Univention Bugzilla – Bug 43863
Docker member server entry is removed during the installation
Last modified: 2017-04-04 18:28:15 CEST
The docker tests currently fail in UCS 4.2. The error message is something like this: ----------------------------------------------------------------------------- App.verify(True) ● docker-app-dq8nlvfz7y.service - LSB: Start the Container for dq8nlvfz7y Loaded: loaded (/etc/init.d/docker-app-dq8nlvfz7y) Active: active (exited) since Mi 2017-03-15 07:18:54 CET; 2min 4s ago Process: 4928 ExecStart=/etc/init.d/docker-app-dq8nlvfz7y start (code=exited, status=0/SUCCESS) Mär 15 07:18:50 master421 systemd[1]: Starting LSB: Start the Container for dq8nlvfz7y... Mär 15 07:18:54 master421 docker-app-dq8nlvfz7y[4928]: Starting dq8nlvfz7y Container 9b1e6798b1d1485439da21d465fd3f0a815b303bfad9c9776da8499b881eaa3f .... Mär 15 07:18:54 master421 systemd[1]: Started LSB: Start the Container for dq8nlvfz7y. Error: ldapsearch -x failed App.uninstall() Going to remove dq8nlvfz7y (0.5.2) ----------------------------------------------------------------------------- Afterwards, I've installed dudle and I see that the host entry is created and a little bit later removed, from the listener.log of the DC Master: ----------------------------------------------------------------------------- 14.03.17 21:16:32.129 LISTENER ( PROCESS ) : updating 'cn=dudle-25918800$,cn=uid,cn=temporary,cn=univention,dc=deadlock42,dc=intranet' command a 14.03.17 21:16:32.195 LISTENER ( PROCESS ) : updating 'cn=dudle-25918800,cn=memberserver,cn=computers,dc=deadlock42,dc=intranet' command a 14.03.17 21:16:32.238 LISTENER ( PROCESS ) : samba4-idmap: added entry for S-1-4-2084 14.03.17 21:16:32.238 LISTENER ( PROCESS ) : Generating krb5.keytab for dudle-25918800 Creating certificate: dudle-25918800.deadlock42.intranet no certificate for dudle-25918800.deadlock42.intranet registered Generating RSA private key, 2048 bit long modulus .............................................................+++ ......+++ unable to write 'random state' e is 65537 (0x10001) Using configuration from /etc/univention/ssl/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'DE' stateOrProvinceName :PRINTABLE:'DE' localityName :PRINTABLE:'DE' organizationName :PRINTABLE:'deadlock42' organizationalUnitName:PRINTABLE:'Univention Corporate Server' commonName :PRINTABLE:'dudle-25918800.deadlock42.intranet' emailAddress :IA5STRING:'ssl@deadlock42.intranet' Certificate is to be certified until Mar 13 20:16:34 2022 GMT (1825 days) Write out database with 1 new entries Data Base Updated unable to write 'random state' 14.03.17 21:16:35.070 LISTENER ( PROCESS ) : updating 'cn=dudle-25918800$,cn=uid,cn=temporary,cn=univention,dc=deadlock42,dc=intranet' command d 14.03.17 21:16:35.088 LISTENER ( PROCESS ) : updating 'cn=dudle-25918800,cn=memberserver,cn=computers,dc=deadlock42,dc=intranet' command m 14.03.17 21:16:35.090 LISTENER ( PROCESS ) : Purging krb5.keytab of dudle-25918800 14.03.17 21:16:35.090 LISTENER ( PROCESS ) : Generating krb5.keytab for dudle-25918800 14.03.17 21:16:35.144 LISTENER ( PROCESS ) : updating 'cn=dudle-25918800,cn=memberserver,cn=computers,dc=deadlock42,dc=intranet' command m 14.03.17 21:16:35.164 LISTENER ( PROCESS ) : updating 'cn=Computers,cn=groups,dc=deadlock42,dc=intranet' command m 14.03.17 21:16:40.085 LISTENER ( PROCESS ) : updating 'cn=S-1-5-21-2160655556-514580091-1068932707-1187,cn=sid,cn=temporary,cn=univention,dc=deadlock42,dc=intranet' command a 14.03.17 21:16:40.105 LISTENER ( PROCESS ) : updating 'cn=dudle-25918800,cn=memberserver,cn=computers,dc=deadlock42,dc=intranet' command m 14.03.17 21:16:40.113 LISTENER ( PROCESS ) : samba4-idmap: renaming entry for S-1-4-2084 to S-1-5-21-2160655556-514580091-1068932707-1187 14.03.17 21:16:40.133 LISTENER ( PROCESS ) : Purging krb5.keytab of dudle-25918800 14.03.17 21:16:40.133 LISTENER ( PROCESS ) : Generating krb5.keytab for dudle-25918800 14.03.17 21:17:23.699 LISTENER ( PROCESS ) : updating 'cn=dudle-25918800,cn=memberserver,cn=computers,dc=deadlock42,dc=intranet' command m 14.03.17 21:17:23.701 LISTENER ( PROCESS ) : Purging krb5.keytab of dudle-25918800 14.03.17 21:17:23.701 LISTENER ( PROCESS ) : Generating krb5.keytab for dudle-25918800 14.03.17 21:18:22.147 LISTENER ( PROCESS ) : updating 'cn=dudle-25918800,cn=memberserver,cn=computers,dc=deadlock42,dc=intranet' command m 14.03.17 21:18:22.148 LISTENER ( PROCESS ) : Purging krb5.keytab of dudle-25918800 14.03.17 21:18:22.148 LISTENER ( PROCESS ) : Generating krb5.keytab for dudle-25918800 14.03.17 21:18:28.683 LISTENER ( PROCESS ) : updating 'cn=dudle-25918800,cn=memberserver,cn=computers,dc=deadlock42,dc=intranet' command d 14.03.17 21:18:28.687 LISTENER ( PROCESS ) : samba4-idmap: removing entry for S-1-5-21-2160655556-514580091-1068932707-1187 Revoke certificate: dudle-25918800.deadlock42.intranet Using configuration from /etc/univention/ssl/openssl.cnf Revoking Certificate 08. Data Base Updated unable to write 'random state' Using configuration from /etc/univention/ssl/openssl.cnf unable to write 'random state' -----------------------------------------------------------------------------
I tag it to interim-3 because it is critical for the RC. I would rather reopen an existing bug, but I don't know yet which change is responsible for it.
Fixed in r77734 univention-appcenter (6.0.3-11) Docker Containers had access to appcenter/apps/$myapp/container and unregistered the App during join (App is not yet installed!). This caused the host to be removed. appcenter/apps/$myapp is not copied from the host into the container anymore.
Yes, it works again.
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".