Question regarding Git config management

Wed May 27 17:15:17 CEST 2015

Hi,

we would like to use the Git config management as outlined here:

<http://wiki.freeradius.org/guide/Git-config-management>

For our new Freeradius environment we will have a separate development 
server, one staging server and four production servers, but right now it's 
not in production yet. It took me a while, but I got things working in 
general. However, I'm pretty sure I found a bug in the post-receive hook:

<https://github.com/alandekok/freeradius-server/blob/master/scripts/git/post-receive>

At least on a RHEL 6 system with Bash as /bin/sh, the syntax in line 109 
causes an error:

"if ! conf_check then"

I has to be either

"if ! conf_check; then"

or

"if ! conf_check
then"

But now I have found an issue that's potentially harder to work around. 
When I create an intentional syntax error, the post-receive hook works 
great:

# git push radius4
Counting objects: 11, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 687 bytes, done.
Total 7 (delta 5), reused 0 (delta 0)
remote: HEAD is now at 90caabb Syntaxfehler
remote: Checking new configuration... Copyright (C) 1999-2015 The 
FreeRADIUS server project and contributors
remote: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
remote: PARTICULAR PURPOSE
remote: You may redistribute copies of FreeRADIUS under the terms of the
remote: GNU General Public License
remote: For more information about these matters, see the file named 
COPYRIGHT
remote: Starting - reading configuration files ...
remote: /etc/raddb/sites-enabled/rrzk-webprojekte[107]: Syntax error: 
Expected comma after '1818': {
remote: Errors reading or parsing /etc/raddb/radiusd.conf
remote: failed
remote: WARNING: FreeRADIUS found errors in the configuration,
remote: please fix the errors and push the corrected configuration.
remote: Attempting to roll config back to tag: "stable"... HEAD is now at 
29e1232 Absichtlicher Fehler
remote: ok
To ssh://radiusd@radius4/etc/raddb
   29e1232..90caabb  master -> master

When I create an error that's only detected at runtime, however, it does 
not seem to work. I changed the configuration so that two virtual servers 
were listening on the same port. The "radmin -e hup" command did not throw 
an error. Consequently the commit was tagged as "stable". When I tried to 
manually restart Freeradius on the remote server, it didn't start anymore 
(as expected). At that point I wasn't even able to push a fix, because 
radmin doesn't work when the server isn't running, and so the post-receive 
hook reverted back to the "stable" version! I had to fix the error manually 
on the remote server to get things working again.

I'm not sure what can be done about that, if anything, but at the very 
least I would like to have a better understanding of what class of error 
gets past a "radmin -e hup". Normally we would always test configuration 
changes locally on the staging server, so that errors like the one above 
shouldn't ever get pushed to a production system. But as you know, 
eventually everything that can go wrong will go wrong ...

Thanks
Sebastian
-- 
    .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                 .:.Regionales Rechenzentrum (RRZK).:.
   .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150527/f193b9e5/attachment.bin>