This is subtly bad. The service (slapd) must be spun up before a database can be created. That makes sense. However, it means the service happens before Openldap::Server::Database ... and there is more going on in manifests/server/database.pp than just the openldap_database creation: there is also the creation of File[$manage_directory]. In most folks' cases, this directory will be /var/lib/ldap, which happens to be installed by the RPM/dpkg package, so "you get it for free" / it already exists and the file creation doesn't need to be done by puppet. However, if you set the directory to something else (that doesn't exist), you have a circular dependency problem. slapd (the service) needs the database directory to exist before slapd starts up -> slapd is ordered before the database manifest -> the database manifest creates the database directory -> the database directory has to happen before the service.
Ultimately, the ordering is in error. The service has to happen before openldap_database BUT NOT all of the ridealong items in openldap::server::database. That breaks out of the dependency loop, and allows the directory creation to be marked as required before the Service is started.
Very likely, most folks are running one-DB-only in /var/lib/ldap (which matches most examples) and haven't tickled this issue. That said, OpenLDAP maintainers are advising you to use subdirectories which puts this into the realm of needing to make a directory upon install.
Pull Request (PR) description
There is an ordering in
manifests/server/database.pp
:This is subtly bad. The service (slapd) must be spun up before a database can be created. That makes sense. However, it means the service happens before
Openldap::Server::Database
... and there is more going on inmanifests/server/database.pp
than just theopenldap_database
creation: there is also the creation ofFile[$manage_directory]
. In most folks' cases, this directory will be/var/lib/ldap
, which happens to be installed by the RPM/dpkg package, so "you get it for free" / it already exists and the file creation doesn't need to be done by puppet. However, if you set the directory to something else (that doesn't exist), you have a circular dependency problem.slapd
(the service) needs the database directory to exist before slapd starts up -> slapd is ordered before the database manifest -> the database manifest creates the database directory -> the database directory has to happen before the service.Ultimately, the ordering is in error. The service has to happen before
openldap_database
BUT NOT all of the ridealong items inopenldap::server::database
. That breaks out of the dependency loop, and allows the directory creation to be marked as required before the Service is started.Very likely, most folks are running one-DB-only in
/var/lib/ldap
(which matches most examples) and haven't tickled this issue. That said, OpenLDAP maintainers are advising you to use subdirectories which puts this into the realm of needing to make a directory upon install.