Bug 43403 - The system diagnostic tool should only make a ssh check on a already joined server
The system diagnostic tool should only make a ssh check on a already joined s...
Product: UCS
Classification: Unclassified
Component: UMC - System diagnostic
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.3-0-errata
Assigned To: Jannik Ahlers
Arvid Requate
Depends on:
  Show dependency treegraph
Reported: 2017-01-24 09:30 CET by Christina Scheinig
Modified: 2018-05-16 17:03 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.154
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2017012321000081
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2017-01-24 09:30:39 CET
In a school environment the customer adds the school slaves in the umc and joins them later. The slave object now exists in LDAP and is checked by the system diagnostics modul. This shows obviously an error message for the ssh check, because the server is not reachable.

We could query the nagios support flag. I think this is set if the slave is joined?
Comment 1 Arvid Requate univentionstaff 2018-03-20 20:20:26 CET
We could simply select only servers with univentionService=*. The services only get added by the joinscripts AFAIK.
Comment 2 Michael Grandjean univentionstaff 2018-04-15 13:51:35 CEST
I'm raising the user pain after feedback from a customer. 

We do have more and more customers that use UCS@school without schoolservers at all (see http://docs.software-univention.de/ucsschool-szenarien-4.3-de.html#scenario-1). However, adding a new school requires to specify a school server (Bug #46724). And if you use "create_ou" on the commandline, it will create one for you, even if you don't specify one. This way we end up with a lot of dummy computer objects that will never be joined, but the system diagnostics' SSH check desperately tries to connect to.

I am currently using this ldapsearch filter to find those unjoined servers:
> '(&(univentionObjectType=computers/domaincontroller_slave)(!(krb5Key=*)))'
Comment 3 Jannik Ahlers univentionstaff 2018-04-19 13:14:39 CEST
Successful build
Package: univention-management-console-module-diagnostic
Version: 4.0.0-27A~
Branch: ucs_4.3-0
Scope: errata4.3-0

univention-management-console-module-diagnostic (4.0.0-27)
62159882cb39 | Bug #43403: disable ssh diagnostic for computer objects without ip

I simply disabled the test for all computer objects that don't have an ip address attached to them.
Comment 4 Arvid Requate univentionstaff 2018-04-26 19:19:51 CEST
ucslint says:

C: 42, 0: Wrong continued indentation (add 6 spaces).
    ^     | (bad-continuation)
C: 43, 0: Wrong continued indentation (add 6 spaces).
    ^     | (bad-continuation)
C: 44, 0: Wrong continued indentation (add 6 spaces).
    ^     | (bad-continuation)

And we need an advisory for the package in doc/errata/staging/
Comment 5 Arvid Requate univentionstaff 2018-04-26 19:20:09 CEST
sorry I mean pylint
Comment 6 Jannik Ahlers univentionstaff 2018-04-30 10:40:19 CEST
univention-management-console-module-diagnostic (4.0.0-28)
fb01ff11de11 | Bug #43403: adjust indentation
Comment 7 Quality Assurance univentionstaff 2018-05-04 16:43:21 CEST
--- mirror/ftp/4.3/unmaintained/component/4.3-0-errata/source/univention-management-console-module-diagnostic_4.0.0-26A~
+++ apt/ucs_4.3-0-errata4.3-0/source/univention-management-console-module-diagnostic_4.0.0-28A~
@@ -1,6 +1,14 @@
-4.0.0-26A~ [Fri, 23 Mar 2018 10:38:00 +0100] Univention builddaemon <buildd@univention.de>:
+4.0.0-28A~ [Mon, 30 Apr 2018 10:34:29 +0200] Univention builddaemon <buildd@univention.de>:
   * UCS auto build. No patches were applied to the original source package
+4.0.0-28 [Mon, 30 Apr 2018 10:27:42 +0200] Jannik Ahlers <ahlers@univention.de>:
+  * Bug #43403: adjust indentation
+4.0.0-27 [Thu, 19 Apr 2018 12:50:44 +0200] Jannik Ahlers <ahlers@univention.de>:
+  * Bug #43403: disable ssh test for computer objects without ip
 4.0.0-26 [Tue, 20 Mar 2018 11:30:58 +0100] Jannik Ahlers <ahlers@univention.de>:
Comment 8 Arvid Requate univentionstaff 2018-05-15 19:16:17 CEST
* Code review: Ok
* Functional test: Ok
* Advisory: Ok
Comment 9 Arvid Requate univentionstaff 2018-05-16 17:03:54 CEST