|
|
74ca47 |
From edf3d210e9ba9006f87e0597b052fa925c68ddc2 Mon Sep 17 00:00:00 2001
|
|
|
74ca47 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
74ca47 |
Date: Mon, 20 Mar 2017 17:35:10 -0400
|
|
|
74ca47 |
Subject: [PATCH] Issue 49065 - dbmon.sh fails if you have
|
|
|
74ca47 |
nsslapd-require-secure-binds enabled
|
|
|
74ca47 |
|
|
|
74ca47 |
Description: Add the ability to detect if security is enabled, if so connect using
|
|
|
74ca47 |
start TLS. Added a new param SERVID for specifying which instance
|
|
|
74ca47 |
you want to look at.
|
|
|
74ca47 |
|
|
|
74ca47 |
https://pagure.io/389-ds-base/issue/49065
|
|
|
74ca47 |
|
|
|
74ca47 |
Reviewed by: firstyear(Thanks!)
|
|
|
74ca47 |
---
|
|
|
74ca47 |
Makefile.am | 2 +-
|
|
|
74ca47 |
ldap/admin/src/scripts/{dbmon.sh => dbmon.sh.in} | 62 ++++++++++++++++++++++--
|
|
|
74ca47 |
man/man8/dbmon.sh.8 | 14 +++---
|
|
|
74ca47 |
3 files changed, 65 insertions(+), 13 deletions(-)
|
|
|
74ca47 |
rename ldap/admin/src/scripts/{dbmon.sh => dbmon.sh.in} (81%)
|
|
|
74ca47 |
mode change 100755 => 100644
|
|
|
74ca47 |
|
|
|
74ca47 |
diff --git a/Makefile.am b/Makefile.am
|
|
|
74ca47 |
index 9aebb6b..4a4b2d3 100644
|
|
|
74ca47 |
--- a/Makefile.am
|
|
|
74ca47 |
+++ b/Makefile.am
|
|
|
74ca47 |
@@ -235,7 +235,7 @@ CLEANFILES = dberrstrs.h ns-slapd.properties \
|
|
|
74ca47 |
ldap/admin/src/scripts/usn-tombstone-cleanup.pl ldap/admin/src/scripts/verify-db.pl \
|
|
|
74ca47 |
ldap/admin/src/scripts/ds_selinux_port_query ldap/admin/src/scripts/ds_selinux_enabled \
|
|
|
74ca47 |
ldap/admin/src/scripts/dbverify ldap/admin/src/scripts/readnsstate \
|
|
|
74ca47 |
- doxyfile.stamp \
|
|
|
74ca47 |
+ doxyfile.stamp ldap/admin/src/scripts/dbmon.sh \
|
|
|
74ca47 |
$(NULL)
|
|
|
74ca47 |
|
|
|
74ca47 |
clean-local:
|
|
|
74ca47 |
diff --git a/ldap/admin/src/scripts/dbmon.sh b/ldap/admin/src/scripts/dbmon.sh.in
|
|
|
74ca47 |
old mode 100755
|
|
|
74ca47 |
new mode 100644
|
|
|
74ca47 |
similarity index 81%
|
|
|
74ca47 |
rename from ldap/admin/src/scripts/dbmon.sh
|
|
|
74ca47 |
rename to ldap/admin/src/scripts/dbmon.sh.in
|
|
|
74ca47 |
index 3b8b4d1..4ee6adc
|
|
|
74ca47 |
--- a/ldap/admin/src/scripts/dbmon.sh
|
|
|
74ca47 |
+++ b/ldap/admin/src/scripts/dbmon.sh.in
|
|
|
74ca47 |
@@ -8,10 +8,11 @@
|
|
|
74ca47 |
# END COPYRIGHT BLOCK
|
|
|
74ca47 |
#
|
|
|
74ca47 |
|
|
|
74ca47 |
+. @datadir@/@package_name@/data/DSSharedLib
|
|
|
74ca47 |
+
|
|
|
74ca47 |
DURATION=${DURATION:-0}
|
|
|
74ca47 |
INCR=${INCR:-1}
|
|
|
74ca47 |
-HOST=${HOST:-localhost}
|
|
|
74ca47 |
-PORT=${PORT:-389}
|
|
|
74ca47 |
+SERVID=${SERVID}
|
|
|
74ca47 |
BINDDN=${BINDDN:-"cn=directory manager"}
|
|
|
74ca47 |
BINDPW=${BINDPW:-"secret"}
|
|
|
74ca47 |
DBLIST=${DBLIST:-all}
|
|
|
74ca47 |
@@ -180,10 +181,63 @@ parseldif() {
|
|
|
74ca47 |
}
|
|
|
74ca47 |
|
|
|
74ca47 |
dodbmon() {
|
|
|
74ca47 |
+ initfile=$(get_init_file "@initconfigdir@" $SERVID)
|
|
|
74ca47 |
+ if [ $? -eq 1 ]
|
|
|
74ca47 |
+ then
|
|
|
74ca47 |
+ echo "You must supply a valid server instance identifier (via SERVID)."
|
|
|
74ca47 |
+ echo "Available instances: $initfile"
|
|
|
74ca47 |
+ exit 1
|
|
|
74ca47 |
+ fi
|
|
|
74ca47 |
+
|
|
|
74ca47 |
+ . $initfile
|
|
|
74ca47 |
+
|
|
|
74ca47 |
+ process_dse $CONFIG_DIR $$
|
|
|
74ca47 |
+ file="/tmp/DSSharedLib.$$"
|
|
|
74ca47 |
+ port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' )
|
|
|
74ca47 |
+ host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' )
|
|
|
74ca47 |
+ security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' )
|
|
|
74ca47 |
+ certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
|
|
|
74ca47 |
+ rm $file
|
|
|
74ca47 |
+
|
|
|
74ca47 |
+ if [ -n "$ldapiURL" ]
|
|
|
74ca47 |
+ then
|
|
|
74ca47 |
+ ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
|
|
|
74ca47 |
+ ldapiURL="ldapi://"$ldapiURL
|
|
|
74ca47 |
+ fi
|
|
|
74ca47 |
+
|
|
|
74ca47 |
+ client_type=`ldapsearch -V 2>&1;;
|
|
|
74ca47 |
+ echo "$client_type" | grep -q "OpenLDAP"
|
|
|
74ca47 |
+ if [ $? -eq 0 ]
|
|
|
74ca47 |
+ then
|
|
|
74ca47 |
+ openldap="yes"
|
|
|
74ca47 |
+ export LDAPTLS_CACERTDIR=$certdir
|
|
|
74ca47 |
+ fi
|
|
|
74ca47 |
+
|
|
|
74ca47 |
+ if [ -z $security ]; then
|
|
|
74ca47 |
+ security="off"
|
|
|
74ca47 |
+ fi
|
|
|
74ca47 |
+
|
|
|
74ca47 |
while [ 1 ] ; do
|
|
|
74ca47 |
date
|
|
|
74ca47 |
- ldapsearch -xLLL -h $HOST -p $PORT -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
|
|
|
74ca47 |
- | parseldif
|
|
|
74ca47 |
+ if [ "$security" = "on" ]; then
|
|
|
74ca47 |
+ # STARTTLS
|
|
|
74ca47 |
+ if [ "$openldap" = "yes" ]; then
|
|
|
74ca47 |
+ ldapsearch -x -LLL -ZZ -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
|
|
|
74ca47 |
+ | parseldif
|
|
|
74ca47 |
+ else
|
|
|
74ca47 |
+ ldapsearch -ZZZ -P $certdir -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
|
|
|
74ca47 |
+ | parseldif
|
|
|
74ca47 |
+ fi
|
|
|
74ca47 |
+ else
|
|
|
74ca47 |
+ # LDAP
|
|
|
74ca47 |
+ if [ "$openldap" = "yes" ]; then
|
|
|
74ca47 |
+ ldapsearch -x -LLL -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
|
|
|
74ca47 |
+ | parseldif
|
|
|
74ca47 |
+ else
|
|
|
74ca47 |
+ ldapsearch -h $host -p $port -D "$BINDDN" -w "$BINDPW" -b "$ldbmdn" '(|(cn=config)(cn=database)(cn=monitor))' \
|
|
|
74ca47 |
+ | parseldif
|
|
|
74ca47 |
+ fi
|
|
|
74ca47 |
+ fi
|
|
|
74ca47 |
echo ""
|
|
|
74ca47 |
sleep $INCR
|
|
|
74ca47 |
done
|
|
|
74ca47 |
diff --git a/man/man8/dbmon.sh.8 b/man/man8/dbmon.sh.8
|
|
|
74ca47 |
index 49e61d0..ad318a1 100644
|
|
|
74ca47 |
--- a/man/man8/dbmon.sh.8
|
|
|
74ca47 |
+++ b/man/man8/dbmon.sh.8
|
|
|
74ca47 |
@@ -2,7 +2,7 @@
|
|
|
74ca47 |
.\" First parameter, NAME, should be all caps
|
|
|
74ca47 |
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
|
|
|
74ca47 |
.\" other parameters are allowed: see man(7), man(1)
|
|
|
74ca47 |
-.TH DBMON.SH 8 "Jul 25, 2014"
|
|
|
74ca47 |
+.TH DBMON.SH 8 "Mar 20, 2017"
|
|
|
74ca47 |
.\" Please adjust this date whenever revising the manpage.
