Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-4658

puppetlabs-tomcat : module not configuring multiple LDAP realms

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Template:
      MODULES Bug Template
    • Team:
      Modules
    • Story Points:
      3
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version:
      1.6.1

      Puppet Version:
      2016.4.2

      OS Name/Version:
      RedHat 7.3

      Describe your issue in as much detail as possible...

      Zendesk Issue: https://puppetlabs.zendesk.com/agent/tickets/24305

      Module doesn't configure multiple realms, but instead configures one realm with one statement, then overwrites that realm with the other realm.

      Looking at the tomcat module in manifests/config/server/realm.pp on line 97, it looks like it's still referring to each class name as a unique asset, which gets passed on to Augeas.

      if ! empty($additional_attributes) {
            $_additional_attributes = suffix(prefix(join_keys_to_values($additional_attributes, " '"), "set ${path}[#attribute/className='${class_name}']/#attribute/"), "'")
          } else {
            $_additional_attributes = undef
          }
          if ! empty(any2array($attributes_to_remove)) {
            $_attributes_to_remove = prefix(any2array($attributes_to_remove), "rm ${path}[#attribute/className='${class_name}']/#attribute/")
          } else {
            $_attributes_to_remove = undef
          }
      

      By comparison, if you use augtool, you can add multiple classnames just by appending a number to the end of the classname.

      It would seem then, that the number of duplicate realms would need to be counted, and then each element passed on to Augeas with that number, like an element ID so that it doesn't stomp on the others.

      The customer has a server.xml with two realms configured, and has gone into augtool and did a print so you can see how it looks in Augeas (puppet_tomcat_augeas_working.txt).

      Compare that to the Augeas output after running this through the Tomcat module as configured in the manifest and the Augeas output (puppet_tomcat_augeas_fail.txt), and you'll see that even though it's accepting both realms now, it's still only passing the classname once back to Augeas.

      When running Puppet (puppet_run_output.txt), you see that it's dropping in the first realm properly, then going back and editing that realm with the second realm, rather than configuring two unique elements.

      Desired Behavior:
      Module should support configuring multiple LDAP realms.

      Actual Behavior:
      Initial LDAP realm is overwritten by second configured realm.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hunter Hunter (Hunner) Haugen
              Reporter:
              rod Rodney Treweek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support