First Last Prev Next    This bug is not in your last search results.
Bug 44154 - Slave join fails: Can't contact LDAP server
Slave join fails: Can't contact LDAP server
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Join (univention-join)
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Stefan Gohmann
Philipp Hahn
: interim-4
Depends on:
Blocks: 45040
  Show dependency treegraph
 
Reported: 2017-03-30 14:04 CEST by Erik Damrose
Modified: 2017-07-18 20:41 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
USI from master (531.29 KB, application/x-bzip)
2017-03-30 14:04 CEST, Erik Damrose 		Details
USI from slave (385.12 KB, application/x-bzip)
2017-03-30 14:05 CEST, Erik Damrose 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2017-03-30 14:04:20 CEST 
Created attachment 8693 [details]
USI from master

I tried to join a slave into a ucs 4.2 domain. The join failed because the masters' ldap server could not be reached.

slave join.log during system-setup:
Configure 31univention-nagios-libvirtd-kvm.inst Thu Mar 30 12:57:33 CEST 2017
2017-03-30 12:57:33.905654884+02:00 (in joinscript_init)
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 222, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 406, in doit
    out = _doit(arglist)
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 534, in _doit
    co = univention.admin.config.config(configRegistry['ldap/master'])
  File "/usr/lib/pymodules/python2.7/univention/admin/config.py", line 40, in __init__
    base = univention.admin.uldap.getBaseDN(host)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 136, in getBaseDN
    result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts'])
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 559, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 865, in _apply_method_s
    self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 839, in reconnect
    raise e
SERVER_DOWN: {'desc': "Can't contact LDAP server"}
Thu Mar 30 12:58:46 CEST 2017: finish /usr/share/univention-join/univention-join


The masters' ldap server was last restarted more than 10 minutes ago ( journalctl on master:)
Mär 30 12:49:07 master slapd[4029]: Stopping ldap server(s): slapd ...done.
Mär 30 12:49:07 master systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Acce
Mär 30 12:49:08 master logger[4059]: /etc/init.d/slapd start (pid: 4044, ppid:    1 systemd)
Mär 30 12:49:08 master slapd[4060]: @(#) $OpenLDAP: slapd  (Mar  8 2017 17:32:20) $
                                             pbuser@ladda:/var/build/temp/tmp.gwUsk6kDX6/pbuilder/openl
Mär 30 12:49:08 master slapd[4060]: Loaded metadata from "/usr/share/univention-management-console/saml
Mär 30 12:49:08 master slapd[4044]: Starting ldap server(s): slapd ...done.
Mär 30 12:49:17 master slapd[4044]: Checking Schema ID: ...done.
Mär 30 12:49:17 master systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Acces
Comment 1 Erik Damrose univentionstaff 2017-03-30 14:05:02 CEST 
Created attachment 8694 [details]
USI from slave

Added USI for both servers. Does not contain apt package list due to bug 43886
Comment 2 Stefan Gohmann univentionstaff 2017-04-01 22:42:49 CEST 
Happens again in Jenkins while joining a DC backup:



Configure 34univention-management-console-server.inst Fri Mar 31 19:59:49 EDT 2017
2017-03-31 19:59:49.931267088-04:00 (in joinscript_init)
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 222, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 406, in doit
    out = _doit(arglist)
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 534, in _doit
    co = univention.admin.config.config(configRegistry['ldap/master'])
  File "/usr/lib/pymodules/python2.7/univention/admin/config.py", line 40, in __init__
    base = univention.admin.uldap.getBaseDN(host)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 136, in getBaseDN
    result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts'])
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 559, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 865, in _apply_method_s
    self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 839, in reconnect
    raise e
SERVER_DOWN: {'desc': "Can't contact LDAP server"}
Comment 3 Stefan Gohmann univentionstaff 2017-04-01 22:54:51 CEST 
r78587:
* Copy master listener logfile (Bug #44154)
Comment 4 Stefan Gohmann univentionstaff 2017-04-01 23:01:42 CEST 
@Erik, in your setup, the DC slave sets itself as nameserver during the setup. At least for a short time:

2017-03-30 12:16:14: set nameserver1=10.200.29.225 old:[Previously undefined]
2017-03-30 12:43:32: set nameserver1=10.200.29.228 old:10.200.29.225
2017-03-30 12:44:34: set nameserver1=10.200.29.225 old:10.200.29.228

