Bug 48519 - No role set for newly joined windows computer
No role set for newly joined windows computer
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Ucsschool-lib
UCS@school 4.4
Other Linux
: P5 normal (vote)
: UCS@school 4.4 v1
Assigned To: Daniel Tröder
Jürn Brodersen
:
Depends on:
Blocks: 48792
  Show dependency treegraph
 
Reported: 2019-01-23 11:24 CET by Jürn Brodersen
Modified: 2019-03-12 10:58 CET (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2019-01-23 11:24:04 CET
No role set for newly joined windows computer

If a windows computer joins without being manually added before, no role seems to be set.

I'm not sure if we can fix that through the lib. We might need a listener?

Roles for computers were introduced in bug 48226.
Comment 1 Daniel Tröder univentionstaff 2019-02-13 16:06:26 CET
I'm going with a UDM hook, because a listener module could (theoretically) introduce recursive LDAP updates.
Comment 2 Daniel Tröder univentionstaff 2019-02-19 17:58:50 CET
* The role property of central systems (master - both single and multi, backup and slave, not memberserver) are set in their respective join scripts.
* The role property of central and school clients (linux, macos, windows, ipmanagedclient and ubuntu) and central memberservers is set in a UDM hook.

The move operation is not supported, only adding roles.

[4.4] c5bc4020a Bug #48519: attach UDM hook to UDM computer objects
[4.4] d7676b27b Bug #48519: add role string constants for Linux and Ubuntu clients
[4.4] cda133cf4 Bug #48519: set ucsschoolRole property when joining
[4.4] fb9ccfd62 Bug #48519: UDM hook and OU-post-create hook to add ucsschoolRole property to computer clients, singlemaster and school slave objects

ucs-school-import (17.0.4-6)
ucs-school-lib (12.1.0-9)
ucs-school-metapackage (12.0.0-27)
Comment 3 Jürn Brodersen univentionstaff 2019-02-22 10:27:28 CET
RUNNING 62ucs-school-slave.inst
2019-02-21 01:24:59.021928643+01:00 (in joinscript_init)
Updating LDAP indices...

WARNING!
Check file permissions!

Multifile: /etc/ldap/slapd.conf
Finished updating LDAP indices.
Create connector/s4/mapping/user/ignorelist
Setting connector/s4/mapping/user/ignorelist
Object exists: cn=dhcp-dns-School2,cn=policies,ou=School2,dc=autotest208,dc=local
No modification: cn=dhcp-dns-School2,cn=policies,ou=School2,dc=autotest208,dc=local
LDAP Error: Type or value exists: modify/add: univentionPolicyReference: value #0 already exists
Object exists: cn=services,cn=univention,dc=autotest208,dc=local
Object exists: cn=UCS@school,cn=services,cn=univention,dc=autotest208,dc=local
WARNING: cannot append UCS@school to service, value exists
No modification: cn=slave2082,cn=dc,cn=server,cn=computers,ou=School2,dc=autotest208,dc=local
Object exists: cn=services,cn=univention,dc=autotest208,dc=local
Object exists: cn=UCS@school Education,cn=services,cn=univention,dc=autotest208,dc=local
WARNING: cannot append UCS@school Education to service, value exists
No modification: cn=slave2082,cn=dc,cn=server,cn=computers,ou=School2,dc=autotest208,dc=local
LDAP Error: Type or value exists: ucsschoolRole: value #0 provided more than once

EXITCODE=3
Comment 4 Jürn Brodersen univentionstaff 2019-02-25 22:55:08 CET
OK the problem in comment 3 doesn't seem to have happened again. I don't have an idea how to reproduce this.

I guess this bug can be marked as resolved again?
Comment 5 Jürn Brodersen univentionstaff 2019-02-25 23:09:44 CET
(In reply to Jürn Brodersen from comment #4)
> OK the problem in comment 3 doesn't seem to have happened again. I don't
> have an idea how to reproduce this.
> 
> I guess this bug can be marked as resolved again?

Sorry still a problem :(
http://jenkins.knut.univention.de:8080/job/UCSschool-4.4/job/Upgrade%20Multiserver/Config=s4,TestGroup=base1/lastCompletedBuild/testReport/00_checks/05_check_join_status/test/
Comment 6 Daniel Tröder univentionstaff 2019-02-26 14:38:15 CET
The problem seems to be isolated to an update situation in which the value for ucsschoolRole is already set.
It is not a problem of the UDM hook, as it ignores computers/domaincontroller_* objects.
As it happens only in the update situation and nothing is lost, as the value is already set, the only thing left to fix is the exit value, so the join script doesn't terminate.

[4.4] a43446604 Bug #48519: don't die in update situation

ucs-school-metapackage (12.0.0-41)
Comment 7 Daniel Tröder univentionstaff 2019-02-26 17:39:40 CET
Turns out the reason was, that a role had already been written to the object, but with a different case (the OU in lower case). The following commit fixes the migration script and also already migrated objects:

[4.4] a525679a3 Bug #48519: fix ucsschoolRole migration script regarding case of OUs

ucs-school-import (17.0.4-10)
Comment 8 Daniel Tröder univentionstaff 2019-02-26 17:42:46 CET
[4.4] 273b986da Revert "Bug #48519: don't die in update situation"

ucs-school-metapackage (12.0.0-44)
Comment 9 Daniel Tröder univentionstaff 2019-02-27 10:31:51 CET
[4.4 72e195dc5] Bug #48519: add missing include
Comment 10 Jürn Brodersen univentionstaff 2019-02-27 14:06:00 CET
Looks good :)

No more failing join scripts -> OK
Newly joined windows systems now have a role -> OK
Mac computer added through the umc has a role -> OK
New joined domain_controllers have a role -> OK

I'm going to wait for one jenkins run, because of commit 72e195dc5. But I don't expect any problems.
Comment 11 Jürn Brodersen univentionstaff 2019-02-28 10:04:44 CET
jenkins -> OK :)
Comment 12 Sönke Schwardt-Krummrich univentionstaff 2019-03-12 10:58:35 CET
UCS@school 4.4 v1 has been released.

https://docs.software-univention.de/release-notes-ucsschool-4.4v1-de.html

If this error occurs again, please clone this bug.