Bug 47576 - Duplicated gpt.ini file is not removed on the DC Slave
Duplicated gpt.ini file is not removed on the DC Slave
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-1-errata
Assigned To: Felix Botner
Arvid Requate
Depends on:
  Show dependency treegraph
Reported: 2018-08-11 20:29 CEST by Stefan Gohmann
Modified: 2018-08-24 09:47 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.086
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support: Yes
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018080821000514
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2018-08-11 20:29:44 CEST
In a school environment, the UCR variable samba4/sysvol/sync/from_downstream is set to false on the DC Master. Thus, the sysvol configuration is only done on the DC Master.

On DC Slave, a policy contained two gpt.ini files in one policy directory: 

The file GPT.INI exists on the DC Master, the file gpt.ini does not exist there.

In the local cache on the DC Slave the gpt.ini file does not exists. That is correct since the rsync call uses the --delete option.

But the synchronization on the DC Slave from the cache to the sysvol dir is done without the sysvol dir:
 rsync -auAX --dirs-update /var/cache/univention-samba4/sysvol-sync/.<MASTER>/ /var/lib/samba/sysvol

Maybe we can add a simple configuration for this case that the --delete option is used.
Comment 1 Arvid Requate univentionstaff 2018-08-13 13:51:28 CEST
There used to be a maintained "ignore-case.patch" in the upstream rsync source code which adds an option --ignore-case. That would be useful, I guess.
Comment 2 Felix Botner univentionstaff 2018-08-15 16:34:38 CEST
(In reply to Arvid Requate from comment #1)
> There used to be a maintained "ignore-case.patch" in the upstream rsync
> source code which adds an option --ignore-case. That would be useful, I
> guess.

I tried but it does not work, seems that the patch is only useful for case-ignoring filesystems.


Because you're not running it on a case-ignoring filesystem.  That patch is (sadly) only a partially effective set of changes that helps rsync to deal with a filesystem that doesn't differentiate upper-/lower-case when naming files.  Rsync's main algorithm of probing for files by name (via stat) didn't change, and thus it doesn't try to find an alternate name for the same file if the filesystem isn't conglomerating them together (and indeed, it totally fails to notice if the case on a filename has changed on the server compared to the file's name on the receiver).

For a means of fixing this, I'm imaging having the code that is used for --delete-during getting modified to notice changes in case and trying to fix them (even if rsync isn't doing a delete-during run).  If that were done, the patch would probably then be in good enough shape to finally be included in the main code.
Comment 3 Felix Botner univentionstaff 2018-08-15 17:02:47 CEST
so no ignore-case.patch

instead, two options

(a) use rsync --delete during sync to local sysvol in sync_from_upstream_DC

This deletes the superfluous gpt.ini on the downstream DC. But this can only be optional as we don't know the sysvol-sync configuration of the domain (depends on the samba4/sysvol/sync/from_downstream setting of the upstream DC and is only useful if this option is false). So one always has to set samba4/sysvol/sync/from_upstream/delete on the downstream DC for this.

(b) delete all but the newest gpt.ini after sync to sysvol

After the synchronization into the local sysvol dir we search for superfluous gpt.ini files and delete all but the newest. This also has to be activated at the moment (samba4/sysvol/sync/fix_gpt_ini) but could be the default behavior.

Add both options to univention-samba4 (sysvol-sync.sh).

What do you think?
Better ideas?
Comment 4 Arvid Requate univentionstaff 2018-08-20 19:55:45 CEST
Yes, that probably makes sense. I thought about checking the "version" in ht gpt.ini file but all the rsync replication is based on timestamps so that's probably fine.

So just the advisory is missing.
Comment 5 Felix Botner univentionstaff 2018-08-22 13:26:10 CEST
yaml d3ddcd66239f0a972c81e1d1a40b2bf65145fc1d
Comment 6 Arvid Requate univentionstaff 2018-08-22 13:38:05 CEST

a7f07cb7f4 | small wording fix
Comment 7 Arvid Requate univentionstaff 2018-08-23 18:12:20 CEST
Released collaterally with Bug 47638 Comment 6.
Comment 8 Philipp Hahn univentionstaff 2018-08-24 09:47:55 CEST
I manually fixed the YAML <git:1890b69516> and updated the generated HTML erratum to include these changes as well: <http://errata.software-univention.de/ucs/4.3/218.html>