On Wed, Sep 08, 2010 at 09:13:29PM +0100, Matthew King wrote: > Steve Langasek <vor...@debian.org> writes:
> >> 1) Creating /etc/ldap/noslapd as part of the postinst which the > >> administrator > >> can remove when slapd is configured. > > I don't consider this appropriate. If you ask not to automatically > > configure slapd, then the package is not usable until manual action is taken > > and we should not mark the package as "installed". > I don't recall coming across that before. Other packages which give the > option not to have debconf do configuration don't break dpkg when they > do it, eg. postfix. I'm not sure how that works - maybe it just doesn't > try to start the daemon in the postinst. > In my case, slapd is (will be) installed with chef - the recipe must set > the no_configuration flag and then configure chef after the package is > installed, however if dpkg fails, the recipe will also fail and will > never proceed to the configuration stage. Catch 22. I'm not familiar with chef, but I can see several different ways to address this: - chef could install a policy-rc.d script while installing packages, to make invoke-rc.d calls from the maintainer script a no-op. (This is probably something that should be done regardless, and I'm surprised it doesn't do this) - chef could install an appropriate initial slapd.d configuration of its own before installing the package, so that the package install completes successfully on the first pass; but this might still fail because slapadd doesn't run, so instead the next approach might be better - chef could invoke apt-get in such a way that it passes the correct arguments to dpkg so that no configuration is attempted on the first path; then you would configure the package however you want, and then call dpkg --configure -pending to complete the installation. - You could just let openldap configure an initial directory anyway, and wipe it as part of the recipe immediately after installation. The directory it creates is trivial, so there's really no harm done unless you care about whether slapd is started up while still in an unconfigured state... in which case chef still needs to implement the policy-rc.d handling mentioned above! So I don't really think this is slapd's problem to solve. Frankly, I'm surprised that any configuration management tool in Debian would have not already addressed this case. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
