Bug 28670 - Rewrite des setup-Skripts net/10interfaces
Rewrite des setup-Skripts net/10interfaces
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: System setup
UCS 3.0
Other Linux
: P3 enhancement (vote)
: UCS 3.2
Assigned To: Philipp Hahn
Felix Botner
: interim-3
: 30924 32150 33091 (view as bug list)
Depends on: 32324 32544 32565 32817 32818 32931 36561 37036 37167
Blocks: 29653 30816 30878 33091 47767
  Show dependency treegraph
 
Reported: 2012-09-28 15:00 CEST by Dirk Wiesenthal
Modified: 2018-10-29 16:32 CET (History)
7 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup
Max CVSS v3 score:


Attachments
setup.log (gateway removed) (213.93 KB, text/x-log)
2013-11-01 15:03 CET, Felix Botner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2012-09-28 15:00:58 CEST
Das Join-Skript net/10interfaces hat mittlerweile weit über 500 Zeilen Bashcode, teilweise ziemlich obskuren (mindestens mir geht es so).

Im Rahmen von Bug #26608 hätte der Code für den Fallback der IP-Adressen rausgemusst, aber es ist unklar, wieviel da dran hängt. Also bleibt es halt drin - es macht ja nichts kaputt.

Dieses Skript bedarf eines Cleanup, am besten eines Rewrite in Python. Es gibt bereits Skripte, die in Python implementiert sind (z.B. 10role), je mehr, desto besser.
Comment 1 Alexander Kläser univentionstaff 2012-10-01 14:46:23 CEST
Vielleicht ergibt sich im Laufe der 3.0-Entwicklung die Möglichkeit / Notwendigkeit, dies umzusetzen.
Comment 2 Alexander Kläser univentionstaff 2013-03-22 16:33:05 CET
The rewrite will now be done in Python. At the same time, a suitable object oriented abstraction of the UCR variables will be developed that can also be used on the System Setup module backend. The corresponding code can be stored as univention python lib such that it can be shared among different code parts (e.g, 
Bug 30878).
Comment 3 Florian Best univentionstaff 2013-03-27 15:04:54 CET
*** Bug 30924 has been marked as a duplicate of this bug. ***
Comment 4 Florian Best univentionstaff 2013-03-27 15:05:36 CET
(In reply to comment #3)
> *** Bug 30924 has been marked as a duplicate of this bug. ***
Should be fixed here.
Comment 5 Florian Best univentionstaff 2013-03-27 15:11:56 CET
The fallback stuff can also be deleted (Bug #30862)?!
Comment 6 Stefan Gohmann univentionstaff 2013-06-12 09:24:21 CEST
I don't think a rewrite in python will be the right fix. Once we have all interface handling in the basic setting / system setup appliance module we should only do the following things in this module:
 - set all network stuff ucr variables
 - register the primary interface in the LDAP directory, univention-register-network ...
 - run the hooks

This requires that the profile contains all changes. For example if the ip address of the first interface has been changed and the second interface should be deleted this must be part of the profile, for example:
 interfaces/eth0/address=1.2.3.4
 interfaces/eth1/address=""
 interfaces/eth1/network=""
 interfaces/eth1/broadcast=""
 interfaces/eth1/netmask=""

The whole stuff in /etc should use localhost instead of any direct configured IP address. I think we did most of it with UCS 3.0, for example the bind configuration.
Other services which still need a reconfiguration (for example wins.dat or pxe config) should bring there own scripts:
 /var/lib/univention-system-setup/interfaces.post
Comment 7 Philipp Hahn univentionstaff 2013-06-13 10:03:14 CEST
(In reply to Stefan Gohmann from comment #6)
> The whole stuff in /etc should use localhost instead of any direct
> configured IP address.

+1

Beim AD+Exchange-Takeover-Workshop trat das Problem auf, daß ich die /etc/udev/rules.d/70-persistent-net.rules nicht gelöscht hatte. Beim Instanziieren der VM bei den Teilnehmern fehlte denen dann eth0, so daß die VM keine IP außer 127.0.0.01 hatte.
Das hat dazu geführt, daß man sich nicht mal mehr als "Administrator" unter gdm anmelden konnte.
Nach dem Löschen der rules und einem Reboot war dann alles okay.

