Created attachment 9964 [details] Appcenter Log See also Bug #49055 """Single container apps are started via the docker cli. The network that daemon uses is configured by UCRv docker/daemon/default/opts/bip, our default is 172.17.42.1/16. All singlecontainer apps connect to the default docker bridge, see # docker network ls Multicontainer apps are started via docker-compose, which does not take this network configuration into account. Starting such an app creates a new docker network with a completely different network.""" --- All multicontainer apps have a correctly bridged network connection on installation. The bridge will also work correctly for new Apps, if the UCRv docker/daemon/default/opts/bip is modified before installation. Unfortunately though, the bridge will break for existing multicontainer apps, if the mentioned UCRv is changed after their proper installation. The multicontainers will still be able to reach each other in their separate network and reach the localhost, but won't be able to reach anything outside. This is a problem, if an App is installed on a member server and the LDAP server needs to be reached for authentications. The following actions WON'T resolve the problem: System reboot Container restart through App-Settings (Stop -> Start) App reinstallation (Uninstall -> Reboot -> Install) --- Keypoints appcenter.log: Install rocketchat: L1771 (19-04-10 16:45:29) Uninstall rocketchat: L2705 (19-04-10 17:23:29) Reinstall rocketchat: L3376 (19-04-10 17:33:03)
How to reproduce: install guacamole on a member: → default works. Change ip: ucr set docker/daemon/default/opts/bip='172.22.43.1/16' reboot docker logs shows: 11:34:59.949 [http-nio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 11:34:59.952 [http-nio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-68944094,cn=memberserver,cn=computers,dc=schein,dc=ig" 11:34:59.953 [http-nio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed. change IP back ucr set docker/daemon/default/opts/bip='172.17.42.1/16' reboot App is still not working with the same error message: 11:42:30.030 [http-nio-8080-exec-10] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 11:42:30.034 [http-nio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 11:42:30.039 [http-nio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-68944094,cn=memberserver,cn=computers,dc=schein,dc=ig" 11:42:30.041 [http-nio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed. 11:42:30.041 [http-nio-8080-exec-10] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-68944094,cn=memberserver,cn=computers,dc=schein,dc=ig" 11:42:30.043 [http-nio-8080-exec-10] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed. remove app and install with a new IP. guacamlole does not work, with the same message 2-Apr-2019 12:23:20.561 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 11695 ms 12:25:21.946 [http-nio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 12:25:21.948 [http-nio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-05687084,cn=memberserver,cn=computers,dc=schein,dc=ig" 12:25:21.949 [http-nio-8080-exec-9] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed. 12:25:21.956 [http-nio-8080-exec-10] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error 12:25:21.960 [http-nio-8080-exec-10] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "cn=guaca-05687084,cn=memberserver,cn=computers,dc=schein,dc=ig" 12:25:21.961 [http-nio-8080-exec-10] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from [192.168.0.212, 172.18.0.1] for user "cscheini" failed.
This issue has been filed against UCS 4.4. UCS 4.4 is out of general maintenance and components may have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.