Univention Bugzilla – Bug 38365
New IP address is not stored in LDAP
Last modified: 2015-11-17 12:12:03 CET
In my environment I had to restart the DC master container. Because of this the container got a new IP address. The /etc/hosts within the DC master container is correct but the DNS entry in LDAP has not been updated. Therefore if a dc slave tries to join against such a master the attempt will fail. System setup tries to verify the credentials and uses the IP address of the specified IP address from DNS → verification fails. root@oxmaster:/# dig oxmaster.nstx.local @localhost | grep ^oxmaster oxmaster.nstx.local. 80600 IN A 172.17.0.2 root@oxmaster:/# grep oxmaster /etc/hosts 172.17.0.3 oxmaster.nstx.local oxmaster root@oxmaster:/#
Bonus feature: The new ip address the dc master is currently using is assigned to a dc slave in LDAP. So a simple modification is not possible. The dc slave has also been restarted and uses a completely new IP address. old: (LDAP status) oxmaster 172.17.0.2 oxslave 172.17.0.3 new: (network interface status) oxmaster 172.17.0.3 oxslave 172.17.0.5
Should work now. The init script was executed too early: r60209
root@oxmaster:/# ip a | grep 172 inet 172.17.0.2/16 scope global eth0 root@oxmaster:/# ucr search --brief interfaces/eth0 interfaces/eth0/address: 172.17.0.2 interfaces/eth0/broadcast: 0.0.0.0 interfaces/eth0/netmask: 255.255.0.0 interfaces/eth0/network: 172.17.0.0 interfaces/eth0/type: static root@oxmaster:/# /usr/sbin/univention-register-network-address --verbose INFO: eth0 is not configured as dhcp device. root@oxmaster:/# udm computers/domaincontroller_master list | grep 172 ip: 172.17.0.5 dnsEntryZoneForward: zoneName=nstx.local,cn=dns,dc=nstx,dc=local 172.17.0.5 dnsEntryZoneReverse: zoneName=17.172.in-addr.arpa,cn=dns,dc=nstx,dc=local 172.17.0.5 root@oxmaster:/# Looks like the --force option is missing, otherwise the LDAP modification is only performed if the interface is configured to use DHCP.
The network registration is done via the init script univention-docker-container-mode. It considers if a IP address was set previously and registers the address only if a IP address was set previously. The init script univention-network-common does nothing if the system is started in a docker container. Diff: r64004 Changelog: r64005
Ok. It took some time until the change in LDAP was performed. root@master3:/# ip a | grep 172;echo;ucr search --brief interfaces/eth0; echo;udm computers/domaincontroller_master list | grep 172 inet 172.17.0.5/16 scope global eth0 interfaces/eth0/address: 172.17.0.5 interfaces/eth0/broadcast: 0.0.0.0 interfaces/eth0/netmask: 255.255.0.0 interfaces/eth0/network: 172.17.0.0 interfaces/eth0/type: static ip: 172.17.0.5 dnsEntryZoneForward: zoneName=test3.local,cn=dns,dc=test3,dc=local 172.17.0.5 dnsEntryZoneReverse: zoneName=17.172.in-addr.arpa,cn=dns,dc=test3,dc=local 172.17.0.5 root@master3:/# exit root@master92:~# docker restart master3 root@master92:~# docker exec -it master3 /bin/bash root@master3:/# ip a | grep 172;echo;ucr search --brief interfaces/eth0; echo;udm computers/domaincontroller_master list | grep 172 inet 172.17.0.7/16 scope global eth0 interfaces/eth0/address: 172.17.0.7 interfaces/eth0/broadcast: 0.0.0.0 interfaces/eth0/netmask: 255.255.0.0 interfaces/eth0/network: 172.17.0.0 interfaces/eth0/type: static ip: 172.17.0.7 dnsEntryZoneForward: zoneName=test3.local,cn=dns,dc=test3,dc=local 172.17.0.7 dnsEntryZoneReverse: zoneName=17.172.in-addr.arpa,cn=dns,dc=test3,dc=local 172.17.0.7 root@master3:/# OK: changelog entry OK: code change → VERIFIED
UCS 4.1 has been released: https://docs.software-univention.de/release-notes-4.1-0-en.html https://docs.software-univention.de/release-notes-4.1-0-de.html If this error occurs again, please use "Clone This Bug".