Workaround broken ubuntu packaging
Since ubuntu 16.04 or so the krb5-admin-server package is broken in the postinst scripts. What happens is they try to set a debconf value if the defaults file for this service sets RUN_KADMIND to false. Unfortunately the key/question debconf is setting has no associated templates entry so package install fails. We work around this by not setting this value in the defaults file on newer ubuntu and instead rely on our init system to manage that state. Change-Id: I0ffe2a2acbe76acb0069df18253367ed2528241f
This commit is contained in:
Clark Boylan
parent
c30510ad2f
commit
672583bd10
|
|
@ -63,15 +63,6 @@ class kerberos::server (
|
|||
$kprop_cron = present
|
||||
}
|
||||
|
||||
# krb5-admin-server generates this, so make sure this runs after we do
|
||||
# things with krb5-admin-server
|
||||
file { '/etc/default/krb5-admin-server':
|
||||
ensure => present,
|
||||
replace => true,
|
||||
content => template('kerberos/krb5-admin-server.defaults.erb'),
|
||||
require => Package['krb5-admin-server'],
|
||||
}
|
||||
|
||||
cron { 'kprop':
|
||||
ensure => $kprop_cron,
|
||||
user => 'root',
|
||||
|
|
@ -81,6 +72,15 @@ class kerberos::server (
|
|||
}
|
||||
|
||||
if ($::operatingsystem == 'Ubuntu') and ($::operatingsystemrelease >= '16.04') {
|
||||
# krb5-admin-server generates this, so make sure this runs after we do
|
||||
# things with krb5-admin-server
|
||||
file { '/etc/default/krb5-admin-server':
|
||||
ensure => present,
|
||||
replace => true,
|
||||
content => template('kerberos/krb5-admin-server.defaults.new.erb'),
|
||||
require => Package['krb5-admin-server'],
|
||||
}
|
||||
|
||||
file { '/etc/systemd/system/krb5-kpropd.service':
|
||||
ensure => present,
|
||||
replace => true,
|
||||
|
|
@ -102,6 +102,15 @@ class kerberos::server (
|
|||
refreshonly => true,
|
||||
}
|
||||
} else {
|
||||
# krb5-admin-server generates this, so make sure this runs after we do
|
||||
# things with krb5-admin-server
|
||||
file { '/etc/default/krb5-admin-server':
|
||||
ensure => present,
|
||||
replace => true,
|
||||
content => template('kerberos/krb5-admin-server.defaults.erb'),
|
||||
require => Package['krb5-admin-server'],
|
||||
}
|
||||
|
||||
file { '/etc/init.d/krb5-kpropd':
|
||||
ensure => present,
|
||||
replace => true,
|
||||
|
|
@ -119,6 +128,7 @@ class kerberos::server (
|
|||
|
||||
service { 'krb5-admin-server':
|
||||
ensure => $run_admin_server,
|
||||
enable => $run_kadmind,
|
||||
subscribe => File['/etc/krb5kdc/kadm5.acl'],
|
||||
require => [
|
||||
File['/etc/krb5kdc/kadm5.acl'],
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
# Managed by puppet
|
||||
# Don't set anything here.
|
||||
# We don't set RUN_KADMIND because newer debuntu packaging
|
||||
# postinst scripts are broken if RUN_KADMIND is set to false.
|
||||
# Long story short they try to set a debconf value based on
|
||||
# that value and there is no associated template with that
|
||||
# key/question so things break.
|
||||
#
|
||||
# Instead we manage whether or not slave nodes run kadmind
|
||||
# via the init system (via the puppet service resource).
|
||||
Loading…
Reference in New Issue