Univention Bugzilla – Bug 39405
Make check_join_status.sh output more understandable
Last modified: 2020-09-29 09:14:54 CEST
Created attachment 7184 [details] Patch to check server/role (In reply to Erik Damrose from Bug #30417 comment #16) > If i try univention-upgrade on a unjoined system, univention-upgrade prints > > [...] > Checking for release updates: none > Checking for package updates: none > Checking for app updates: skipped > Error: /etc/machine.secret not found This is a bug in "univention-check-joins-status" which is called by the updater: # mv machine.secret X # univention-check-join-status Error: /etc/machine.secret not found # dpkg -S univention-check-join-status univention-join: /usr/sbin/univention-check-join-status While fixing that, the test also needs to be skipped on "server/role=basesystem" +++ This bug was initially created as a clone of Bug #30417 command #16+++
Is it really a bug? univention-check-join-status checks if the system has been joined and that's the result.
(In reply to Philipp Hahn from comment #0) > This is a bug in "univention-check-joins-status" which is called by the > updater: As univention-check-joins-status is now called on every updater call (Bug #30417), we should improve its debug output significantly. Users will now directly see its output. Another confusing example: When joinscripts have to be executed, the script and thus the updater will print [...] Starting package upgrade done Checking for app updates: unavailable Checking for release updates: none Checking for package updates: none Checking for app updates: unavailable Warning: 'univention-management-console-web-server-init' is not configured. Error: Not all install files configured: 1 missing To me this looks like a debian package is not configured, but it really is a joinscript. The term 'install files', referring to the joinscript as well, is also confusing.
IMHO univention-check-join-status should print some more context information > Checking join status... > - Does file with plain-text password of machine account exist? ...NO > > Error: '/etc/machine.secret' not found > - Does LDAP search with password transmitted in clear-text over an unencrypted channel work? ...NO $ tcpdump 'tcpo port 7389' -s 1024 & $ univention-check-join-status 195 19.954340 10.200.17.28 10.200.17.26 LDAP 142 bindRequest(1) "cn=mem40,cn=memberserver,cn=computers,dc=phahn,dc=qa" simple > > Error: 'ldapsearch' -x failed > - Does LDAP search oven an encrypted channel work? ...YES > > Error: 'ldapsearch -x -ZZ' failed > - Does the local status file '/var/univention-join/joined' exist? ...YES > > Error: The system isn't joined yet > - Does the machine account exist in LDAP? ...YES > > Error: localhost ldapsearch failed PS: The message is wrong on member servers: They will search what-ever server in configures in '/etc/ldap/ldap.conf' or is found through DNS '_ldap._tcp.$(dnssomainname)'. > - Have all join scripts been executed? ...YES > > Error: Not all install files configured: $MISSING missing > Joined successfully
This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016. Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.