cp-ansible
cp-ansible copied to clipboard
confluent.test.ldap role is not idempotent
For Confluent Enterprise Support customers, we would strongly advise you to open a Support ticket which will be addressed within your Support contract SLA at https://support.confluent.io
Describe the issue The confluent.test.ldap role is not idempotent. On subsequent runs, the attempt to add schemas will result in a duplication error.
To Reproduce Run the confluent.test.ldap role twice and see
Expected behaviour On multiple runs, the step to import schema ldif files should be skipped if those files are already present.
Logs
Please provide the output of the -vvv
switch from Ansible with the failed log snippet. Please also provide the logs of the specific component which has failed. If multiple attempts to run have been made, please provide the start and stop time of the component if known.
The key part here is Duplicate attributeType
when adding the cosine.ldif
, schema.ldif
, and inetorgperson.lidf
files. The role should first check if the schemas are present in /etc/openldap/slapd.d/cn\=config/cn\=schema/
before adding them.
failed: [ldap.prod.confluent] (item=ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif) => {"ansible_loop_var": "item", "changed": true, "cmd": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif", "delta": "0:00:00.094716", "end": "2021-09-28 18:06:37.338257", "item": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif", "msg": "non-zero return code", "rc": 80, "start": "2021-09-28 18:06:37.243541", "stderr": "SASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Other (e.g., implementation specific) error (80)\n\tadditional info: olcAttributeTypes: Duplicate attributeType: \"0.9.2342.19200300.100.1.2\"", "stderr_lines": ["SASL/EXTERNAL authentication started", "SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0", "ldap_add: Other (e.g., implementation specific) error (80)", "\tadditional info: olcAttributeTypes: Duplicate attributeType: \"0.9.2342.19200300.100.1.2\""], "stdout": "adding new entry \"cn=cosine,cn=schema,cn=config\"", "stdout_lines": ["adding new entry \"cn=cosine,cn=schema,cn=config\""]}
failed: [ldap.prod.confluent] (item=ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif) => {"ansible_loop_var": "item", "changed": true, "cmd": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif", "delta": "0:00:00.100577", "end": "2021-09-28 18:06:38.149864", "item": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif", "msg": "non-zero return code", "rc": 80, "start": "2021-09-28 18:06:38.049287", "stderr": "SASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Other (e.g., implementation specific) error (80)\n\tadditional info: olcAttributeTypes: Duplicate attributeType: \"1.3.6.1.1.1.1.2\"", "stderr_lines": ["SASL/EXTERNAL authentication started", "SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0", "ldap_add: Other (e.g., implementation specific) error (80)", "\tadditional info: olcAttributeTypes: Duplicate attributeType: \"1.3.6.1.1.1.1.2\""], "stdout": "adding new entry \"cn=nis,cn=schema,cn=config\"", "stdout_lines": ["adding new entry \"cn=nis,cn=schema,cn=config\""]}
failed: [ldap.prod.confluent] (item=ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif) => {"ansible_loop_var": "item", "changed": true, "cmd": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif", "delta": "0:00:00.096954", "end": "2021-09-28 18:06:39.000421", "item": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif", "msg": "non-zero return code", "rc": 80, "start": "2021-09-28 18:06:38.903467", "stderr": "SASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Other (e.g., implementation specific) error (80)\n\tadditional info: olcAttributeTypes: Duplicate attributeType: \"2.16.840.1.113730.3.1.1\"", "stderr_lines": ["SASL/EXTERNAL authentication started", "SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0", "ldap_add: Other (e.g., implementation specific) error (80)", "\tadditional info: olcAttributeTypes: Duplicate attributeType: \"2.16.840.1.113730.3.1.1\""], "stdout": "adding new entry \"cn=inetorgperson,cn=schema,cn=config\"", "stdout_lines": ["adding new entry \"cn=inetorgperson,cn=schema,cn=config\""]}
Environment (please complete the following information):
- OS: CentOS 7
- CP-Ansible Branch: 6.1.1-post
- Ansible Version: 2.11.0
Additional context Add any other context about the problem here.
I also suggest using the -c
(continue) option with ldapadd
to so there is no error when adding users a second time.