Von daher sollte hier nach Möglichkeit 127.0.0.1 verwenden.
Comment 8 Florian Best univentionstaff 2013-06-17 15:51:15 CEST
In 10interfaces existieren einige Fehler, die ich im folgenden kurz beschreibe. Deshalb fände ich einen rewrite in python sinnvoll, um das ganze übersichtlicher zu machen. Der Rewrite könnte dann ja simpel daraus bestehen nur UCR variablen zu verändern. Alternativ sollte imho das bash-Script auf ein Minimum an Zeilen gekürzt werden.

hier ein kommentierter Quellcode-auszug:

> # beginn der Schleife, die über alle zu ändernden interfaces iteriert
334 »   for device in $to_change; do
…
> # Zuweisung von variablen; $new_ip, $new_network, $old_ip, uvm.
345 »   »   old_network=$(univention-config-registry get interfaces/$device/network)
346 »   »   if ! is_variable_set "interfaces/$device/network"; then
347 »   »   »   new_network=$(get_profile_var "interfaces/$device/network")
348 »   »   else
349 »   »   »   new_network="$old_network"
350 »   »   fi
…
> # Ende der Schleife!!!
451 »   done
…
> # Hier folgt die weitere Benutzung der Variablen in mehr als 3 Code-Blöcken.
> # Da wir intern meistens nur 1 interface haben ist dies bisher nicht aufgefallen…
> # Z.b.:
454 »   »   net=$new_network
460 »   »   mask=$new_netmask
468 »   »   »   univention-directory-manager dhcp/subnet list --binddn "$binddn" --bindpwd "$bindpwd" --superordinate "$super" --filter cn=$old_network | sed -ne 's|^DN: ||p;T;q' | while read old_subnet_dn; do
469 »   »   »   »   univention-directory-manager dhcp/subnet create --binddn "$binddn" --bindpwd "$bindpwd" --superordinate "$super" --ignore_exists --set subnet="$net" --set subnetmask="$mask"
470 »   »   »   done
…
482 »   »   »   »   univention-directory-manager $admin_module modify --binddn "$binddn" --bindpwd "$bindpwd" --dn "$dn" --append $admin_attribute="$new_ip" --remove $admin_attribute="$old_ip"
…
506 »   new_pkgnetwork=$(get_profile_var "interfaces/$device/network")
…
543 »   »   »   »   univention-directory-manager networks/network create --position "cn=networks,$ldap_base" --set name=default --set "netmask=$new_netmask" --set "network=$net" --set "dnsEntryZoneForward=$for    wardZone" --set "dnsEntryZoneReverse=$reverseZone" --set "dhcpEntryZone=$dhcpService"

→ System-Setup für Konfiguration mehrerer Devices unbrauchbar.

Außerdem sind 2 weitere Schleifen seit Commit 36485 kaputt (siehe Bug #26058#c32 ). Diese verursachen, dass keine Intefaces mehr gelöscht werden können (oder das liegt an der oberen Schleife, etc.(?))!
211 done < <(sed -rne 's,^interfaces/([^/]+)/(address|broadcast|netmask|network|type)=("([^"#]+)"|([^"# ]+)) *(#.*)?$,\1,p' "$profile_file" | sort -u)
241  done < <(sed -rne 's,^interfaces/([^/_]+)_([0-9]+)/(address|broadcast|netmask|network|type)=("([^"#]+)"|([^"# ]+)) *(#.*)?$,\1\t\2\t\3\t\5\6,p' "$profile_file")

Und es sind UCS2.4 spezifische Codestellen enthalten:
380 »   »   # edit LDAP entry
381 »   »   if [ "$server_role" = "fatclient" ]; then
382 »   »   »   server_role="client"
383 »   »   fi

Und natürlich noch eine Menge undokumentierter Code sowie z.b. PKGDB spezifische Stellen.
Comment 9 Florian Best univentionstaff 2013-07-02 09:53:05 CEST
In Bug #30878 the support of Bridge, Bond and VLAN devices have been added. The system-setup UMC module writes a diff of UCR variables into the profile file (as before). The interfaces/*/options/* UCR variables are new and have to be set.
Comment 10 Alexander Kläser univentionstaff 2013-08-02 15:44:06 CEST
I found a problem with VLANs. I added a VLAN device (eth0.2) with DHCP. After changing from DHCP to a static address, the script still tries to perform a DHCPDISCOVER. The variable type=dhcp is set during the setup process, yet afterwards it has been removed correctly.

