Univention Bugzilla – Bug 38754
Race condition in new school-dc setup
Last modified: 2015-11-11 14:22:22 CET
Ticket#2015052021000181 We had that twice now in the customer environment: * A new DC-Save is set up in the environment (without samba4) * The DC-Slave is joined * UCS@school App is installed * UCS@school installer is run ...installer hangs forever while trying to re-join the domain. What happens is that the listener gets restarted during the package installation and newly installed modules get loaded (ucsschool-user-logonscripts among others). After installation is completed the school-installer moves the DC-Slave to the OU and univention-join is started. univention-join than changes UCR ldap/hostdn to the new DN and tries to stop the listener. That fails because the listener is in initialization phase of the Module ucsschool-user-logonscripts (in the current case) that continuously tries a univention.uldap.getMachineConnection(ldap_master=False) with the new ldap/hostdn against the local (old) LDAP. -> deadlock
2015072021000276
(In reply to Janis Meybohm from comment #0) > We had that twice now in the customer environment: > > * A new DC-Save is set up in the environment (without samba4) > * The DC-Slave is joined > * UCS@school App is installed > * UCS@school installer is run > ...installer hangs forever while trying to re-join the domain. "forever" seems to be up to 5min per DN that has to be processed → a long time. > univention-join than changes UCR ldap/hostdn to the new DN and tries to stop > the listener. > That fails because the listener is in initialization phase of the Module > ucsschool-user-logonscripts (in the current case) that continuously tries a > univention.uldap.getMachineConnection(ldap_master=False) with the new > ldap/hostdn against the local (old) LDAP. The LDAP exception handling has been improved and the LDAP connection is dropped if an error occurs. Additionally the LDAP connection handling does not wait up to 5 mins on LDAP error "INVALID_CREDENTIALS" but fails fast. This should improve the situation a lot. ucs-school-netlogon-user-logonscripts (11.0.2-1): r64155 | Bug #38754: added changelog entry r64154 | Bug #38754: catch LDAP errors and invalidate LDAP connection / fail fast on error INVALID_CREDENTIALS r64153 | Bug #38754: do not overwrite variable "dn" r64152 | Bug #38754: increased log level r64151 | Bug #38754: connection should be never a boolean value / fixed indention r64150 | Bug #38754: removed useless imports / code
The package has been published to app repo ucsschool_devel.
OK, code looks good, tests OK i wasn't able to reproduce this, but all my test were OK
UCS@school 4.0 R2 v3 has been released. If this error occurs again, please use "Clone This Bug".