.asifbacchus.app/ldap/ab-openldap:latest /bin/sh fi else # exec normally printf "${cyan}\nRunning OPENLDAP on %s...${norm}\n" "$container_name" if [ "$remove" -eq 1 ]; then if [ -d "$MY_LDIF" ]; then # bind-mount custom LDIFs if specified docker run --rm -d --name ${container_name} \ --env-file ab-openldap.params \ -v "$MY_LDIF":/etc/openldap/customLDIF \ -p 389:389 -p 636:636 \ docker.asifbacchus.app/ldap/ab-openldap:latest else docker run --rm -d --name ${container_name} \ --env-file ab-openldap.params \ -p 389:389 -p 636:636 \ docker.asifbacchus.app/ldap/ab-openldap:latest fi else if [ -d "$MY_LDIF" ]; then # bind-mount custom LDIFs if specified docker run -d --name ${container_name} \ --env-file ab-openldap.params \ -v "$MY_LDIF":/etc/openldap/customLDIF \ -p 389:389 -p 636:636 \ --restart unless-stopped \ docker.asifbacchus.app/ldap/ab-openldap:latest else docker run -d --name ${container_name} \ --env-file ab-openldap.params \ -p 389:389 -p 636:636 \ --restart unless-stopped \ docker.asifbacchus.app/ldap/ab-openldap:latest fi fi fi # run with TLS elif [ "$TLS_CERT" ] && [ "$TLS_KEY" ] && [ "$TLS_CHAIN" ]; then if [ $shell = true ]; then # exec shell printf "${cyan}\nRunning SHELL on %s (TLS)...${norm}\n" "$container_name" if [ -d "$MY_LDIF" ]; then # bind-mount custom LDIFs if specified docker run --rm -it --name ${container_name} \ --env-file ab-openldap.params \ -v "$MY_LDIF":/etc/openldap/customLDIF \ -v "$TLS_CERT":/certs/fullchain.pem:ro \ -v "$TLS_KEY":/certs/privkey.pem:ro \ -v "$TLS_CHAIN":/certs/chain.pem:ro \ -p 389:389 -p 636:636 \ docker.asifbacchus.app/ldap/ab-openldap:latest /bin/sh else docker run --rm -it --name ${container_name} \ --env-file ab-openldap.params \ -v "$TLS_CERT":/certs/fullchain.pem:ro \ -v "$TLS_KEY":/certs/privkey.pem:ro \ -v "$TLS_CHAIN":/certs/chain.pem:ro \ -p 389:389 -p 636:636 \ docker.asifbacchus.app/ldap/ab-openldap:latest /bin/sh fi else # exec normally printf "${cyan}\nRunning OPENLDAP on %s (TLS)...${norm}\n" "$container_name" if [ "$remove" -eq 1 ]; then if [ -d "$MY_LDIF" ]; then # bind-mount custom LDIFs if specified docker run --rm -d --name ${container_name} \ --env-file ab-openldap.params \ -v "$MY_LDIF":/etc/openldap/customLDIF \ -v "$TLS_CERT":/certs/fullchain.pem:ro \ -v "$TLS_KEY":/certs/privkey.pem:ro \ -v "$TLS_CHAIN":/certs/chain.pem:ro \ -p 389:389 -p 636:636 \ docker.asifbacchus.app/ldap/ab-openldap:latest else docker run --rm -d --name ${container_name} \ --env-file ab-openldap.params \ -v "$TLS_CERT":/certs/fullchain.pem:ro \ -v "$TLS_KEY":/certs/privkey.pem:ro \ -v "$TLS_CHAIN":/certs/chain.pem:ro \ -p 389:389 -p 636:636 \ docker.asifbacchus.app/ldap/ab-openldap:latest fi else if [ -d "$MY_LDIF" ]; then # bind-mount custom LDIFs if specified docker run -d --name ${container_name} \ --env-file ab-openldap.params \ -v "$MY_LDIF":/etc/openldap/customLDIF \ -v "$TLS_CERT":/certs/fullchain.pem:ro \ -v "$TLS_KEY":/certs/privkey.pem:ro \ -v "$TLS_CHAIN":/certs/chain.pem:ro \ -p 389:389 -p 636:636 \ --restart unless-stopped \ docker.asifbacchus.app/ldap/ab-openldap:latest else docker run -d --name ${container_name} \ --env-file ab-openldap.params \ -v "$TLS_CERT":/certs/fullchain.pem:ro \ -v "$TLS_KEY":/certs/privkey.pem:ro \ -v "$TLS_CHAIN":/certs/chain.pem:ro \ -p 389:389 -p 636:636 \ --restart unless-stopped \ docker.asifbacchus.app/ldap/ab-openldap:latest fi fi fi fi ### exit gracefully exit 0