diff --git a/controllerconfig/controllerconfig/upgrade-scripts/11-ldap-users-backup.sh b/controllerconfig/controllerconfig/upgrade-scripts/11-ldap-users-backup.sh new file mode 100644 index 0000000000..1d1ece316c --- /dev/null +++ b/controllerconfig/controllerconfig/upgrade-scripts/11-ldap-users-backup.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# +# Copyright (c) 2023 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# This start script is used to back up ldap data from 21.12 +# so that it can be used later for importing after a platform upgrade. + +# The scripts are passed these parameters: +NAME=$(basename $0) +FROM_RELEASE=$1 +TO_RELEASE=$2 +ACTION=$3 + +# This will log to /var/log/platform.log +function log { + logger -p local1.info $1 +} + +# Logs using the 'log' function and exits with error +function exit_with_error { + log "$NAME: $1 (RETURNED: $?)" + exit 1 +} + +# Script start +log "$NAME: Saving backup of openldap schema files from release $FROM_RELEASE to $TO_RELEASE with action $ACTION" + +if [[ "${ACTION}" == "start" ]] && [[ "${FROM_RELEASE}" == "21.12" ]] && [[ "${TO_RELEASE}" == "22.12" ]]; then + + BACKUP_DIR="/opt/platform/config/$FROM_RELEASE/ldap" + + rm -rf $BACKUP_DIR \ + || exit_with_error "ERROR - Failed to remove directory $BACKUP_DIR" + + mkdir $BACKUP_DIR \ + || exit_with_error "ERROR - Failed to create directory $BACKUP_DIR" + + log "$NAME: Successfully created directory $BACKUP_DIR" + + /usr/sbin/slapcat -F /etc/openldap/schema -l $BACKUP_DIR/ldap.db \ + || exit_with_error "ERROR - Failed to export ldap data to $BACKUP_DIR/ldap.db" + + log "$NAME: Successfully exported $BACKUP_DIR/ldap.db" + + chmod -R go= $BACKUP_DIR \ + || exit_with_error "ERROR - Failed to set permissions to $BACKUP_DIR/ldap.db" + + log "$NAME: Successfully set permissions for $BACKUP_DIR/ldap.db" + + log "$NAME: Script finished successfully." +else + log "$NAME: No actions required for from release $FROM_RELEASE to $TO_RELEASE with action $ACTION" +fi + +exit 0 + diff --git a/controllerconfig/controllerconfig/upgrade-scripts/67-update-openldap-users.sh b/controllerconfig/controllerconfig/upgrade-scripts/67-update-openldap-users.sh index 1d48a41573..9168da5f65 100644 --- a/controllerconfig/controllerconfig/upgrade-scripts/67-update-openldap-users.sh +++ b/controllerconfig/controllerconfig/upgrade-scripts/67-update-openldap-users.sh @@ -1,12 +1,13 @@ #!/bin/bash # -# Copyright (c) 2022 Wind River Systems, Inc. +# Copyright (c) 2022-2023 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # # # This migration script is used for update openldap users during the # activate stage of a platform upgrade. It will: +# - import data from a previous backup # - change admin user's primary group from 'root' to 'users' # The migration scripts are passed these parameters: @@ -33,11 +34,17 @@ if [[ "${ACTION}" == "activate" ]] && [[ "${TO_RELEASE}" == "22.12" ]]; then exit 0 fi + if [[ "${FROM_RELEASE}" == "21.12" ]]; then + BACKUP_DIR="/opt/platform/config/$FROM_RELEASE/ldap" + /usr/sbin/slapadd -F /etc/ldap/schema -l $BACKUP_DIR/ldap.db + log "$NAME: Successfully imported ldap data from $BACKUP_DIR/ldap.db" + fi + /usr/sbin/ldapsetprimarygroup admin users RC=$? if [ ${RC} -eq 0 ]; then - log "$NAME: Successfully updated openldap users." + log "$NAME: Successfully updated openldap users. Script finished successfully." else log "$NAME: ERROR - failed to update openldap users. (RETURNED: $RC)" exit 1