Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-4658

puppetlabs-tomcat : module not configuring multiple LDAP realms



    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • None
    • None
    • Needs Assessment


      Basic Info
      Module Version:

      Puppet Version:

      OS Name/Version:
      RedHat 7.3

      Describe your issue in as much detail as possible...

      Zendesk Issue: https://puppetlabs.zendesk.com/agent/tickets/24305

      Module doesn't configure multiple realms, but instead configures one realm with one statement, then overwrites that realm with the other realm.

      Looking at the tomcat module in manifests/config/server/realm.pp on line 97, it looks like it's still referring to each class name as a unique asset, which gets passed on to Augeas.

      if ! empty($additional_attributes) {
            $_additional_attributes = suffix(prefix(join_keys_to_values($additional_attributes, " '"), "set ${path}[#attribute/className='${class_name}']/#attribute/"), "'")
          } else {
            $_additional_attributes = undef
          if ! empty(any2array($attributes_to_remove)) {
            $_attributes_to_remove = prefix(any2array($attributes_to_remove), "rm ${path}[#attribute/className='${class_name}']/#attribute/")
          } else {
            $_attributes_to_remove = undef

      By comparison, if you use augtool, you can add multiple classnames just by appending a number to the end of the classname.

      It would seem then, that the number of duplicate realms would need to be counted, and then each element passed on to Augeas with that number, like an element ID so that it doesn't stomp on the others.

      The customer has a server.xml with two realms configured, and has gone into augtool and did a print so you can see how it looks in Augeas (puppet_tomcat_augeas_working.txt).

      Compare that to the Augeas output after running this through the Tomcat module as configured in the manifest and the Augeas output (puppet_tomcat_augeas_fail.txt), and you'll see that even though it's accepting both realms now, it's still only passing the classname once back to Augeas.

      When running Puppet (puppet_run_output.txt), you see that it's dropping in the first realm properly, then going back and editing that realm with the second realm, rather than configuring two unique elements.

      Desired Behavior:
      Module should support configuring multiple LDAP realms.

      Actual Behavior:
      Initial LDAP realm is overwritten by second configured realm.


        Issue Links



              hunter Hunter (Hunner) Haugen
              rod Rodney Treweek
              0 Vote for this issue
              4 Start watching this issue



                Zendesk Support