!! Script for Edirectory Backup
Based on our [Edirectory Backup Strategy], we use a scrip to perform the backups.
The script will perform a FULL backup from both [DSBK] and [LDIF] on the value of variable "FULLBACKUPDOW".
Every other day, an Incremental is performed.
The LDIF [Incremental Backup] is done based on any entry defined by the variable "LDAPPEOPLEBASE" that was modified in the last day.
The DSBK is a [Incremental Backup] as defined by Novell.
The script is expected to run on a server with [eDirectory] is installed.
The script can backup passwords to an LDIF by using [Dump Password Information Tool-Command Line Options] and setting the variable "PASSBKUP=TRUE".
%%error
[Use Entirely at Your Own Risk|Standard Disclaimer]
[CISUS.COM] nor anyone else is responsible if you use a tool or any information on this site and causes damages to anyone or anything! [You are required to read Our Standard Disclaimer|Standard Disclaimer]
%%
!! Usage
Of course you must modify this to meet your specific needs.
{{{
#!/bin/bash
#
# SCRIPT: willeke-idv-edir-backup.sh
# AUTHOR: jim@willeke.com
# DATE: 01/03/11 15:04:32
T_VER=3.1B # Script Version Number
#
# PLATFORM: SPECIFY: Linux
#
# REQUIREMENTS:
# - You must create the directories used in the script:
# - You must be certain of the proper settings for the variables in the script.
# - Assumes that eDirectory is installed on the server it runs.
#
# PURPOSE:
# Performs a dsbk and an LDIF backup on the server which the script runs.
# Does FULL and incremental
#
# REV LIST:
# DATE: 03/06/11 08:12:02
# BY: jim@Willeke.com
# MODIFICATION: Describe what was modified, new features, etc--
#
# DATE: 2011-08-16-07:02:10
# BY: jim@Willeke.com
# MODIFICATION:
# Changed the backup directory to point to the san
# From BACKUPDIR=/var/backups/edir
# to: BACKUPDIR=/export/backups/idm/edir
# Changed the backup directory to point to the san
# From LOGDIR=/var/log/iam/edir
# to: LOGDIR=/export/backups/idm/log
# Commented out the Compression commands
# Extracted variable DAYSTOKEEP so we could change the number of days to keep files.
# Fixed minor bug where /var/backups/edir was hardcoded to use BACKUPDIR.
# Changed T_VER=2.3B
# DATE: 2011-08-28-07:36:52
# BY: jim@Willeke.com
# MODIFICATION:
# Added abiity to backup passwords based on PASSBKUP
#
# set -n # Uncomment to check script syntax, without execution.
# # NOTE: Do not forget to put the # comment back in or
# # the shell script will never execute!
# set -x # Uncomment to debug this shell script
#
##########################################################
# DEFINE FILES AND VARIABLES HERE
##########################################################
# These first values will need to be set or verified for each host.
# path to eDIrectory bin directory defult is /opt/novell/eDirectory/bin
BINDIR=/opt/novell/eDirectory/bin
# Full path the the nds.conf config path
# Default for single instances: CONFIGFILE=/etc/opt/novell/eDirectory/conf/nds.conf
CONFIGFILE=/etc/opt/novell/eDirectory/conf/nds.conf
# Username to access the application server
USERNAME=admin.services.willeke.com
# LDAP Format Backup User
LDAPBACKUPUSER="cn=admin,ou=services,dc=willeke,dc=com"
# Username to access the application server e.g. password
PASSWORD=itisasecret
# Put the backups under here
BACKUPDIR=/var/opt/novell/eDirectory/backups
# Put the logs files here
LOGDIR=/var/opt/novell/eDirectory/backups
# How long to allow for DSBK to run in seconds
BACKUPPAUSE=100
# LDAP Format of People Container
LDAPPEOPLEBASE="ou=people,dc=willeke,dc=com"
# Day of week that is full backups
FULLBACKUPDOW=Sunday
# Maintain DAYSTOKEEP FILES
DAYSTOKEEP=14
# Perform password backup
PASSBKUP=TRUE
# JAVA_HOME
JAVA_HOME=/opt/novell/eDirectory/lib/nds-modules/jre1.6.0_20
# Path to dumpup/DumpPasswordInformation.jar
DUMPUPPATH=/root/Documents/usr/local/share/willeke/dumpup
##########################################################
# The following should not normally need to be changed
##########################################################
THIS_SCRIPT=$(basename $0)
SINGLEBAR="......................................................................"