====================
Listening on LPF/eth0.2/52:54:00:6f:e2:ff
Sending on   LPF/eth0.2/52:54:00:6f:e2:ff
Sending on   Socket/fallback
DHCPDISCOVER on eth0.2 to 255.255.255.255 port 67 interval 6
DHCPDISCOVER on eth0.2 to 255.255.255.255 port 67 interval 6
DHCPDISCOVER on eth0.2 to 255.255.255.255 port 67 interval 14
DHCPDISCOVER on eth0.2 to 255.255.255.255 port 67 interval 15
No DHCPOFFERS received.
Trying recorded lease 169.254.147.145
bound: immediate renewal.
DHCPREQUEST on eth0.2 to 255.255.255.255 port 67
/usr/lib/univention-system-setup/scripts/30_net/10interfaces: Zeile 370: .3_hook_old_type: Kommando nicht gefunden.
/usr/lib/univention-system-setup/scripts/30_net/10interfaces: Zeile 376: .3_hook_new_type: Kommando nicht gefunden.
Fr 2. Aug 15:39:10 CEST 2013 : Configure permitted pkgdb hosts in baseconfig :  10.200.26.0
Fr 2. Aug 15:39:10 CEST 2013 : Configure netmask for permitted pkgdb hosts in baseconfig :  255.255.255.0
W: The config registry variable 'interfaces/eth0.3/type' does not exist
====================
Comment 11 Stefan Gohmann univentionstaff 2013-08-13 08:28:20 CEST
*** Bug 32150 has been marked as a duplicate of this bug. ***
Comment 12 Philipp Hahn univentionstaff 2013-09-04 16:27:26 CEST
1. With many (nested) interfaces, there's a minor performance issue (Bug #32481), since many services are restarted multiple times, that is for each interface.

2. There an issue with re-configuring interfaces: If previously eth0 had an IP address, it is not flushed (ip addr flush $IFACE) on "ifdown". This is somehow wanted for Appliance-mode and required for proper UMC working (keep the server reachable on the old IP until the configuration fully completed), but causes bridges from working correctly: there the physical interfaces must not have an IP configured; the IP must be assigned to the bridge instead.
Comment 13 Philipp Hahn univentionstaff 2013-10-01 12:01:24 CEST
TODO: The kernel modules for bridging, bondling, vlan must be loaded / added to UCRV "kernel/modules".
Comment 14 Philipp Hahn univentionstaff 2013-10-22 02:30:36 CEST
IP-adresses in /etc/bind/univention.conf.d/* are no longer re-written, since we already use 127.0.0.1. Any new zone is added/removed by the Listener module.

r45403 | Bug #28670: USS: convert to Python
r45402 | Bug #30816: USS: Implement transactional UCR handling
r45401 | Bug #30816: USS: Implement common profile parsing
r45400 | Bug #30816: USS: Fix locale handling
r45399 | Bug #30816: USS: Fix Python base class for scripts
r45398 | Bug #30816: USS: Fix UCR update
r45397 | Bug #30816: USS: Interface restart reduction
r45396 | Bug #28670: USS: Ship hook directories
r45395 | Bug #30816: USS: anchor regular expression
r45394 | Bug #30816: USS: documentation
Comment 15 Philipp Hahn univentionstaff 2013-10-22 12:17:56 CEST
r45422 | Bug #28670: USS: Fix build failure
r45421 | Bug #28670: USS: Handle kernel modules
r45420 | Bug #28670: USS: Fix build dependencies

univention-system-setup_7.0.51-2.528.201310221203

ChangeLog:
The part of system setup doing basic IP configuration has been re-written in Python to support VLANs, Bridging and Bonding


(In reply to Florian Best from comment #5)
> The fallback stuff can also be deleted (Bug #30862)?!
is removed.


(In reply to Stefan Gohmann from comment #6)
> The whole stuff in /etc should use localhost instead of any direct
> configured IP address. I think we did most of it with UCS 3.0, for example
> the bind configuration.
bind is removed.

> Other services which still need a reconfiguration (for example wins.dat or
> pxe config) should bring there own scripts:
>  /var/lib/univention-system-setup/interfaces.post
umc/python/setup/netconf/modules/RewritePxe.py
umc/python/setup/netconf/modules/RewriteWins.py


(In reply to Florian Best from comment #9)
> In Bug #30878 the support of Bridge, Bond and VLAN devices have been added.
> The system-setup UMC module writes a diff of UCR variables into the profile
> file (as before). The interfaces/*/options/* UCR variables are new and have
> to be set.
All interfaces/-UCR-variables are passed to UCR.


(In reply to Philipp Hahn from comment #12)
> 1. With many (nested) interfaces, there's a minor performance issue (Bug
> #32481), since many services are restarted multiple times, that is for each
> interface.
univention-directory-listener and univention-directory-notifier still provide scripts in /etc/network/if-*.d/, which are called for each interface started or stopped, that is for a network stack like eth0,eth1,bonding,bridge,vlan1,vlan2 they're restarted 6 times.
It would be best to teach them to handle the addition/removal of interfaces dynamically themselves, that is without an external restart by those scripts → new bug

> 2. There an issue with re-configuring interfaces: If previously eth0 had an
> IP address, it is not flushed (ip addr flush $IFACE) on "ifdown". This is
> somehow wanted for Appliance-mode and required for proper UMC working (keep
> the server reachable on the old IP until the configuration fully completed),
> but causes bridges from working correctly: there the physical interfaces
> must not have an IP configured; the IP must be assigned to the bridge
> instead.
I not in appliance mode, the addresses are flushed by umc/python/setup/netconf/modules/FlushOldAddresses.py


