Univention Bugzilla – Bug 44601
join script 33univention-portal.inst hangs if "nc" is provided by "netcat-traditional"
Last modified: 2017-09-05 08:03:09 CEST
This is an upgrade from 4.1 to 4.2. On all our servers the "nc" binary is provided by the "netcat-traditional" package. The package "netcat-openbsd" is not installed. In such a setup the join script hangs in the following line: if ! nc -w 10 "$ldap_master" "${ldap_master_port:-7389}"; then The reason is that both netcat variants handle the "-w 10" parameter slightly differently. For netcat-openbsd, the timer starts to run as soon as the program starts. For netcat-traditional, however, the timer starts to run as soon as nc cannot read any input anymore. As input is read from STDIN, this hangs until the user presses Ctrl+D. Ten seconds later nc from netcat-traditional will exit, too. Meaning one can use "Ctrl+D" in order to continue a seemingly hanging execution of "33univention-portal.inst". One possible workaround is to redirect nc's STDIN from /dev/null. Unfortunately nc.traditional still hangs for 10 seconds, even with STDIN being redirected. Here are two tests with "STDIN < /dev/null", one for each nc variant, once with a reachable port (7389), once with an unreachable one (7388): ------------------------------------------------------------ [0 root@master ~] date ; nc.openbsd -w 10 master.mbu-test.intranet 7388 < /dev/null ; echo $? ; date Mo 15. Mai 15:46:39 CEST 2017 1 Mo 15. Mai 15:46:39 CEST 2017 [0 root@master ~] date ; nc.openbsd -w 10 master.mbu-test.intranet 7389 < /dev/null ; echo $? ; date Mo 15. Mai 15:46:43 CEST 2017 0 Mo 15. Mai 15:46:43 CEST 2017 [0 root@master ~] date ; nc.traditional -w 10 master.mbu-test.intranet 7388 < /dev/null ; echo $? ; date Mo 15. Mai 15:46:50 CEST 2017 master.mbu-test.intranet [10.191.1.1] 7388 (?) : Connection refused 1 Mo 15. Mai 15:46:50 CEST 2017 [0 root@master ~] date ; nc.traditional -w 10 master.mbu-test.intranet 7389 < /dev/null ; echo $? ; date Mo 15. Mai 15:46:57 CEST 2017 0 Mo 15. Mai 15:47:17 CEST 2017 ------------------------------------------------------------ The proper solution would be to make one of Univention's common packages (e.g. "univention-server-common") depend on netcat-openbsd, and to call "nc.openbsd" in the join script. Calling "nc" will still call "/etc/alternatives/nc" which a join script (or any other script) cannot rely on being anything in particular. Other scripts use "nc", too, and should be checked as well: ------------------------------------------------------------ [0 root@master ~] grep -Pr '\bnc\b' /usr/lib/univention-install /usr/lib/univention-install/33univention-portal.inst:if ! nc -w 10 "$ldap_master" "${ldap_master_port:-7389}"; then /usr/lib/univention-install/15univention-directory-notifier-post.inst: nc -z localhost 6669 && break [0 root@master ~] ------------------------------------------------------------
I have to add that having "netcat-traditional" installed instead of "netcat-openbsd" wasn't a conscious decision. It just turned out to be the case. The server were originally installed with 3.1 back in the day; they've been upgraded since.
More information. netcat-traditional is a dependency of netcat which is a dependency of several univention-* packages on UCS 4.1. Therefore it isn't possible to remove it. Installing netcat-openbsd in parallel to netcat-traditional is possible on UCS 4.1. Due to the timeout issues mentioned in my original post, I propose you implement the following: 1. change the UCS 4.2 upgrade script to install netcat-openbsd as early as possible 2. All packages whose join scripts use nc must depend on netcat-openbsd. 3. All join scripts should be changed from calling nc to call nc.openbsd instead.
I can confirm this issue in another customer environment. This issue blocks the update progress. Only by kill the nc process during the update and uncomment the specific lines in "33univention-portal.inst" fix the problem during the update. I will test on another system if the workaround with installed "netcat-openbsd" fix it for me.
This also occured during internal updates from UCS 4.1-4 to UCS 4.2 with i386 systems.
We should "fix" it in our 4.2-0 preup.sh script.
(In reply to Stefan Gohmann from comment #5) > We should "fix" it in our 4.2-0 preup.sh script. r81530 Bug #44601: require netcat-openbsd for the update to proceed
OK - test works, preup update on external server via Bug #44924
(In reply to Felix Botner from comment #7) > OK - test works, preup update on external server via Bug #44924 It can be closed because it has been released.