Bug 29697 – Traceback im setup.log auf DC Slave nach IP-Änderungsversuch

Bug 29697 - Traceback im setup.log auf DC Slave nach IP-Änderungsversuch


Summary:	Traceback im setup.log auf DC Slave nach IP-Änderungsversuch

Status:	CLOSED WORKSFORME

Product:	UCS
Classification:	Unclassified
Component:	System setup
Version:	UCS 3.1
Hardware:	Other Linux

Importance:	P4 normal (vote)
Target Milestone:	UCS 3.2
Assigned To:	Philipp Hahn
QA Contact:	Felix Botner

URL:
Keywords:	interim-3

Duplicates:	27607 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-12-10 15:57 CET by Lukas Walter
Modified:	2013-11-19 06:42 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lukas Walter

2012-12-10 15:57:09 CET

Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 397, in <module>
    main()
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 350, in main
    lo, position = bind()
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 141, in bind
    lo, position = uldap.getAdminConnection(start_tls)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 63, in getAdminConnection
    lo=univention.uldap.getAdminConnection(start_tls, decode_ignorelist=decode_ignorelist)
  File "/usr/lib/pymodules/python2.6/univention/uldap.py", line 68, in getAdminConnection
    bindpw=open('/etc/ldap.secret').read()
IOError: [Errno 2] No such file or directory: '/etc/ldap.secret'


Das könnte mitverantwortlich dafür sein, dass der Slave beim Ändern seiner IP Adresse seine aRecords nicht anpassen kann (stattdessen wird ein LDAP-Locking Objekt angelegt).

Comment 1 Moritz Muehlenhoff

2013-05-31 10:44:19 CEST

We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2.

As such, this bug is moved to the new target milestone.

Comment 2 Stefan Gohmann

2013-07-17 11:01:26 CEST

Should be checked together with Bug #28670.

Comment 3 Philipp Hahn

2013-10-22 18:27:07 CEST

qemu://xen12.knut.univention.de/system#ucs32-64-slave

Comment 4 Philipp Hahn

2013-10-28 22:41:49 CET

The traceback could not be reproduced on my UCS-3.2~ system.
It is unlikely to occur again, since the code was rewritten to check for proper LDAP credentials.

From my research the USS JS front-end currently does not provide a way to change a slaves IP configuration and to provide the required LDAP credentials. This means that currently there's no way to allow a DC slave or member server to update its own host record by just using its host credentials, nor can the user using UMC provide the required credentials:

# udm computers/`ucr get server/role` modify --binddn `ucr get ldap/hostdn` --bindpwdfile /etc/machine.secret --dn `ucr get ldap/hostdn` --set ip=1.2.3.4
Permission denied.

Comment 5 Felix Botner

2013-10-29 12:06:43 CET

*** Bug 27607 has been marked as a duplicate of this bug. ***

Comment 6 Felix Botner

2013-10-29 12:14:40 CET

could not reproduce the traceback (but as mentioned in comment #5 changing a slaves ip does not change the ldap objects -> Bug #33001)

Comment 7 Stefan Gohmann

2013-11-19 06:42:26 CET

UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".