Bug 42500 – 'univention-management-console-web-server' is not configured

Bug 42500 - 'univention-management-console-web-server' is not configured


Summary:	'univention-management-console-web-server' is not configured

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	System setup
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-4
Assigned To:	Erik Damrose
QA Contact:	Stefan Gohmann

URL:
Keywords:

Depends on:
Blocks:	42986
	Show dependency tree / graph

Reported:	2016-09-26 07:37 CEST by Stefan Gohmann
Modified:	2016-11-17 17:45 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	6: Setup Problem: Issue for the setup process
Who will be affected by this bug?:	4: Will affect most installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.274
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2016101421000271, 2016102521000599
Bug group (optional):	External feedback
Max CVSS v3 score:

Attachments
setup.log with certificate / saml joinscript issue (178.36 KB, text/x-log) 2016-10-14 14:46 CEST, Erik Damrose	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2016-09-26 07:37:52 CEST

The join script 92univention-management-console-web-server fails in several test installations. Here the setup.log from the master installation: 

---------------------------------------------------------------------------

__MSG__:Einrichten von 92univention-management-console-web-server
__STEP__:47
Configure /usr/lib/univention-install/92univention-management-console-web-server.inst
2016-09-26 07:10:06.004982452+02:00 (in joinscript_init)
Setting ucs/web/overview/entries/admin/umc/icon
Setting ucs/web/overview/entries/admin/umc/link
Create ucs/web/overview/entries/admin/umc/link/de
Setting ucs/web/overview/entries/admin/umc/priority
File: /var/www/ucs-overview/entries.json
Setting ucs/web/overview/entries/admin/umc/label
Setting ucs/web/overview/entries/admin/umc/label/de
Setting ucs/web/overview/entries/admin/umc/description
Setting ucs/web/overview/entries/admin/umc/description/de
File: /var/www/ucs-overview/entries.json
Object created: SAMLServiceProviderIdentifier=https://master491.deadlock49.intranet/univention-management-console/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=deadlock49,dc=intranet
Object modified: SAMLServiceProviderIdentifier=https://master491.deadlock49.intranet/univention-management-console/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=deadlock49,dc=intranet
Not updating ucs/server/sso/fqdn
Reloading web server config: apache2 failed!
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
^M  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) couldn't connect to host
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
^M  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) couldn't connect to host
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
^M  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) couldn't connect to host
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
^M  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) couldn't connect to host
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
^M  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) couldn't connect to host
[...]
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
^M  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) couldn't connect to host
Multifile: /etc/pam.d/univention-management-console
File: /etc/ldap/sasl2/slapd.conf
Could not download IDP metadata for https://ucs-sso.deadlock49.intranet/simplesamlphp/saml2/idp/metadata.php
Create umc/saml/idp-server
Module: setup_saml_sp
Try to download idp metadata (1/60)
Try to download idp metadata (2/60)
Try to download idp metadata (3/60)
[...]
Try to download idp metadata (59/60)
Try to download idp metadata (60/60)
Multifile: /etc/pam.d/univention-management-console
File: /etc/ldap/sasl2/slapd.conf
Unsetting umc/saml/idp-server
Module: setup_saml_sp
---------------------------------------------------------------------------

If I execute univention-run-join-scripts, the join script is configured.

Comment 1 Florian Best

2016-09-26 13:54:52 CEST

This happens *always* on the *DC Master* in a *EC2 environment*?

Comment 2 Stefan Gohmann

2016-09-27 07:37:49 CEST

(In reply to Florian Best from comment #1)
> This happens *always* on the *DC Master* in a *EC2 environment*?

It happens in several manual DC master test installations in KVM.

Comment 3 Erik Damrose

2016-10-14 14:46:50 CEST

Created attachment 8104 [details]
setup.log with certificate / saml joinscript issue

There is a mechanism that copies the server certificate to a temporary location during system setup, to ensure they will not change.

However, when installing from the DVD there are no certificates generated yet. setup-join.sh does not check this, and creates an invalid apache2 config by setting UCRv apache2/ssl/certificate and other variables. setup.log shows:
cp: Aufruf von stat für „/etc/univention/ssl/unassigned-hostname.unassigned-domain/cert.pem“ nicht möglich: Datei oder Verzeichnis nicht gef
unden
cp: Aufruf von stat für „/etc/univention/ssl/unassigned-hostname.unassigned-domain/private.key“ nicht möglich: Datei oder Verzeichnis nicht 
gefunden
Create apache2/ssl/certificate
Create apache2/ssl/key
Create apache2/ssl/ca

That leads to the saml virtualhost not beeing available during system setup, which causes the joinscript to fail.

We should check for UCR system/setup/boot/installer='true' in setup-join.sh

Comment 4 Florian Best

2016-10-25 17:23:34 CEST

Reported again, 4.1-3 errata278 (Vahr)
During initial system setup:

Domäneneinrichtung (Dies kann einige Zeit dauern): FAILED: 92univention-management-console-web-server.inst

Comment 5 Erik Damrose

2016-11-02 15:34:45 CET

r73980 Do not cache certificates when installing via debian installer, as none have been created yet
r74022 changelog

univention-system-setup 9.0.5-3.996.201611011750

Comment 6 Stefan Gohmann

2016-11-03 06:37:15 CET

Installation tests: OK, the join script is configured

Appliance test: Failed, I've created an appliance while quitting system setup via CTRL-Q. Afterwards, I don't have HTTPS for the Appliance setup, only HTTP. I guess that is not correct.

Changelog: OK

Code review: OK

4.2 merge: Failed

Comment 7 Erik Damrose

2016-11-03 12:08:20 CET

r74060 Merge to UCS 4.2

(In reply to Stefan Gohmann from comment #6)
> Appliance test: Failed, I've created an appliance while quitting system
> setup via CTRL-Q. Afterwards, I don't have HTTPS for the Appliance setup,
> only HTTP. I guess that is not correct.

The behavior is due to another bug: bug 42837

Comment 8 Stefan Gohmann

2016-11-03 12:10:47 CET

OK

Comment 9 Stefan Gohmann

2016-11-08 13:26:32 CET

UCS 4.1-4 has been released:
 https://docs.software-univention.de/release-notes-4.1-4-en.html
 https://docs.software-univention.de/release-notes-4.1-4-de.html

If this error occurs again, please use "Clone This Bug".