Actions
Bug #7064
closed
System object (techniques, directives, rules, groups) must be always enabled
Status:
Released
Priority:
1 (highest)
Assignee:
Category:
Web - Config management
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
Today, we have build Rudder with the system rules actually on the node. If they are not, nothing work.
But system object still have a "isEnabled field", and it is actually used. That a big problem.
Moreover, if one of these object is disabled, the user can't do anything about it (safe invoking LDAP magic).
Updated by François ARMAND over 9 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder/pull/905
Updated by François ARMAND over 9 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset rudder|8a1c76c9d92226ac456af226951993487aa89366.
Updated by Nicolas CHARLES over 9 years ago
Applied in changeset rudder|0d1e7e6420fc60f5bdebd57fbfde628750b7da9e.
Updated by François ARMAND over 9 years ago
- Status changed from Pending release to Released
Updated by Nicolas CHARLES almost 9 years ago
this can be solved by
RUDDER_OPT="/opt/rudder"
LDAP_CREDENTIALS=$(grep -c -E "^ldap.auth(dn|pw)[ \t]*=" /opt/rudder/etc/rudder-web.properties || true)
LDAP_USER="$(grep -E '^ldap.authdn[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d "=" -f 2-)"
LDAP_PASSWORD="$(grep -E '^ldap.authpw[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d "=" -f 2-)"
LDAP_SERVER='localhost'
LDAP_PORT='389'
LDAP_PARAMETERS="-H ldap://${LDAP_SERVER}:${LDAP_PORT}/ -D ${LDAP_USER} -w ${LDAP_PASSWORD} -x"
LDAPMODIFY="ldapmodify ${LDAP_PARAMETERS}"
${LDAPMODIFY} >/dev/null 2>&1 << EOF
dn: activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isEnabled
isEnabled: TRUE
EOF
${LDAPMODIFY} >/dev/null 2>&1 << EOF
dn: ruleId=hasPolicyServer-root,ou=Rules,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isEnabled
isEnabled: TRUE
EOF
${LDAPMODIFY} >/dev/null 2>&1 << EOF
dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isEnabled
isEnabled: TRUE
EOF
And then, clear cache in the web interface
Actions