search

HenryGP / om_ansible

Minimalistic, disposable Ops Manager environment with Ansible
19 stars 17 forks source link

LDAP(s) setup is not idempotent #60

Closed HenryGP closed 4 years ago

HenryGP commented 4 years ago

After at least a second run of the provisioning script, the following error surfaces:

TASK [Setting slapd options] ***************************************************************************************************************************************
fatal: [ldapserver]: FAILED! => {"changed": true, "cmd": "ldapsearch -x -w Password1! -D cn=admin,dc=tsdocker,dc=com -b dc=tsdocker,dc=com && ldapmodify -Y external -H ldapi:/// -f /tmp/slapdlog.ldif && ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/memberof.ldif  && ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/refint.ldif && ldapadd -x -D cn=admin,dc=tsdocker,dc=com -w Password1! -f /tmp/users.ldif && ldapadd -x -D cn=admin,dc=tsdocker,dc=com -w Password1! -f /tmp/groups.ldif && ldapmodify -Y external -H ldapi:/// -f /tmp/olcSSL.ldif && rm -rf /tmp/*.conf /tmp/*.ldif && ldapsearch -x -w Password1! -D cn=admin,dc=tsdocker,dc=com -b dc=tsdocker,dc=com \n", "delta": "0:00:00.134937", "end": "2020-03-16 19:14:50.856149", "msg": "non-zero return code", "rc": 1, "start": "2020-03-16 19:14:50.721212", "stderr": "/tmp/slapdlog.ldif: No such file or directory", "stderr_lines": ["/tmp/slapdlog.ldif: No such file or directory"], "stdout": "# extended LDIF\n#\n# LDAPv3\n# base <dc=tsdocker,dc=com> with scope subtree\n# filter: (objectclass=*)\n# requesting: ALL\n#\n\n# tsdocker.com\ndn: dc=tsdocker,dc=com\nobjectClass: top\nobjectClass: dcObject\nobjectClass: organization\no: TS-DOCKER LDAP SERVER\ndc: tsdocker\n\n# admin, tsdocker.com\ndn: cn=admin,dc=tsdocker,dc=com\nobjectClass: simpleSecurityObject\nobjectClass: organizationalRole\ncn: admin\ndescription: LDAP administrator\nuserPassword:: e1NTSEF9a2xnblBFN1UzM1MyQ2tIeEpLY1NrQXcyOXY3WWVXOFI=\n\n# dbUsers, tsdocker.com\ndn: ou=dbUsers,dc=tsdocker,dc=com\nou: Users\nou: dbUsers\nobjectClass: organizationalUnit\n\n# dba, dbUsers, tsdocker.com\ndn: uid=dba,ou=dbUsers,dc=tsdocker,dc=com\nobjectClass: inetOrgPerson\ncn: database\nsn: administrator\nuid: dba\nuserPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=\n\n# reader, dbUsers, tsdocker.com\ndn: uid=reader,ou=dbUsers,dc=tsdocker,dc=com\nobjectClass: inetOrgPerson\ncn: only\nsn: read\nuid: reader\nuserPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=\n\n# writer, dbUsers, tsdocker.com\ndn: uid=writer,ou=dbUsers,dc=tsdocker,dc=com\nobjectClass: inetOrgPerson\ncn: only\nsn: readandwrite\nuid: writer\nuserPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=\n\n# mms-automation, dbUsers, tsdocker.com\ndn: uid=mms-automation,ou=dbUsers,dc=tsdocker,dc=com\nobjectClass: inetOrgPerson\ncn: automation\nsn: agent\nuid: mms-automation\nuserPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=\n\n# mms-monitoring, dbUsers, tsdocker.com\ndn: uid=mms-monitoring,ou=dbUsers,dc=tsdocker,dc=com\nobjectClass: inetOrgPerson\ncn: monitoring\nsn: agent\nuid: mms-monitoring\nuserPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=\n\n# mms-backup, dbUsers, tsdocker.com\ndn: uid=mms-backup,ou=dbUsers,dc=tsdocker,dc=com\nobjectClass: inetOrgPerson\ncn: backup\nsn: agent\nuid: mms-backup\nuserPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=\n\n# omusers, tsdocker.com\ndn: ou=omusers,dc=tsdocker,dc=com\nou: omusers\nobjectClass: top\nobjectClass: organizationalUnit\n\n# owner, omusers, tsdocker.com\ndn: uid=owner,ou=omusers,dc=tsdocker,dc=com\nuid: owner\nobjectClass: top\nobjectClass: account\nobjectClass: simpleSecurityObject\nuserPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=\n\n# reader, omusers, tsdocker.com\ndn: uid=reader,ou=omusers,dc=tsdocker,dc=com\nuid: reader\nobjectClass: top\nobjectClass: account\nobjectClass: simpleSecurityObject\nuserPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=\n\n# admin, omusers, tsdocker.com\ndn: uid=admin,ou=omusers,dc=tsdocker,dc=com\nuid: admin\nobjectClass: top\nobjectClass: account\nobjectClass: simpleSecurityObject\nuserPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=\n\n# dbRoles, tsdocker.com\ndn: ou=dbRoles,dc=tsdocker,dc=com\nou: groups\nou: dbRoles\nobjectClass: organizationalUnit\n\n# readWriteAnyDatabase, dbRoles, tsdocker.com\ndn: cn=readWriteAnyDatabase,ou=dbRoles,dc=tsdocker,dc=com\nobjectClass: groupOfNames\ncn: readWriteAnyDatabase\nmember: uid=writer,ou=dbUsers,dc=tsdocker,dc=com\n\n# read, dbRoles, tsdocker.com\ndn: cn=read,ou=dbRoles,dc=tsdocker,dc=com\nobjectClass: groupOfNames\ncn: read\nmember: uid=reader,ou=DbUsers,dc=tsdocker,dc=com\n\n# dbAdmin, dbRoles, tsdocker.com\ndn: cn=dbAdmin,ou=dbRoles,dc=tsdocker,dc=com\nobjectClass: groupOfNames\ncn: dbAdmin\nmember: uid=dba,ou=dbUsers,dc=tsdocker,dc=com\n\n# automation, dbRoles, tsdocker.com\ndn: cn=automation,ou=dbRoles,dc=tsdocker,dc=com\nobjectClass: groupOfNames\ncn: automation\nmember: uid=mms-automation,ou=dbUsers,dc=tsdocker,dc=com\n\n# monitoring, dbRoles, tsdocker.com\ndn: cn=monitoring,ou=dbRoles,dc=tsdocker,dc=com\nobjectClass: groupOfNames\ncn: monitoring\nmember: uid=mms-monitoring,ou=dbUsers,dc=tsdocker,dc=com\n\n# backup, dbRoles, tsdocker.com\ndn: cn=backup,ou=dbRoles,dc=tsdocker,dc=com\nobjectClass: groupOfNames\ncn: backup\nmember: uid=mms-backup,ou=dbUsers,dc=tsdocker,dc=com\n\n# omgroups, tsdocker.com\ndn: ou=omgroups,dc=tsdocker,dc=com\nou: groups\nou: omgroups\nobjectClass: top\nobjectClass: organizationalUnit\n\n# owners, omgroups, tsdocker.com\ndn: cn=owners,ou=omgroups,dc=tsdocker,dc=com\ncn: owners\nobjectClass: top\nobjectClass: groupOfNames\nmember: uid=owner,ou=omusers,dc=tsdocker,dc=com\nmember: uid=admin,ou=omusers,dc=tsdocker,dc=com\n\n# readers, omgroups, tsdocker.com\ndn: cn=readers,ou=omgroups,dc=tsdocker,dc=com\ncn: readers\nobjectClass: top\nobjectClass: groupOfNames\nmember: uid=reader,ou=omusers,dc=tsdocker,dc=com\n\n# search result\nsearch: 2\nresult: 0 Success\n\n# numResponses: 24\n# numEntries: 23", "stdout_lines": ["# extended LDIF", "#", "# LDAPv3", "# base <dc=tsdocker,dc=com> with scope subtree", "# filter: (objectclass=*)", "# requesting: ALL", "#", "", "# tsdocker.com", "dn: dc=tsdocker,dc=com", "objectClass: top", "objectClass: dcObject", "objectClass: organization", "o: TS-DOCKER LDAP SERVER", "dc: tsdocker", "", "# admin, tsdocker.com", "dn: cn=admin,dc=tsdocker,dc=com", "objectClass: simpleSecurityObject", "objectClass: organizationalRole", "cn: admin", "description: LDAP administrator", "userPassword:: e1NTSEF9a2xnblBFN1UzM1MyQ2tIeEpLY1NrQXcyOXY3WWVXOFI=", "", "# dbUsers, tsdocker.com", "dn: ou=dbUsers,dc=tsdocker,dc=com", "ou: Users", "ou: dbUsers", "objectClass: organizationalUnit", "", "# dba, dbUsers, tsdocker.com", "dn: uid=dba,ou=dbUsers,dc=tsdocker,dc=com", "objectClass: inetOrgPerson", "cn: database", "sn: administrator", "uid: dba", "userPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=", "", "# reader, dbUsers, tsdocker.com", "dn: uid=reader,ou=dbUsers,dc=tsdocker,dc=com", "objectClass: inetOrgPerson", "cn: only", "sn: read", "uid: reader", "userPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=", "", "# writer, dbUsers, tsdocker.com", "dn: uid=writer,ou=dbUsers,dc=tsdocker,dc=com", "objectClass: inetOrgPerson", "cn: only", "sn: readandwrite", "uid: writer", "userPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=", "", "# mms-automation, dbUsers, tsdocker.com", "dn: uid=mms-automation,ou=dbUsers,dc=tsdocker,dc=com", "objectClass: inetOrgPerson", "cn: automation", "sn: agent", "uid: mms-automation", "userPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=", "", "# mms-monitoring, dbUsers, tsdocker.com", "dn: uid=mms-monitoring,ou=dbUsers,dc=tsdocker,dc=com", "objectClass: inetOrgPerson", "cn: monitoring", "sn: agent", "uid: mms-monitoring", "userPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=", "", "# mms-backup, dbUsers, tsdocker.com", "dn: uid=mms-backup,ou=dbUsers,dc=tsdocker,dc=com", "objectClass: inetOrgPerson", "cn: backup", "sn: agent", "uid: mms-backup", "userPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=", "", "# omusers, tsdocker.com", "dn: ou=omusers,dc=tsdocker,dc=com", "ou: omusers", "objectClass: top", "objectClass: organizationalUnit", "", "# owner, omusers, tsdocker.com", "dn: uid=owner,ou=omusers,dc=tsdocker,dc=com", "uid: owner", "objectClass: top", "objectClass: account", "objectClass: simpleSecurityObject", "userPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=", "", "# reader, omusers, tsdocker.com", "dn: uid=reader,ou=omusers,dc=tsdocker,dc=com", "uid: reader", "objectClass: top", "objectClass: account", "objectClass: simpleSecurityObject", "userPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=", "", "# admin, omusers, tsdocker.com", "dn: uid=admin,ou=omusers,dc=tsdocker,dc=com", "uid: admin", "objectClass: top", "objectClass: account", "objectClass: simpleSecurityObject", "userPassword:: e1NTSEF9NURqVDdJQy84cUlVZ3J1eUxXSkk0alRrcXJjVHpUVXU=", "", "# dbRoles, tsdocker.com", "dn: ou=dbRoles,dc=tsdocker,dc=com", "ou: groups", "ou: dbRoles", "objectClass: organizationalUnit", "", "# readWriteAnyDatabase, dbRoles, tsdocker.com", "dn: cn=readWriteAnyDatabase,ou=dbRoles,dc=tsdocker,dc=com", "objectClass: groupOfNames", "cn: readWriteAnyDatabase", "member: uid=writer,ou=dbUsers,dc=tsdocker,dc=com", "", "# read, dbRoles, tsdocker.com", "dn: cn=read,ou=dbRoles,dc=tsdocker,dc=com", "objectClass: groupOfNames", "cn: read", "member: uid=reader,ou=DbUsers,dc=tsdocker,dc=com", "", "# dbAdmin, dbRoles, tsdocker.com", "dn: cn=dbAdmin,ou=dbRoles,dc=tsdocker,dc=com", "objectClass: groupOfNames", "cn: dbAdmin", "member: uid=dba,ou=dbUsers,dc=tsdocker,dc=com", "", "# automation, dbRoles, tsdocker.com", "dn: cn=automation,ou=dbRoles,dc=tsdocker,dc=com", "objectClass: groupOfNames", "cn: automation", "member: uid=mms-automation,ou=dbUsers,dc=tsdocker,dc=com", "", "# monitoring, dbRoles, tsdocker.com", "dn: cn=monitoring,ou=dbRoles,dc=tsdocker,dc=com", "objectClass: groupOfNames", "cn: monitoring", "member: uid=mms-monitoring,ou=dbUsers,dc=tsdocker,dc=com", "", "# backup, dbRoles, tsdocker.com", "dn: cn=backup,ou=dbRoles,dc=tsdocker,dc=com", "objectClass: groupOfNames", "cn: backup", "member: uid=mms-backup,ou=dbUsers,dc=tsdocker,dc=com", "", "# omgroups, tsdocker.com", "dn: ou=omgroups,dc=tsdocker,dc=com", "ou: groups", "ou: omgroups", "objectClass: top", "objectClass: organizationalUnit", "", "# owners, omgroups, tsdocker.com", "dn: cn=owners,ou=omgroups,dc=tsdocker,dc=com", "cn: owners", "objectClass: top", "objectClass: groupOfNames", "member: uid=owner,ou=omusers,dc=tsdocker,dc=com", "member: uid=admin,ou=omusers,dc=tsdocker,dc=com", "", "# readers, omgroups, tsdocker.com", "dn: cn=readers,ou=omgroups,dc=tsdocker,dc=com", "cn: readers", "objectClass: top", "objectClass: groupOfNames", "member: uid=reader,ou=omusers,dc=tsdocker,dc=com", "", "# search result", "search: 2", "result: 0 Success", "", "# numResponses: 24", "# numEntries: 23"]}
...ignoring

TASK [Setting slapd TLS options] ***********************************************************************************************************************************
fatal: [ldapserver]: FAILED! => {"changed": true, "cmd": "ldapmodify -Y external -H ldapi:/// -f /tmp/olcSSL.ldif", "delta": "0:00:00.015074", "end": "2020-03-16 19:14:51.406749", "msg": "non-zero return code", "rc": 1, "start": "2020-03-16 19:14:51.391675", "stderr": "/tmp/olcSSL.ldif: No such file or directory", "stderr_lines": ["/tmp/olcSSL.ldif: No such file or directory"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [Configuring default Slapd settings] **************************************************************************************************************************
ok: [ldapserver]

TASK [Configuring client ldap settings] ****************************************************************************************************************************
ok: [ldapserver]

TASK [Re-starting Slapd to enable TLS] *****************************************************************************************************************************
fatal: [ldapserver]: FAILED! => {"changed": false, "msg": " * Stopping OpenLDAP slapd\n   ...done.\n * Starting OpenLDAP slapd\n   ...fail!\n"}
...ignoring

TASK [Wait for port 636 to become available] ***********************************************************************************************************************
fatal: [ldapserver]: FAILED! => {"changed": false, "elapsed": 900, "msg": "Timeout when waiting for ldapserver:636"}
...ignoring
HenryGP commented 4 years ago

Addressed by #61 and #64 as per the above thread.