Bug 33157 - 90univention-bind-post.inst hangs while joining via UMC
90univention-bind-post.inst hangs while joining via UMC
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: DNS
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2
Assigned To: Stefan Gohmann
Arvid Requate
: interim-4
: 33282 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-06 16:50 CET by Florian Best
Modified: 2013-11-27 16:04 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2013-11-06 16:50:04 CET
While joining with the UMC domain join module the 90univention-bind-post.inst joinscript hangs (→ at "sleep 1" while restarting bind / querying the master).

The bind daemon doesn't start because of wrong config permissions:
-rw------- 1 root bind 115  6. Nov 15:46 /etc/bind/univention.conf

This is probably because the UMC-Moduleserver process runs with restrictive umask (0077).
Comment 1 Dirk Wiesenthal univentionstaff 2013-11-12 13:44:49 CET
*** Bug 33282 has been marked as a duplicate of this bug. ***
Comment 2 Stefan Gohmann univentionstaff 2013-11-12 14:03:04 CET
(In reply to Dirk Wiesenthal from comment #1)
> *** Bug 33282 has been marked as a duplicate of this bug. ***

It changes the priority since a login was not possible.
Comment 3 Stefan Gohmann univentionstaff 2013-11-12 15:19:38 CET
fixed

The permissions are now set in the bind listener module.

Code: r45970
Changelog: r45976
Comment 4 Stefan Gohmann univentionstaff 2013-11-12 15:28:39 CET
(In reply to Stefan Gohmann from comment #3)
> Code: r45970
 + r45976

> Changelog: r45976
 + r45978
Comment 5 Florian Best univentionstaff 2013-11-14 11:04:55 CET
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/bind.py", line 85, in handler
    _new_zone(listener.configRegistry, new['zoneName'][0], dn)
  File "/usr/lib/univention-directory-listener/system/bind.py", line 146, in _new_zone
    os.chmod(proxy_zone, 0640)
TypeError: coercing to Unicode: need string or buffer, file found
Comment 6 Florian Best univentionstaff 2013-11-14 11:13:27 CET
I fixed it in svn46021

univention-bind (8.0.3-1) 
* Bug #33157: fix typo when setting permissions for the proxy config
Comment 7 Florian Best univentionstaff 2013-11-14 12:02:03 CET
There are still configuration files with wrong permissions:

Nov 14 11:58:30 slave named[615]: loading configuration from '/etc/bind/named.conf'
Nov 14 11:58:30 slave named[615]: /etc/bind/univention.conf:1: open: /etc/bind/univention.conf.d/27.200.10.in-addr.arpa: permission denied
Nov 14 11:58:30 slave named[615]: loading configuration: permission denied
Nov 14 11:58:30 slave named[615]: exiting (due to fatal error)
Comment 8 Stefan Gohmann univentionstaff 2013-11-14 12:09:50 CET
The permissions for the directory are wrong:

root@slave:~# ls -la /etc/bind/univention.conf.d/
insgesamt 24
drwx--S--- 2 root bind 4096 14. Nov 11:40 .
Comment 9 Stefan Gohmann univentionstaff 2013-11-14 12:22:47 CET
Fixed with r46030
Comment 10 Arvid Requate univentionstaff 2013-11-14 13:02:41 CET
Fails due to /etc/bind/univention.conf.d/* owned 640 by root.nogroup

============================================================================
root@backup16:~# dpkg-query -W -f='${Package} ${Version}\n' univention-bind
univention-bind 8.0.4-1.198.201311141212