(In reply to Philipp Hahn from comment #13)
> TODO: The kernel modules for bridging, bondling, vlan must be loaded / added
> to UCRV "kernel/modules".
Moudles are loaded and UCRV "kernel/modules" is updated by umc/python/setup/netconf/modules/KernelModules.py


(In reply to Philipp Hahn from comment #14)
> r45403 | Bug #28670: USS: convert to Python
> r45402 | Bug #30816: USS: Implement transactional UCR handling
> r45401 | Bug #30816: USS: Implement common profile parsing
> r45400 | Bug #30816: USS: Fix locale handling
> r45399 | Bug #30816: USS: Fix Python base class for scripts
> r45398 | Bug #30816: USS: Fix UCR update
> r45397 | Bug #30816: USS: Interface restart reduction
> r45396 | Bug #28670: USS: Ship hook directories
> r45395 | Bug #30816: USS: anchor regular expression
> r45394 | Bug #30816: USS: documentation
Wrongly attributed to companion Bug #30816;
correct would have been this Bug #28670.
Comment 16 Philipp Hahn univentionstaff 2013-10-22 12:36:11 CEST
r45426 | Bug #28670: USS: Fix detection of address change
univention-system-setup_7.0.51-3.529.201310221230
Comment 17 Philipp Hahn univentionstaff 2013-10-22 13:20:28 CEST
(In reply to Philipp Hahn from comment #15)
> (In reply to Stefan Gohmann from comment #6)
> > Other services which still need a reconfiguration (for example wins.dat or
> > pxe config) should bring there own scripts:
> >  /var/lib/univention-system-setup/interfaces.post
> umc/python/setup/netconf/modules/RewritePxe.py
> umc/python/setup/netconf/modules/RewriteWins.py

I didn't check is Samaba still uses the .dat file, of if they're using the .tdb files now.
<http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2584250>
<http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html>
Comment 18 Philipp Hahn univentionstaff 2013-10-22 15:56:18 CEST
r45442 | Bug #28670: USS: unset and change handling
univention-system-setup_7.0.51-5.531.201310221552
Comment 19 Philipp Hahn univentionstaff 2013-10-22 16:41:36 CEST
r45453 | Bug #28670: USS: Detect more interface changes
r45456 | Bug #28670: USS: Detect more interface changes
univention-system-setup_7.0.51-7.533.201310221639
Comment 20 Philipp Hahn univentionstaff 2013-10-22 18:25:43 CEST
r45471 | Bug #28670: USS: Remove now unused code
r45470 | Bug #28670: USS: Reuse common code
r45469 | Bug #28670: USS: Handle more LDAP error cases
univention-system-setup_7.0.53-1.535.201310221822
Comment 21 Stefan Gohmann univentionstaff 2013-10-23 12:18:33 CEST
(In reply to Philipp Hahn from comment #14)
> r45402 | Bug #30816: USS: Implement transactional UCR handling

This breaks the role change:
-----------------------------------------------------------------------------
### LOG ###
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/setup/setup_script.py", line 284, in run
    success = self.inner_run()
  File "/usr/lib/univention-system-setup/scripts/05_role/10role", line 111, in inner_run
    self.ucr.ucr('server/role', self.wanted_server_role)
TypeError: 'ConfigRegistry' object is not callable
-----------------------------------------------------------------------------

See for a complete log file:
http://jenkins.knut.univention.de:8080/view/Autotest/job/UCS%203.2%20Autotest%20MultiEnv/SambaVersion=s4,Systemrolle=slave/174/artifact/autotest-095-slave-s4.log

Is it really necessary to switch to the transactional UCR handling here?
Comment 22 Philipp Hahn univentionstaff 2013-10-24 07:25:57 CEST
(In reply to Stefan Gohmann from comment #21)
> This breaks the role change:
...
>     self.ucr.ucr('server/role', self.wanted_server_role)
ucr.ucr → ucr.set

r45550 | Bug #28670: USS: Fix wrong method name
univention-system-setup_7.0.56-1.538.201310240723

> Is it really necessary to switch to the transactional UCR handling here?

Ask the original author please; I just separated the "transactional UCR handling" from the original class to re-use it for my 10network rewrite and had to change the one invocation were its was already previously used. There I did a mistake of calling the wrong method.
Comment 23 Dirk Wiesenthal univentionstaff 2013-10-24 09:17:15 CEST
(In reply to Philipp Hahn from comment #22)
> Ask the original author please

That's me.

