Skip to content

Commit 85e21fb

Browse files
tiredofittiredofit
committed
Add '_FILE' support to variables
1 parent eef12b6 commit 85e21fb

File tree

5 files changed

+55
-64
lines changed

5 files changed

+55
-64
lines changed

README.md

+25-25
Original file line numberDiff line numberDiff line change
@@ -135,17 +135,17 @@ Be sure to view the following repositories to understand all the customizable op
135135

136136
#### Required for new setup
137137

138-
| Variable | Description | Default |
139-
| ---------------------- | ------------------------------------------------------------- | ---------------------- |
140-
| `DOMAIN` | LDAP domain. | `example.org` |
141-
| `BASE_DN` | LDAP base DN. If empty automatically set from `DOMAIN` value. | (empty) |
142-
| `ADMIN_PASS` | Ldap Admin password. | `admin` |
143-
| `CONFIG_PASS` | Ldap Config password. | `config` |
144-
| `ORGANIZATION` | Organization Name | `Example Organization` |
145-
| `ENABLE_READONLY_USER` | Add a read only/Simple Security Object/DSA | `false` |
146-
| `READONLY_USER_USER` | Read only user username. | `readonly` |
147-
| `READONLY_USER_PASS` | Read only user password. | `readonly` |
148-
| `SCHEMA_TYPE` | Use `nis` or `rfc2307bis` core schema. | `nis` |
138+
| Variable | Description | Default | `_FILE` |
139+
| ---------------------- | ------------------------------------------------------------- | ---------------------- | ------- |
140+
| `DOMAIN` | LDAP domain. | `example.org` | |
141+
| `BASE_DN` | LDAP base DN. If empty automatically set from `DOMAIN` value. | (empty) | |
142+
| `ADMIN_PASS` | Ldap Admin password. | `admin` | x |
143+
| `CONFIG_PASS` | Ldap Config password. | `config` | x |
144+
| `ORGANIZATION` | Organization Name | `Example Organization` | |
145+
| `ENABLE_READONLY_USER` | Add a read only/Simple Security Object/DSA | `false` | |
146+
| `READONLY_USER_USER` | Read only user username. | `readonly` | x |
147+
| `READONLY_USER_PASS` | Read only user password. | `readonly` | x |
148+
| `SCHEMA_TYPE` | Use `nis` or `rfc2307bis` core schema. | `nis` | |
149149

150150
#### Logging Options
151151

@@ -183,15 +183,15 @@ Be sure to view the following repositories to understand all the customizable op
183183

184184
If `BACKUP_LOCATION` = `S3` then the following options are used.
185185

186-
| Variable | Description | Default |
187-
| ---------------------- | --------------------------------------------------------------------------------------- | ------------- |
188-
| `BACKUP_S3_BUCKET` | S3 Bucket name e.g. 'mybucket' | |
189-
| `BACKUP_S3_HOST` | Hostname of S3 Server e.g "s3.amazonaws.com" - You can also include a port if necessary | |
190-
| `BACKUP_S3_KEY_ID` | S3 Key ID | |
191-
| `BACKUP_S3_KEY_SECRET` | S3 Key Secret | |
192-
| `BACKUP_S3_PATH` | S3 Pathname to save to e.g. '`backup`' | |
193-
| `BACKUP_S3_PROTOCOL` | Use either `http` or `https` to access service | `https` |
194-
| `BACKUP_S3_URI_STYLE` | Choose either `VIRTUALHOST` or `PATH` style | `VIRTUALHOST` |
186+
| Variable | Description | Default | `_FILE` |
187+
| ---------------------- | --------------------------------------------------------------------------------------- | ------------- | ------- |
188+
| `BACKUP_S3_BUCKET` | S3 Bucket name e.g. 'mybucket' | | x |
189+
| `BACKUP_S3_HOST` | Hostname of S3 Server e.g "s3.amazonaws.com" - You can also include a port if necessary | | x |
190+
| `BACKUP_S3_KEY_ID` | S3 Key ID | | x |
191+
| `BACKUP_S3_KEY_SECRET` | S3 Key Secret | | x |
192+
| `BACKUP_S3_PATH` | S3 Pathname to save to e.g. '`backup`' | | x |
193+
| `BACKUP_S3_PROTOCOL` | Use either `http` or `https` to access service | `https` | x |
194+
| `BACKUP_S3_URI_STYLE` | Choose either `VIRTUALHOST` or `PATH` style | `VIRTUALHOST` | |
195195

