[Pkg-openldap-devel] Bug#596100: When told not to initially configure slapd, (un-)installation fails due to init script return code.

Steve Langasek vorlon at debian.org
Wed Sep 8 22:09:41 UTC 2010 

On Wed, Sep 08, 2010 at 09:13:29PM +0100, Matthew King wrote:
> Steve Langasek <vorlon at debian.org> writes:

> >> 1) Creating /etc/ldap/noslapd as part of the postinst which the administrator
> >>    can remove when slapd is configured.

> > I don't consider this appropriate.  If you ask not to automatically
> > configure slapd, then the package is not usable until manual action is taken
> > and we should not mark the package as "installed".

> I don't recall coming across that before. Other packages which give the
> option not to have debconf do configuration don't break dpkg when they
> do it, eg. postfix. I'm not sure how that works - maybe it just doesn't
> try to start the daemon in the postinst.

> In my case, slapd is (will be) installed with chef - the recipe must set
> the no_configuration flag and then configure chef after the package is
> installed, however if dpkg fails, the recipe will also fail and will
> never proceed to the configuration stage. Catch 22.

I'm not familiar with chef, but I can see several different ways to address
this:

 - chef could install a policy-rc.d script while installing packages, to
   make invoke-rc.d calls from the maintainer script a no-op.  (This is
   probably something that should be done regardless, and I'm surprised it
   doesn't do this)

 - chef could install an appropriate initial slapd.d configuration of its
   own before installing the package, so that the package install completes
   successfully on the first pass; but this might still fail because slapadd
   doesn't run, so instead the next approach might be better

 - chef could invoke apt-get in such a way that it passes the correct
   arguments to dpkg so that no configuration is attempted on the first
   path; then you would configure the package however you want, and then
   call dpkg --configure -pending to complete the installation.

 - You could just let openldap configure an initial directory anyway, and
   wipe it as part of the recipe immediately after installation.  The
   directory it creates is trivial, so there's really no harm done unless
   you care about whether slapd is started up while still in an unconfigured
   state... in which case chef still needs to implement the policy-rc.d
   handling mentioned above!

So I don't really think this is slapd's problem to solve.  Frankly, I'm
surprised that any configuration management tool in Debian would have not
already addressed this case.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20100908/1953783b/attachment.pgp>

More information about the Pkg-openldap-devel mailing list