Bug #2785
closed
If password in slapd.conf and rudder-web.properties don't match, upgrade script fails
Added by François ARMAND over 12 years ago.
Updated over 9 years ago.
Description
We use the LDAP password from rudder-web.properties to contact the LDAP server in the /opt/rudder/bin/rudder-upgrade script.
If that password is not ok for whatever reason, the upgrade scrip will fail, and the depending upgrade to.
I don't know what to thing exactly about that one: the passwords should be the same, but I would prefer to be sure to have a working upgrade (looking for the password in slad.conf).
On the other hand, perhaps slapd.conf won't be here - but is it really a case what we handle today ?
- Status changed from 8 to Pending technical review
- % Done changed from 0 to 100
Applied in changeset commit:5a1b416aabd998b4551146847a04db600eef67c9.
- Description updated (diff)
Do you know what sets the password in slapd.conf?
The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g. {SSHA}....). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).
Michael Gliwinski wrote:
Do you know what sets the password in slapd.conf?
The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g. {SSHA}....). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).
This is CFengine which have a reference file : /opt/rudder/etc/rudder-passwords.conf . You only have to set your passwords here.
Nicolas PERRON wrote:
Michael Gliwinski wrote:
Do you know what sets the password in slapd.conf?
The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g. {SSHA}....). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).
This is CFengine which have a reference file : /opt/rudder/etc/rudder-passwords.conf . You only have to set your passwords here.
OK, I seem to be hitting some dependency issues in debian packages. The file /opt/rudder/etc/rudder-passwords.conf doesn't exist (there is one with .dpkg-new suffix though) because configuration of rudder-server-root fails because rudder-webapp is not configured, but rudder-webapp postinst (configuration) fails because the cfe policy (distributePolicy/1.0/passwordCheck.cf) couldn't read rudder-passwords.conf and left the $(p.psql_password[2]) variable unexpanded in /root/.pgpass and /opt/rudder/etc/openldap/slapd.conf. This could be a separate bug though, should I open a new one?
Michael Gliwinski wrote:
Nicolas PERRON wrote:
Michael Gliwinski wrote:
Do you know what sets the password in slapd.conf?
The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g. {SSHA}....). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).
This is CFengine which have a reference file : /opt/rudder/etc/rudder-passwords.conf . You only have to set your passwords here.
OK, I seem to be hitting some dependency issues in debian packages. The file /opt/rudder/etc/rudder-passwords.conf doesn't exist (there is one with .dpkg-new suffix though) because configuration of rudder-server-root fails because rudder-webapp is not configured, but rudder-webapp postinst (configuration) fails because the cfe policy (distributePolicy/1.0/passwordCheck.cf) couldn't read rudder-passwords.conf and left the $(p.psql_password[2]) variable unexpanded in /root/.pgpass and /opt/rudder/etc/openldap/slapd.conf. This could be a separate bug though, should I open a new one?
The problem you describe seem to be related to the #2785 but I'm not sure. Could you open a new ticket for it, please ? I will try to reproduce it.
Thank you and sorry for the late answer !
- Status changed from Pending technical review to Released
This fix looks OK, although #2821 has changed it since.
Michael, did you open a bug about the issue you were encountering? Please shout if not!
Jonathan CLARKE wrote:
Michael, did you open a bug about the issue you were encountering? Please shout if not!
No, I didn't, but I also couldn't reproduce it, I think the change to use passwords from rudder-passwords.conf fixed it. Thanks!
Michael Gliwinski wrote:
Jonathan CLARKE wrote:
Michael, did you open a bug about the issue you were encountering? Please shout if not!
No, I didn't, but I also couldn't reproduce it, I think the change to use passwords from rudder-passwords.conf fixed it. Thanks!
Cool, that's perfect. Thanks for confirming!
- Project changed from Rudder to 34
- Category deleted (
11)
- Project changed from 34 to Rudder
- Category set to Packaging
Also available in: Atom
PDF
Updated by Nicolas PERRON 
Updated by Matthieu CERDA 
Updated by 
Updated by Jonathan CLARKE 
Updated by