Bug 57027 – Join fails because the S4 connector gets restarted every 10 seconds

Bug 57027 - Join fails because the S4 connector gets restarted every 10 seconds


Summary:	Join fails because the S4 connector gets restarted every 10 seconds

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-6-errata
Assigned To:	Arvid Requate
QA Contact:	Julia Bremer

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:	54791
Blocks:
	Show dependency tree / graph

Reported:	2024-02-05 15:51 CET by Stefan Gohmann
Modified:	2024-02-23 13:26 CET (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	6: Setup Problem: Issue for the setup process
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.171
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2023091921000063
Bug group (optional):	Regression
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2024-02-05 15:51:31 CET

I've tried to join a school slave in a big customer environment (180k users and 290 school servers). The join gets stuck or fails because the s4 connector is restarted every 10 seconds in create_spn_account.sh which is started in /usr/lib/univention-install/98univention-samba4-dns.inst.

The 10 seconds are not enough time to continue with the synchronization:

root@schoolslave:~# ls -1 /var/lib/univention-connector/s4/ | wc -l
234278
root@schoolslave:~# 

root@schoolslave:~# ps fx | grep -A 4 univention-join
25424 pts/1    S+     0:00  |   \_ /bin/bash /usr/sbin/univention-join
15031 pts/1    S+     0:00  |       \_ /bin/bash /usr/lib/univention-install/98univention-samba4-dns.inst --binddn XXX --bindpwdfile /tmp/tmp.XXX/dcpwd
15077 pts/1    S+     0:02  |           \_ /bin/bash /usr/share/univention-samba4/scripts/create_spn_account.sh --samaccountname dns-XXX --serviceprincipalname DNS/XXX --privatekeytab dns.keytab --binddn XXX --bindpwdfile /tmp/tmp.XXX/dcpwd --resync
32045 pts/1    S+     0:00  |               \_ sleep 10

Comment 2 Stefan Gohmann

2024-02-08 06:46:31 CET

I've installed the test packages and two joins were successful.

Comment 3 Arvid Requate

2024-02-15 10:11:22 CET

23281a3b72 Fix resync in create_spn_account.sh
98c4c480c3 Advisory

Package built:

Package: univention-samba4
Version: 9.0.15-2
Branch: ucs_5.0-0
Scope: errata5.0-6

Comment 4 Julia Bremer

2024-02-18 14:50:10 CET

OK: S4Connecor is not restarted every 10 seconds
OK: Package update/installation
OK: Manual schoolreplica join with 200.000 "global" users and 20.000 groups
OK: YAML

Verified

Comment 5 Philipp Hahn

2024-02-21 13:08:08 CET

<https://errata.software-univention.de/#/?erratum=5.0x962>

Comment 6 Philipp Hahn

2024-02-23 13:26:55 CET

I dispute this is really a "regression" as 59d3076b98be7d6ff3fa13acd7d5d2696feeac56 added the "--resync" functionality to improve the situation, but that change was incomplete and needed this additional improvement the situation for even more scenarios. YMMV