ab-docker/scripts
1
0
Fork 0
Code Releases Activity
dcfe2d5bc8
scripts/ab-openldap.sh
Asif Bacchus 5969b80ce2 update script from source
2019-10-21 01:32:53 -06:00

301 lines
12 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
### start openldap container using params file variables
#
# error code reference:
# 0: exited normally, no errors
# 1: unknown startup option passed to script
# 2: current user is unauthorized to operate docker
# 3: 'params' file not found in same directory as script
# 5: specified TLS-related files (cert, key or chain) not found
# text formatting presets
cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1)
magenta=$(tput setaf 5)
norm=$(tput sgr0)
red=$(tput setaf 1)
yellow=$(tput setaf 3)
### parameter defaults
clean=false
container_name="ab-openldap"
remove=0
shell=false
scriptHelp () {
printf "\n${magenta}%80s\n" | tr " " "-"
printf "${norm}This is a simple helper script so you can avoid lengthy typing when working\n"
printf "with the openLDAP container. The script reads the contents of 'ab-openldap.params'\n"
printf "and constructs various 'docker run' commands based on that file. The biggest\n"
printf "timesaver is working with certificates. If they are specified in the '.params',\n"
printf "the script will automatically bind-mount them so openLDAP starts in 'TLS\n"
printf "required' mode.\n\n"
printf "If you run the script with no parameters, it will execute the container\n"
printf "'normally': Run in detached mode with openLDAP automatically launched and\n"
printf "logging to stdout. If you specified certificates, openLDAP will require a TLS\n"
printf "connection. All modes of operation allow you to enter the container and\n"
printf "connect directly using UNIX sockets also.\n"
printf "Containers run in SHELL mode are ALWAYS removed upon exit as they are meant for\n"
printf "testing only. By default, containers run without '--rm' will be restarted\n"
printf "automatically unless they are manually stopped via 'docker stop...'\n\n"
printf "${magenta}The script has the following parameters:\n"
printf "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}\n\n"
printf "${cyan}-n|--name${norm}\n"
printf "Change the name of the container. This is cosmetic and does not affect\n"
printf "operation in any way.\n"
printf "${yellow}(ab-openldap)${norm}\n\n"
printf "${cyan}--rm|--remove${norm}\n"
printf "Automatically remove the container and volume (unless data is written) after it\n"
printf "is exited.\n"
printf "${yellow}(off: do not destroy container when stopped)${norm}\n\n"
printf "${cyan}-s|--shell${norm}\n"
printf "Enter the container using an interactive POSIX shell. This happens after\n"
printf "startup operations but *before* openLDAP (slapd) is actually started. This is\n"
printf "a great way to see configuration changes possibly stopping openLDAP from\n"
printf "starting. You can combine this with '--rm' for easy configuration checks.\n"
printf "${yellow}(off: run in detached mode)${norm}\n\n"
printf "${cyan}--clean${norm}\n"
printf "This option will stop ALL running openLDAP containers *AND DESTROY ALL\n"
printf "VOLUMES*. This is meant to give you a 'clean start' if you've made\n"
printf "configuration changes, etc.\n\n"
printf "${yellow}More information can be found at:\n"
printf "https://git.asifbacchus.app/ab-docker/openldap/wiki\n"
printf "${magenta}%80s\n\n" | tr " " "-"
exit 0
}
### pre-requisite checks
# is user root or in the docker group?
if [ ! "$( id -u )" -eq 0 ]; then
if ! id -Gn | grep docker > /dev/null; then
printf "${err}\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n${norm}"
exit 2
fi
fi
# does the params file exist?
if [ ! -f "./ab-openldap.params" ]; then
printf "${err}\nCannot find 'ab-openldap.params' file in the same directory as this script. Exiting.\n${norm}"
exit 3
fi
# read .params file
. ./ab-openldap.params
# check for certs if using TLS
if [ "$TLS_CERT" ]; then
if [ ! -f "$TLS_CERT" ]; then
printf "${err}\nCannot find specified TLS certificate file. Exiting.${norm}\n"
exit 5
fi
if [ ! -f "$TLS_KEY" ]; then
printf "${err}\nCannot find specified TLS private key file. Exiting.${norm}\n"
exit 5
fi
if [ ! -f "$TLS_CHAIN" ]; then
printf "${err}\nCannot find specified TLS certificate chain file. Exiting.${norm}\n"
exit 5
fi
fi
# process startup parameters
while [ $# -gt 0 ]; do
case "$1" in
-h|-\?|--help)
# display help
scriptHelp
exit 0
;;
--rm|--remove)
# remove container on exit
remove=1
;;
-s|--shell)
# start shell instead of default CMD
shell=true
;;
--clean)
# stop if necessary, delete volumes
clean=true
;;
-n|--name)
# container name
if [ -z "$2" ]; then
printf "${err}\nNo container name specified. Exiting.\n${norm}"
exit 1
fi
container_name="$2"
shift
;;
*)
printf "${err}\nUnknown option: %s\n" "$1"
printf "Use '--help' for valid options.\n\n${norm}"
exit 1
;;
esac
shift
done
# cleanup any running containers and volumes
if [ $clean = true ]; then
# get all ab-openldap containers
containers=$(docker ps -a --no-trunc --filter "label=org.label-schema.name=ab-openldap" --format "{{ .Names }}")
# check for null value -- no containers to remove
if [ -z "$containers" ]; then
printf "${err}No openldap containers to remove. Exiting.${norm}\n\n"
exit 0
fi
# iterate containers, stop them and remove straggling volumes
set -- dummy $containers
shift
for container; do
printf "\n${cyan}Found %s -- processing:${norm}\n" ${container}
volume=$(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/openldap/data" }}{{ .Name }}{{ end }}{{ end }}' ${container})
printf "\t${red}Stopping container...${norm}\n"
docker stop ${container} > /dev/null 2>&1
printf "\t${red}Removing container...${norm}\n"
docker rm ${container} > /dev/null 2>&1
printf "\t${red}Removing volume...${norm}\n"
docker volume rm ${volume} > /dev/null 2>&1
printf "${cyan}...done${norm}\n"
done
# run without TLS
elif [ -z "$TLS_CERT" ]; then
if [ $shell = true ]; then
# exec shell
printf "${cyan}\nRunning SHELL on %s...${norm}\n" "$container_name"
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run --rm -it --name ${container_name} \
--env-file ab-openldap.params \
-v "$MY_LDIF":/etc/openldap/customLDIF \
-p 389:389 -p 636:636 \
docker.asifbacchus.app/ldap/ab-openldap:latest /bin/sh
else
docker run --rm -it --name ${container_name} \
--env-file ab-openldap.params \
-p 389:389 -p 636:636 \
docker.asifbacchus.app/ldap/ab-openldap:latest /bin/sh
fi
else
# exec normally
printf "${cyan}\nRunning OPENLDAP on %s...${norm}\n" "$container_name"
if [ "$remove" -eq 1 ]; then
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run --rm -d --name ${container_name} \
--env-file ab-openldap.params \
-v "$MY_LDIF":/etc/openldap/customLDIF \
-p 389:389 -p 636:636 \
docker.asifbacchus.app/ldap/ab-openldap:latest
else
docker run --rm -d --name ${container_name} \
--env-file ab-openldap.params \
-p 389:389 -p 636:636 \
docker.asifbacchus.app/ldap/ab-openldap:latest
fi
else
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run -d --name ${container_name} \
--env-file ab-openldap.params \
-v "$MY_LDIF":/etc/openldap/customLDIF \
-p 389:389 -p 636:636 \
--restart unless-stopped \
docker.asifbacchus.app/ldap/ab-openldap:latest
else
docker run -d --name ${container_name} \
--env-file ab-openldap.params \
-p 389:389 -p 636:636 \
--restart unless-stopped \
docker.asifbacchus.app/ldap/ab-openldap:latest
fi
fi
fi
# run with TLS
elif [ "$TLS_CERT" ] && [ "$TLS_KEY" ] && [ "$TLS_CHAIN" ]; then
if [ $shell = true ]; then
# exec shell
printf "${cyan}\nRunning SHELL on %s (TLS)...${norm}\n" "$container_name"
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run --rm -it --name ${container_name} \
--env-file ab-openldap.params \
-v "$MY_LDIF":/etc/openldap/customLDIF \
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
docker.asifbacchus.app/ldap/ab-openldap:latest /bin/sh
else
docker run --rm -it --name ${container_name} \
--env-file ab-openldap.params \
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
docker.asifbacchus.app/ldap/ab-openldap:latest /bin/sh
fi
else
# exec normally
printf "${cyan}\nRunning OPENLDAP on %s (TLS)...${norm}\n" "$container_name"
if [ "$remove" -eq 1 ]; then
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run --rm -d --name ${container_name} \
--env-file ab-openldap.params \
-v "$MY_LDIF":/etc/openldap/customLDIF \
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
docker.asifbacchus.app/ldap/ab-openldap:latest
else
docker run --rm -d --name ${container_name} \
--env-file ab-openldap.params \
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
docker.asifbacchus.app/ldap/ab-openldap:latest
fi
else
if [ -d "$MY_LDIF" ]; then
# bind-mount custom LDIFs if specified
docker run -d --name ${container_name} \
--env-file ab-openldap.params \
-v "$MY_LDIF":/etc/openldap/customLDIF \
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
--restart unless-stopped \
docker.asifbacchus.app/ldap/ab-openldap:latest
else
docker run -d --name ${container_name} \
--env-file ab-openldap.params \
-v "$TLS_CERT":/certs/fullchain.pem:ro \
-v "$TLS_KEY":/certs/privkey.pem:ro \
-v "$TLS_CHAIN":/certs/chain.pem:ro \
-p 389:389 -p 636:636 \
--restart unless-stopped \
docker.asifbacchus.app/ldap/ab-openldap:latest
fi
fi
fi
fi
### exit gracefully
exit 0
View Git Blame Copy Permalink