10.200.29.225 is the master
10.200.29.228 is the slave

Ups, from files/var_log_apt_term.log_1:
-----------------------------------------------------------------------------
univention-bind (11.0.0-18A~4.2.0.201703151948) wird eingerichtet ...
[...]
Starting bind9 Domain Name Server (DNS): Unknown DNS backend  failed!
invoke-rc.d: initscript bind9, action "start" failed.
2017-03-30 12:43:31,974 INFO    __main__.ucr/ns   Found server 10.200.29.225 from UCRV nameserver1
2017-03-30 12:43:31,977 WARNING __main__.val      UCS master SRV record is unknown at 10.200.29.225, converting into forwarder
2017-03-30 12:43:31,977 INFO    __main__.xor      Skip removing nameservers from forwarders
2017-03-30 12:43:31,978 INFO    __main__.ucr/self Default IP address configured in UCR: 10.200.29.228
2017-03-30 12:43:31,979 WARNING __main__.ucr/self Failed to query local server 10.200.29.228 for unassigned-domain
2017-03-30 12:43:31,979 WARNING __main__.ucr/self Adding anyway as no other nameserer remains.
2017-03-30 12:43:31,979 INFO    __main__.ns       Skip adding NS
2017-03-30 12:43:31,980 INFO    __main__.ldap     Skip adding master
2017-03-30 12:43:31,980 INFO    __main__.ucr      Updating 'dns/forwarder1': None -> '10.200.29.225'
2017-03-30 12:43:31,980 INFO    __main__.ucr      Updating 'nameserver1': '10.200.29.225' -> '10.200.29.228'
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
File: /etc/resolv.conf
-----------------------------------------------------------------------------
Comment 5 Stefan Gohmann univentionstaff 2017-04-01 23:04:55 CEST 
(In reply to Stefan Gohmann from comment #4)
> @Erik, in your setup, the DC slave sets itself as nameserver during the
> setup. At least for a short time:
> 
> 2017-03-30 12:16:14: set nameserver1=10.200.29.225 old:[Previously undefined]
> 2017-03-30 12:43:32: set nameserver1=10.200.29.228 old:10.200.29.225
> 2017-03-30 12:44:34: set nameserver1=10.200.29.225 old:10.200.29.228
> 
> 10.200.29.225 is the master
> 10.200.29.228 is the slave
> 
> Ups, from files/var_log_apt_term.log_1:
> -----------------------------------------------------------------------------
> univention-bind (11.0.0-18A~4.2.0.201703151948) wird eingerichtet ...
> [...]
> Starting bind9 Domain Name Server (DNS): Unknown DNS backend  failed!
> invoke-rc.d: initscript bind9, action "start" failed.
> 2017-03-30 12:43:31,974 INFO    __main__.ucr/ns   Found server 10.200.29.225
> from UCRV nameserver1
> 2017-03-30 12:43:31,977 WARNING __main__.val      UCS master SRV record is
> unknown at 10.200.29.225, converting into forwarder
> 2017-03-30 12:43:31,977 INFO    __main__.xor      Skip removing nameservers
> from forwarders
> 2017-03-30 12:43:31,978 INFO    __main__.ucr/self Default IP address
> configured in UCR: 10.200.29.228
> 2017-03-30 12:43:31,979 WARNING __main__.ucr/self Failed to query local
> server 10.200.29.228 for unassigned-domain
> 2017-03-30 12:43:31,979 WARNING __main__.ucr/self Adding anyway as no other
> nameserer remains.
> 2017-03-30 12:43:31,979 INFO    __main__.ns       Skip adding NS
> 2017-03-30 12:43:31,980 INFO    __main__.ldap     Skip adding master
> 2017-03-30 12:43:31,980 INFO    __main__.ucr      Updating 'dns/forwarder1':
> None -> '10.200.29.225'
> 2017-03-30 12:43:31,980 INFO    __main__.ucr      Updating 'nameserver1':
> '10.200.29.225' -> '10.200.29.228'
> File: /etc/bind/named.conf.proxy
> File: /etc/bind/named.conf.samba4
> File: /etc/resolv.conf
> -----------------------------------------------------------------------------

Hit the return button too early.

@Philipp, Arvid: I guess we should not re-configure the DNS settings during the installation, right? I'm not sure if it is responsible but it looks wrong.
Comment 6 Stefan Gohmann univentionstaff 2017-04-02 13:13:04 CEST 
r78591:
* Execute univention-fix-ucr-dns in univention-bind postinst only if
  the system is joined. Otherwise the local unkonfigured DNS server is
  configures as nameserver (Bug #44154)

This might fix this issue.

Changelog not necessary.
Comment 7 Philipp Hahn univentionstaff 2017-04-04 14:51:57 CEST 
OK: r78591
OK: called from services/univention-bind/90univention-bind-post.inst
OK: ssh billy dpkg-query -W univention-bind
Comment 8 Stefan Gohmann univentionstaff 2017-04-04 18:30:09 CEST 
UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.