Bug 29697 - Traceback im setup.log auf DC Slave nach IP-Änderungsversuch
Traceback im setup.log auf DC Slave nach IP-Änderungsversuch
Status: CLOSED WORKSFORME
Product: UCS
Classification: Unclassified
Component: System setup
UCS 3.1
Other Linux
: P4 normal (vote)
: UCS 3.2
Assigned To: Philipp Hahn
Felix Botner
: interim-3
: 27607 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-10 15:57 CET by Lukas Walter
Modified: 2013-11-19 06:42 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted after Product Owner Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lukas Walter univentionstaff 2012-12-10 15:57:09 CET
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 397, in <module>
    main()
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 350, in main
    lo, position = bind()
  File "/usr/share/univention-directory-manager-tools/univention-dnsedit", line 141, in bind
    lo, position = uldap.getAdminConnection(start_tls)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 63, in getAdminConnection
    lo=univention.uldap.getAdminConnection(start_tls, decode_ignorelist=decode_ignorelist)
  File "/usr/lib/pymodules/python2.6/univention/uldap.py", line 68, in getAdminConnection
    bindpw=open('/etc/ldap.secret').read()
IOError: [Errno 2] No such file or directory: '/etc/ldap.secret'


Das könnte mitverantwortlich dafür sein, dass der Slave beim Ändern seiner IP Adresse seine aRecords nicht anpassen kann (stattdessen wird ein LDAP-Locking Objekt angelegt).
Comment 1 Moritz Muehlenhoff univentionstaff 2013-05-31 10:44:19 CEST
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2.

As such, this bug is moved to the new target milestone.
Comment 2 Stefan Gohmann univentionstaff 2013-07-17 11:01:26 CEST
Should be checked together with Bug #28670.
Comment 3 Philipp Hahn univentionstaff 2013-10-22 18:27:07 CEST
qemu://xen12.knut.univention.de/system#ucs32-64-slave
Comment 4 Philipp Hahn univentionstaff 2013-10-28 22:41:49 CET
The traceback could not be reproduced on my UCS-3.2~ system.
It is unlikely to occur again, since the code was rewritten to check for proper LDAP credentials.

From my research the USS JS front-end currently does not provide a way to change a slaves IP configuration and to provide the required LDAP credentials. This means that currently there's no way to allow a DC slave or member server to update its own host record by just using its host credentials, nor can the user using UMC provide the required credentials:

# udm computers/`ucr get server/role` modify --binddn `ucr get ldap/hostdn` --bindpwdfile /etc/machine.secret --dn `ucr get ldap/hostdn` --set ip=1.2.3.4
Permission denied.
Comment 5 Felix Botner univentionstaff 2013-10-29 12:06:43 CET
*** Bug 27607 has been marked as a duplicate of this bug. ***
Comment 6 Felix Botner univentionstaff 2013-10-29 12:14:40 CET
could not reproduce the traceback (but as mentioned in comment #5 changing a slaves ip does not change the ldap objects -> Bug #33001)
Comment 7 Stefan Gohmann univentionstaff 2013-11-19 06:42:26 CET
UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".