Comments (3)
levic
commented on June 23, 2024
1
A potential workaround that I've been using:
exec {'mask-before-openldap-install':
unless => "/usr/bin/test -e /etc/init.d/${openldap::server::service}",
command => "/usr/bin/systemctl mask ${openldap::server::service}",
creates => "/etc/systemd/system/${openldap::server::service}.service",
before => [
Package[$openldap::server::package],
Service[$openldap::server::service],
],
}
If the package isn't yet installed (as determined by the test) it will manually invoke systemd to mask the daemon before installing the package (systemd will install a symlink at /etc/systemd/system/slapd.service pointing to /dev/null).
After the package is installed the normal puppet Service resource will unmask it.
At least on Ubuntu this works but I doubt it has general applicability (although the puppet code linked above is specific to debian family systems anyway). This also may not work in future if/when the slapd daemon control script is moved from an initv script into a native systemd service (the test would have to be updated to point to the new file)
from puppet-openldap.
levic
commented on June 23, 2024
Digging into this a bit further:
- This appears to be the relevant puppet code: if a service is not managed by systemd (which is also the case for nonexistent services) then it falls back to checking with
invoke-rc.d. - The Ubuntu 22.04 source for
invoke-rc.dis here - The valid return codes for
invoke-rc.dare here
I can fix the immediate problem by changing the 6.1.0 script to:
$policy_rc_d = @(POLICY)
#!/bin/sh
if [ "$1" = "--quiet" ]; then
shift
fi
if [ "$1" = "slapd" ]; then
exit 101
fi
if ! [ -e "/etc/init.d/$1" ] ; then
exit 100
fi
exit 0
| POLICY
- This correctly strips
--quietso that$1is actually the daemon name - This checks whether the daemon actually exists or not and if it doesn't returns the 100 error code
This still doesn't fix the issue though that there may already be an existing policy-rc.d that the openldap module is clobbering (ideally debian would have provided a mechanism where the policy for each service is in a separate file, but it didn't)
from puppet-openldap.
smortex
commented on June 23, 2024
Thank you for your report. I like the idea of masking the unit! It seems to work well on all supported OS according to the acceptance test suite, you can check this in #387.
from puppet-openldap.
Related Issues (20)
- openldap::server::overlay does not allow tuples as options HOT 2
- [poll] What to do with the islast parameter of openldap_access?
- openldap::server::database initdb data type should support value false
- `$openldap::server::database::mirrormode` does not enable olcMirrorMode
- openldap::server::overlay incorrectly parses suffix HOT 5
- openldap::server::dbindex is missing documentation HOT 3
- Unable to configure openldap on FreeBSD 13.0-RELEASE HOT 5
- Wrong data type for `$openldap::server::database::limits`
- LDIF mangling is in schema provider does not handle LDIF line wrapping correctly HOT 1
- Data type enforcement for openldap_database security is not idempotent HOT 1
- dc=my-domain,dc=com entry in Database HOT 3
- Inconsistent parameters for `openldap::client`
- cn=accesslog database: Parameter suffix failed
- Parameter suffix failed, because of too restrictive patterns in openldap/lib/puppet/type/openldap_database.rb HOT 2
- No parameter named 'multiprovider' HOT 4
- no parameter named 'multiprovider' HOT 3
- Cannot ensure: absent on dbindex
- acls with identical access definitions are not implemented correctly
- Unable to configure hashing with the pw-pbkdf2 module
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-openldap.