diff options
author | Simon Rettberg | 2014-11-18 18:40:49 +0100 |
---|---|---|
committer | Simon Rettberg | 2014-11-18 18:40:49 +0100 |
commit | ecb072b02e1a70555db0fdf4ed47375d3080a074 (patch) | |
tree | 75db05621458eee14a96ff2d825a30072eb06e40 /scripts | |
parent | Added class ProxyHandler for for configuring proxy settings system wide once ... (diff) | |
download | tmlite-bwlp-ecb072b02e1a70555db0fdf4ed47375d3080a074.tar.gz tmlite-bwlp-ecb072b02e1a70555db0fdf4ed47375d3080a074.tar.xz tmlite-bwlp-ecb072b02e1a70555db0fdf4ed47375d3080a074.zip |
Many improvements and additions:
- Added task+script for lighttpd https config
- Added task for reloading proxy config
- ldapsearch now supports searching for specific user
- DownloadFile now supports checking file integrity through optional gpg signature
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/install-https | 68 | ||||
-rwxr-xr-x | scripts/system-backup | 5 | ||||
-rwxr-xr-x | scripts/system-restore | 62 |
3 files changed, 133 insertions, 2 deletions
diff --git a/scripts/install-https b/scripts/install-https new file mode 100755 index 0000000..84a6184 --- /dev/null +++ b/scripts/install-https @@ -0,0 +1,68 @@ +#!/bin/bash + +CERT="/etc/lighttpd/server.pem" + +op_disable () +{ + [ -e "$CERT" ] || exit 0 + rm -f -- "$CERT" || exit 1 +} + +op_test () +{ + [ $# -eq 2 ] || exit 1 + local K=$1 + local C=$2 + [ -r "$K" ] || exit 2 + [ -r "$C" ] || exit 3 + # Encrypt something, then decrypt again and compare + local TEST_IN=$(mktemp --tmpdir bwlp-XXXXXXXX) + local TEST_OUT=$(mktemp --tmpdir bwlp-XXXXXXXX) + local TEST_DIFF=$(mktemp --tmpdir bwlp-XXXXXXXX) + [ -z "$TEST_IN" ] && exit 4 + [ -z "$TEST_OUT" ] && exit 5 + [ -z "$TEST_DIFF" ] && exit 6 + date > "$TEST_IN" + openssl smime -encrypt -binary -aes-256-cbc -in "$TEST_IN" -out "$TEST_OUT" -outform DER "$C" || exit 7 + openssl smime -decrypt -binary -in "$TEST_OUT" -inform DER -out "$TEST_DIFF" -inkey "$K" || exit 8 + diff -q "$TEST_IN" "$TEST_DIFF" || exit 9 + exit 0 # No restart either way +} + +op_import () +{ + [ $# -eq 2 ] || exit 1 + local K=$1 + local C=$2 + [ -r "$K" ] || exit 2 + [ -r "$C" ] || exit 3 + # Create server.pem + cat "$C" "$K" > "$CERT" + chmod 0600 "$CERT" || exit 4 + rm -f -- "$C" "$K" +} + +op_random () +{ + [ -z "$1" ] && exit 1 + openssl req -x509 -new -newkey rsa:4096 -keyout "$CERT" -out "$CERT" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2 +} + +OP=$1 +shift + +case "$OP" in + --random) op_random "$@" ;; + --test) op_test "$@" ;; + --import) op_import "$@" ;; + --disable) op_disable ;; + *) + echo "Invalid operation: $1" + exit 1 + ;; +esac + +service lighttpd restart + +exit 0 + diff --git a/scripts/system-backup b/scripts/system-backup index 666180b..8042b08 100755 --- a/scripts/system-backup +++ b/scripts/system-backup @@ -15,7 +15,7 @@ fi mkdir -p "$DIR" cd "$DIR" || exit 1 -mysqldump --add-locks --defaults-extra-file=/etc/mysql/debian.cnf --default-character-set=utf8 --databases openslx bwLehrpool > db.sql +mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --add-locks --add-drop-database --default-character-set=utf8 --databases openslx bwLehrpool > db.sql RET=$? if [ $RET -ne 0 ]; then echo "Database dump failed with exit code $RET" @@ -25,6 +25,7 @@ fi FILELIST=" /opt/openslx/configs /opt/syncdaemon/config/identity.properties + /etc/lighttpd/server.pem " tar --ignore-failed-read -k -c -p -z -f files.tgz $FILELIST # no quotes here! @@ -46,7 +47,7 @@ fi chown www-data backup.tgz chmod 0600 backup.tgz -FILE="/tmp/bwlp-backup-$(date +%s).tgz" +FILE="/tmp/bwlp-backup-$(date +%s)-${RANDOM}.tgz" if ! mv backup.tgz "$FILE"; then echo "moving backup to $FILE failed." exit 1 diff --git a/scripts/system-restore b/scripts/system-restore new file mode 100755 index 0000000..a95a185 --- /dev/null +++ b/scripts/system-restore @@ -0,0 +1,62 @@ +#!/bin/bash + +BACKUP="$1" +if [ -z "$BACKUP" ] || [ ! -f "$BACKUP" ]; then + echo "Backup file not found: $BACKUP" + exit 1 +fi + +if [ "$(whoami)" != "root" ]; then + echo "Must be running as root!" + exit 1 +fi + +DIR="/root/restore/$(date +%s)" + +if [ -d "$DIR" ]; then + echo "Restore already running!?" + exit 1 +fi + +mkdir -p "$DIR" +if ! cd "$DIR"; then + echo "Could not cd to $DIR" + exit 1 +fi + +if ! tar --ignore-failed-read -x -f "$BACKUP"; then + echo "Could not extract $BACKUP - make sure it's a valid .tar.gz / .tgz" + exit 1 +fi + +if [ ! -f db.sql ]; then + echo "Error: database dump not found in backup - are you sure this is a valid backup?" + exit 1 +fi + +if [ ! -f files.tgz ]; then + echo "Error: files.tgz not found in backup - are your sure this is a valid backup?" + exit 1 +fi + +mysql --defaults-extra-file=/etc/mysql/debian.cnf --default-character-set=utf8 < db.sql +RET=$? +if [ $RET -ne 0 ]; then + echo "Error: Restoring database contents failed with exit code $RET" + exit 1 +fi +echo "UPDATE openslx.property SET value = 'invalid' WHERE name = 'server-ip' LIMIT 1" | mysql --defaults-extra-file=/etc/mysql/debian.cnf --default-character-set=utf8 + +tar --ignore-failed-read -x -f files.tgz -C / +RET=$? +if [ $RET -ne 0 ]; then + echo "WARNING: Restoring filesystem contents failed with exit code $RET - backup might be incomplete!" +fi + +rm -rf -- "$DIR" +rm -f -- "$BACKUP" + +echo "Success." + +exit 0 + |