First Last Prev Next    This bug is not in your last search results.
Bug 43846 - Deinstallation of Docker app fails in AD Member mode
Deinstallation of Docker app fails in AD Member mode
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.2-1-errata
Assigned To: Felix Botner
Dirk Wiesenthal
:
Depends on:
Blocks: 44954
  Show dependency treegraph
 
Reported: 2017-03-14 14:59 CET by Frank Greif
Modified: 2017-07-26 15:08 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2017041321000684, 2017041821000737, 2017032321000425, 2017032121000063, 2017060121000756, 2017072521000567
Bug group (optional): Error handling, External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Frank Greif 2017-03-14 14:59:53 CET 
Trying to uninstall Docker App "Dudle" on a Domaincontroller-Master which is joined into AD.

Domaincontroller-Master was freshly installed from 4.1-4 ISO, immediately joined into AD domain.

Then installed Docker App "Dudle". The fake hostname 'dudle-<digits>' was synced into DNS of AD, even with the unreachable 172.17.x.x address.

Trying to uninstall the Docker App fails with message:

File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 294, in _unregister_host
    remove_object_if_exists('computers/%s' % app.docker_server_role, lo, pos, hostdn)

invalidOperation: Objects from Active Directory can not be removed.

Should there be an exception to the above rule, or is it wrong that the host entry was written into AD at all?
Comment 1 Florian Best univentionstaff 2017-04-18 12:04:39 CEST 
Reported again.

Version: 4.1-4 errata408 (Vahr)

Traceback(376d3c1108a952a927b2f0110e270eea):
Execution of command 'appcenter/docker/progress' has failed:

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 281, in execute
    function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/mixins.py", line 149, in progress
    ret = progress_obj.poll()
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 309, in _thread
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 462, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 284, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/appcenter/__init__.py", line 371, in invoke_docker
    result['success'] = action.call(app=app, username=self.username, password=self.password, **kwargs)
  File "%PY2.7%/univention/appcenter/actions/__init__.py", line 185, in call
    return obj.call_with_namespace(namespace)
  File "%PY2.7%/univention/appcenter/actions/__init__.py", line 191, in call_with_namespace
    result = self.main(namespace)
  File "%PY2.7%/univention/appcenter/actions/remove.py", line 49, in main
    return self.do_it(args)
  File "%PY2.7%/univention/appcenter/actions/install_base.py", line 109, in do_it
    self._do_it(app, args)
  File "%PY2.7%/univention/appcenter/actions/docker_remove.py", line 48, in _do_it
    self._unregister_host(app, args)
  File "%PY2.7%/univention/appcenter/actions/register.py", line 294, in _unregister_host
    remove_object_if_exists('computers/%s' % app.docker_server_role, lo, pos, hostdn)
  File "%PY2.7%/univention/appcenter/udm.py", line 87, in remove_object_if_exists
    obj.remove()
  File "%PY2.7%/univention/admin/handlers/__init__.py", line 475, in remove
    return self._remove(remove_childs)
  File "%PY2.7%/univention/admin/handlers/__init__.py", line 950, in _remove
    raise univention.admin.uexceptions.invalidOperation(_('Objects from Active Directory can not be removed.'))
invalidOperation: Objects from Active Directory can not be removed.
Comment 2 Florian Best univentionstaff 2017-04-21 15:01:53 CEST 
Version: 4.2-0 errata1 (Lesum)

Remark: i cant remove this app
Comment 3 Florian Best univentionstaff 2017-04-21 15:06:10 CEST 
Version: 4.1-4 errata404 (Vahr)

Remark: We cannot uninstall ownCloud 9 from Univention
Comment 4 Florian Best univentionstaff 2017-04-21 15:14:42 CEST 
Version: 4.1-4 errata407 (Vahr)
Comment 5 Florian Best univentionstaff 2017-06-02 08:10:50 CEST 
Reported again, 4.2-0 errata26 (Lesum)

Remark: Ich habe einen UCS4.2 neu installiert und zu einem bestehenden Active Directory eine Verbindung hergestellt.
Anschließend Horde 5.2.7-3 (Dockerimage) installiert. Leider konnte ich mich mit keinem Konto an Horde anmelden. Aktualisieren der APP klappte auch nicht, also wollte ich Horde
deinstallieren/neuinstallieren. Beim deinstallieren kommt diese Fehlermeldung...
Comment 6 Felix Botner univentionstaff 2017-07-06 19:30:54 CEST 
This only happens for appbox images.

If a domain is in ad member mode, univention-join automatically installs univention-samba and joins the computer as member to the ad domain. This also happens for the appbox container during installation/join of an app. As a result, the ad computer object is synced from ad to ucs and in this process, the connector adds synced to the object flags.

And UMD refuses to modify/remove objects with the synced object flag.

Whether or not a object is "synced" is checked in _is_synced_object() in modules/univention/admin/handlers/__init__.py. I added a exception for objects with docker a object flag (_is_synced_objec returns False in this case and the object can be removed).

univention-directory-manager-modules 12.0.17-67A~4.2.0.201707061920 r80940
Comment 7 Dirk Wiesenthal univentionstaff 2017-07-13 11:53:11 CEST 
Changelog: OK
YAML: OK

Please note that App related computers that joined into the AD environment are not deleted in AD itself, only in UCS.

This means that the uninstallation of dudle will keep a server 'dudle-<digits>' in AD. But at least it is possible now.
Comment 8 Erik Damrose univentionstaff 2017-07-26 14:39:30 CEST 
<http://errata.software-univention.de/ucs/4.2/115.html>
Comment 9 Florian Best univentionstaff 2017-07-26 15:08:29 CEST 
Reported again, 4.1-4 errata443 (Vahr)
First Last Prev Next    This bug is not in your last search results.