Bug 42543 – Appbox based docker Apps can't be installed in an AD member mode domain

Bug 42543 - Appbox based docker Apps can't be installed in an AD member mode domain


Summary:	Appbox based docker Apps can't be installed in an AD member mode domain

Status:	CLOSED DUPLICATE of bug 40611

Product:	UCS
Classification:	Unclassified
Component:	Samba
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-4
Assigned To:	Arvid Requate
QA Contact:	Stefan Gohmann

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-09-30 12:59 CEST by Felix Botner
Modified:	2016-11-08 13:26 CET (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	4: A User would return the product
User Pain:	0.343
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2016093021000313
Bug group (optional):
Max CVSS v3 score:

Attachments
dont_configure_ad_member_mode_in_appbox_container.patch (768 bytes, patch) 2016-10-20 22:28 CEST, Arvid Requate	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2016-09-30 12:59:01 CEST

Currently, all UCS servers in an AD member mode domain are forced to install univention-samba during the join.

As the appbox docker containers are basically member server, this also happens during the installation/join of appbox based docker apps.


Problem is, the join of univention-samba in the container fails, which means the join fails, which means the app is removed.

No appbox apps in AD member mode!!

Comment 1 Stefan Gohmann

2016-10-04 08:25:06 CEST

Why does the join of univention-samba fail in the container?

I think we shouldn't install univention-samba in case it is the appbox image.

Comment 2 Nico Stöckigt

2016-10-04 14:12:06 CEST

(In reply to Stefan Gohmann from comment #1)
> Why does the join of univention-samba fail in the container?
> 

I guess the join fails due to the 'samba inside docker' can't reach the MS-AD.

Comment 3 Arvid Requate

2016-10-04 14:48:24 CEST

My initial guess would be that we don't set all UCR variables required to generate a valid smb.conf in the container. According to leading Appcenter developers we currently selectively copy this list of UCR variables from the host:
 
['nameserver.*', 'repository/online/server', 'repository/app_center/server', 'update/secure_apt', 'appcenter/index/verify', 'ldap/master.*', 'locale.*', 'domainname']

Comment 4 Arvid Requate

2016-10-04 14:52:48 CEST

OTOH (at least in the long term) it may also be required to instruct docker run to expose a couple of samba ports to the outside, something like
 -p 138:138/udp -p 139:139 -p 445:445 -p 445:445/udp

Comment 5 Felix Botner

2016-10-20 18:58:39 CEST


*** This bug has been marked as a duplicate of bug 40611 ***

Comment 6 Arvid Requate

2016-10-20 22:28:56 CEST

Created attachment 8145 [details]
dont_configure_ad_member_mode_in_appbox_container.patch

This would add some heuristic to univention-join to detect an appbox container.
We could also move this to base/univention-lib/shell/admember.sh instead.

Comment 7 Stefan Gohmann

2016-11-02 06:20:25 CET

OK, duplicate.

Comment 8 Stefan Gohmann

2016-11-08 13:26:39 CET

UCS 4.1-4 has been released:
 https://docs.software-univention.de/release-notes-4.1-4-en.html
 https://docs.software-univention.de/release-notes-4.1-4-de.html

If this error occurs again, please use "Clone This Bug".