On Fri, Sep 15 2017 at 11:22:44 +0200, Michael Ströder scribbled in "Re: Olc deployment vs slapd.conf based deployment":
Dameon Wagner wrote:
I really do like the idea of being able to tweak and update the configuration without needing to HUP slapd (it's a shame there's no "reload" option, in addition to "restart"),
SIGHUP is "reload". You probably refer to "restart=stop/start".
Yes, sorry about that -- my use of HUP is bad slang for giving a process some form of kick.
I think we're on the same side as far as "slapd.conf vs. cn=config", I just didn't make it as clear as I could this morning...
especially for things like updating ACLs that are usually considered trivial/standard changes.
In my setups ACLs changes are most times not trivial. They need a decent change management with staging and integration tests anyway.
Maybe trivial wasn't the best word to use. Our ACL changes are also complex, and require testing. The context was more in relation to configuration changes such as changing the backend (definitely non trivial, and would clearly require stop/start, and lots of other work in between). In that context an ACL change is, or can be, (relatively) simple to affect, even if the ACL itself is quite complex.
<SNIP>
I already though about writing an ansible module doing the idempotent diffs via LDAP. But the hard part is a roll-back or removing parts since back-config does not support delete operations in 2.4.x. IMO it's not worth the effort, also because one would have to keep a complete representation of cn=config as static file anway.
Ciao, Michael.
I completely agree. I really hope that if/when slapd.conf support is removed there's already some form of "conventional" configuration management integration available.
Plain text config files are just so much easier to work with when you have an environment worthy of configuration management -- I'll leave the answer of what a "worthy environment" is unsaid, it's a common interview question :)
Cheers.
Dameon.