196196

197197
#### Password Policy Options
@@ -239,12 +239,12 @@ If you already have a check_password.conf or ppm.conf in /etc/openldap/ the foll
239239

240240
#### Replication options
241241

242-
| Variable | Description | Default |
243-
| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
242+
| Variable | Description | Default | `_FILE` |
243+
| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
244244
| `ENABLE_REPLICATION` | Add replication capabilities. Multimaster only at present. | `false` |
245-
| `REPLICATION_CONFIG_SYNCPROV` | olcSyncRepl options used for the config database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=config" bindmethod=simple credentials=$CONFIG_PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 filter="(!(objectclass=olcGlobal))"` |
246-
| `REPLICATION_DB_SYNCPROV` | olcSyncRepl options used for the database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=admin,$BASE_DN" bindmethod=simple credentials=$ADMIN_PASS searchbase="$BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1` |
247-
| `REPLICATION_HOSTS` | list of replication hosts seperated by a space, must contain the current container hostname set by --hostname on docker run command. If replicating all hosts must be set in the same order. Example - `ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com` |
245+
| `REPLICATION_CONFIG_SYNCPROV` | olcSyncRepl options used for the config database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=config" bindmethod=simple credentials=$CONFIG_PASS searchbase="cn=config" type=refreshAndPersist retry="5 5 60 +" timeout=1 filter="(!(objectclass=olcGlobal))"` | x |
246+
| `REPLICATION_DB_SYNCPROV` | olcSyncRepl options used for the database. Without rid and provider which are automatically added based on `REPLICATION_HOSTS`. | `binddn="cn=admin,$BASE_DN" bindmethod=simple credentials=$ADMIN_PASS searchbase="$BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 60 +" timeout=1` | x |
247+
| `REPLICATION_HOSTS` | list of replication hosts seperated by a space, must contain the current container hostname set by --hostname on docker run command. If replicating all hosts must be set in the same order. Example - `ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com` | x |
248248
| `REPLICATION_SAFETY_CHECK` | Check to see if all hosts resolve before starting replication - Introduced as a safety measure to avoid slapd not starting. | `TRUE` |
249249
| `WAIT_FOR_REPLICAS` | should we wait for configured replicas to come online (respond to ping) before startup? | `false` |
250250

install/assets/functions/10-openldap

+15-6
Original file line numberDiff line numberDiff line change
@@ -217,10 +217,14 @@ configure_ldap_server() {
217217
if [ ! -e "$first_start_done" ]; then
218218
new_install=false
219219

220-
file_env 'CONFIG_PASS'
221-
file_env 'ADMIN_PASS'
220+
transform_var \
221+
ADMIN_PASS \
222+
CONFIG_PASS
223+
222224
if var_true "${ENABLE_READONLY_USER}"; then
223-
file_env 'READONLY_USER_PASS'
225+
transform_var \
226+
READONLY_USER_USER \
227+
READONLY_USER_PASS
224228
fi
225229

226230
# setup bootstrap config - Part 1
@@ -439,9 +443,9 @@ EOF
439443
READONLY_USER_PASS_ENCRYPTED="$(slappasswd -s "${READONLY_USER_PASS}")"
440444
for readonly_ldif in /assets/slapd/config/bootstrap/ldif/readonly-user/*.ldif; do
441445
update_template "${readonly_ldif}" \
442-
BASE_DN \
443-
READONLY_USER_USER \
444-
READONLY_USER_PASS_ENCRYPTED
446+
BASE_DN \
447+
READONLY_USER_USER \
448+
READONLY_USER_PASS_ENCRYPTED
445449
done
446450
fi
447451

