Verification of installation not good enough #113
Comments
|
I agree with this issue regarding the method used to check whether a AD domain is joined or not. I believe this solution was select because a file on the file system is constant and never lies while tools such as vastool or other dynamic methods might give us incorrect results. Do we have any suggestions on good ways of resolving this? @Phil-Friderici FYI since we're working on a new release "soon". |
|
#4 is also regarding this. |
|
As far as I understood the fact $vas_domain will only have a value after VAS has joined the domain. On the other side the described issue reminds my of the the pet vs cattle theory [1]/[2]. I recommend to not fiddling around with system in the meaning of pets. With configuration management and/or in cloud-like environment systems should be treated as cattle. [1] http://cloudscaling.com/blog/cloud-computing/the-history-of-pets-vs-cattle/ |
|
See #4 (comment) too on what propyless mentioned earlier. The problem with $vas_domain is that it is grabbed from the configuration file and does not actually represent whether the system is actually joined or not. Using this fact does not help us in the current state. We would need to be able to dynamically determine whether the system is AD joined or not for this to work. Not sure such vastool command exists and if we can trust it enough. What we really do not want is "re-join" loops. |
If the file puppet_joined exists the module seems to skip any other sanity checks when installing.
This could cause the issue that the /etc/pam files are configured for vas, when vas is actually not really installed on the server.
This can be verified by doing the following steps:
Worst case you have a server where you can not even logon as root from console.
I would suggest that for the next release that it checks both for puppet_joined and do verify that the packages are installed before.
The text was updated successfully, but these errors were encountered: