[GitHub] [trafficcontrol] davidc0le opened a new issue #6674: Ansible Traffic_Ops role creates invalid ldap.conf config file with default variables.

Fri, 18 Mar 2022 07:12:17 -0700 


davidc0le opened a new issue #6674:
URL: https://github.com/apache/trafficcontrol/issues/6674


   ## This Bug Report affects these Traffic Control components:
   - Automation (Ansible) -->
   
   ## Current behavior:
   
   The ldap.conf file is rendered based on the template and ldap variables when 
the traffic_ops role is run. The _to_ldap_setup_ boolean variable is not used 
to determine if the config file should be rendered or not.  It seems that 
Traffic Ops Golang 6.1.0 ( and maybe older versions ) will read the ldap.conf 
file regardless of if the ldap.conf path is defined in cdn.conf, for perl 
backwards compatibility. 
   
   When running the playbook without defining any of the ldap variables ( eg 
to_ldap_hostname ) I end up with a ldap.conf file like this:
   
   ```
   cat /opt/traffic_ops/app/conf/ldap.conf
   {
      "admin_pass" : "",
      "search_base" : "",
      "admin_dn" : "",
      "host" : "",
      "search_query" : "",
      "insecure" : 0
   }
   ```
   
   because that file is in the default conf directory, Traffic Ops Golang will 
read it on service start. This gives the following error:
   
   `Mar 18 12:18:43 vm024572 traffic_ops[39187]: Loading Config: parsing LDAP 
conf '[123 10 32 32 32 34 97 100 109 105 110 95 112 97 115 115 34 32 58 32 34 
34 44 10 32 32 32 34 115 101 97 114 99 104 95 98 97 115 101 34 32 58 32 34 34 
44 10 32 32 32 34 97 100 109 105 110 95 100 110 34 32 58 32 34 34 44 10 32 32 
32 34 104 111 115 116 34 32 58 32 34 34 44 10 32 32 32 34 115 101 97 114 99 104 
95 113 117 101 114 121 34 32 58 32 34 34 44 10 32 32 32 34 105 110 115 101 99 
117 114 101 34 32 58 32 48 10 125 10]': json: cannot unmarshal number into Go 
struct field ConfigLDAP.insecure of type bool`
   
   I'm unsure what the array of numbers means in the error message....
   
   When I alter the _to_ldap_insecure_ in 
infrastructure/ansible/roles/traffic_ops/defaults/main.yml to be a bool instead 
of a number, the error changes to:
   
   `Mar 18 12:46:23 vm024572 traffic_ops[52203]: Loading Config: LDAP conf 
missing admin_pass field
   `
   In both situtations, the daemon does not start.
   
   I think the ldap.conf file should not be rendered in all situation by 
infrastructure/ansible/roles/traffic_ops/tasks/traffic_ops.yml, and a 
conditional should be used instead.
   
   ## Expected behavior:
   
   The traffic_ops role, when using default ldap config should allow the daemon 
to start 
   
   ## Steps to reproduce:
   
   Don't set any LDAP variables, so the defaults are used and then run the 
traffic_ops playbook. 
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to