Univention Bugzilla – Bug 44154
Slave join fails: Can't contact LDAP server
Last modified: 2017-07-18 20:41:35 CEST
Created attachment 8693 [details] USI from master I tried to join a slave into a ucs 4.2 domain. The join failed because the masters' ldap server could not be reached. slave join.log during system-setup: Configure 31univention-nagios-libvirtd-kvm.inst Thu Mar 30 12:57:33 CEST 2017 2017-03-30 12:57:33.905654884+02:00 (in joinscript_init) Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 222, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 406, in doit out = _doit(arglist) File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 534, in _doit co = univention.admin.config.config(configRegistry['ldap/master']) File "/usr/lib/pymodules/python2.7/univention/admin/config.py", line 40, in __init__ base = univention.admin.uldap.getBaseDN(host) File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 136, in getBaseDN result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts']) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 559, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 865, in _apply_method_s self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 839, in reconnect raise e SERVER_DOWN: {'desc': "Can't contact LDAP server"} Thu Mar 30 12:58:46 CEST 2017: finish /usr/share/univention-join/univention-join The masters' ldap server was last restarted more than 10 minutes ago ( journalctl on master:) Mär 30 12:49:07 master slapd[4029]: Stopping ldap server(s): slapd ...done. Mär 30 12:49:07 master systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Acce Mär 30 12:49:08 master logger[4059]: /etc/init.d/slapd start (pid: 4044, ppid: 1 systemd) Mär 30 12:49:08 master slapd[4060]: @(#) $OpenLDAP: slapd (Mar 8 2017 17:32:20) $ pbuser@ladda:/var/build/temp/tmp.gwUsk6kDX6/pbuilder/openl Mär 30 12:49:08 master slapd[4060]: Loaded metadata from "/usr/share/univention-management-console/saml Mär 30 12:49:08 master slapd[4044]: Starting ldap server(s): slapd ...done. Mär 30 12:49:17 master slapd[4044]: Checking Schema ID: ...done. Mär 30 12:49:17 master systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Acces
Created attachment 8694 [details] USI from slave Added USI for both servers. Does not contain apt package list due to bug 43886
Happens again in Jenkins while joining a DC backup: Configure 34univention-management-console-server.inst Fri Mar 31 19:59:49 EDT 2017 2017-03-31 19:59:49.931267088-04:00 (in joinscript_init) Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 222, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 406, in doit out = _doit(arglist) File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 534, in _doit co = univention.admin.config.config(configRegistry['ldap/master']) File "/usr/lib/pymodules/python2.7/univention/admin/config.py", line 40, in __init__ base = univention.admin.uldap.getBaseDN(host) File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 136, in getBaseDN result = lo.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ['NamingContexts']) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 559, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 918, in search_ext_s return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 865, in _apply_method_s self.reconnect(self._uri,retry_max=self._retry_max,retry_delay=self._retry_delay) File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 839, in reconnect raise e SERVER_DOWN: {'desc': "Can't contact LDAP server"}
r78587: * Copy master listener logfile (Bug #44154)
