First Last Prev Next    This bug is not in your last search results.
Bug 43565 - Self service web frontend does not function on DC slave anymore
Self service web frontend does not function on DC slave anymore
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Self Service
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2
Assigned To: Florian Best
Erik Damrose
: interim-2
Depends on: 42132 42267 43486 43811 44189
Blocks: 44221
  Show dependency treegraph
 
Reported: 2017-02-16 17:26 CET by Alexander Kläser
Modified: 2017-04-04 18:29 CEST (History)
5 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Kläser univentionstaff 2017-02-16 17:26:22 CET 
In 4.1-x it was possible to install univention-self-service on a DC slave from which the WSGI process would contact the UMC module on the DC master to reset a password.

The WSGI process has been replaced with an anonymous UMC module in 4.2. The logic for contacting the DC master from a DC slave has not been integrated at the moment.


+++ This bug was initially created as a clone of Bug #42267 +++

The self service will be integrated into the main menu of the UCS 4.2 portal and UMC. For this, we will also improve some usability aspects as suggested by Alex Kramer.

Screenshots can be found at:
https://mail.univention.de/appsuite/#!&app=io.ox/files&folder=1206&id=1206/1396
Comment 1 Florian Best univentionstaff 2017-02-22 13:07:16 CET 
univention-self-service (2.0.4-1):
r76969 | Bug #43565: proxy all requests to the UCR set self-service/backend-server

Interim-version, no changelog required.
Comment 2 Erik Damrose univentionstaff 2017-03-06 17:09:24 CET 
Please document all changes at the respective bugs.

You changed the behavior again in r77378 for slaves. But i think the change is not enough -> reopen

I think we discussed that the package univention-self-service-passwordreset-umc has to be installed on DC slaves for it to work. But if it is installed, 35univention-self-service-passwordreset-umc.inst will terminate early, and e.g. umc/self-service/passwordreset/enabled?yes and all other UCRVs are not set, which results in an error when trying to login.

I tried to fix it by removing the server role check and reexecution of the joinscript, but now when logging in i get a 503 for command/passwordreset/get_contact, and the following log entries:

==> /var/log/univention/management-console-module-passwordreset.log <==
06.03.17 17:03:32.853  DEBUG_INIT
06.03.17 17:03:33.575  MODULE      ( PROCESS ) : get_plugins(): Loaded sending plugin class 'SendEmail' for sending method 'email'.
06.03.17 17:03:33.580  MODULE      ( PROCESS ) : get_plugins(): Plugin class 'SendWithExternal' for sending method 'None' is disabled.
06.03.17 17:03:33.583  MODULE      ( PROCESS ) : get_plugins(): Plugin class 'SendSMS' for sending method 'mobile' is disabled.
06.03.17 17:03:33.583  MODULE      ( PROCESS ) : get_plugins(): plugin class 'SendEmail' for sending method 'email': udm_property: 'PasswordRecoveryEmail' token_length: '64'
06.03.17 17:03:33.595  MODULE      ( PROCESS ) : Die Verbindungen zum Server konnte nicht aufgebaut werden. Bitte versuchen Sie es später erneut. Fehlermeldung: ('Could not send request.', SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'))

==> /var/log/univention/management-console-web-server.log <==
06.03.17 17:03:33.596  MAIN        ( PROCESS ) : CPCommand (192.168.0.249:40442) response status code: 503
06.03.17 17:03:33.596  MAIN        ( PROCESS ) : CPCommand (192.168.0.249:40442) response message: Die Verbindungen zum Server konnte nicht aufgebaut werden. Bitte versuchen Sie es später erneut. Fehlermeldung: ('Could not send request.', SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'))
06.03.17 17:03:33.596  MAIN        ( PROCESS ) : CPCommand (192.168.0.249:40442) response result: None
Comment 3 Florian Best univentionstaff 2017-03-07 12:55:36 CET 
The restrictions in the joinscript have been reverted. I think this is okay. Everything which only needs to be done on the DC Master needs to be in a specific if-block in the joinscript but I think all current input in there is okay to run also on the DC Slave. Except the service registration?

univention-self-service (2.0.6-1):
r77416 | Bug #42132: revert joinscript restrictions
Comment 4 Erik Damrose univentionstaff 2017-03-09 11:06:15 CET 
There is a check in uss-passwordreset-umc that has to be adapted:

if ! [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" ]; then
        echo "ERROR: This package must be installed on a DC master or DC backup!"