I wanted transactional UCR changes because they can speedup the process dramatically. Immediate UCR changes are useful only in a very small subset of use cases, but bundled changes were hard to to incorporate at that time and would have required a second "API".

So in the rare occasion that one really needs to set the variable NOW!, ucr.commit() can be called. Everywhere else it is enough to do it all at once.

This was a decision made while writing the base class that was used in only two scripts: One only setting one variable at the end, one not using UCR setting at all. I just thought it might come in handy later (e.g. in net/10interfaces...)
Comment 24 Felix Botner univentionstaff 2013-10-25 12:19:07 CEST
even if i do not change anything, system setup wants to reconfigure my network

Die folgenden Änderungen werden auf das System übertragen:

    Netzwerkgeräte:
        eth0.2 (Virtuelles LAN): Statisch: 10.200.7.56/24
        eth0 (Ethernet): Statisch: 10.200.7.50/24

Bitte bestätigen Sie, dass diese Änderungen auf das System übertragen werden. Dies kann einige Zeit in Anspruch nehmen.

(just opened the basic settings and clicked "save changes")
Comment 25 Felix Botner univentionstaff 2013-10-25 12:19:33 CEST
(In reply to Felix Botner from comment #24)
> even if i do not change anything, system setup wants to reconfigure my
> network
> 
> Die folgenden Änderungen werden auf das System übertragen:
> 
>     Netzwerkgeräte:
>         eth0.2 (Virtuelles LAN): Statisch: 10.200.7.56/24
>         eth0 (Ethernet): Statisch: 10.200.7.50/24
> 
> Bitte bestätigen Sie, dass diese Änderungen auf das System übertragen
> werden. Dies kann einige Zeit in Anspruch nehmen.
> 
> (just opened the basic settings and clicked "save changes")

wrong bug
Comment 26 Felix Botner univentionstaff 2013-10-25 14:18:03 CEST
 * default verbose level should be 3 
 * remove apache restart
 * add individual scripts/classes for all SERVICES in RestartBind.py (and remove
   them from RestartBind.py)
 * add priority to services (defined order of restarts)
Comment 27 Philipp Hahn univentionstaff 2013-10-25 19:41:25 CEST
(In reply to Felix Botner from comment #26)
>  * default verbose level should be 3 
r45616 | Bug #28670: USS: Enable debugging by default

>  * remove apache restart
r45617 | Bug #28670: USS: Remove Apache restart

>  * add individual scripts/classes for all SERVICES in RestartBind.py (and
> remove them from RestartBind.py)

BindProxy was removed, as it's only a symbolic link to bind9 again.

>  * add priority to services (defined order of restarts)
r45618 | Bug #28670: USS Split service restart into separate modules

( grep priority `grep -l "def pre" *.py` `grep -L "def post" *.py` | sort -k4n ; echo ; grep priority `grep -L "def pre" *.py` `grep -l "def post" *.py` | sort -k4nr ) | uniq 
SaveOldApplianceAddress.py:     priority = 1
RestartCups.py: priority = 14
RestartPostgresql.py:   priority = 16
RestartNscd.py: priority = 18
Ifplugd.py:     priority = 20
RestartListener.py:     priority = 22
RestartDhcp.py: priority = 26
RestartKerberos.py:     priority = 28
RestartSamba4.py:       priority = 30
RestartSamba.py:        priority = 30
RestartAllInterfaces.py:        priority = 50
FlushOldAddresses.py:   priority = 55
KernelModules.py:       priority = 95
RewritePxe.py:  priority = 95
RewriteUcr.py:  priority = 95
RewriteWins.py: priority = 95

ResolvConf.py:  priority = 75
RestartAllInterfaces.py:        priority = 50
LdapDhcp.py:    priority = 48
LdapDns.py:     priority = 46
LdapNetwork.py: priority = 44
LdapPolicies.py:        priority = 42
LdapSelf.py:    priority = 40
RestartSamba4.py:       priority = 30
RestartSamba.py:        priority = 30
RestartKerberos.py:     priority = 28
RestartDhcp.py: priority = 26
RestartBind.py: priority = 24
RestartListener.py:     priority = 22
Ifplugd.py:     priority = 20
RestartNscd.py: priority = 18
RestartPostgresql.py:   priority = 16
RestartCups.py: priority = 14

univention-system-setup_7.0.58-1.539.201310251939
Comment 28 Felix Botner univentionstaff 2013-10-28 12:34:13 CET
IP/Network changed

/var/cache/univention-system-setup/profile:
interfaces/eth0/broadcast="10.200.29.255"
nameserver1="10.200.29.200"
interfaces/eth0/start="true"
interfaces/eth0/type="static"
interfaces/eth0/ipv6/acceptRA="false"
interfaces/eth0/netmask="255.255.255.0"
interfaces/eth0/network="10.200.29.0"
interfaces/eth0/address="10.200.29.200"
gateway="10.200.29.1"


