Bug 38584 - Attach default DHCP policies to default subnet instead of LDAP base
Attach default DHCP policies to default subnet instead of LDAP base
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: DHCP
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-2-errata
Assigned To: Philipp Hahn
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-05-21 17:15 CEST by Janis Meybohm
Modified: 2015-08-06 17:53 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): External feedback, Usability
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2015-05-21 17:15:37 CEST
We have many support requests because of the fact that the default DHCP policies (DHCP Routing and DHCP DNS) are attached to the LDAP base rather that the default (matching) DHCP subnet.

If one creates a new DHCP subnet with new DNS and routing policies attached, those don't have any effect because of the values inherited from default-settings policies.


Please also see Bug 37614
Comment 1 Philipp Hahn univentionstaff 2015-07-08 11:45:09 CEST
r61862 | Bug #38584,Bug #37614,Bug #38822: DHCP policies
 Move DHCP policy reference from base.ldif to univention-dhcp join script

The following logic is implemented:
1. Check that the policy (still) exists using direct ldapsearch (Bug #38822)
2. Otherwise the following "udm --policy-reference" will fail (Bug #38856)
3. The polices are only linked on the first creation of a DHCP (Shared)Sub-Net (Bug #37614)

Package: univention-ldap
Version: 11.0.12-9.753.201507081110
Branch: ucs_4.0-0
Scope: errata4.0-2

Package: univention-dhcp
Version: 9.0.0-3.521.201507081110
Branch: ucs_4.0-0
Scope: errata4.0-2

r61863 | Bug #38584,Bug #37614,Bug #38822: DHCP policies YAML
 2015-07-06-univention-ldap.yaml
 2015-07-09-univention-dhcp.yaml
Comment 2 Philipp Hahn univentionstaff 2015-07-15 19:35:52 CEST
01_base.09services_other_running.test fails since 7 days:
> # /usr/sbin/dhcpd -f -d ; echo $?
> LDAP line 4: expecting a parameter or declaration
> option domain-name-servers 10.210.227.79;
>                                          ^
> LDAP: cannot parse dhcpService entry 'cn=AutoTest091.local,cn=dhcp,dc=AutoTest091,dc=local'
> Configuration file errors encountered -- exiting
> 1

> # cat /var/log/dhcp-ldap-startup.log
> subnet 10.210.0.0 netmask 255.255.0.0 {
> option routers 10.210.0.1;
> option domain-name "AutoTest091.local";
> option domain-name-servers 10.210.227.79;
> }

It looks like the dynamically generated config is now invalid, since the top-level "option"s for the service are no longer generated.
Comment 3 Philipp Hahn univentionstaff 2015-07-16 12:21:49 CEST
r14953 | Bug #38584 DHCP: Fix comment parsing

 server/ldap.c:ldap_read_function() strips the last '\n' from the input.

 In case of a comment common/conflex.c:skip_to_eol() consumes all characters of the comment, before server/ldap.c:ldap_read_function(() is called again to generate the next line.

 This happend to be an "option" line generated by one of the UCS policies, which was then ignored. With the policies no longer being referenced by the LDAP root, the first line
now becomes a "subnet" or "shared-subnet" block, which is ignored because of the leading comment. This leads to a parser error, because the opening '{' is then missing:

> # dhcpd -d -f -t
> LDAP line 2: expecting a parameter or declaration
> option routers 10.200.17.1;
>                            ^
> LDAP line 4: expecting a declaration
> }
>  ^
> LDAP: cannot parse dhcpService entry 'cn=phahn.dev,cn=dhcp,dc=phahn,dc=dev'
> Configuration file errors encountered -- exiting

 The fix adds a trailing white space to the comment, which is stripped by ldap_read_function() and leaves the new-line for skip_to_eol() to consume.

Package: isc-dhcp
Version: 4.2.2.dfsg.1-5+deb70u6.30.201507161139
Branch: ucs_4.0-0
Scope: errata4.0-2


r62151 | Bug #38584 DHCP: Depend on fixed isc-dhcp-server package
 Otherwise daemon refuses to start.

Package: univention-dhcp
Version: 9.0.0-4.522.201507161212
Branch: ucs_4.0-0
Scope: errata4.0-2


r62152 | Bug #38584 DHCP: Depend on fixed isc-dhcp-server package YAML
 2015-07-09-univention-dhcp.yaml
 2015-07-16-isc-dhcp.yaml


OK: univention-install -y univention-dhcp ; sleep 30 ; pgrep -l dhcpd
OK: dhcpd -d -f -t
Comment 4 Janek Walkenhorst univentionstaff 2015-08-04 20:54:53 CEST
Tests: OK
Advisory: OK
Code review: OK
Comment 6 Janek Walkenhorst univentionstaff 2015-08-06 17:53:15 CEST
<http://errata.univention.de/ucs/4.0/270.html>