amoralej / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 years ago
Clone

Blame SOURCES/0007-Issue-49065-dbmon.sh-fails-if-you-have-nsslapd-requi.patch

74ca47
From edf3d210e9ba9006f87e0597b052fa925c68ddc2 Mon Sep 17 00:00:00 2001
74ca47
From: Mark Reynolds <mreynolds@redhat.com>
74ca47
Date: Mon, 20 Mar 2017 17:35:10 -0400
74ca47
Subject: [PATCH] Issue 49065 - dbmon.sh fails if you have
74ca47
 nsslapd-require-secure-binds enabled
74ca47
74ca47
Description:  Add the ability to detect if security is enabled, if so connect using
74ca47
              start TLS.  Added a new param SERVID for specifying which instance
74ca47
              you want to look at.
74ca47
74ca47
https://pagure.io/389-ds-base/issue/49065
74ca47
74ca47
Reviewed by: firstyear(Thanks!)
74ca47
---
74ca47
 Makefile.am                                      |  2 +-
74ca47
 ldap/admin/src/scripts/{dbmon.sh => dbmon.sh.in} | 62 ++++++++++++++++++++++--
74ca47
 man/man8/dbmon.sh.8                              | 14 +++---
74ca47
 3 files changed, 65 insertions(+), 13 deletions(-)
74ca47
 rename ldap/admin/src/scripts/{dbmon.sh => dbmon.sh.in} (81%)
74ca47
 mode change 100755 => 100644
74ca47
74ca47
diff --git a/Makefile.am b/Makefile.am
74ca47
index 9aebb6b..4a4b2d3 100644
74ca47
--- a/Makefile.am
74ca47
+++ b/Makefile.am
74ca47
@@ -235,7 +235,7 @@ CLEANFILES =  dberrstrs.h ns-slapd.properties \
74ca47
 	ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \
74ca47
 	ldap/admin/src/scripts/ds_selinux_port_query ldap/admin/src/scripts/ds_selinux_enabled \
74ca47
 	ldap/admin/src/scripts/dbverify ldap/admin/src/scripts/readnsstate \
74ca47
-	doxyfile.stamp \
74ca47
+	doxyfile.stamp ldap/admin/src/scripts/dbmon.sh \
74ca47
 	$(NULL)
74ca47
 
74ca47
 clean-local:
74ca47
diff --git a/ldap/admin/src/scripts/dbmon.sh b/ldap/admin/src/scripts/dbmon.sh.in
74ca47
old mode 100755
74ca47
new mode 100644
74ca47
similarity index 81%
74ca47
rename from ldap/admin/src/scripts/dbmon.sh
74ca47
rename to ldap/admin/src/scripts/dbmon.sh.in
74ca47
index 3b8b4d1..4ee6adc
74ca47
--- a/ldap/admin/src/scripts/dbmon.sh
74ca47
+++ b/ldap/admin/src/scripts/dbmon.sh.in
74ca47
@@ -8,10 +8,11 @@
74ca47
 # END COPYRIGHT BLOCK
74ca47
 #
74ca47
 
74ca47
+. @datadir@/@package_name@/data/DSSharedLib
74ca47
+
74ca47
 DURATION=${DURATION:-0}
74ca47
 INCR=${INCR:-1}
74ca47
-HOST=${HOST:-localhost}
74ca47
-PORT=${PORT:-389}
74ca47
+SERVID=${SERVID}
74ca47
 BINDDN=${BINDDN:-"cn=directory manager"}
74ca47
 BINDPW=${BINDPW:-"secret"}
74ca47
 DBLIST=${DBLIST:-all}
74ca47
@@ -180,10 +181,63 @@ parseldif() {
74ca47
 }
74ca47
 
74ca47
 dodbmon() {
74ca47
+    initfile=$(get_init_file "@initconfigdir@" $SERVID)
74ca47
+    if [ $? -eq 1 ]
74ca47
+    then
74ca47
+        echo "You must supply a valid server instance identifier (via SERVID)."
74ca47
+        echo "Available instances: $initfile"
74ca47
+        exit 1
74ca47
+    fi
74ca47
+
74ca47
+    . $initfile
74ca47
+
74ca47
+    process_dse $CONFIG_DIR $$
74ca47
+    file="/tmp/DSSharedLib.$$"
74ca47
+    port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' )
74ca47
+    host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' )
74ca47
+    security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' )
74ca47
+    certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
74ca47
+    rm $file
74ca47
+
74ca47
+    if [ -n "$ldapiURL" ]
74ca47
+    then
74ca47
+        ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
74ca47
+        ldapiURL="ldapi://"$ldapiURL
74ca47
+    fi
74ca47
+
74ca47
+    client_type=`ldapsearch -V 2>&1;;
74ca47
+    echo "$client_type" | grep -q "OpenLDAP"
74ca47
+    if  [ $? -eq 0 ]
74ca47
+    then
74ca47
+        openldap="yes"
74ca47
+        export LDAPTLS_CACERTDIR=$certdir
74ca47
+    fi
74ca47
+
74ca47
+    if [ -z $security ]; then
74ca47
+        security="off"
74ca47
+    fi
74ca47
+
74ca47
     while [ 1 ] ; do
74ca47
         date
74ca47
-        ldapsearch -xLLL -h $HOST -p $PORT -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
74ca47
-        | parseldif
74ca47
+        if [ "$security" = "on" ]; then
74ca47
+            # STARTTLS
74ca47
+	    if [ "$openldap" = "yes" ]; then
74ca47
+	        ldapsearch -x -LLL -ZZ -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
74ca47
+                | parseldif
74ca47
+	    else
74ca47
+	        ldapsearch -ZZZ -P $certdir  -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
74ca47
+                | parseldif
74ca47
+	    fi
74ca47
+        else
74ca47
+            # LDAP
74ca47
+            if [ "$openldap" = "yes" ]; then
74ca47
+	        ldapsearch -x -LLL -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
74ca47
+                | parseldif
74ca47
+            else
74ca47
+	        ldapsearch -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
74ca47
+                | parseldif
74ca47
+            fi
74ca47
+        fi
74ca47
         echo ""
74ca47
         sleep $INCR
74ca47
     done
74ca47
diff --git a/man/man8/dbmon.sh.8 b/man/man8/dbmon.sh.8
74ca47
index 49e61d0..ad318a1 100644
74ca47
--- a/man/man8/dbmon.sh.8
74ca47
+++ b/man/man8/dbmon.sh.8
74ca47
@@ -2,7 +2,7 @@
74ca47
 .\" First parameter, NAME, should be all caps
74ca47
 .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
74ca47
 .\" other parameters are allowed: see man(7), man(1)
74ca47
-.TH DBMON.SH 8 "Jul 25, 2014"
74ca47
+.TH DBMON.SH 8 "Mar 20, 2017"
74ca47
 .\" Please adjust this date whenever revising the manpage.
74ca47
 .\"
74ca47
 .\" Some roff macros, for reference:
74ca47
@@ -18,7 +18,7 @@
74ca47
 .SH NAME 
74ca47
 dbmon.sh - Directory Server script for monitoring database and entry cache usage
74ca47
 .SH SYNOPSIS
74ca47
-[INCR=num] [HOST=hostname] [PORT=num] [BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh
74ca47
+[INCR=num] [SERVID=server_id][BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh
74ca47
 .SH DESCRIPTION
74ca47
 dbmon.sh is a tool used to monitor database and entry cache usage. It is especially useful for database cache and entry/dn cache tuning - how much space is left, is the cache full, how much space on average do I need per entry/dn.
74ca47
 .SH OPTIONS
74ca47
@@ -31,9 +31,7 @@ All arguments are optional, but you will most likely have to provide BINDPW
74ca47
 .TP
74ca47
 .B \fBINCR\fR - show results every INCR seconds - default is 1 second
74ca47
 .TP
74ca47
-.B \fBHOST\fR - name of host or IP address - default is "localhost"
74ca47
-.TP
74ca47
-.B \fBPORT\fR - port number (LDAP not LDAPS) - default is 389
74ca47
+.B \fBSERVID\fR - Name of the server instance
74ca47
 .TP
74ca47
 .B \fBBINDDN\fR - DN to use to bind - must have permission to read everything under cn=config - default is cn=Directory Manager
74ca47
 .TP
74ca47
@@ -46,11 +44,11 @@ All arguments are optional, but you will most likely have to provide BINDPW
74ca47
 .B \fBVERBOSE\fR - output level - 0 == suitable for parsing by a script - 1 == has column headings - 2 == provides detailed descriptions of the data - default is 0
74ca47
 
74ca47
 .SH EXAMPLE
74ca47
-INCR=1 HOST=ldap.example.com BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh
74ca47
+INCR=1 SERVID=slapd-localhost BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh
74ca47
 
74ca47
 .SH AUTHOR
74ca47
 dbmon.sh was written by the 389 Project.
74ca47
 .SH "REPORTING BUGS"
74ca47
-Report bugs to https://fedorahosted.org/389/newticket.
74ca47
+Report bugs to https://pagure.io/389-ds-base/new_issue
74ca47
 .SH COPYRIGHT
74ca47
-Copyright \(co 2014 Red Hat, Inc.
74ca47
+Copyright \(co 2017 Red Hat, Inc.
74ca47
-- 
74ca47
2.9.3
74ca47