The package registers a portal link to /univention-self-service, which does not work. Should it be removed, as the intention is that the self-service is to be used from the menu?

This error i noticed in comment2 still persists: After installing on a slave login to configure self-service produces an error: Die Verbindungen zum Server konnte nicht aufgebaut werden. Bitte versuchen Sie es später erneut. Fehlermeldung: ('Could not send request.', SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'))
Comment 5 Florian Best univentionstaff 2017-03-09 12:08:10 CET 
(In reply to Erik Damrose from comment #4)
> There is a check in uss-passwordreset-umc that has to be adapted:
> 
> if ! [ "$server_role" = "domaincontroller_master" -o "$server_role" =
> "domaincontroller_backup" ]; then
>         echo "ERROR: This package must be installed on a DC master or DC
> backup!"
OK: removed

> The package registers a portal link to /univention-self-service, which does
> not work. Should it be removed, as the intention is that the self-service is
> to be used from the menu?
They have been removed.

> This error i noticed in comment2 still persists: After installing on a slave
> login to configure self-service produces an error: Die Verbindungen zum
> Server konnte nicht aufgebaut werden. Bitte versuchen Sie es später erneut.
> Fehlermeldung: ('Could not send request.', SSLError(1, u'[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'))
Please fix your system certificates or open a generic bug.

Also some rest code from UCS 4.1 has been removed.
univention-self-service (2.0.9-1):
r77501 | Bug #43565: remove unused self-service things from UCS 4.1
r77500 | Bug #43565: remove unused self-service things from UCS 4.1
r77499 | Bug #43565: remove unused self-service things from UCS 4.1
Comment 6 Daniel Tröder univentionstaff 2017-03-09 12:18:14 CET 
(In reply to Florian Best from comment #5)
> Also some rest code from UCS 4.1 has been removed.
> univention-self-service (2.0.9-1):
> r77501 | Bug #43565: remove unused self-service things from UCS 4.1
> r77500 | Bug #43565: remove unused self-service things from UCS 4.1
> r77499 | Bug #43565: remove unused self-service things from UCS 4.1
I added a comment to the German blog entry that mentions the "univention-self-service-modules" script. (The English blog doesn't allow comments!?)

It will be here: https://www.univention.de/2015/11/self-services-fuer-passwort-reset-in-ucs-4-1/#comment-5612
It is currently awaiting moderation.
Comment 7 Erik Damrose univentionstaff 2017-03-15 13:24:30 CET 
reopen: I installed univention-self-service univention-self-service-passwordreset-umc (2.0.9-8A~4.2.0.201703151133) and ran all join scripts on a slave. When trying to login as user univention to setup a mail address, i get

Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 178, in _recv
    self.handle(msg)
  File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 178, in _recv
    self.handle(msg)
  File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 286, in handle
    self.__handler.init()
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 209, in init
    self.db = TokenDB(MODULE)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/tokendb.py", line 53, in __init__
    self.conn = self.open_db()
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/tokendb.py", line 113, in open_db
    with open(DB_SECRETS_FILE) as pw_file:
IOError: Die Initialisierung des Moduls ist fehlgeschlagen: Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 178, in _recv
    self.handle(msg)
  File "/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py", line 286, in handle
    self.__handler.init()
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 209, in init
    self.db = TokenDB(MODULE)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/tokendb.py", line 53, in __init__
    self.conn = self.open_db()
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/tokendb.py", line 113, in open_db
    with open(DB_SECRETS_FILE) as pw_file:
IOError: [Errno 2] Datei oder Verzeichnis nicht gefunden: '/etc/self-service-db.secret'

 Die Initialisierung des Moduls ist fehlgeschlagen:
Comment 8 Florian Best univentionstaff 2017-03-15 13:36:34 CET 
univention-self-service (2.0.10-1):
r77732 | Bug #43565: fix module initialization on DC Slave
Comment 9 Erik Damrose univentionstaff 2017-03-16 11:01:33 CET 
Verified: password reset works on slave
Comment 10 Stefan Gohmann univentionstaff 2017-04-04 18:29:59 CEST 
UCS 4.2 has been released:
 https://docs.software-univention.de/release-notes-4.2-0-en.html
 https://docs.software-univention.de/release-notes-4.2-0-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.