DOUBLEBAR="======================================================================"
APPNAME=EDIRBACKUP
TREENAME=UNKNOWN
# Host name (or IP address) of application server e.g localhost
APPHOST=localhost
# Log File Name
LOGFILE=$LOGDIR/$APPNAME.log
# Set path so we know we always get the right executables
PATH=/usr/local/bin:/usr/bin:/bin
# Our Standard Date format for files
DATE=`date +%Y-%m-%d` # Datestamp e.g 2002-09-21
# Get DOW
DOW=`date +%A` # Day of the week e.g. Monday
# Get DOM
DOM=`date +%d` # Date of the Month e.g. 27
# Get Month Name
M=`date +%B` # Month e.g January
# GET WEEK NUMBER
W=`date +%V` # Week Number e.g 37
# Create a LDAP formated date for yesterday
LDAPDATELESSONE="$(date -d 'yesterday' +%Y%m%d)010000Z"
##########################################################
# DEFINE FUNCTIONS HERE
##########################################################
f_set_hostname()
if [ "$APPHOST" = "localhost" ]; then
APPHOST=`hostname`
fi
##########################################################
# Subroutine to gMake sure we have edirectory bin in path
##########################################################
f_add_edir_path()
if [ -f "$BINDIR/ndspath" ]
then
. $BINDIR/ndspath
else
f_write_and_log "WARNING: Could not find . $BINDIR/ndspath"
fi
##########################################################
# Subroutine to get tree name from CONFIGFILE
##########################################################
f_get_treename_from_conf()
{
TREENAME=`cat $CONFIGFILE | grep "n4u.base.tree-name="|cut -d= -f2`;
}
######################################################################
# Subroutine to Log to LOGFILE does not show to console
######################################################################
f_write_log ()
{
if [ -n "$LOGFILE" -a -n "$*" ]
then
printf "$*\n" >> $LOGFILE
fi
}
######################################################################
# Sends output to console and to $LOGFILE
######################################################################
f_write_and_log ()
{
if [ -n "$*" ]
then
f_write_log "$*"
printf "$*\n"
fi
}
######################################################################
# Subroutine to echo & run command
# Sends output to console and to $LOGFILE
######################################################################
f_cmd ()
# arg_1 = Command to run
{
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'` $*"
cmdOutput=`eval $*`; f_write_and_log "$cmdOutput"
}
######################################################################
# Subroutine to remove files older than X days
# Sends outpuit to console and to $LOGFILE
######################################################################
f_remove_old_files ()
{
FILEEXTENSION=$2
DELETEFILEPATH=$1
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Deleting '$DELETEFILEPATH/$FILEEXTENSION' files older than $DAYSTOKEEP days ..."
find $DELETEFILEPATH/ -name '$FILEEXTENSION' -mtime +$DAYSTOKEEP >> /tmp/$THIS_SCRIPT.tmp
cat /tmp/$THIS_SCRIPT.tmp | while read delfil
do
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Deleting file ${delfil}"
f_cmd rm ${delfil}
done
[[ -s /tmp/$THIS_SCRIPT.tmp ]] && { rm /tmp/$THIS_SCRIPT.tmp ;}
}
######################################################################
# Subroutine be certain the required directories and files exist
######################################################################
f_checkfilelocations ()
{
if [ ! -d "$BINDIR" ]
then
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $BINDIR does not exist can not continue"
exit 1
fi
if [ ! -d "$BACKUPDIR" ]
then
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $BACKUPDIR does not exist can not continue"
exit 1
fi
if [ ! -d "$LOGDIR" ]
then
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $LOGDIR does not exist can not continue"
exit 1
fi
if [ ! -f "$CONFIGFILE" ]
then
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $CONFIGFILE does not exist can not continue"
exit 1
fi
if [ ! -f "/etc/dsbk.conf" ]
then
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: /etc/dsbk.conf does not exist can not continue"
exit 1
fi
if [ $PASSBKUP='TRUE' ]
then
if [ ! -d "$JAVA_HOME" ]
then
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $JAVA_HOME does not exist can not continue"
exit 1
fi
if [ ! -d "$DUMPUPPATH" ]
then
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $DUMPUPPATH does not exist can not continue"
exit 1
fi
fi
tcommand=`cat /etc/dsbk.conf`
if [ ! -f "$tcommand" ]
then
`touch $tcommand`
fi
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Found required config files and Directories"
}
######################################################################
# Subroutine watch file to see if it changes
######################################################################
f_wait_for_no_mods_on_file ()
{
MYCHECKFILE=$1
# Check to see if backup is complete
sleep 10
i=`ls -l $MYCHECKFILE | cut -d' ' -f6`
sleep 10
i2=`ls -l $MYCHECKFILE | cut -d' ' -f6`
while [ $i -ne $i2 ]
do
sleep 60
i=`ls -l $MYCHECKFILE | cut -d' ' -f6`
sleep 60
i2=`ls -l $MYCHECKFILE | cut -d' ' -f6`
done
}
######################################################################
# Subroutine to dump passwords
######################################################################
f_dump_passwords ()
{
if [ $PASSBKUP='TRUE' ]
then
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Captureing Passwords "
WHEREIAM=`pwd`
$JAVA_HOME/bin/java -jar $DUMPUPPATH/DumpPasswordInformation.jar -dvAL -h 192.168.1.7 -z 30000 -Z tls -D $LDAPBACKUPUSER -w $PASSWORD -b $LDAPPEOPLEBASE >/dev/null
# Put the password ldif file in the correct place.
mv $WHEREIAM/dumppasswordinformation.ldif $BACKUPDIR/dumppasswordinformation.ldif
# add the output to the current log file
cat $WHEREIAM/warn.log >> $LOGFILE
# remove all the log files for passwords
rm $WHEREIAM/debug.log
rm $WHEREIAM/warn.log
rm $WHEREIAM/error.log
rm $WHEREIAM/output.log
else
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Captureing Passwords not enabled!"
