Puppet users - Jan 2009 - Puppet client hangs if LDAP server is not accessible

Hi.


I''ve noticed that on servers that are both puppet and LDAP clients,
the puppet client will hang if the LDAP server is not reachable. Does
anyone know what the reason for this is?

Regards,
Kenneth Holter

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jan 8, 2009, at 7:18 AM, Kenneth Holter wrote:
>
> Hi.
>
>
> I''ve noticed that on servers that are both puppet and LDAP
clients,
> the puppet client will hang if the LDAP server is not reachable. Does
> anyone know what the reason for this is?

I''d expect everything on the server to hang in that case; Puppet, like
most applications, does things like get usernames for directory  
listings, and if that process hangs, then Puppet hangs.

-- 
Real freedom lies in wildness, not in civilization.
     -- Charles Lindbergh
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jan 8, 2009, at 5:18 AM, Kenneth Holter wrote:
> I''ve noticed that on servers that are both puppet and LDAP
clients,
> the puppet client will hang if the LDAP server is not reachable. Does
> anyone know what the reason for this is?
You should start using nscd (or your platform equivilant,) which will  
at least allow your name service lookups to complete.  If you are  
using OpenLDAP, ensure that you have soft_bind set on the clients.

If you are using nss_ldap, I recommend looking at nss_ldapd
(http://ch.tudelft.nl/~arthur/nss-ldapd/design.html
) as a super nice replacement.

Regards,
Adam

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks for the advice. Regarding the soft_bind option for openldap: I
can''t seem to find any documentation for this option. Do you have a
link to a site describing this?

On 1/8/09, Adam Jacob <adam@hjksolutions.com>
wrote:
>
> On Jan 8, 2009, at 5:18 AM, Kenneth Holter wrote:
> > I''ve noticed that on servers that are both puppet and LDAP
clients,
> > the puppet client will hang if the LDAP server is not reachable. Does
> > anyone know what the reason for this is?
>
> You should start using nscd (or your platform equivilant,) which will
> at least allow your name service lookups to complete.  If you are
> using OpenLDAP, ensure that you have soft_bind set on the clients.
>
> If you are using nss_ldap, I recommend looking at nss_ldapd
(http://ch.tudelft.nl/~arthur/nss-ldapd/design.html
> ) as a super nice replacement.
>
> Regards,
> Adam
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Look up bind_policy not soft_bind. This gives a good description:

http://www.nabble.com/Re%3A-nss_ldap-and-udevd-p3202151.html

-Jason
On Jan 9, 2009, at 2:38 AM, Kenneth Holter wrote:
>
> Thanks for the advice. Regarding the soft_bind option for openldap: I
> can''t seem to find any documentation for this option. Do you have
a
> link to a site describing this?
>
> On 1/8/09, Adam Jacob <adam@hjksolutions.com> wrote:
>>
>> On Jan 8, 2009, at 5:18 AM, Kenneth Holter wrote:
>>> I''ve noticed that on servers that are both puppet and LDAP
clients,
>>> the puppet client will hang if the LDAP server is not reachable.  
>>> Does
>>> anyone know what the reason for this is?
>>
>> You should start using nscd (or your platform equivilant,) which will
>> at least allow your name service lookups to complete.  If you are
>> using OpenLDAP, ensure that you have soft_bind set on the clients.
>>
>> If you are using nss_ldap, I recommend looking at nss_ldapd
(http://ch.tudelft.nl/~arthur/nss-ldapd/design.html
>> ) as a super nice replacement.
>>
>> Regards,
>> Adam
>>
>>>
>>
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks, I''ll add it to my config file.


On 1/9/09, Jason Rojas <jason@nothingbeatsaduck.com>
wrote:
>
>
> Look up bind_policy not soft_bind. This gives a good description:
>
> http://www.nabble.com/Re%3A-nss_ldap-and-udevd-p3202151.html
>
> -Jason
> On Jan 9, 2009, at 2:38 AM, Kenneth Holter wrote:
>
> >
> > Thanks for the advice. Regarding the soft_bind option for openldap: I
> > can''t seem to find any documentation for this option. Do you
have a
> > link to a site describing this?
> >
> > On 1/8/09, Adam Jacob <adam@hjksolutions.com> wrote:
> >>
> >> On Jan 8, 2009, at 5:18 AM, Kenneth Holter wrote:
> >>> I''ve noticed that on servers that are both puppet and
LDAP clients,
> >>> the puppet client will hang if the LDAP server is not
reachable.
> >>> Does
> >>> anyone know what the reason for this is?
> >>
> >> You should start using nscd (or your platform equivilant,) which
will
> >> at least allow your name service lookups to complete.  If you are
> >> using OpenLDAP, ensure that you have soft_bind set on the clients.
> >>
> >> If you are using nss_ldap, I recommend looking at nss_ldapd (
> http://ch.tudelft.nl/~arthur/nss-ldapd/design.html
> >> ) as a super nice replacement.
> >>
> >> Regards,
> >> Adam
> >>
> >>>
> >>
> >
> > >
> >
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---