Closed sticky-note closed 4 years ago
@sticky-note If I understand correctly, this is built upon #43, so let's resolve the issues there before coming back to this.
@myii as forecasted, tests are failing
@sticky-note No problem, I've got the fixes for you. But I've come across a different problem: if I actually enable the ldap
values in pillar.example
, the formula states don't even complete:
ID: dhcpd.conf
Function: file.managed
Name: /etc/dhcp/dhcpd.conf
Result: False
Comment: check_cmd execution failed
Internet Systems Consortium DHCP Server 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
/etc/dhcp/tmp.Gf9jcLGwGC line 18: semicolon expected.
ldap-server "localhost"
^
/etc/dhcp/tmp.Gf9jcLGwGC line 19: semicolon expected.
ldap-port 389;
^
/etc/dhcp/tmp.Gf9jcLGwGC line 20: semicolon expected.
ldap-username "cn=dhcpadmin,dc=example,dc=com"
^
/etc/dhcp/tmp.Gf9jcLGwGC line 21: semicolon expected.
ldap-password "dhcppassword"
^
/etc/dhcp/tmp.Gf9jcLGwGC line 22: semicolon expected.
ldap-base-dn "ou=dhcp,dc=example,dc=com"
^
/etc/dhcp/tmp.Gf9jcLGwGC line 23: semicolon expected.
ldap-method dynamic;
^
/etc/dhcp/tmp.Gf9jcLGwGC line 24: semicolon expected.
ldap-debug-file "/var/log/dhcp-ldap-startup.log"
^
WARNING: Host declarations are global. They are not limited to the scope you declared them in.
Configuration file errors encountered -- exiting
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging.
exiting.
If that's the case, then this PR needs adjusting before anything. Can you confirm that on your side? I can run Travis at the moment because I've got a number of other runs going on.
@sticky-note This is the fix for the tests to get it working as-is:
Still need to check the failures when enabling the ldap
values, though.
@sticky-note So as mentioned, I've now been able to reproduce those errors in Travis:
All of the instances are tripping up at the check_cmd
:
@Myii I am not able to reproduce, with myii/feat/config-ldap
on stretch
vagrant
box, I get :
ID: dhcpd.conf
Function: file.managed
Name: /etc/dhcp/dhcpd.conf
Result: False
Comment: check_cmd execution failed
Internet Systems Consortium DHCP Server 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
WARNING: Host declarations are global. They are not limited to the scope you declared them in.
Error: Cannot login into ldap server localhost:389: Can't contact LDAP server
Configuration file errors encountered -- exiting
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging.
exiting.
Started: 13:54:33.836694
Duration: 1477.157 ms
Changes:
@myii I wasn't able to reproduce because I hat dhcpd
from isc-openldap-server-ldap
which is able to parse ldap-*
directives.
dhcp
from isc-dhcp-server
can't parse those properties.
To be able to test those properties on dhcpd
from isc-openldap-server-ldap
, we need to have an LDAP
server running and containing the base configuration for dhcpd
@sticky-note I see that error as well in Travis, we've got both examples there.
debian-10
:
semicolon expected
errorsamazonlinux-2
:
Can't contact LDAP server
errorThe problem is that we still need to be able to confirm this is working. This can be done by preparing a second test suite. You can use the outline I've provided here:
This results in the Travis job getting through that state and only tripping up on the service.running
:
Looking at the journal, the reason is as you stated above, that the base configuration for dhcpd
isn't available yet:
... systemd[1]: Starting LSB: DHCP server...
-- Subject: A start job for unit isc-dhcp-server.service has begun execution
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit isc-dhcp-server.service has begun execution.
--
-- The job identifier is 163.
... isc-dhcp-server[917]: Launching both IPv4 and IPv6 servers (please configure INTERFACES in /etc/default/isc-dhcp-server if you only want one or the other).
... dhcpd[929]: Wrote 0 leases to leases file.
... dhcpd[929]:
... dhcpd[929]: No subnet declaration for eth0 (172.17.0.2).
... dhcpd[929]: ** Ignoring requests on eth0. If this is not what
... dhcpd[929]: you want, please write a subnet declaration
... dhcpd[929]: in your dhcpd.conf file for the network segment
... dhcpd[929]: to which interface eth0 is attached. **
... dhcpd[929]:
... dhcpd[929]:
... dhcpd[929]: Not configured to listen on any interfaces!
... dhcpd[929]:
... dhcpd[929]: If you think you have received this message due to a bug rather
... dhcpd[929]: than a configuration issue please read the section on submitting
... dhcpd[929]: bugs on either our web page at www.isc.org or in the README file
... dhcpd[929]: before submitting a bug. These pages explain the proper
... dhcpd[929]: process and the information we find helpful for debugging.
... dhcpd[929]:
... dhcpd[929]: exiting.
... dhcpd[929]: than a configuration issue please read the section on submitting
... dhcpd[929]: bugs on either our web page at www.isc.org or in the README file
... dhcpd[929]: before submitting a bug. These pages explain the proper
... dhcpd[929]: process and the information we find helpful for debugging.
... dhcpd[929]:
... dhcpd[929]: exiting.
... isc-dhcp-server[917]: Starting ISC DHCPv4 server: dhcpdcheck syslog for diagnostics. ... failed!
... isc-dhcp-server[917]: failed!
... systemd[1]: isc-dhcp-server.service: Control process exited, code=exited, status=1/FAILURE
So there are two ways forward here:
openldap-formula
myself but since you're familiar with it, would the dhcpd
configuration be possible to add to the specific test pillar test/salt/pillar/openldap.sls
?service.running
state if enabled (which it will be by default). Then, at least, we can run all of the other states to verify things are proceeding as they should.As you try things out at your end, you test it out using:
$ bin/kitchen verify ldap-debian-10-master-py3
@Myii You have to fill base configuration for dhcpd
, it can be done via ldap.managed
state which depend on python3-ldap
python module. I am working on parsing dhcpd-formula
pillar to fill that correctly. All docs are here https://github.com/isc-projects/dhcp/tree/master/contrib/ldap.
But I am working on a version generated by ldap-account-manager
which seems to be compliant too
So there are two ways forward here:
- I've not used
openldap-formula
myself but since you're familiar with it, would thedhcpd
configuration be possible to add to the specific test pillartest/salt/pillar/openldap.sls
?- If not, we could introduce a Jinja conditional that only executes the
service.running
state if enabled (which it will be by default). Then, at least, we can run all of the other states to verify things are proceeding as they should.
@sticky-note So shall we just do number 2 for now?
Thanks, @sticky-note. Testing against ldap
is going to take more effort, so let's get this merged for now.
:tada: This PR is included in version 0.11.0 :tada:
The release is available on GitHub release
Your semantic-release bot :package::rocket:
@myii I have juste realized that dhcpd.conf
and dhcpd
configuration stored in LDAP are mixed up when used together so we can test LDAP connection and dhcpd.conf
without filling dhcp
configuration in LDAP
@sticky-note Sure, please send through another PR with the changes. Don't worry too much if the verification stage fails again, I've tightened up the tests in this formula a lot, as a way of checking how useful that approach is.
PR progress checklist (to be filled in by reviewers)
What type of PR is this?
Primary type
[build]
Changes related to the build system[chore]
Changes to the build process or auxiliary tools and libraries such as documentation generation[ci]
Changes to the continuous integration configuration[feat]
A new feature[fix]
A bug fix[perf]
A code change that improves performance[refactor]
A code change that neither fixes a bug nor adds a feature[revert]
A change used to revert a previous commit[style]
Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)Secondary type
[docs]
Documentation changes[test]
Adding missing or correcting existing testsDoes this PR introduce a
BREAKING CHANGE
?No.
Related issues and/or pull requests
Describe the changes you're proposing
Add ldap backend support
Pillar / config required to test the proposed changes
Debug log showing how the proposed changes work
Documentation checklist
README
(e.g.Available states
).pillar.example
.Testing checklist
state_top
).Additional context