|
|
|
74ca47 |
.\"
|
|
|
74ca47 |
.\" Some roff macros, for reference:
|
|
|
74ca47 |
@@ -18,7 +18,7 @@
|
|
|
74ca47 |
.SH NAME
|
|
|
74ca47 |
dbmon.sh - Directory Server script for monitoring database and entry cache usage
|
|
|
74ca47 |
.SH SYNOPSIS
|
|
|
74ca47 |
-[INCR=num] [HOST=hostname] [PORT=num] [BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh
|
|
|
74ca47 |
+[INCR=num] [SERVID=server_id][BINDDN=binddn] [BINDPW=password] [DBLIST=databases] [INDEXLIST=indexes] [VERBOSE=num] dbmon.sh
|
|
|
74ca47 |
.SH DESCRIPTION
|
|
|
74ca47 |
dbmon.sh is a tool used to monitor database and entry cache usage. It is especially useful for database cache and entry/dn cache tuning - how much space is left, is the cache full, how much space on average do I need per entry/dn.
|
|
|
74ca47 |
.SH OPTIONS
|
|
|
74ca47 |
@@ -31,9 +31,7 @@ All arguments are optional, but you will most likely have to provide BINDPW
|
|
|
74ca47 |
.TP
|
|
|
74ca47 |
.B \fBINCR\fR - show results every INCR seconds - default is 1 second
|
|
|
74ca47 |
.TP
|
|
|
74ca47 |
-.B \fBHOST\fR - name of host or IP address - default is "localhost"
|
|
|
74ca47 |
-.TP
|
|
|
74ca47 |
-.B \fBPORT\fR - port number (LDAP not LDAPS) - default is 389
|
|
|
74ca47 |
+.B \fBSERVID\fR - Name of the server instance
|
|
|
74ca47 |
.TP
|
|
|
74ca47 |
.B \fBBINDDN\fR - DN to use to bind - must have permission to read everything under cn=config - default is cn=Directory Manager
|
|
|
74ca47 |
.TP
|
|
|
74ca47 |
@@ -46,11 +44,11 @@ All arguments are optional, but you will most likely have to provide BINDPW
|
|
|
74ca47 |
.B \fBVERBOSE\fR - output level - 0 == suitable for parsing by a script - 1 == has column headings - 2 == provides detailed descriptions of the data - default is 0
|
|
|
74ca47 |
|
|
|
74ca47 |
.SH EXAMPLE
|
|
|
74ca47 |
-INCR=1 HOST=ldap.example.com BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh
|
|
|
74ca47 |
+INCR=1 SERVID=slapd-localhost BINDDN="cn=directory manager" BINDPW="secret" VERBOSE=2 dbmon.sh
|
|
|
74ca47 |
|
|
|
74ca47 |
.SH AUTHOR
|
|
|
74ca47 |
dbmon.sh was written by the 389 Project.
|
|
|
74ca47 |
.SH "REPORTING BUGS"
|
|
|
74ca47 |
-Report bugs to https://fedorahosted.org/389/newticket.
|
|
|
74ca47 |
+Report bugs to https://pagure.io/389-ds-base/new_issue
|
|
|
74ca47 |
.SH COPYRIGHT
|
|
|
74ca47 |
-Copyright \(co 2014 Red Hat, Inc.
|
|
|
74ca47 |
+Copyright \(co 2017 Red Hat, Inc.
|
|
|
74ca47 |
--
|
|
|
74ca47 |
2.9.3
|
|
|
74ca47 |
|