@Erik, in your setup, the DC slave sets itself as nameserver during the setup. At least for a short time: 2017-03-30 12:16:14: set nameserver1=10.200.29.225 old:[Previously undefined] 2017-03-30 12:43:32: set nameserver1=10.200.29.228 old:10.200.29.225 2017-03-30 12:44:34: set nameserver1=10.200.29.225 old:10.200.29.228 10.200.29.225 is the master 10.200.29.228 is the slave Ups, from files/var_log_apt_term.log_1: ----------------------------------------------------------------------------- univention-bind (11.0.0-18A~4.2.0.201703151948) wird eingerichtet ... [...] Starting bind9 Domain Name Server (DNS): Unknown DNS backend failed! invoke-rc.d: initscript bind9, action "start" failed. 2017-03-30 12:43:31,974 INFO __main__.ucr/ns Found server 10.200.29.225 from UCRV nameserver1 2017-03-30 12:43:31,977 WARNING __main__.val UCS master SRV record is unknown at 10.200.29.225, converting into forwarder 2017-03-30 12:43:31,977 INFO __main__.xor Skip removing nameservers from forwarders 2017-03-30 12:43:31,978 INFO __main__.ucr/self Default IP address configured in UCR: 10.200.29.228 2017-03-30 12:43:31,979 WARNING __main__.ucr/self Failed to query local server 10.200.29.228 for unassigned-domain 2017-03-30 12:43:31,979 WARNING __main__.ucr/self Adding anyway as no other nameserer remains. 2017-03-30 12:43:31,979 INFO __main__.ns Skip adding NS 2017-03-30 12:43:31,980 INFO __main__.ldap Skip adding master 2017-03-30 12:43:31,980 INFO __main__.ucr Updating 'dns/forwarder1': None -> '10.200.29.225' 2017-03-30 12:43:31,980 INFO __main__.ucr Updating 'nameserver1': '10.200.29.225' -> '10.200.29.228' File: /etc/bind/named.conf.proxy File: /etc/bind/named.conf.samba4 File: /etc/resolv.conf -----------------------------------------------------------------------------
(In reply to Stefan Gohmann from comment #4) > @Erik, in your setup, the DC slave sets itself as nameserver during the > setup. At least for a short time: > > 2017-03-30 12:16:14: set nameserver1=10.200.29.225 old:[Previously undefined] > 2017-03-30 12:43:32: set nameserver1=10.200.29.228 old:10.200.29.225 > 2017-03-30 12:44:34: set nameserver1=10.200.29.225 old:10.200.29.228 > > 10.200.29.225 is the master > 10.200.29.228 is the slave > > Ups, from files/var_log_apt_term.log_1: > ----------------------------------------------------------------------------- > univention-bind (11.0.0-18A~4.2.0.201703151948) wird eingerichtet ... > [...] > Starting bind9 Domain Name Server (DNS): Unknown DNS backend failed! > invoke-rc.d: initscript bind9, action "start" failed. > 2017-03-30 12:43:31,974 INFO __main__.ucr/ns Found server 10.200.29.225 > from UCRV nameserver1 > 2017-03-30 12:43:31,977 WARNING __main__.val UCS master SRV record is > unknown at 10.200.29.225, converting into forwarder > 2017-03-30 12:43:31,977 INFO __main__.xor Skip removing nameservers > from forwarders > 2017-03-30 12:43:31,978 INFO __main__.ucr/self Default IP address > configured in UCR: 10.200.29.228 > 2017-03-30 12:43:31,979 WARNING __main__.ucr/self Failed to query local > server 10.200.29.228 for unassigned-domain > 2017-03-30 12:43:31,979 WARNING __main__.ucr/self Adding anyway as no other > nameserer remains. > 2017-03-30 12:43:31,979 INFO __main__.ns Skip adding NS > 2017-03-30 12:43:31,980 INFO __main__.ldap Skip adding master > 2017-03-30 12:43:31,980 INFO __main__.ucr Updating 'dns/forwarder1': > None -> '10.200.29.225' > 2017-03-30 12:43:31,980 INFO __main__.ucr Updating 'nameserver1': > '10.200.29.225' -> '10.200.29.228' > File: /etc/bind/named.conf.proxy > File: /etc/bind/named.conf.samba4 > File: /etc/resolv.conf > ----------------------------------------------------------------------------- Hit the return button too early. @Philipp, Arvid: I guess we should not re-configure the DNS settings during the installation, right? I'm not sure if it is responsible but it looks wrong.
r78591: * Execute univention-fix-ucr-dns in univention-bind postinst only if the system is joined. Otherwise the local unkonfigured DNS server is configures as nameserver (Bug #44154) This might fix this issue. Changelog not necessary.
OK: r78591 OK: called from services/univention-bind/90univention-bind-post.inst OK: ssh billy dpkg-query -W univention-bind
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".