Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-4658

puppetlabs-tomcat : module not configuring multiple LDAP realms

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • None
    • None
    • Needs Assessment

    Description

      Basic Info
      Module Version:
      1.6.1

      Puppet Version:
      2016.4.2

      OS Name/Version:
      RedHat 7.3

      Describe your issue in as much detail as possible...

      Zendesk Issue: https://puppetlabs.zendesk.com/agent/tickets/24305

      Module doesn't configure multiple realms, but instead configures one realm with one statement, then overwrites that realm with the other realm.

      Looking at the tomcat module in manifests/config/server/realm.pp on line 97, it looks like it's still referring to each class name as a unique asset, which gets passed on to Augeas.

      if ! empty($additional_attributes) {
      		 
            $_additional_attributes = suffix(prefix(join_keys_to_values($additional_attributes, " '"), "set ${path}[#attribute/className='${class_name}']/#attribute/"), "'")
      		 
          } else {
      		 
            $_additional_attributes = undef
      		 
          }
      		 
          if ! empty(any2array($attributes_to_remove)) {
      		 
            $_attributes_to_remove = prefix(any2array($attributes_to_remove), "rm ${path}[#attribute/className='${class_name}']/#attribute/")
      		 
          } else {
      		 
            $_attributes_to_remove = undef
      		 
          }

      By comparison, if you use augtool, you can add multiple classnames just by appending a number to the end of the classname.

      It would seem then, that the number of duplicate realms would need to be counted, and then each element passed on to Augeas with that number, like an element ID so that it doesn't stomp on the others.

      The customer has a server.xml with two realms configured, and has gone into augtool and did a print so you can see how it looks in Augeas (puppet_tomcat_augeas_working.txt).

      Compare that to the Augeas output after running this through the Tomcat module as configured in the manifest and the Augeas output (puppet_tomcat_augeas_fail.txt), and you'll see that even though it's accepting both realms now, it's still only passing the classname once back to Augeas.

      When running Puppet (puppet_run_output.txt), you see that it's dropping in the first realm properly, then going back and editing that realm with the second realm, rather than configuring two unique elements.

      Desired Behavior:
      Module should support configuring multiple LDAP realms.

      Actual Behavior:
      Initial LDAP realm is overwritten by second configured realm.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MODULES-6060 tomcat::config::server::realm doesn't work if resource title contains spaces.

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved
          links to

          Web Link puppetlabs-tomcat module doesn't allow for configuration of multiple LDAP realms.

          Activity

            People

              hunter Hunter (Hunner) Haugen
              rod Rodney Treweek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support