Bug 44787 - Don't re-provision if univention-samba4 gets uninstalled and re-installed
Don't re-provision if univention-samba4 gets uninstalled and re-installed
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-1-errata
Assigned To: Arvid Requate
Felix Botner
Depends on:
Blocks: 45111
  Show dependency treegraph
Reported: 2017-06-14 18:56 CEST by Arvid Requate
Modified: 2017-08-01 14:14 CEST (History)
0 users

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 7: Crash: Bug causes crash or data loss
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.200
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2017061221000664, 2017052921000241
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+

dont_reprovision_if_samdb_is_ok.diff (1021 bytes, patch)
2017-06-14 18:57 CEST, Arvid Requate
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-06-14 18:56:43 CEST
Due to Bug #44778 we had cases where univention-samba4 got uninstalled on a DC Master. When the customer/partner re-installed univention-s4-connector the joinscript of univention-samba moved /var/lib/samba out of the way and re-provisioned it. That causes all SIDs to be re-assigned, which causes a time consuming support case to re-establish the old SIDs again.

We should avoid re-provisioning in 96univention-samba4.inst when the sam.db is perfectly ok. Also, if we re-provision, technically we would have to clean up the univention-s4-connector state too. But that's a different story.
Comment 1 Arvid Requate univentionstaff 2017-06-14 18:57:57 CEST
Created attachment 8926 [details]

A first sketch.
Comment 2 Arvid Requate univentionstaff 2017-07-04 20:48:41 CEST
I had to move the skip_provision check and the cleanup_var_lib_samba function down to the setup-s4.sh script. To make that work I've moved some helper functions out of the joinscript into lib/base.sh. I think it looks just a little bit cleaner now.

Advisory: univention-samba4.yaml
Comment 3 Felix Botner univentionstaff 2017-07-06 17:21:05 CEST
OK - uninstall/re-install univention-samba4 univention-s4-connector
     on master (backup) -> no re-provision

OK - uninstall/re-install univention-samba4 univention-s4-connector on slave
     backup (master is s4connector) -> join into domain

Comment 4 Janek Walkenhorst univentionstaff 2017-07-12 16:49:28 CEST