root@backup16:~# /usr/sbin/named -c /etc/bind/named.conf -p 7777 -u bind -f -d 10 -g
14-Nov-2013 12:04:57.229 starting BIND 9.8.0-P4 -c /etc/bind/named.conf -p 7777 -u bind -f -d 10 -g
14-Nov-2013 12:04:57.229 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-dlz-dlopen' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
14-Nov-2013 12:04:57.229 adjusted limit on open files from 1024 to 1048576
14-Nov-2013 12:04:57.229 found 1 CPU, using 1 worker thread
14-Nov-2013 12:04:57.230 using up to 4096 sockets
14-Nov-2013 12:04:57.230 Registering DLZ_stub driver.
14-Nov-2013 12:04:57.230 Registering SDLZ driver 'dlz_stub'
14-Nov-2013 12:04:57.231 Registering DLZ driver 'dlz_stub'
14-Nov-2013 12:04:57.231 Registering DLZ filesystem driver.
14-Nov-2013 12:04:57.232 Registering SDLZ driver 'filesystem'
14-Nov-2013 12:04:57.232 Registering DLZ driver 'filesystem'
14-Nov-2013 12:04:57.233 Registering DLZ bdb driver.
14-Nov-2013 12:04:57.233 Registering SDLZ driver 'bdb'
14-Nov-2013 12:04:57.234 Registering DLZ driver 'bdb'
14-Nov-2013 12:04:57.234 Registering DLZ bdbhpt driver.
14-Nov-2013 12:04:57.235 Registering SDLZ driver 'bdbhpt'
14-Nov-2013 12:04:57.235 Registering DLZ driver 'bdbhpt'
14-Nov-2013 12:04:57.235 Registering DLZ ldap driver.
14-Nov-2013 12:04:57.236 Registering SDLZ driver 'ldap'
14-Nov-2013 12:04:57.236 Registering DLZ driver 'ldap'
14-Nov-2013 12:04:57.237 Registering DLZ_dlopen driver
14-Nov-2013 12:04:57.237 Registering SDLZ driver 'dlopen'
14-Nov-2013 12:04:57.237 Registering DLZ driver 'dlopen'
14-Nov-2013 12:04:57.240 decrement_reference: delete from rbt: 0x7f8b047ab068 .
14-Nov-2013 12:04:57.244 loading configuration from '/etc/bind/named.conf'
14-Nov-2013 12:04:57.244 /etc/bind/univention.conf:1: open: /etc/bind/univention.conf.d/8.200.10.in-addr.arpa: permission denied
14-Nov-2013 12:04:57.245 load_configuration: permission denied
14-Nov-2013 12:04:57.245 loading configuration: permission denied
14-Nov-2013 12:04:57.245 exiting (due to fatal error)

root@backup16:~# ls -l /etc/bind/univention.conf.d
insgesamt 16
-rw-r----- 1 root nogroup 267 14. Nov 11:53 8.200.10.in-addr.arpa
-rw-r----- 1 root nogroup 118 14. Nov 11:53 8.200.10.in-addr.arpa.proxy
-rw-r----- 1 root nogroup 243 14. Nov 11:53 ar32i9.qa
-rw-r----- 1 root nogroup  94 14. Nov 11:53 ar32i9.qa.proxy
root@backup16:~# ls -l /etc/bind
insgesamt 96
-rw-rw-r-- 1 root root 2389 29. Jul 09:34 bind.keys
-rw-rw-r-- 1 root root  237 29. Jul 09:34 db.0
-rw-rw-r-- 1 root root  271 29. Jul 09:34 db.127
-rw-rw-r-- 1 root root  237 29. Jul 09:34 db.255
-rw-rw-r-- 1 root root  353 29. Jul 09:34 db.empty
-rw-rw-r-- 1 root root  270 29. Jul 09:34 db.local
-rw-rw-r-- 1 root root 3049 29. Jul 09:34 db.root
-rw-rw-r-- 1 root root   16 21. Mai 2007  db.root.fake
-rw-rw-r-- 1 root bind   23 14. Nov 11:16 local.conf
-rw-rw-r-- 1 root bind   23 14. Nov 11:16 local.conf.proxy
-rw-rw-r-- 1 root bind   23 14. Nov 11:16 local.conf.samba4
-rw-rw-r-- 1 root bind   74 14. Nov 11:16 local-predlz.conf.samba4
-rw-rw-r-- 1 root bind  876 14. Nov 11:45 named.conf
-rw-rw-r-- 1 root bind  463 29. Jul 09:34 named.conf.debian
-rw-rw-r-- 1 root bind  490 29. Jul 09:34 named.conf.default-zones
-rw-rw-r-- 1 root bind  165 29. Jul 09:34 named.conf.local
-rw-rw-r-- 1 root bind  572 29. Jul 09:34 named.conf.options
-rw-r--r-- 1 root bind 1394 14. Nov 11:56 named.conf.proxy
-rw-r--r-- 1 root bind 1799 14. Nov 11:56 named.conf.samba4
-rw-rw---- 1 bind bind   77 14. Nov 11:15 rndc.key
-rw-r--r-- 1 root bind  110 14. Nov 11:57 univention.conf
drwxr-xr-x 2 root bind 4096 14. Nov 11:53 univention.conf.d
-rw-r--r-- 1 root bind  122 14. Nov 11:57 univention.conf.proxy
-rw-rw-r-- 1 root root 1317 29. Jul 09:34 zones.rfc1918
============================================================================
Comment 11 Stefan Gohmann univentionstaff 2013-11-14 15:22:49 CET
Fixed with r46035
Comment 12 Arvid Requate univentionstaff 2013-11-14 18:44:39 CET
Ok, works.
Comment 13 Stefan Gohmann univentionstaff 2013-11-19 06:41:46 CET
UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".