* PXE: only the first appearance of the old ip address is updated in 
  the pxe configs

-> more  /var/lib/univention-client-boot/pxelinux.cfg/0AC80702                                              
# This file is auto generated by the UCS listener module uccpxeboot
# PXE configuration for ucc1 (10.200.7.2)

PROMPT 0
DEFAULT UCC
IPAPPEND 3

APPEND root=/dev/nfs nfsroot=10.200.29.200:/var/lib/univention-client-boot DNSSERVER=10.200.7.50 vga=788 initrd=ucc-1.0-rev2-thinclient-image.
img.initrd keyboard=us locale=de_DE.UTF-8:UTF-8 timezone=Europe/Berlin syslog=y syslogserver=10.200.7.50 loglevel=0 splash boot=ucc ucc=overla
yfs image=ucc-1.0-rev2-thinclient-image.img 

* DHCP: 

28.10.13 12:13:03.644  ADMIN       ( INFO    ) : trying to add object at: cn=10.200.29.0,cn=hans.de,cn=dhcp,dc=hans,dc=de
28.10.13 12:13:03.644  ADMIN       ( INFO    ) : dn: cn=10.200.29.0,cn=hans.de,cn=dhcp,dc=hans,dc=de
WARNING:uss.network.phase.LdapDhcp:Failed LDAP: Invalid syntax: dhcpNetMask: value #0 invalid per syntax

Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/setup/setup_script.py", line 284, in run
    success = self.inner_run()
  File "/usr/lib/univention-system-setup/scripts/30_net/10interfaces", line 63, in inner_run
    self.reconfigure_network()
  File "/usr/lib/univention-system-setup/scripts/30_net/10interfaces", line 119, in reconfigure_network
    self.apply_profile()
  File "/usr/lib/univention-system-setup/scripts/30_net/10interfaces", line 129, in apply_profile
    self.phases.post()
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/setup/netconf/modules/__init__.py", line 105, in post
    phase.post()
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/setup/netconf/modules/LdapDhcp.py", line 17, in post
    self._create_subnet()
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/setup/netconf/modules/LdapDhcp.py", line 40, in _create_subnet
    subnet.create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 332, in create
    return self._create()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 703, in _create
    self.lo.add(self.dn, al)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 398, in add
    raise univention.admin.uexceptions.ldapError, _err2str(msg)
ldapError: Invalid syntax: dhcpNetMask: value #0 invalid per syntax
Comment 29 Philipp Hahn univentionstaff 2013-10-28 20:18:42 CET
(In reply to Felix Botner from comment #28)
> * PXE: only the first appearance of the old ip address is updated in 
>   the pxe configs

r45651 | Bug #28670: USS: Rewrite complete pxe configuration
Now all IPv4 address references are rewritten


> WARNING:uss.network.phase.LdapDhcp:Failed LDAP: Invalid syntax: dhcpNetMask:
> value #0 invalid per syntax

r45652 | Bug #28670: USS: Use prefix length for DHCP subnet
Ok. My. God.


r45648 | Bug #28670: USS: Rename module to update LDAP references
Add a forgotten .open().

r45649 | Bug #28670: USS: Improve error handling
Simplifies my life and that of the support.
Improve robustness and better catch exceptions.

r45650 | Bug #28670: USS: Handle Samba specific host record
Also update the DNS host record gc._msdcs.

r45653 | Bug #28670: Fix PXE, DHCP, Samba, DNS rewrite
Debian Changelog

univention-system-setup_7.0.58-2.540.201310282013
Comment 30 Felix Botner univentionstaff 2013-10-29 10:37:52 CET
ip change from 10.200.7.50 to 10.200.29.200

profile:
interfaces/eth0/broadcast="10.200.29.255"
interfaces/eth0/fallback/broadcast=""
interfaces/eth0/fallback/address=""
nameserver1="10.200.29.200"
interfaces/eth0/start="true"
interfaces/eth0/type="static"
interfaces/eth0/ipv6/acceptRA="false"
interfaces/eth0/netmask="255.255.255.0"
interfaces/eth0/fallback/network=""
interfaces/eth0/fallback/netmask=""
interfaces/eth0/network="10.200.29.0"
interfaces/eth0/address="10.200.29.200"
gateway="10.200.29.1"

* found this in the setup.log
 
Adding ZONE record "root@hans.de. 1 28800 10800 604800 108001 master.hans.de." to zone 10.200.29...
done
Usage: univention-dnsedit zone command type [args]

univention-dnsedit: error: no such option: --bimaggnddn

* no pointer record in the new dns reverse zone

-> udm dns/ptr_record list \
  --superordinate="zoneName=29.200.10.in-addr.arpa,cn=dns,dc=hans,dc=de" 