fi
}
##########################################################
# BEGINNING OF MAIN
##########################################################
f_set_hostname
f_add_edir_path
f_get_treename_from_conf
if [ $DOW = "$FULLBACKUPDOW" ]; then
BACKUPTYPE=FULL
else
BACKUPTYPE=INC
fi
LOGFILE=$LOGDIR/$APPNAME-$BACKUPTYPE.log
f_checkfilelocations
f_write_and_log "$DOUBLEBAR"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: STARTED: $0 By User: $USER started $APPNAME on $APPHOST"
f_write_and_log "Backup of $APPNAME Server - $APPHOST to $BACKUPDIR See log at:$LOGFILE "
# Remove the previous temporary files.
rm /tmp/$APPNAME*
# Weekly Backup
if [ $BACKUPTYPE = "FULL" ]; then
f_remove_old_files "$BACKUPDIR" "*.gz"
f_remove_old_files "$LOGDIR" "*.log"
f_remove_old_files "$BACKUPDIR" "*.dsbk"
f_remove_old_files "$BACKUPDIR" "*.ldif"
f_write_and_log "$BACKUPTYPE Backup of $APPNAME on $APPHOST"
t_thisfile1=$DATE-$DOW-$TREENAME-$APPNAME-$APPHOST-$BACKUPTYPE
# CMD="backup -b -e $PASSWORD -f $BACKUPDIR/$t_thisfile1.dsbk -l /tmp/$APPNAME-$BACKUPTYPE.log -t -w"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: DSBK Backup initiated "
# f_write_log "Command used: $CMD"
$BINDIR/dsbk backup -b -e $PASSWORD -f $BACKUPDIR/$t_thisfile1.dsbk -l /tmp/$APPNAME-$BACKUPTYPE.log -t -w
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Waiting $BACKUPPAUSE seconds for DSBK backup to finish"
sleep $BACKUPPAUSE
cat /tmp/$APPNAME-$BACKUPTYPE.log >> $LOGFILE
f_write_and_log "$SINGLEBAR"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: LDIF Backup initiated "
$BINDIR/ice -o -l /tmp/$APPNAME-$BACKUPTYPE-LDIF.log -S LDAP -s $APPHOST -p 389 -d $LDAPBACKUPUSER -w $PASSWORD -b "" -F "(objectclass=*)" -c sub -D LDIF -f $BACKUPDIR/$t_thisfile1.ldif
cat /tmp/$APPNAME-$BACKUPTYPE-LDIF.log >> $LOGFILE
f_write_and_log "$SINGLEBAR"
else
# Daily Backup
f_write_and_log "$BACKUPTYPE Backup of $APPNAME on $APPHOST"
t_thisfile1=$DATE-$DOW-$TREENAME-$APPNAME-$APPHOST-$BACKUPTYPE
# CMD="backup -i -e $PASSWORD -f $BACKUPDIR/$t_thisfile1.dsbk -l /tmp/$APPNAME-$BACKUPTYPE.log -t -w"
# f_write "Command used: $CMD"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: DSBK Backup initiated "
$BINDIR/dsbk backup -i -e $PASSWORD -f $BACKUPDIR/$t_thisfile1.dsbk -l /tmp/$APPNAME-$BACKUPTYPE.log -t -w
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Waiting $BACKUPPAUSE seconds for backup to finish"
sleep $BACKUPPAUSE
cat /tmp/$APPNAME-$BACKUPTYPE.log >> $LOGFILE
f_write_and_log "$SINGLEBAR"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: LDIF Backup initiated See log at:$LOGDIR/$APPNAME-$BACKUPTYPE.log "
$BINDIR/ice -o -l /tmp/$APPNAME-$BACKUPTYPE-LDIF.log -S LDAP -s $APPHOST -p 389 -d $LDAPBACKUPUSER -w $PASSWORD -b $LDAPPEOPLEBASE -F "(&(objectclass=inetorgperson)(modifytimestamp>=$LDAPDATELESSONE))" -c sub -D LDIF -f $BACKUPDIR/$t_thisfile1.ldif
cat /tmp/$APPNAME-$BACKUPTYPE-LDIF.log >> $LOGFILE
f_write_and_log "$SINGLEBAR"
fi
f_dump_passwords
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`:Compressing Files: "
f_cmd tar cvzf $BACKUPDIR/$t_thisfile1.tar.gz $BACKUPDIR/$t_thisfile1.*
f_cmd rm $BACKUPDIR/$t_thisfile1.dsbk*
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: FINISHED: $0 on $APPHOST Check log file: $LOGFILE "
f_write_and_log "$DOUBLEBAR"
}}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]