[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Olc deployment vs slapd.conf based deployment

On Fri, Sep 15 2017 at 11:22:44 +0200, Michael Ströder scribbled
 in "Re: Olc deployment vs slapd.conf based deployment":
> Dameon Wagner wrote:
> >I really do like the idea of being able to tweak and update
> >the configuration without needing to HUP slapd (it's a shame
> >there's no "reload" option, in addition to "restart"),
> 
> SIGHUP is "reload". You probably refer to "restart=stop/start".

Yes, sorry about that -- my use of HUP is bad slang for giving a
process some form of kick.

I think we're on the same side as far as "slapd.conf vs.  cn=config",
I just didn't make it as clear as I could this morning...

> >especially for things like updating ACLs that are usually
> >considered trivial/standard changes.
> 
> In my setups ACLs changes are most times not trivial. They need a
> decent change management with staging and integration tests anyway.

Maybe trivial wasn't the best word to use.  Our ACL changes are also
complex, and require testing.  The context was more in relation to
configuration changes such as changing the backend (definitely non
trivial, and would clearly require stop/start, and lots of other work
in between).  In that context an ACL change is, or can be,
(relatively) simple to affect, even if the ACL itself is quite
complex.

<SNIP>

> I already though about writing an ansible module doing the
> idempotent diffs via LDAP. But the hard part is a roll-back or
> removing parts since back-config does not support delete operations
> in 2.4.x.
> IMO it's not worth the effort, also because one would have to keep a
> complete representation of cn=config as static file anway.
> 
> Ciao, Michael.

I completely agree.  I really hope that if/when slapd.conf support is
removed there's already some form of "conventional" configuration
management integration available.

Plain text config files are just so much easier to work with when you
have an environment worthy of configuration management -- I'll leave
the answer of what a "worthy environment" is unsaid, it's a common
interview question :)

Cheers.

Dameon.

-- 
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
Dr. Dameon Wagner, Systems Development and Support
IT Services, University of Oxford
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><