@@ -533,6 +537,11 @@ EOF
533537
print_notice "Configuring replication"
534538
replication_disable || true
535539

540+
transform_var \
541+
REPLICATION_HOSTS \
542+
REPLICATION_HOSTS_CONFIG_SYNC_PROV \
543+
REPLICATION_HOSTS_DB_SYNC_PROV
544+
536545
i=1
537546
replhosts=$(echo "${REPLICATION_HOSTS}" | tr " " "\n")
538547
get_ldap_base_dn

install/assets/slapd/config/bootstrap/default/default.sh

+5-2
Original file line numberDiff line numberDiff line change
@@ -29,9 +29,12 @@ for elem in "${domain_elems[@]}" ; do
2929
fi
3030
done
3131

32-
file_env "ADMIN_PASS"
32+
transform_var \
33+
ADMIN_PASS \
34+
READONLY_USER_USER
35+
READONLY_USER_PASS
36+
3337
ADMIN_PASS_ENCRYPTED=$(slappasswd -s "${ADMIN_PASS}")
34-
file_env "READONLY_USER_PASS"
3538
READONLY_USER_PASS_ENCRYPTED=$(slappasswd -s "${READONLY_USER_PASS}")
3639

3740
cat <<EOF > /tmp/00-default-data.ldif

install/etc/services.available/20-openldap-backup/run

+7-8
Original file line numberDiff line numberDiff line change
@@ -8,14 +8,13 @@ check_service_initialized init 10-openldap
88
liftoff
99

1010
if [ "${BACKUP_LOCATION}" = "s3" ] || [ "${BACKUP_LOCATION}" = "minio" ]; then
11-
S3_PROTOCOL=${S3_PROTOCOL:-"https"}
12-
sanity_var S3_BUCKET "S3 Bucket"
13-
sanity_var S3_KEY_ID "S3 Key ID"
14-
sanity_var S3_KEY_SECRET "S3 Key Secret"
15-
sanity_var S3_PATH "S3 Path"
16-
sanity_var S3_REGION "S3 Region"
17-
file_env 'S3_KEY_ID'
18-
file_env 'S3_KEY_SECRET'
11+
transform_var \
12+
S3_BUCKET \
13+
S3_KEY_ID \
14+
S3_KEY_SECRET \
15+
S3_KEY_PATH \
16+
S3_KEY_REGION \
17+
S3_PROTOCOL
1918
fi
2019

2120
### Set Compression Options

install/etc/zabbix/zabbix_agentd.conf.d/scripts/openldap-stats.sh

+3-23
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,6 @@
11
#!/command/with-contenv bash
22

3-
# usage: file_env VAR [DEFAULT]
4-
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
5-
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
6-
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
7-
8-
function file_env () {
9-
local var="$1"
10-
local fileVar="${var}_FILE"
11-
local def="${2:-}"
12-
local val="$def"
13-
if [ "${!fileVar:-}" ]; then
14-
val="$(cat "${!fileVar}")"
15-
elif [ "${!var:-}" ]; then
16-
val="${!var}"
17-
fi
18-
if [ -z ${val} ]; then
19-
print_error "error: neither $var nor $fileVar are set but are required"
20-
exit 1
21-
fi
22-
export "$var"="$val"
23-
unset "$fileVar"
24-
}
3+
source /assets/functions/00-container
254

265
# if BASE_DN is empty set value from DOMAIN
276
if [ -z "${BASE_DN}" ]; then
@@ -34,7 +13,8 @@ if [ -z "${BASE_DN}" ]; then
3413
BASE_DN=${BASE_DN::-1}
3514
fi
3615

37-
file_env 'ADMIN_PASS'
16+
transform_var \
17+
ADMIN_PASS
3818

3919
#dynamic
4020
LDAP_PARAM="$1"

0 commit comments

Comments
 (0)