Bug 43919 - univention-upgrade fails in 4.2 if kerberos/autostart=no
univention-upgrade fails in 4.2 if kerberos/autostart=no
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Kerberos
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Philipp Hahn
Janek Walkenhorst
: interim-3
Depends on: 43470
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-17 10:06 CET by Daniel Tröder
Modified: 2017-04-04 18:28 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.429
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2017-03-17 10:06:32 CET
Updating on a DC master 4.2 failed:
---------------------------------------
Starting package upgrade                                ERROR: update failed. Please check /var/log/univention/updater.log
---------------------------------------

/var/log/univention/updater.log
---------------------------------------
heimdal-kdc (1.6~rc2+dfsg-9A~4.2.0.201703162030) wird eingerichtet ...
Job for heimdal-kdc.service failed. See 'systemctl status heimdal-kdc.service' and 'journalctl -xn' for det
ails.
invoke-rc.d: initscript heimdal-kdc, action "start" failed.
dpkg: Fehler beim Bearbeiten des Paketes heimdal-kdc (--configure):
 Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück
---------------------------------------

systemctl status heimdal-kdc.service
---------------------------------------
Mär 17 09:56:41 m10 heimdal-kdc[6140]: kdc-kpasswdd disabled by ucr var kerberos/autostart=no
Mär 17 09:56:41 m10 systemd[1]: PID file /var/run/heimdal-kdc.pid not readable (yet?) after start.
Mär 17 09:56:41 m10 systemd[1]: Failed to start LSB: Start KDC server.
Mär 17 09:56:41 m10 systemd[1]: Unit heimdal-kdc.service entered failed state.
---------------------------------------

root@m10:~# ucr get kerberos/autostart
no
Comment 1 Daniel Tröder univentionstaff 2017-03-17 10:56:08 CET
This is on a system already on UCS 4.2, not upgrading from 4.1.
Comment 2 Philipp Hahn univentionstaff 2017-03-20 08:41:27 CET
This is caused by Bug #43470, which added the "# pidfile:" annotation to the init script.
Due the that "My samba4 KDC is more important than your Heimdal KDC" renaming of the univention-keimdal.univention-service file, the generic UCRV */autostart handling does not work for Heimdal. Therefore heimdal-kdc.service is not masked and when started, the init script aborts with "exit 0" due to "kerberos/autostart=no". But as no PID file is created, systemd considers the service as failed.

The init script also starts multiple service, so using only one PID file
is "wrong" anyway.

So for now remove the annotation again until is is converted to a
systemd service anyway.


r77956 | Bug #43919 krb: Remove pidfile annotation

Package: univention-heimdal
Version: 10.0.0-8A~4.2.0.201703200840
Branch: ucs_4.2-0
Comment 3 Janek Walkenhorst univentionstaff 2017-03-20 13:44:27 CET
(In reply to Philipp Hahn from comment #2)
> This is caused by Bug #43470, which added the "# pidfile:" annotation to the
> init script.
> Due the that "My samba4 KDC is more important than your Heimdal KDC"
> renaming of the univention-keimdal.univention-service file, the generic UCRV
> */autostart handling does not work for Heimdal. Therefore
> heimdal-kdc.service is not masked and when started, the init script aborts
> with "exit 0" due to "kerberos/autostart=no". But as no PID file is created,
> systemd considers the service as failed.
> 
> The init script also starts multiple service, so using only one PID file
> is "wrong" anyway.
> 
> So for now remove the annotation again until is is converted to a
> systemd service anyway.
OK
Comment 4 Stefan Gohmann univentionstaff 2017-04-04 18:28:24 CEST
UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".