Univention Bugzilla – Bug 40213
Stop exam mode automatically at midnight
Last modified: 2017-03-27 16:07:34 CEST
A customer suggested that it would be great if the exam mode is automatically stopped during the night hours (similar to computer room settings which are also reset during the night).
Would have been very helpful at 2016040821000294
The exam-users should also be deleted, imho.
Ticket#2016050321000336 introduced another aspect: The samba settings that deny access to shares during exam mode were not removed afterwards: > samba/othershares/hosts/deny=<long list of computerroom member IPs> > samba/share/Marktplatz/hosts/deny=<long list of computerroom member IPs> So all the clients that did an exam some time ago were unable to access the regular shares. At the mentioned ticket, the UCRVs were set on 2016-05-02 but never removed/changed (as of today, 2016-05-04), according to config-registry.replog. So the desired feature "Stop exam mode automatically at midnight" should also unset those samba settings (and the proxy settings probably too).
The package ucs-school-umc-exam has been extended by an additional script "/usr/share/ucs-school-exam/exam-and-room-cleanup". It tries to shut down running exams gracefully. Afterwards all remaining exam users are removed from LDAP (only if called on DC master/DC backup). Also all remaining settings for exams and computer rooms are removed (files, directories, UCR variables). A cron job is prepared by ucs-school-umc-exam and ucs-school-umc-exam-master each. They are disabled by default and can be reenabled via UCR: ucr set ucsschool/exam/cron/cleanup="30 2 * * *" ucr set ucsschool/exam/cron/cleanup-master="30 3 * * *" The script may be called also manually. Additional arguments may be added via ucr set ucsschool/exam/cron/cleanup/options="--debug" ucr set ucsschool/exam/cron/cleanup-master/options="--debug" The master cronjob should be activated only in multiserver environments and should called with an appropriate offset after the last exam cleanup cron job has been started on any of the school slaves, otherwise a gracefully shutdown might not be possible, if the master already removed the exam user objects! Please note that exam users are only removed on the DC master/DC backup! A new UMC operations set "schoolexam-stop-cron" is created and attached to the existing UMC polices 'default-slave-umc', 'default-backup-umc' and 'default-computers-umc" that are attached to the groups "DC Slave Hosts", "DC Backup Hosts" and "Computers". (yes, not ideally... opened another bug for it → Bug 41301). The script logs ALL messages to /var/log/univention/ucs-school-exam-cleanup.log. There is also a dry run mode. ucs-school-4.1/doc/errata/staging/ucs-school-umc-exam.yaml has been updated. Change has also been merged to UCS@school 4.1 R2. ---[cut]--- # ./exam-and-room-cleanup -h Usage: exam-and-room-cleanup [options] This script stops currently running exams and purges all remaining settings for exams and computer rooms. WARNING: if a running exam cannot be shutdown cleanly, data in the home directory may be lost. This script redirects all output to /var/log/univention/ucs-school-exam-cleanup.log. Options: -h, --help show this help message and exit -n, --dry-run do not change anything -d, --debug write additional debug output to logfile --skip-exam-shutdown do not try to shutdown running exams gracefully --skip-exam-user-removal do not remove all existing exam users (only on DC master / DC backup) --skip-ucr-cleanup do not purge exam/room related UCR variables --skip-exam-cleanup do not purge exam data/metadata files --skip-room-cleanup do not purge room metadata files
RFC: The variable descriptions for ucsschool/exam/cron/cleanup-master is done in the package ucs-school-exam. Is this done on purpose? REOPEN: The logfile permissions depend on the umask and is not root:adm+0640 REOPEN: UMCConnection(self.hostname).get_machine_connection() → this is a classmethod and should therefore be UMCConnection.get_machine_connection() REOPEN: missing ldap filter escaping: 'uid=%s*' % (self.exam_prefix,) REOPEN: hardcoded container name 'cn=examusers' RFC: What is a 'debri' ? RFC: Why is the cleanup done manually? E.g. exam-users are removed instead that this is left up to the Exam module (in exam/finish call) OR the ucr variables are unset instead if letting the computerroom module do the cleanup? This leads to two implementations for the same things.
