Univention Bugzilla – Bug 36934
rdate in univention-ssl.postinst got stuck
Last modified: 2014-12-04 12:21:21 CET
Seen in a tester setup. During the installation the rdate command in univention-ssl got stuck.
same behaviour was seen during "apt-get install --reinstall univention-ssl" in 3.2.4 see my remarks in Ticket 2014111021000654 (14.11.2014 10:59)
r56063 | Bug #36934 SSL: Timeout ntpdate command after 15s Package: univention-ssl Version: 9.0.4-1.150.201411211640 User: phahn Branch: ucs_4.0-0 Scope: errata4.0-0 r56068 | Bug #36934 SSL,Bug #36935 Join,Bug #36937 USS: timeout YAML
root@master40:~# timeout -k 20 15 ntpdate-debian 25 Nov 19:40:06 ntpdate[8714]: no servers can be used, exiting On my UCS master test system /etc/default/ntpdate was empty → $NTPDATE_USE_NTP_CONF is not set (used within ntpdate-debian) → /var/lib/ntpdate/default.dhcp does not exist → no time server is given to ntpdate → error message from above → REOPEN Why not using one of the following pools? - 0.pool.ntp.org - 1.pool.ntp.org - 2.pool.ntp.org - 3.pool.ntp.org root@master40:~# time timeout -k 20 15 rdate 10.200.18.3 real 0m15.003s user 0m0.004s sys 0m0.000s root@master40:~# time timeout -k 20 15 rdate 192.168.0.3 Wed Nov 26 17:01:49 CET 2014 real 1269m58.097s user 0m0.000s sys 0m0.000s root@master40:~# time timeout -k 20 15 rdate 192.168.0.3 Wed Nov 26 17:01:59 CET 2014 real 0m0.000s user 0m0.000s sys 0m0.004s root@master40:~# → Works as expected. FAIL: why still using rdate as dependency? ntpdate-debian uses ntpdate YAML: not checked yet
(In reply to Sönke Schwardt-Krummrich from comment #3) > root@master40:~# timeout -k 20 15 ntpdate-debian > 25 Nov 19:40:06 ntpdate[8714]: no servers can be used, exiting > > On my UCS master test system /etc/default/ntpdate was empty > → $NTPDATE_USE_NTP_CONF is not set (used within ntpdate-debian) > → /var/lib/ntpdate/default.dhcp does not exist > → no time server is given to ntpdate > → error message from above > → REOPEN This happens only on the DC Master, where no NTP server is configures by default; see Bug #37098. > Why not using one of the following pools? > - 0.pool.ntp.org > - 1.pool.ntp.org > - 2.pool.ntp.org > - 3.pool.ntp.org This is not allowed: <http://www.pool.ntp.org/de/vendors.html> > Basic guidelines > Do not use the standard pool.ntp.org names as a default configuration in your system. ... > Get your vendor zone > You must absolutely not use the default pool.ntp.org zone names as the default configuration in your application or appliance. We should either - apply for univention.pool.ntp.org, - ask Debian if using debian.pool.ntp.org is okay, - add ntp.univention.de and use that to DDoS ourselves. That's probably the easiest as an NTP query will only happen once per DC Master installation.
Also see Bug #27728 for the hard-coded pool.ntp.org issue.
(In reply to Sönke Schwardt-Krummrich from comment #3) > FAIL: why still using rdate as dependency? ntpdate-debian uses ntpdate "rdate" is still used by univention-base-files/conffiles/etc/init.d/rdate, which also violates the terms-of-use of pool.ntp.org.
r56275 | Bug #36934: Timeout rdate command after 15+5s Use rdate again with fixed 10.1.133.130.in-addr.arpa domain name pointer time.fu-berlin.de. Reduce SIGKILL timeout to 5s. Package: univention-ssl Version: 9.0.4-2.151.201411281139 User: phahn Branch: ucs_4.0-0 Scope: errata4.0-0 r56279 | YAML Bug #36334 Bug #36937: timeout rdate
OK: code change visibly checked OK: YAML Waiting for new DVD for functional check
r56283 | Bug #36937: Timeout rdate command after 15+5s r56286 | YAML Bug #36334 Bug #36937: timeout rdate Package: univention-ssl Version: 9.0.4-3.152.201411281214 User: phahn Branch: ucs_4.0-0 Scope: errata4.0-0 Package: univention-system-setup Version: 8.1.65-24.811.201411281217 User: phahn Branch: ucs_4.0-0 Scope: errata4.0-0
No problem encountered during installation.
http://errata.univention.de/ucs/4.0/1.html