* default network with old reverse zone

-> udm networks/network list
DN: cn=default,cn=networks,dc=hans,dc=de
ARG: None
  dnsEntryZoneReverse: zoneName=7.200.10.in-addr.arpa,cn=dns,dc=hans,dc=de
  netmask: 255.255.255.0
  dhcpEntryZone: cn=hans.de,cn=dhcp,dc=hans,dc=de
  name: default
  dnsEntryZoneForward: zoneName=hans.de,cn=dns,dc=hans,dc=de
  nextIp: 10.200.29.1
  network: 10.200.29.0

* DHCP boot policy wasn't updated 
  dn: cn=mybootpol,cn=policies,dc=hans,dc=de
  objectClass: top
  objectClass: univentionPolicy
  objectClass: univentionPolicyDhcpBoot
  objectClass: univentionObject
  univentionObjectType: policies/dhcp_boot
  univentionDhcpBootServer: 10.200.7.50
  cn: mybootpol

* UCR, please also updated the following variables

  ucc/pxe/append: syslog=y syslogserver=10.200.7.50
  ucc/pxe/nameserver: 10.200.7.50
  ucc/pxe/nfsroot: 10.200.7.50
Comment 31 Felix Botner univentionstaff 2013-10-29 12:51:08 CET
I am not completely sure but it seems to me that an earlier version produced significantly more log messages. Any changes regarding log messages?
Comment 32 Erik Damrose univentionstaff 2013-10-29 15:31:40 CET
(In reply to Philipp Hahn from comment #15)
> > 2. There an issue with re-configuring interfaces: If previously eth0 had an
> > IP address, it is not flushed (ip addr flush $IFACE) on "ifdown". This is
> > somehow wanted for Appliance-mode and required for proper UMC working (keep
> > the server reachable on the old IP until the configuration fully completed),
> > but causes bridges from working correctly: there the physical interfaces
> > must not have an IP configured; the IP must be assigned to the bridge
> > instead.
> I not in appliance mode, the addresses are flushed by
> umc/python/setup/netconf/modules/FlushOldAddresses.py
While QAing Bug 29653 the question came up what to do in appliance mode. Should some operations simply not be allowed?
Comment 33 Philipp Hahn univentionstaff 2013-10-29 19:01:26 CET
(In reply to Felix Botner from comment #31)
> I am not completely sure but it seems to me that an earlier version produced
> significantly more log messages. Any changes regarding log messages?

This is caused by r45656 from Bug #32565:
univention-management-console/src/univention/management/console/log.py
 unconditionally calls logging.basicConfig() and thus prevents any other application to do its own logging setup.
Comment 34 Philipp Hahn univentionstaff 2013-10-29 20:33:49 CET
(In reply to Felix Botner from comment #30)
> ip change from 10.200.7.50 to 10.200.29.200
...
> * found this in the setup.log
...
> univention-dnsedit: error: no such option: --bimaggnddn

Fixed.

> * no pointer record in the new dns reverse zone
> * default network with old reverse zone
> * DHCP boot policy wasn't updated 

setup-join.sh creates the file "/var/run/univention-system-setup.ldap", which is never explicitly removed but only through a reboot where /var/run/ is cleaned by /lib/init/bootclean.sh.
While the file exists and contains "no-ldap", all LDAP modifications are blocked. Please check for that file and remove it manually.
Don't ask my why, I'm only the messenger.
See Bug #33008.

> * UCR, please also updated the following variables
> 
>   ucc/pxe/append: syslog=y syslogserver=10.200.7.50
>   ucc/pxe/nameserver: 10.200.7.50
>   ucc/pxe/nfsroot: 10.200.7.50

They're not native to UCS, so UCC should probably ship a module to update them.
I added them for now.

r45700 | Bug #28670: USS fixes
univention-system-setup_7.0.60-1.542.201310292031
Comment 35 Philipp Hahn univentionstaff 2013-10-31 16:30:32 CET
Several more bug were fixed:

r45771 | Bug #28670: USS: Skip PXE update
r45770 | Bug #28670: USS: Fix DNS reverse zone issues
r45769 | Bug #28670: USS: Fix DNS reverse zone entries
r45768 | Bug #28670: USS: Fix DNS reverse zone of network
univention-system-setup_7.0.61-2.543.201310311626

