Univention Bugzilla – Bug 47643
Add test to check DRS replication works after server password change
Last modified: 2023-03-25 06:45:51 CET
We should add a test case for this: * server password change * check showrepl and DRS replication (when on a backup/slave) +++ This bug was initially created as a clone of Bug #47638 +++ samba-ad-dc restart during server password change breaks DRS replication. We need to do a /etc/init.d/samba restart instead. Seen also in production with UCS 4.3 (Samba 4.7.8), even though we were not able to reproduce it yet.
Successful build Package: ucs-test Version: 8.0.28-205A~4.3.0.201810171543 Branch: ucs_4.3-0 Scope: errata4.3-2 User: jbremer 2e3c9e9673 Bug #47643 Added test to check DRS replication works after server password change 2cf4b2e962 Bug #47643: Added test to check DRS replication works after server password change 2c0fda92cc Bug #47643: Added test to check DRS replication works after server password change. Updated version d45bf1bcb5 Bug #47643 Added test to check DRS replication works after server password change Added the test
Successful build Package: ucs-test Version: 8.0.28-207A~4.3.0.201810181043 Branch: ucs_4.3-0 Scope: errata4.3-2 c134471e4f Bug #47643: Advisory 3e12089644 Bug #47643: Version bump fb60aca6d7 Bug #47643: Fixed minor bug in new testcase Should work now
Created attachment 9738 [details] qa.diff A couple of suggestions attached, some of them we already discussed via gitlab. In the case of ucs-test the advisory is not required, please remove that.
Created attachment 9739 [details] qa.diff
Successful build Package: ucs-test Version: 8.0.28-227A~4.3.0.201811191021 Branch: ucs_4.3-0 Scope: errata4.3-2 I removed the unnecessary advisory file and changed the code to meet your suggestions.
skipped the test for now 01_base/02server_password_change already changes the server password, and we currently drs replication is broken if one server changes its password twice (without a samba restart on the remote server) so we need to check if the password has been already changed today and skip the test in 62server_password_change_drs_replication
8a221d8817 Bug #47643: changelog 9f6ec340fc Bug #47643: Check if server password change has already been executed Now, the server password change will only be executed, if the file machine.secret.old doesn't exist yet, to avoid executing it twice without a samba restart on the remote server.
Could you adjust the /etc/machine.secret.old check to actually do what the log message claims? » if os.path.isfile('/etc/machine.secret.old'): » » print ('A server password change has already been executed today\n') please check the date of the last timestamp in that file (format: date +%y%m%d%H%M%S) against the current date (date +%y%m%d). I would suggest aborting the password change if a change has happend today or today-1.
407104c04c Bug #47643: Check if password change has been made within two days Successful build Package: ucs-test Version: 9.0.2-25A~4.4.0.201903251755 Branch: ucs_4.4-0 Scope: errata4.4-0
https://hutten.knut.univention.de/mediawiki/index.php/Code-Richtlinien#Coding_Style No whitespace between fuction name an parenthesis. I've fixed this with commit e9d8787015.