(In reply to Florian Best from comment #5) > RFC: The variable descriptions for ucsschool/exam/cron/cleanup-master is > done in the package ucs-school-exam. Is this done on purpose? FIXED > REOPEN: The logfile permissions depend on the umask and is not root:adm+0640 FIXED > REOPEN: UMCConnection(self.hostname).get_machine_connection() > → this is a classmethod and should therefore be > UMCConnection.get_machine_connection() FIXED > REOPEN: missing ldap filter escaping: 'uid=%s*' % (self.exam_prefix,) FIXED > REOPEN: hardcoded container name 'cn=examusers' FIXED > RFC: What is a 'debri' ? engl.: debris german: Trümmer, Schutt, Ablagerungen, Schmutz, Geröll, Abfälle, Überbleibsel, Rückstände, Trümmerteile, Bruch (Zerbrochenes), Bruchstücke, ... > RFC: Why is the cleanup done manually? E.g. exam-users are removed instead > that this is left up to the Exam module (in exam/finish call) OR the ucr > variables are unset instead if letting the computerroom module do the > cleanup? This leads to two implementations for the same things. Currently there are some situations, where neither computerroom nor exam module know about a running exam. So the script tries to shut down the exam properly via schoolexam/exam/finish. If this worked, there should be no leftovers. If the computerroom module doesn't known anything about the running exam (because the status file is broken, ...), we have to cleanup manually. This script is something like a safety net. This script is intended to bring a system back into a sane state. ucs-school-umc-exam (6.0.6-1): r70213 | Bug #40213: some fixes for exam-and-room-cleanup
REOPEN: The script is shipped by ucs-school-umc-exam which is not installed on a Multiserver DC Master. REOPEN: The operation set is created in the joinscript but it is appended to "DC Slave Hosts" but the School Slaves aren't part of that group.
(In reply to Florian Best from comment #7) > REOPEN: The operation set is created in the joinscript but it is appended to > "DC Slave Hosts" but the School Slaves aren't part of that group. Wrong information. The groups are fine. But: The request goes against the DC Master where the computerroom-module is not installed.
code: r70866 advisory & changelog: r70867
docbook fixes: 70868, 70869
On a Multiserver DC Master where no UMC computerroom is installed the script just raises and does therefore nothing. Traceback (most recent call last): File "/usr/share/ucs-school-exam/exam-and-room-cleanup", line 264, in <module> main() File "/usr/share/ucs-school-exam/exam-and-room-cleanup", line 261, in main helper.cleanup() File "/usr/share/ucs-school-exam/exam-and-room-cleanup", line 224, in cleanup self.stop_running_exams() File "/usr/share/ucs-school-exam/exam-and-room-cleanup", line 108, in stop_running_exams for room in self.running_exam_iter(): File "/usr/share/ucs-school-exam/exam-and-room-cleanup", line 93, in running_exam_iter room_list = self.umcp.request('computerroom/rooms', {'school': ou_name}) File "/usr/lib/pymodules/python2.7/univention/lib/umc_connection.py", line 142, in request raise NotImplementedError('command forbidden: %s' % url) NotImplementedError: command forbidden: computerroom/rooms
On a multi-server DC UCRV ucsschool/exam/cron/cleanup-master/options should be set to: --skip-exam-shutdown --skip-ucr-cleanup --skip-exam-cleanup --skip-room-cleanup So that on the master only the exam-user cleanup runs.
Add note about that to changelog/changelog-ucsschool-4.1R2v1.xml
(In reply to Daniel Tröder from comment #13) > Add note about that to changelog/changelog-ucsschool-4.1R2v1.xml Instead of a note in the changelog, the UCR value for the master cronjob was set to "--skip-exam-shutdown --skip-ucr-cleanup --skip-exam-cleanup --skip-room-cleanup". The DC master cronjob should only be enabled on a multi-server master, where anything but the exam-user-purge doesn't make sense. On a single-master server, the non-master cronjob will take care of the exam-users.
UCR: 71289 YAML: 71290
OK: this doesn't prevent that the script has errors but that the users will run into the errors.
24.05.16 15:11:10.316 MAIN ( ERROR ) : Removing remaining exam user failed with traceback: Traceback (most recent call last): File "/usr/share/ucs-school-exam/exam-and-room-cleanup", line 127, in remove_exam_user userlist = mod_user.lookup({}, lo, 'uid=%s*' % (escape_filter_chars(self.exam_prefix),), base=searchbase.examUsers) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 2672, in lookup for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 327, in search raise univention.admin.uexceptions.noObject(_err2str(msg)) noObject: No such object When the exception is caught and printed to log file, the other OUs are not processed anymore. So the method remove_exam_user() stops at the first OU without remaining exam users. This is a problem in single server environments! → REOPEN → add try-exept-NoObject around mod_user.lookup(...) → please update the advisory: please state clearly that the script is disabled by default (In reply to Daniel Tröder from comment #14) > (In reply to Daniel Tröder from comment #13) > > Add note about that to changelog/changelog-ucsschool-4.1R2v1.xml > Instead of a note in the changelog, the UCR value for the master cronjob was > set to "--skip-exam-shutdown --skip-ucr-cleanup --skip-exam-cleanup > --skip-room-cleanup". The DC master cronjob should only be enabled on a > multi-server master, where anything but the exam-user-purge doesn't make > sense. If I'm not wrong, it doesn't hurt if the script is called twice in single server environments → the script tries twice to remove remaining exam users. Or did I miss something? > On a single-master server, the non-master cronjob will take care of the > exam-users. ACK
(In reply to Sönke Schwardt-Krummrich from comment #17) > 24.05.16 15:11:10.316 MAIN ( ERROR ) : Removing remaining exam > user failed with traceback: > Traceback (most recent call last): > File "/usr/share/ucs-school-exam/exam-and-room-cleanup", line 127, in > remove_exam_user > userlist = mod_user.lookup({}, lo, 'uid=%s*' % > (escape_filter_chars(self.exam_prefix),), base=searchbase.examUsers) > File > "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line > 2672, in lookup > for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, > required, timeout, sizelimit): > File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 327, > in search > raise univention.admin.uexceptions.noObject(_err2str(msg)) > noObject: No such object > > > When the exception is caught and printed to log file, the other OUs are not > processed anymore. So the method remove_exam_user() stops at the first OU > without remaining exam users. This is a problem in single server > environments! > → REOPEN > → add try-exept-NoObject around mod_user.lookup(...) Done in r72956. BTW: This exception can only happen, when the container cn=examusers is missing. When there are no examusers, mod_user.lookup() returns an empty list. > → please update the advisory: please state clearly that the script is > disabled by default Done in r72956. > (In reply to Daniel Tröder from comment #14) > > (In reply to Daniel Tröder from comment #13) > > > Add note about that to changelog/changelog-ucsschool-4.1R2v1.xml > > Instead of a note in the changelog, the UCR value for the master cronjob was > > set to "--skip-exam-shutdown --skip-ucr-cleanup --skip-exam-cleanup > > --skip-room-cleanup". The DC master cronjob should only be enabled on a > > multi-server master, where anything but the exam-user-purge doesn't make > > sense. > > If I'm not wrong, it doesn't hurt if the script is called twice in single > server environments → the script tries twice to remove remaining exam users. > Or did I miss something? The script will crash on a DC master if called without those arguments, as the UMC-module is not installed: → /var/log/univention/ucs-school-exam-cleanup.log → NotImplementedError: command forbidden: computerroom/rooms
(In reply to Daniel Tröder from comment #18) > > If I'm not wrong, it doesn't hurt if the script is called twice in single > > server environments → the script tries twice to remove remaining exam users. > > Or did I miss something? > The script will crash on a DC master if called without those arguments, as > the UMC-module is not installed: > → /var/log/univention/ucs-school-exam-cleanup.log > → NotImplementedError: command forbidden: computerroom/rooms In Single Server Environments the UMC module computerroom is installed on the master.
OK: svn r72956 Fix typo in YAML: svn r73015
UCS@school 4.1 R2 v6 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v6-de.html If this error occurs again, please clone this bug.
*** Bug 34231 has been marked as a duplicate of this bug. ***