Project

General

Profile

Actions

Bug #2785

closed

If password in slapd.conf and rudder-web.properties don't match, upgrade script fails

Added by François ARMAND over 12 years ago. Updated almost 10 years ago.

Status:
Released
Priority:
2
Assignee:
Nicolas PERRON
Category:
Packaging
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

We use the LDAP password from rudder-web.properties to contact the LDAP server in the /opt/rudder/bin/rudder-upgrade script.

If that password is not ok for whatever reason, the upgrade scrip will fail, and the depending upgrade to.

I don't know what to thing exactly about that one: the passwords should be the same, but I would prefer to be sure to have a working upgrade (looking for the password in slad.conf).
On the other hand, perhaps slapd.conf won't be here - but is it really a case what we handle today ?


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #2821: Rudder upgrade broken in case of hashed LDAP password in slapd.confReleasedNicolas PERRON2012-08-17Actions
Actions #1

Updated by Nicolas PERRON over 12 years ago

  • Status changed from 8 to Pending technical review
  • % Done changed from 0 to 100

Applied in changeset commit:5a1b416aabd998b4551146847a04db600eef67c9.

Actions #2

Updated by Matthieu CERDA over 12 years ago

  • Description updated (diff)

Looks good to me !

Actions #3

Updated by Michael Gliwinski over 12 years ago

Do you know what sets the password in slapd.conf?

The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g. {SSHA}....). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).

Actions #4

Updated by Nicolas PERRON over 12 years ago

Michael Gliwinski wrote:

Do you know what sets the password in slapd.conf?

The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g. {SSHA}....). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).

This is CFengine which have a reference file : /opt/rudder/etc/rudder-passwords.conf . You only have to set your passwords here.

Actions #5

Updated by Michael Gliwinski over 12 years ago

Nicolas PERRON wrote:

Michael Gliwinski wrote:

Do you know what sets the password in slapd.conf?

The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g. {SSHA}....). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).

This is CFengine which have a reference file : /opt/rudder/etc/rudder-passwords.conf . You only have to set your passwords here.

OK, I seem to be hitting some dependency issues in debian packages. The file /opt/rudder/etc/rudder-passwords.conf doesn't exist (there is one with .dpkg-new suffix though) because configuration of rudder-server-root fails because rudder-webapp is not configured, but rudder-webapp postinst (configuration) fails because the cfe policy (distributePolicy/1.0/passwordCheck.cf) couldn't read rudder-passwords.conf and left the $(p.psql_password[2]) variable unexpanded in /root/.pgpass and /opt/rudder/etc/openldap/slapd.conf. This could be a separate bug though, should I open a new one?

Actions #6

Updated by Nicolas PERRON over 12 years ago

Michael Gliwinski wrote:

Nicolas PERRON wrote:

Michael Gliwinski wrote:

Do you know what sets the password in slapd.conf?

The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g. {SSHA}....). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).

This is CFengine which have a reference file : /opt/rudder/etc/rudder-passwords.conf . You only have to set your passwords here.

OK, I seem to be hitting some dependency issues in debian packages. The file /opt/rudder/etc/rudder-passwords.conf doesn't exist (there is one with .dpkg-new suffix though) because configuration of rudder-server-root fails because rudder-webapp is not configured, but rudder-webapp postinst (configuration) fails because the cfe policy (distributePolicy/1.0/passwordCheck.cf) couldn't read rudder-passwords.conf and left the $(p.psql_password[2]) variable unexpanded in /root/.pgpass and /opt/rudder/etc/openldap/slapd.conf. This could be a separate bug though, should I open a new one?

The problem you describe seem to be related to the #2785 but I'm not sure. Could you open a new ticket for it, please ? I will try to reproduce it.

Thank you and sorry for the late answer !

Actions #7

Updated by Jonathan CLARKE over 12 years ago

  • Status changed from Pending technical review to Released

This fix looks OK, although #2821 has changed it since.

Michael, did you open a bug about the issue you were encountering? Please shout if not!

Actions #8

Updated by Michael Gliwinski about 12 years ago

Jonathan CLARKE wrote:

Michael, did you open a bug about the issue you were encountering? Please shout if not!

No, I didn't, but I also couldn't reproduce it, I think the change to use passwords from rudder-passwords.conf fixed it. Thanks!

Actions #9

Updated by Jonathan CLARKE about 12 years ago

Michael Gliwinski wrote:

Jonathan CLARKE wrote:

Michael, did you open a bug about the issue you were encountering? Please shout if not!

No, I didn't, but I also couldn't reproduce it, I think the change to use passwords from rudder-passwords.conf fixed it. Thanks!

Cool, that's perfect. Thanks for confirming!

Actions #10

Updated by Nicolas PERRON almost 12 years ago

  • Project changed from Rudder to 34
  • Category deleted (11)
Actions #11

Updated by Benoît PECCATTE almost 10 years ago

  • Project changed from 34 to Rudder
  • Category set to Packaging
Actions

Also available in: Atom PDF