-
-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When specifying LDAP configuration, puppet creates a gitlab.rb file with the wrong syntax #92
Comments
I've resorted to using the older format entries, since at least those will override a badly-formed ldap_servers entry. |
You're missing a level of definition. You need to have the configuration under the name of a specific server. ( class {'gitlab':
gitlab_rails = > {
ldap_enabled => true,
ldap_servers => {
main => { <--you're missing this block in your definition based on your output
active_directory => true,
....
}
}
}
} |
This appears to have broken LDAP in 1.11.0... it worked fine in 1.10.0 Here is the change during the run... you can see it's adding extra EOS where it shouldn't: -gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
- main: # 'main' is the GitLab 'provider ID' of this LDAP server
- label: 'LDAP'
- host: 'ldap.domain.loc'
- port: 636
- uid: 'sAMAccountName'
- method: 'ssl' # "tls" or "ssl" or "plain"
- bind_dn: 'CN=gitlab,OU=Users,DC=domain,DC=loc'
- password: 'Password'
- active_directory: true
- allow_username_or_email_login: true
- block_auto_created_users: false
- base: 'DC=domain,DC=loc'
-# user_filter: ''
-# ## EE only
-# group_base: ''
-# admin_group: ''
-# sync_ssh_keys: false
+gitlab_rails['ldap_servers'] = YAML.load <<-EOS
+--- |
+ YAML.load <<-'EOS' # remember to close this block with 'EOS' below
+ main: # 'main' is the GitLab 'provider ID' of this LDAP server
+ label: 'LDAP'
+ host: 'ldap.domain.loc'
+ port: 636
+ uid: 'sAMAccountName'
+ method: 'ssl' # "tls" or "ssl" or "plain"
+ bind_dn: 'CN=gitlab,OU=Users,DC=domain,DC=loc'
+ password: 'Password'
+ active_directory: true
+ allow_username_or_email_login: true
+ block_auto_created_users: false
+ base: 'DC=domain,DC=loc'
+ # user_filter: ''
+ # ## EE only
+ # group_base: ''
+ # admin_group: ''
+ # sync_ssh_keys: false
+ EOS
EOS
- Here was the working Hiera that worked in 1.10.0 just fine: ---
gitlab::gitlab_rails:
ldap_servers: |
YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'ldap.domain.loc'
port: 636
uid: 'sAMAccountName'
method: 'ssl' # "tls" or "ssl" or "plain"
bind_dn: 'CN=gitlab,OU=Users,DC=domain,DC=loc'
password: 'Password'
active_directory: true
allow_username_or_email_login: true
block_auto_created_users: false
base: 'DC=domain,DC=loc'
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
EOS |
problem is rolling back to 1.10.0 removes the Info: Class[Gitlab::Service]: Scheduling refresh of Service[gitlab-runsvdir]
Notice: /Stage[main]/Gitlab::Service/File[/etc/init.d/gitlab-runsvdir]/ensure: created
Error: /Stage[main]/Gitlab::Service/Service[gitlab-runsvdir]: Failed to call refresh: Systemd restart for gitlab-runsvdir failed!
journalctl log for gitlab-runsvdir:
-- No entries --
Error: /Stage[main]/Gitlab::Service/Service[gitlab-runsvdir]: Systemd restart for gitlab-runsvdir failed!
journalctl log for gitlab-runsvdir:
-- No entries -- Is there anyway to roll back the 1.11.0 break for LDAP but fix the gitlab-runsvdir issue here? Maybe a 1.10.1 release? or 1.12.0? |
I can confirm that this is closed by 1.13.3 release. |
Thanks for confirming, we'll close this issue then. |
The format of the LDAP parameters in gitlab.rb which are generated by Puppet using this module are incorrect.
Correct format as shown in the docu and the example gitlab.rb file :
( The following example is of the puppetrun deleting the right format within the original gitlab.rb: )
-# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
-# main: # 'main' is the GitLab 'provider ID' of this LDAP server
-# label: 'LDAP'
-# host: '_your_ldap_server'
-# port: 389
-# uid: 'sAMAccountName'
-# method: 'plain' # "tls" or "ssl" or "plain"
-# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-# password: '_the_password_of_the_bind_user'
-# active_directory: true
-# allow_username_or_email_login: false
-# block_auto_created_users: false
-# base: ''
-# user_filter: ''
-# attributes:
-# username: ['uid', 'userid', 'sAMAccountName']
-# email: ['mail', 'email', 'userPrincipalName']
-# name: 'cn'
-# first_name: 'givenName'
-# last_name: 'sn'
-# ## EE only
-# group_base: ''
-# admin_group: ''
-# sync_ssh_keys: false
-#
-# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
-# label: 'LDAP'
-# host: '_your_ldap_server'
-# port: 389
-# uid: 'sAMAccountName'
-# method: 'plain' # "tls" or "ssl" or "plain"
-# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-# password: '_the_password_of_the_bind_user'
-# active_directory: true
-# allow_username_or_email_login: false
-# block_auto_created_users: false
-# base: ''
-# user_filter: ''
-# attributes:
-# username: ['uid', 'userid', 'sAMAccountName']
-# email: ['mail', 'email', 'userPrincipalName']
-# name: 'cn'
-# first_name: 'givenName'
-# last_name: 'sn'
-# ## EE only
-# group_base: ''
-# admin_group: ''
-# sync_ssh_keys: false
-# EOS
Wrong format as stored in gitlab.rb after the puppetrun:
+gitlab_rails['ldap_servers'] = {"active_directory"=>true, "base"=>"DC=com", "bind_dn"=>"", "host"=>"ldap.com", "label"=>"LDAP", "method"=>"plain", "password"=>"Ikwilkaas1", "port"=>389, "user_filter"=>"OU=Amsterdam,DC=com"}
Puppet should store the configuration as the
The text was updated successfully, but these errors were encountered: