First Last Prev Next    This bug is not in your last search results.
Bug 40892 - UCS@school configuration wizard fails due to SSL error while calling umc-get
UCS@school configuration wizard fails due to SSL error while calling umc-get
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: UMC - Installer
UCS@school 4.0
Other Linux
: P5 normal (vote)
: UCS@school 4.0 R2 Errata
Assigned To: Florian Best
Daniel Tröder
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-14 07:25 CET by Florian Best
Modified: 2017-05-08 09:39 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.274
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2016-03-14 07:25:19 CET 
The change will be backported to UCS@school 4.0 R2.

+++ This bug was initially created as a clone of Bug #37484 +++

In a newly installed customer environment we had the following scenario:

* DC Master + UCS@school
* DC Backup + UCS@school
* DC Slave

The customer installed UCS@school also on the DC Slave and ran the UCS@school configuration wizard which failed with the following error:

> MODULE   ( ERROR ) : Failed to launch UMC query: ['/usr/sbin/umc-get', '-U', 'Administrator', '-y', '/tmp/tmpMEAg2R', '-s', 'master.schule.local', 'ucr', '-l', '-c', 'ldap/base', '-o', 'ldap/master/port']
> MODULE   ( WARN  ) : Could not query the LDAP base of the master system master.schule.local.
> MODULE   ( ERROR ) : Failed to get schoolinfo for school 'schule01': ('success': False, 'error': 'Der UMC-Server master.schule.local kann nicht erreicht werden.')

What was confusing is that manually executing the command "/usr/sbin/umc-get -U Administrator -y /tmp/adminpwd -s master.schule.local ucr -l -c ldap/base -o ldap/master/port" on the command line was successful.
Additionally 'everything else' was working (join, replication, ldapsearch, HTTPS)

With a higher debug level we were able to see this in the logfile:

> MODULE ( INFO    ) : Executing: /usr/sbin/umc-get -d 4 -U Administrator -y /tmp/tmpqsnvhw -s master.schulen.local ucr -l -o ldap/base -o ldap/master/port
> MODULE ( ERROR   ) : Failed to launch UMC query: ['/usr/sbin/umc-get', '-d', '4', '-U', 'Administrator', '-y', '/tmp/tmpqsnvhw', '-s', 'master.schulen.local', 'ucr', '-l', '-o', 'ldap/base', '-o', 'ldap/master/port']
> DEBUG_INIT                                               
> MAIN        ( PROCESS ) : Client: Setting up SSL configuration failed: []
> MAIN        ( PROCESS ) : Client: Communication will not be encrypted!
> PROTOCOL    ( INFO    ) : Sending UMCP AUTH REQUEST 142071238666879-1 
> MAIN        ( WARN    ) : Client: _recv: error on socket: [Errno 104] Connection reset by peer
>                                                                           
> MODULE      ( WARN    ) : Could not query the LDAP base of the master system master.schulen.local.

We checked the certificates (CA, master, slave) but they seem to be okay (valid, md5sums match on both systems). I can provide USI-archives for DC Master and DC Slave if necessary.
Comment 1 Florian Best univentionstaff 2016-03-14 07:39:38 CET 
Package: ucs-school-umc-installer
Version: 3.0.3-2.75.201603140737

(wrong bug number in commit message)
ucs-school-umc-installer (3.0.3-2):
r68056 | Bug #40892: fix SSL problems during contacting the DC master
r68055 | Bug #37484: fix SSL problems during contacting the DC master
Comment 2 Florian Best univentionstaff 2016-06-28 19:02:08 CEST 
@Sönke:
This is fixed in 4.1R2. Please decide about backport. Otherwise I revert the changes in 4.0R2.
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2016-06-29 15:15:27 CEST 
Please revert the change in 4.0R2. UCS 4.0 is now out of maintenance.
Comment 4 Florian Best univentionstaff 2016-07-04 15:37:39 CEST 
Reverted for UCS@school 4.0R2 and 4.1 in svn r70796,70797,70798,70799,70800.
Comment 5 Daniel Tröder univentionstaff 2016-10-10 08:43:06 CEST 
Changes were reverted for 4.0R2 and 4.1.
Comment 6 Sönke Schwardt-Krummrich univentionstaff 2017-05-08 09:39:13 CEST 
Nothing to do.
First Last Prev Next    This bug is not in your last search results.