When specifying LDAP configuration, puppet creates a gitlab.rb file with the wrong syntax #92
Comments
|
I've resorted to using the older format entries, since at least those will override a badly-formed ldap_servers entry. |
|
You're missing a level of definition. You need to have the configuration under the name of a specific server. ( class {'gitlab':
gitlab_rails = > {
ldap_enabled => true,
ldap_servers => {
main => { <--you're missing this block in your definition based on your output
active_directory => true,
....
}
}
}
} |
|
This appears to have broken LDAP in 1.11.0... it worked fine in 1.10.0 Here is the change during the run... you can see it's adding extra EOS where it shouldn't: -gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
- main: # 'main' is the GitLab 'provider ID' of this LDAP server
- label: 'LDAP'
- host: 'ldap.domain.loc'
- port: 636
- uid: 'sAMAccountName'
- method: 'ssl' # "tls" or "ssl" or "plain"
- bind_dn: 'CN=gitlab,OU=Users,DC=domain,DC=loc'
- password: 'Password'
- active_directory: true
- allow_username_or_email_login: true
- block_auto_created_users: false
- base: 'DC=domain,DC=loc'
-# user_filter: ''
-# ## EE only
-# group_base: ''
-# admin_group: ''
-# sync_ssh_keys: false
+gitlab_rails['ldap_servers'] = YAML.load <<-EOS
+--- |
+ YAML.load <<-'EOS' # remember to close this block with 'EOS' below
+ main: # 'main' is the GitLab 'provider ID' of this LDAP server
+ label: 'LDAP'
+ host: 'ldap.domain.loc'
+ port: 636
+ uid: 'sAMAccountName'
+ method: 'ssl' # "tls" or "ssl" or "plain"
+ bind_dn: 'CN=gitlab,OU=Users,DC=domain,DC=loc'
+ password: 'Password'
+ active_directory: true
+ allow_username_or_email_login: true
+ block_auto_created_users: false
+ base: 'DC=domain,DC=loc'
+ # user_filter: ''
+ # ## EE only
+ # group_base: ''
+ # admin_group: ''
+ # sync_ssh_keys: false
+ EOS
EOS
-Here was the working Hiera that worked in 1.10.0 just fine: ---
gitlab::gitlab_rails:
ldap_servers: |
YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
host: 'ldap.domain.loc'
port: 636
uid: 'sAMAccountName'
method: 'ssl' # "tls" or "ssl" or "plain"
bind_dn: 'CN=gitlab,OU=Users,DC=domain,DC=loc'
password: 'Password'
active_directory: true
allow_username_or_email_login: true
block_auto_created_users: false
base: 'DC=domain,DC=loc'
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
EOS |
|
problem is rolling back to 1.10.0 removes the Info: Class[Gitlab::Service]: Scheduling refresh of Service[gitlab-runsvdir]
Notice: /Stage[main]/Gitlab::Service/File[/etc/init.d/gitlab-runsvdir]/ensure: created
Error: /Stage[main]/Gitlab::Service/Service[gitlab-runsvdir]: Failed to call refresh: Systemd restart for gitlab-runsvdir failed!
journalctl log for gitlab-runsvdir:
-- No entries --
Error: /Stage[main]/Gitlab::Service/Service[gitlab-runsvdir]: Systemd restart for gitlab-runsvdir failed!
journalctl log for gitlab-runsvdir:
-- No entries --Is there anyway to roll back the 1.11.0 break for LDAP but fix the gitlab-runsvdir issue here? Maybe a 1.10.1 release? or 1.12.0? |
|
I can confirm that this is closed by 1.13.3 release. |
|
Thanks for confirming, we'll close this issue then. |
The format of the LDAP parameters in gitlab.rb which are generated by Puppet using this module are incorrect.
Correct format as shown in the docu and the example gitlab.rb file :
( The following example is of the puppetrun deleting the right format within the original gitlab.rb: )
-# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
-# main: # 'main' is the GitLab 'provider ID' of this LDAP server
-# label: 'LDAP'
-# host: '_your_ldap_server'
-# port: 389
-# uid: 'sAMAccountName'
-# method: 'plain' # "tls" or "ssl" or "plain"
-# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-# password: '_the_password_of_the_bind_user'
-# active_directory: true
-# allow_username_or_email_login: false
-# block_auto_created_users: false
-# base: ''
-# user_filter: ''
-# attributes:
-# username: ['uid', 'userid', 'sAMAccountName']
-# email: ['mail', 'email', 'userPrincipalName']
-# name: 'cn'
-# first_name: 'givenName'
-# last_name: 'sn'
-# ## EE only
-# group_base: ''
-# admin_group: ''
-# sync_ssh_keys: false
-#
-# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
-# label: 'LDAP'
-# host: '_your_ldap_server'
-# port: 389
-# uid: 'sAMAccountName'
-# method: 'plain' # "tls" or "ssl" or "plain"
-# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
-# password: '_the_password_of_the_bind_user'
-# active_directory: true
-# allow_username_or_email_login: false
-# block_auto_created_users: false
-# base: ''
-# user_filter: ''
-# attributes:
-# username: ['uid', 'userid', 'sAMAccountName']
-# email: ['mail', 'email', 'userPrincipalName']
-# name: 'cn'
-# first_name: 'givenName'
-# last_name: 'sn'
-# ## EE only
-# group_base: ''
-# admin_group: ''
-# sync_ssh_keys: false
-# EOS
Wrong format as stored in gitlab.rb after the puppetrun:
+gitlab_rails['ldap_servers'] = {"active_directory"=>true, "base"=>"DC=com", "bind_dn"=>"", "host"=>"ldap.com", "label"=>"LDAP", "method"=>"plain", "password"=>"Ikwilkaas1", "port"=>389, "user_filter"=>"OU=Amsterdam,DC=com"}
Puppet should store the configuration as the
The text was updated successfully, but these errors were encountered: