Bug 36940 - Any valid DNS server is accepted as valid "UCS" DC
Any valid DNS server is accepted as valid "UCS" DC
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Setup wizard
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-0-errata
Assigned To: Alexander Kläser
Florian Best
:
: 37082 37208 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-11-21 18:09 CET by Alexander Kläser
Modified: 2014-12-14 14:07 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Usability
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Kläser univentionstaff 2014-11-21 18:09:13 CET
I entered 8.8.8.8 as primary nameserver and tried to join as DC slave. The check_domain() method tells me that the given nameserver is a UCS DC. Investigating, it seems that the method get_master() only returns the FQDN, however, it should query the DC DNS entry and fetch the specified DC therein.
Comment 1 Alexander Kläser univentionstaff 2014-11-21 18:42:57 CET
AFAIS, we do not need the FQDN of the DC master for joining a UCS domain. I renamed the methods to reflect what they really do. Nevertheless, the credentials page still says FQDN of the domain controller master. Is this correct?

Fixed [r56072,r56070] + adjusted YAML file [r56071].

univention-system-setup (8.1.64-2):
* Bug #36940: adjust method names for DNS checks, add additional check for
  UCS domain in check_domain()
* Bug #36440: prompt DNS error message as alert dialogue
Comment 2 Alexander Kramer univentionstaff 2014-11-26 13:28:04 CET
As discussed it is still posible to enter 8.8.8.8 as DNS without getting a dialog box.
Comment 3 Alexander Kläser univentionstaff 2014-11-26 15:47:34 CET
(In reply to Alexander Kramer from comment #2)
> As discussed it is still posible to enter 8.8.8.8 as DNS without getting a
> dialog box.

True, I adjusted this behaviour [r56188].
It is also possible now, to ignore a failed check for a UCS domain. For this, I adjusted the check_domain() method itself. The method does not raise an exception anymore, but it returns all values that could be retrieved. In the JavaScript code, I adjusted then the handling of that information to be more explicit. Unneeded calls to check_domain() (for the roles master or base) are not executed anymore.

univention-system-setup (8.1.65-9):
Bug #36940:
* adjust verification of DNS information
* allow to continue when the DNS verification failed
Comment 4 Alexander Kläser univentionstaff 2014-11-26 16:21:17 CET
Just to note. I accidentally build the package in the UCS 4.0-0 release scope. After check, everything still seems fine, the build system did not import the new version, but instead only rebuild the old, existing package. Thus, the package files for UCS 4.0-0 have only a new build time stamp.
Comment 5 Alexander Kramer univentionstaff 2014-11-27 13:34:12 CET
OK - Dialog if you leave the gateway blank
OK - successful installation without gateway (offline installation)
Comment 6 Alexander Kramer univentionstaff 2014-11-27 13:40:20 CET
OK - Dialog if no AD under DNS
OK - Dialog if no UCS DC under DN
OK - join Master and Slave into AD
OK - join Slave into UCS DC
OK - join Slave with another Slave as DNS
Comment 7 Alexander Kramer univentionstaff 2014-11-27 13:45:35 CET
OK - yaml file
OK - debian/changelog
Comment 8 Alexander Kläser univentionstaff 2014-11-27 17:37:41 CET
The following issues still need to be addressed:
* handle a failed requested (in JavaScript)
* catch DNS timeout errors (in Python)
Comment 9 Alexander Kläser univentionstaff 2014-11-28 13:36:26 CET
(In reply to Alexander Kläser from comment #8)
> The following issues still need to be addressed:
> * handle a failed requested (in JavaScript)
> * catch DNS timeout errors (in Python)

I improved the error handling [r56295].

univention-system-setup (8.1.65-26):
* Bug #36940: adapted error handling for check_domain
Comment 10 Alexander Kläser univentionstaff 2014-11-28 13:48:14 CET
univention-system-setup (8.1.65-27):
* Bug #36940: corrected log message
Comment 11 Alexander Kläser univentionstaff 2014-12-01 12:15:49 CET
*** Bug 37082 has been marked as a duplicate of this bug. ***
Comment 12 Florian Best univentionstaff 2014-12-02 10:21:33 CET
(In reply to Alexander Kläser from comment #9)
> (In reply to Alexander Kläser from comment #8)
> > The following issues still need to be addressed:
> > * handle a failed requested (in JavaScript)
> > * catch DNS timeout errors (in Python)
> 
> I improved the error handling [r56295].
OK: JavaScript error handling for AD-member and UCS-member mode.
OK: catching of DNS timeout
→ I could not provoke the error via the frontend because get_fqdn() handles the timeout first. But on CLI this works as expected.
Comment 13 Moritz Muehlenhoff univentionstaff 2014-12-04 12:22:32 CET
http://errata.univention.de/ucs/4.0/2.html
Comment 14 Stefan Gohmann univentionstaff 2014-12-14 14:07:09 CET
*** Bug 37208 has been marked as a duplicate of this bug. ***