New issues:
Bug #32995 Default Gatway
Bug #33033 CLOEXEC
Bug #33042 Non-FQDN in IPv6 reverse DNS entry
Bug #33043 IP change does not automatically update reverse zone
Comment 36 Felix Botner univentionstaff 2013-11-01 14:57:28 CET
*** Bug 33091 has been marked as a duplicate of this bug. ***
Comment 37 Felix Botner univentionstaff 2013-11-01 15:03:06 CET
Done:

OK - master ip changed
OK - master ip + subnet changed
OK - slave ip + subnet changed
OK - vlan
OK - bonding

OK - samba4 windows7 join OK
OK - ucs join OK
OK - pxe configs OK
OK - dhcp, network, dns settings OK
OK - ucr vars OK

FAIL - setting/deleting gateways
Setting/deleting gateways seems to confuse the network scripts, see also 
https://forge.univention.org/bugzilla/show_bug.cgi?id=33091

deleted ipv4 gateway, the umc profile is:
gateway=""

many Tracebacks in setup.log, nameserver1 was deleted ..
Comment 38 Felix Botner univentionstaff 2013-11-01 15:03:38 CET
Created attachment 5553 [details]
setup.log (gateway removed)
Comment 39 Felix Botner univentionstaff 2013-11-01 15:47:38 CET
changed ip address from 10.200.7.50 to something else, still got the old ip in 

  ucc/pxe/append: syslog=y syslogserver=10.200.7.50

and
  # mybootpol, policies, hans.de
  dn: cn=mybootpol,cn=policies,dc=hans,dc=de
  objectClass: top
  objectClass: univentionPolicy
  objectClass: univentionPolicyDhcpBoot
  objectClass: univentionObject
  univentionObjectType: policies/dhcp_boot
  univentionDhcpBootServer: 10.200.7.50
 cn: mybootpol


("/var/run/univention-system-setup.ldap" did not exist)
Comment 40 Philipp Hahn univentionstaff 2013-11-01 15:55:59 CET
(In reply to Felix Botner from comment #37)
> FAIL - setting/deleting gateways
> Setting/deleting gateways seems to confuse the network scripts, see also 
> https://forge.univention.org/bugzilla/show_bug.cgi?id=33091
> 
> deleted ipv4 gateway, the umc profile is:
> gateway=""
> 
> many Tracebacks in setup.log, nameserver1 was deleted ..

r45812 | Bug #28670: USS: Exit if nothing is to do
univention-system-setup_7.0.63-1.545.201311011544
Comment 41 Philipp Hahn univentionstaff 2013-11-04 10:37:41 CET
(In reply to Felix Botner from comment #37)
The filter on ^interfaces/ was not sufficient, since the primary interface is stored in interfaces/priimary and a change in that did mess up the logic again.

r45827 | Bug #28670: USS: Improve network reconfiguration robustness
univention-system-setup_7.0.65-2.547.201311041035
Comment 42 Felix Botner univentionstaff 2013-11-04 12:45:47 CET
two interfaces (10.200.7.50 - eth0, 10.200.7.55 -eth1)
changing primary interfaces failed, 

config for new primary interface is missing

-> more /var/cache/univention-system-setup/profile 
interfaces/primary="eth0"


INFO:uss.network.phase.RewriteUcr:Updating 'nameserver1'='None'
INFO:uss.network.phase.RewriteUcr:Updating 'ucc/pxe/nameserver'='None'
INFO:uss.network.phase.RewriteUcr:Updating 'ucc/pxe/nfsroot'='None'
...
INFO:uss.network.phase.LdapReferences:Updating 'zoneName=hans.de,cn=dns,dc=hans,dc=de' with '[('a', ['10.200.7.50'], [])]'...
INFO:uss.network.plug:Calling LdapSelf.post() at 40...
...
INFO:uss.network.phase.LdapSelf:Updating 'cn=master,cn=dc,cn=computers,dc=hans,dc=de' with '[('ip', ['10.200.7.50'], []), ('dnsEntryZoneReverse', [['zoneName=
7.200.10.in-addr.arpa,cn=dns,dc=hans,dc=de', '10.200.7.50']], [])]'...
Comment 43 Philipp Hahn univentionstaff 2013-11-04 14:48:49 CET
(In reply to Felix Botner from comment #42)
> two interfaces (10.200.7.50 - eth0, 10.200.7.55 -eth1)
> changing primary interfaces failed, 

r45831 | Bug #28670: USS: Handle primary interface only change
r45834 | Bug #28670: USS: ucslint copyright
univention-system-setup_7.0.65-4.549.201311041445
Comment 44 Felix Botner univentionstaff 2013-11-04 17:15:55 CET
created Bug #33105 for some minor issus

OK - adding interfaces
OK - changing network settings
OK - appliance mode

OK - changelog
Comment 45 Stefan Gohmann univentionstaff 2013-11-19 06:42:38 CET
UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".