cp-ansible icon indicating copy to clipboard operation
cp-ansible copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

confluent.test.ldap role is not idempotent

Open chuck-confluent opened this issue 2 years ago • 1 comments

For Confluent Enterprise Support customers, we would strongly advise you to open a Support ticket which will be addressed within your Support contract SLA at https://support.confluent.io

Describe the issue The confluent.test.ldap role is not idempotent. On subsequent runs, the attempt to add schemas will result in a duplication error.

To Reproduce Run the confluent.test.ldap role twice and see

Expected behaviour On multiple runs, the step to import schema ldif files should be skipped if those files are already present.

Logs Please provide the output of the -vvv switch from Ansible with the failed log snippet. Please also provide the logs of the specific component which has failed. If multiple attempts to run have been made, please provide the start and stop time of the component if known.

The key part here is Duplicate attributeType when adding the cosine.ldif, schema.ldif, and inetorgperson.lidf files. The role should first check if the schemas are present in /etc/openldap/slapd.d/cn\=config/cn\=schema/ before adding them.

failed: [ldap.prod.confluent] (item=ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif) => {"ansible_loop_var": "item", "changed": true, "cmd": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif", "delta": "0:00:00.094716", "end": "2021-09-28 18:06:37.338257", "item": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif", "msg": "non-zero return code", "rc": 80, "start": "2021-09-28 18:06:37.243541", "stderr": "SASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Other (e.g., implementation specific) error (80)\n\tadditional info: olcAttributeTypes: Duplicate attributeType: \"0.9.2342.19200300.100.1.2\"", "stderr_lines": ["SASL/EXTERNAL authentication started", "SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0", "ldap_add: Other (e.g., implementation specific) error (80)", "\tadditional info: olcAttributeTypes: Duplicate attributeType: \"0.9.2342.19200300.100.1.2\""], "stdout": "adding new entry \"cn=cosine,cn=schema,cn=config\"", "stdout_lines": ["adding new entry \"cn=cosine,cn=schema,cn=config\""]}
failed: [ldap.prod.confluent] (item=ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif) => {"ansible_loop_var": "item", "changed": true, "cmd": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif", "delta": "0:00:00.100577", "end": "2021-09-28 18:06:38.149864", "item": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif", "msg": "non-zero return code", "rc": 80, "start": "2021-09-28 18:06:38.049287", "stderr": "SASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Other (e.g., implementation specific) error (80)\n\tadditional info: olcAttributeTypes: Duplicate attributeType: \"1.3.6.1.1.1.1.2\"", "stderr_lines": ["SASL/EXTERNAL authentication started", "SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0", "ldap_add: Other (e.g., implementation specific) error (80)", "\tadditional info: olcAttributeTypes: Duplicate attributeType: \"1.3.6.1.1.1.1.2\""], "stdout": "adding new entry \"cn=nis,cn=schema,cn=config\"", "stdout_lines": ["adding new entry \"cn=nis,cn=schema,cn=config\""]}
failed: [ldap.prod.confluent] (item=ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif) => {"ansible_loop_var": "item", "changed": true, "cmd": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif", "delta": "0:00:00.096954", "end": "2021-09-28 18:06:39.000421", "item": "ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif", "msg": "non-zero return code", "rc": 80, "start": "2021-09-28 18:06:38.903467", "stderr": "SASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Other (e.g., implementation specific) error (80)\n\tadditional info: olcAttributeTypes: Duplicate attributeType: \"2.16.840.1.113730.3.1.1\"", "stderr_lines": ["SASL/EXTERNAL authentication started", "SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth", "SASL SSF: 0", "ldap_add: Other (e.g., implementation specific) error (80)", "\tadditional info: olcAttributeTypes: Duplicate attributeType: \"2.16.840.1.113730.3.1.1\""], "stdout": "adding new entry \"cn=inetorgperson,cn=schema,cn=config\"", "stdout_lines": ["adding new entry \"cn=inetorgperson,cn=schema,cn=config\""]}

Environment (please complete the following information):

  • OS: CentOS 7
  • CP-Ansible Branch: 6.1.1-post
  • Ansible Version: 2.11.0

Additional context Add any other context about the problem here.

chuck-confluent avatar Sep 28 '21 18:09 chuck-confluent

I also suggest using the -c (continue) option with ldapadd to so there is no error when adding users a second time.

chuck-confluent avatar Sep 28 '21 19:09 chuck-confluent