#!/bin/sh 
# Gentoo Linux - LDAP replication check tool
# Copyright 
#   2007 Robin H. Johnson <robbat2@gentoo.org>
#
# Trivially checks the replication status of LDAP slaves.
#
# NOTES:
# - A single failure to contact a host, or an item not matching
#   should not be taken as an immediate failure. Rather, if the single diff is
#   identical on two consecutive passes, then we know something is wrong.
# - Future versions should keep state so they can deal with the above problem.
# - This check is NOT fast. It purposefully grabs the last-modified timestamps
#    of every accessible DN in LDAP. Size/timelimits can break this!
# - If you have a subtree that needs authenticated access, this will not check
#   it. Allow global reads of entryCSN if you want it.
# - The existent of the /root/.ldaprc is important.

export LDAPCONF=/root/.ldaprc
export LDAPRC=.ldaprc
#export LDAPTLS_CERT=/etc/openldap/ssl/cert.pem
#export LDAPTLS_KEY=/etc/openldap/ssl/req.pem
export HOME=/root

cd $HOME

LDAP_MASTER="ldap1.gentoo.org" # Dunlin
LDAP_SLAVES="${LDAP_SLAVES} ldap2.gentoo.org" # Duck
LDAP_SLAVES="${LDAP_SLAVES} ldap3.gentoo.org" # Corvid
LDAP_SLAVES="${LDAP_SLAVES} ldap4.gentoo.org" # Puffin
TIMESTAMP="$(date -u +%s)"
RM=rm
#RM='/bin/true rm'

TMPDIR="/root/.../tmp/"
mkdir -p $TMPDIR
PREFIX_MASTER="${TMPDIR}/ldaprepl.${TIMESTAMP}.master-"
PREFIX_SLAVE="${TMPDIR}/ldaprepl.${TIMESTAMP}.slave-"
umask 0077

getEntryCSN() {
    host="$1"
    ldapsearch -s children -h ${host} -Z entryCSN -LLL -l none
    return $?
}

getEntryCSN ${LDAP_MASTER} >${PREFIX_MASTER}${LDAP_MASTER}
ret_master=$?
if [ $ret_master -ne 0 ]; then
    echo "$0: Failed to get master EntryCSN data for ${LDAP_MASTER}" 1>&2
    ${RM} -f ${PREFIX_MASTER}* ${PREFIX_SLAVE}*
    exit 1
fi

for slave in ${LDAP_SLAVES}; do
    getEntryCSN ${slave} >${PREFIX_SLAVE}${slave}
    ret_slave=$?
    if [ $ret_slave -ne 0 ]; then
        echo "$0: Failed to get slave EntryCSN data for ${slave}" 1>&2
        ${RM} -f ${PREFIX_MASTER}* ${PREFIX_SLAVE}*
        exit 1
    fi
done

finalrc=0
for slave in ${LDAP_SLAVES}; do
    diff -Nuar  ${PREFIX_MASTER}${LDAP_MASTER} ${PREFIX_SLAVE}${slave} 1>&2
    rc=$?
    [ $rc -ne 0 ] && finalrc=$rc
done
if [ $finalrc -ne 0 ]; then
    echo "$0: Replication check failed! rc=$finalrc" 1>&2
    ${RM} -f ${PREFIX_MASTER}* ${PREFIX_SLAVE}*
    exit 1
fi

${RM} -f ${PREFIX_MASTER}* ${PREFIX_SLAVE}*
exit 0

# vim: ft=sh et ai sw=4 ts=4: