Bug 39466 - Samba 4 registers docker IP in DNS
Samba 4 registers docker IP in DNS
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1
Assigned To: Arvid Requate
Stefan Gohmann
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-03 22:03 CEST by Stefan Gohmann
Modified: 2015-11-17 12:11 CET (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
96_dnsupdate_exclude_interfaces.patch (3.00 KB, patch)
2015-10-05 16:56 CEST, Arvid Requate
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2015-10-03 22:03:06 CEST
Currently, the S4 Backup, Slave and Member environments fail. The Administrator login via ssh isn't successful while joining the system.

In my test setup the master has the following interfaces:
root@master093:~# ifconfig 
docker0   Link encap:Ethernet  Hardware Adresse a6:e9:f3:4f:9c:d4  
          inet Adresse:172.17.42.1  Bcast:0.0.0.0  Maske:255.255.0.0
          inet6-Adresse: fe80::a4e9:f3ff:fe4f:9cd4/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:0 
          RX bytes:0 (0.0 B)  TX bytes:19012 (18.5 KiB)

eth0      Link encap:Ethernet  Hardware Adresse 02:cb:a0:40:ca:3d  
          inet Adresse:10.210.240.6  Bcast:10.210.255.255  Maske:255.255.0.0
          inet6-Adresse: fe80::cb:a0ff:fe40:ca3d/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:9001  Metrik:1
          RX packets:28271 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15641 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:1000 
          RX bytes:26354779 (25.1 MiB)  TX bytes:15023461 (14.3 MiB)

lo        Link encap:Lokale Schleife  
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
          UP LOOPBACK RUNNING  MTU:65536  Metrik:1
          RX packets:23512 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23512 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:0 
          RX bytes:2830621 (2.6 MiB)  TX bytes:2830621 (2.6 MiB)

root@master093:~#

And on the Backup:
root@backup093:~# ifconfig docker0; ifconfig eth0
docker0   Link encap:Ethernet  Hardware Adresse aa:c7:06:bd:ad:1f  
          inet Adresse:172.17.42.1  Bcast:0.0.0.0  Maske:255.255.0.0
          inet6-Adresse: fe80::a8c7:6ff:febd:ad1f/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:93 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:0 
          RX bytes:0 (0.0 B)  TX bytes:17764 (17.3 KiB)

eth0      Link encap:Ethernet  Hardware Adresse 02:1c:c5:df:a5:e9  
          inet Adresse:10.210.94.4  Bcast:10.210.255.255  Maske:255.255.0.0
          inet6-Adresse: fe80::1c:c5ff:fedf:a5e9/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:9001  Metrik:1
          RX packets:20528 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8149 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:1000 
          RX bytes:25680056 (24.4 MiB)  TX bytes:1538133 (1.4 MiB)

root@backup093:~#

And via DNS:
root@backup093:~# host master093.autotest093.local
master093.autotest093.local has address 172.17.42.1
master093.autotest093.local has address 10.210.240.6
root@backup093:~#

The docker0 interface must not be registered in DNS.
Comment 1 Stefan Gohmann univentionstaff 2015-10-03 23:02:25 CEST
I've added a first patch which makes it possible to define excluded interfaces from the registration via UCR: r15340.
Comment 2 Stefan Gohmann univentionstaff 2015-10-05 07:13:10 CEST
Changelog and UCR variable description have been added: r64201 + r64200.

A test case has been added as well: 51_samba4/60_dns_register_exclude_interfaces
Comment 3 Arvid Requate univentionstaff 2015-10-05 16:56:05 CEST
Created attachment 7201 [details]
96_dnsupdate_exclude_interfaces.patch

Ok for IPv4, but doesn't filter IPv6:

I would suggest using the "netifaces" python module, see attached proposal

I've adjusted the wording in UCR description and changelog to say "in DNS".

4.1 Changelog: Ok.
Comment 4 Stefan Gohmann univentionstaff 2015-10-05 16:57:19 CEST
OK, please commit. I've changed the roles.
Comment 5 Arvid Requate univentionstaff 2015-10-06 18:45:12 CEST
Ok, adjusted.
Comment 6 Stefan Gohmann univentionstaff 2015-10-13 21:48:16 CEST
(In reply to Arvid Requate from comment #5)
> Ok, adjusted.

It works as expected.
Comment 7 Stefan Gohmann univentionstaff 2015-11-17 12:11:57 CET
UCS 4.1 has been released:
 https://docs.software-univention.de/release-notes-4.1-0-en.html
 https://docs.software-univention.de/release-notes-4.1-0-de.html

If this error occurs again, please use "Clone This Bug".