Rudder

It's been decided that is should be a script launched by the migration script from pre 2.6 to 2.6. It would look into the LDAP directory, for entries with OC directive within DN: directiveId=common-root,activeTechniqueId=common
It would look for directiveVariable attributes, with the format LHS[x]:RHS, and replace within RHS all the \\ by \, and all the \" by "

Thank you !

Nicolas CHARLES wrote:

It's been decided that is should be a script launched by the migration script from pre 2.6 to 2.6. It would look into the LDAP directory, for entries with OC directive within DN: directiveId=common-root,activeTechniqueId=common
It would look for directiveVariable attributes, with the format LHS[x]:RHS, and replace within RHS all the \\ by \, and all the \" by "

Thank you !

What do you mean by "OC directive" ?

If I search into dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration I only have one result:

nperron@rudder-snapshot:~$ /opt/rudder/bin/ldapsearch -H ldap://localhost -x -w ${LDAP_PASSWORD} -D ${LDAP_USER} -b 'directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration' -LLL 
dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudde
 r Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configur
 ation
objectClass: directive
objectClass: top
directiveId: common-root
cn: Common
description: Common - Technical
techniqueVersion: 0:1.0
isEnabled: TRUE
isSystem: TRUE
directivePriority: 0
directiveVariable: OWNER[0]:${rudder.node.admin}
directiveVariable: UUID[0]:${rudder.node.id}
directiveVariable: POLICYSERVER[0]:rudder-snapshot-2.6.normation.com
directiveVariable: POLICYSERVER_ID[0]:root
directiveVariable: POLICYSERVER_ADMIN[0]:root
directiveVariable: ALLOWEDNETWORK[0]:192.168.0.0/24
directiveVariable: POLICYCHILDREN[0]:${rudder.hasPolicyServer-root.target.host
 name}
directiveVariable: ADMIN[0]:${rudder.hasPolicyServer-root.target.admin}
directiveVariable: CHILDRENID[0]:${rudder.hasPolicyServer-root.target.id}

This result seems normal to me but I don't understand why we should make actions here.

• If a \\ or a \"blablahbla\" is detected
  then
• Replace it by "blablahbla" or \

It is totally reentrant and only modifies values if matching patterns appear.

Command:

/opt/rudder/bin/ldapsearch -H ldap://localhost -x -w secret -D cn=Manager,cn=rudder-configuration -b 'techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration' -LLL '(&(objectClass=directive)(|(directiveVariable=*\\"*)(directiveVariable=*\\\\*)))' directiveVariable|sed "s/\(ou=Rudder,cn=rudder-configuration\)/\1\nchangetype: modify\nreplace: directiveVariable/"|sed "s/\\\\\"/\"/g"|sed "s%\\\\\\\%\\\%g"|/opt/rudder/bin/ldapmodify -H ldap://localhost -x -w secret -D cn=Manager,cn=rudder-configuration

May I convert this to a migration script unit ?

This looks fine to me.

Be careful though, it is very important that this script is only run once. Users may introduce deliberate \\ or \" in directiveVariables, so please use RPM/deb postinst tests to only run this if oldversion < 2.6 && new version >= 2.6.

I committed a first approach, due to the complexity of the old/new version handling in the SPECfiles.

Is this a good way of doing it ?

PR: https://github.com/Normation/rudder-packages/pull/28

The PR has been fixed and jon acknowledged it. This ticket awaits a merge.

Applied in changeset packages:commit:210f5c25ee52ec1117efb691e2ce2979fa920d7d.

This ticket has been addressed in version 2.6.0~beta1 of Rudder, which has just been released. Please see the changelog here: https://www.rudder-project.org/foswiki/System/Documentation:ChangeLog26.