Univention Bugzilla – Bug 47645
UCRV values for proxy/pac/exclude/* are not written to proxy.pac
Last modified: 2018-11-16 11:48:21 CET
root@dcgym123-01:~# univention-app info UCS: 4.3-1 errata217 Installed: cups=2.2.1 dhcp-server=12.0 samba4=4.7 squid=3.5 ucsschool=4.3 v4 Upgradable: > ucr set proxy/pac/exclude/domains/dnsnames=".univention.de .software-univention.de" \ > proxy/pac/exclude/domains/enabled=yes cat /var/www/proxy.pac > function FindProxyForURL(url, host) { > // If the requested dns domain name matches, send "DIRECT" (no proxy is used) or use parent proxy: > if (dnsDomainIs(host, "")) { > return "DIRECT"; > } > > // DEFAULT RULE : All other traffic will use these settings (default proxy): > return "PROXY schule01ucs.schulen.example.org:3128"; > > } -> The value in "(dnsDomainIs(host, "")" should not be empty!
A typo in the template was fixed. [4.3 df8287a95] Bug #47645: fix typo [4.3 e48d400b4] Bug #47645: advisory ucs-school-webproxy (14.0.0-6)
(In reply to Daniel Tröder from comment #1) > A typo in the template was fixed. It's not that simple. I just rechecked with Michael: there are currently productive environments that are using the UCRV .../domainnames. The following commit would break these environments. > [4.3 df8287a95] Bug #47645: fix typo For compatibility reasons, I think we should support both UCRV: for dnsdomain in configRegistry.get('proxy/pac/exclude/domains/dnsnames', '').split() + configRegistry.get('proxy/pac/exclude/domains/domainnames', '').split(): a) use .split() instead of .split(" ") b) concatenate both UCRV queries → REOPEN
Where does proxy/pac/exclude/domains/domainnames come from? It's not in the UCRV description. Not in 4.2 either. (In reply to Sönke Schwardt-Krummrich from comment #2) > (In reply to Daniel Tröder from comment #1) > > A typo in the template was fixed. > > It's not that simple. I just rechecked with Michael: there are currently > productive environments that are using the UCRV .../domainnames. Those productive environments are broken. They are using a undocumented UCRV. We should fix them, and not support something broken. I suggest to migrate them: if empty(.../dnsnames) and non-empty(.../domainnames): ucr set proxy/pac/exclude/domains/dnsnames="$(ucr get proxy/pac/exclude/domains/domainnames)" ucr unset proxy/pac/exclude/domains/domainnames fi
(In reply to Daniel Tröder from comment #3) > Where does proxy/pac/exclude/domains/domainnames come from? It's not in the > UCRV description. Not in 4.2 either. > > (In reply to Sönke Schwardt-Krummrich from comment #2) > > (In reply to Daniel Tröder from comment #1) > > > A typo in the template was fixed. > > > > It's not that simple. I just rechecked with Michael: there are currently > > productive environments that are using the UCRV .../domainnames. > Those productive environments are broken. Currently: no. These are working environment. > They are using a undocumented UCRV. Yes. > We should fix them, and not support something broken. > > I suggest to migrate them: > > if empty(.../dnsnames) and non-empty(.../domainnames): > ucr set proxy/pac/exclude/domains/dnsnames="$(ucr get > proxy/pac/exclude/domains/domainnames)" > ucr unset proxy/pac/exclude/domains/domainnames > fi As discussed, I second your suggestion. But we have to do this v6 (unsuitable for v5-errata since a human interaction by the admin may be required).
An automatic migration will be tried. If both variables exist, the migration must be done manually. [4.3] f8bf26586 Bug #47645: migrate proxy/pac/exclude/domains/domainnames to ../dnsnames [4.3] 37da2a18c Bug #47645: migrate to systemd [4.3] 94fe50ab1 Bug #47645: advisory update ucs-school-webproxy (14.0.0-7)
OK: Advisory ??: manual test The following lines are not semantically identical: - /etc/init.d/univention-directory-listener crestart + deb-systemd-invoke restart univention-directory-listener "crestart" → restart only if UDL is running. Please use "deb-systemd-invoke try-restart univention-directory-listener" ("reload-or-try-restart" is also another possibility) Also: if [ -x /etc/init.d/winbind ]; then - /etc/init.d/winbind restart + deb-systemd-invoke restart winbind sleep 2 fi I would suggest something like this: if systemctl is-active winbind.service ; then deb-systemd-invoke try-restart winbind sleep 2 fi → REOPEN
deb-systemd-invoke usage was improved as suggested. Added informational output, as systemd is very quiet about its operations. [4.3] a7f77b17c Bug #47645: improve systemd usage [4.3] 556211c4d Bug #47645: update advisory ucs-school-webproxy 14.0.0-8
Changelog & Advisory: OK dnsnames set, domainnames unset -> OK dnsnames unset, domainnames set -> OK dnsnames set, domainnames set -> Warning printed, no automatic migration done OK Since I have no understanding of systemd and the likes, the changes from comment #6 should be review by someone else before Verifying.
Verified after discussion with Sönke
UCS@school 4.3 v6 has been released. https://docs.software-univention.de/changelog-ucsschool-4.3v6-de.html If this error occurs again, please clone this bug.