Univention Bugzilla – Bug 40649
DHCP pools with dhcp/sharedsubnet as superordinate breaks UDM
Last modified: 2016-11-03 11:32:39 CET
It's possible to break UDM by creating dhcp/pool's at invalid positions. See also Bug #26131 comment 3. Die Ausführung des Kommandos udm/get navigation ist fehlgeschlagen: Traceback (most recent call last): File "%PY2.7%/notifier/threads.py", line 82, in _run tmp = self._function() File "%PY2.7%/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "%PY2.7%/univention/management/console/modules/udm/__init__.py", line 465, in _thread obj = module.get(ldap_dn) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 84, in _decorated return method(*args, **kwargs) File "%PY2.7%/univention/management/console/ldap.py", line 135, in _decorated result = func(*args, **kwargs) File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 516, in get UDM_Error(exc).reraise() File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 504, in get obj = self.module.object(None, ldap_connection, None, ldap_dn, superordinate, attributes=attributes) File "%PY2.7%/univention/admin/handlers/dhcp/pool.py", line 167, in __init__ raise univention.admin.uexceptions.insufficientInformation, 'superordinate object not present' UDM_Error: Die angegebenen Informationen reichen nicht aus. superordinate object not present Remark: DN: cn=phahn.dev,cn=dhcp,dc=phahn,dc=dev service: phahn.dev univentionPolicyReference: cn=default-settings,cn=routing,cn=dhcp,cn=policies,dc=phahn,dc=dev DN: cn=knut,cn=phahn.dev,cn=dhcp,dc=phahn,dc=dev name: knut DN: cn=10.200.17.0,cn=knut,cn=phahn.dev,cn=dhcp,dc=phahn,dc=dev subnet: 10.200.17.0 broadcastaddress: None subnetmask: 24 udm dhcp/pool create --superordinate cn=10.200.17.0,cn=knut,cn=phahn.dev,cn=dhcp,dc=phahn,dc=dev --set name=kvm --set range='10.200.17.200 10.200.17.219' Version: 4.1-0 errata75 (Vahr)
*** This bug has been marked as a duplicate of bug 31518 ***
*** Bug 31518 has been marked as a duplicate of this bug. ***
*** Bug 39144 has been marked as a duplicate of this bug. ***
The problem is that dhcp/pool defines superordinate='dhcp/subnet'. The LDAP-point of view is that dhcp/sharedsubnet is allowed to have dhcp/pool children. This is why the UMC UDM module cannot detect the superordinate and the traceback happens: umc/python/udm/udm_ldap.py 506 » » » » if superordinate is None: 507 » » » » » superordinate = udm_objects.get_superordinate(self.module, None, ldap_connection, ldap_dn) → The udm_objects.get_superordinate() returns "None" because the superordinate is not a dhcp/subnet but a dhcp/sharedsubnet. With a few adjustments in UDM the handlers now are capable of handling a list of superordinates instead of a single string. This is an necessary API-Change/API-Extension. Alternative ideas would be to introduce a new module-variable "superordinates" and evaluate this instead with a fallback to the old one. Or we could (mis-)use the superordinates module-variable "child_modules" but then we would need to touch a lot of handlers. Both alternatives required modifying more UDM and UMC-UDM code, so I guess my current solution is the best one. Implementation details: I grepped the whole UCC, UCS and UCS@school code: * Nobody uses univention.admin.superordinates so the renaming into univention.admin._superordinates is okay. The variable was implementation detail and should be internal. univention.admin.superordinates is now a function which deprecates univention.admin.superordinate. * The module-variable "superordinate" is only directly used in UDM-CLI and UMC-UDM. It's direct use has been replaced by the utility functions of univention.admin.modules. (AD/S4 connector use it correctly).
(In reply to Florian Best from comment #2) > *** Bug 31518 has been marked as a duplicate of this bug. *** If it's easy to implement I will also address the aspect that UDM allows to create objects with a(/underneath of) a wrong-type-superordinate. (In reply to Florian Best from comment #3) > *** Bug 39144 has been marked as a duplicate of this bug. *** The cause of Bug #39144 has two reasons. The first is the same as this bug. The second is a race condition due to asynchronity in the UMC javascript frontend code which is fixed as a side effect of Bug #42177. Bug #26131 comment #3 is also a duplicate of this bug.
The UDM-CLI change can be tested with the command: # /usr/sbin/udm-test dhcp/pool create --superordinate cn=10.20.25.0,cn=dhcp_service,dc=school,dc=local --ignore_exists --set 'range=10.20.25.16 10.20.25.20' --set name=dhcp_subnet_pool Previously it would have raised: Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 222, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 395, in doit out=_doit(arglist) File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 600, in _doit information=module_information(module) File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 230, in module_information information.update(module_information(superordinate, identifies_only=1)) File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 227, in module_information information={module:[{},{}]} TypeError: unhashable type: 'list'
(In reply to Florian Best from comment #5) > (In reply to Florian Best from comment #2) > > *** Bug 31518 has been marked as a duplicate of this bug. *** > If it's easy to implement I will also address the aspect that UDM allows to > create objects with a(/underneath of) a wrong-type-superordinate. Not done here. This is task of Bug #34764.
univention-management-console-module-udm (6.0.11-26): r73181 | YAML Bug #40649 Bug #42177 r73173 | Bug #40649: add support for multiple superordinate modules univention-management-console-module-udm.yaml: r73181 | YAML Bug #40649 Bug #42177 univention-directory-manager-modules (11.0.3-36): r73181 | YAML Bug #40649 Bug #42177 r73176 | Bug #40649: Bug #26131: Bug #42177: Allow DHCP pools underneath of dhcp/sharedsubnet's r73173 | Bug #40649: add support for multiple superordinate modules univention-directory-manager-modules.yaml: r73181 | YAML Bug #40649 Bug #42177 Merge to UCS 4.2: univention-management-console-module-udm (7.0.1-10): r73182 | Changelog Bug #40649 Bug #42177 r73161 | Bug #40649: add support for multiple superordinate modules univention-directory-manager-modules (12.0.4-2): r73182 | Changelog Bug #40649 Bug #42177 r73164 | Bug #40649: Bug #26131: Bug #42177: Allow DHCP pools underneath of dhcp/sharedsubnet's r73161 | Bug #40649: add support for multiple superordinate modules
OK: r73173 r73176 r73365 r73387 OK: r73161 r73164 r73366 r73388 OK: aptitude search --disable-columns -F '%p %V %v' '?or(?source-package(univention-management-console-module-udm),?source-package(univention-directory-manager-modules))~i' python-univention-directory-manager 11.0.3-42.1436.201610241611 11.0.3-42.1436.201610241611 python-univention-directory-manager-cli 11.0.3-42.1436.201610241611 11.0.3-42.1436.201610241611 univention-directory-manager-tools 11.0.3-42.1436.201610241611 11.0.3-42.1436.201610241611 univention-management-console-module-udm 6.0.11-27.664.201610181835 6.0.11-27.664.201610181835 OK: Jenkins FIXED: ucs-test → r73951 r73952 r73953 OK: DN1 () { sed -ne 's/^DN: //p;T;q'; } service=$(udm dhcp/service list|DN1) subnet=$(udm dhcp/subnet list --superordinate="$service"|DN1) ip=$(udm dhcp/subnet list --superordinate="$service"|sed -ne 's/^ subnet: //p;T;q') udm dhcp/pool create --superordinate "$subnet" --set name=p1 --set all_clients=deny --set range="${ip%.0}.1 ${ip%.0}.9" udm dhcp/shared create --set name=docker --superordinate $service udm dhcp/sharedsubnet create --set subnet=172.17.0.0 --set subnetmask=16 --superordinate cn=docker,$servide udm dhcp/pool create --set name=nobody --set range=172.17.1.0\ 172.17.1.255 --set all_clients=deny --superordinate cn=172.17.0.0,cn=docker,$service FYI: Bug #36648 udm dhcp/pool create --superordinate "$subnet" --set name=p1 --set all_clients=deny --set range="1.2.3.4 4.3.2.1" tail -n 1 /var/log/daemon.log # dhcpd: bad range, address 1.2.3.4 not in subnet 10.200.17.0 netmask 255.255.255.0 sv status univention-dhcp # finish: univention-dhcp: (pid 10620) 25s, normally down OK: univention-directory-manager-modules.yaml OK: univention-management-console-module-udm.yaml OK: errata-announce -V --only univention-directory-manager-modules.yaml FIXED: errata-announce -V --only univention-management-console-module-udm.yaml # r73950
<http://errata.software-univention.de/ucs/4.1/319.html> <http://errata.software-univention.de/ucs/4.1/321.html>