Bug 49298 - duplicate MAC prevents successful join
duplicate MAC prevents successful join
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Join (univention-join)
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-0-errata
Assigned To: Jannik Ahlers
Philipp Hahn
:
Depends on: 48475
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-15 17:11 CEST by Nico Stöckigt
Modified: 2019-05-08 13:26 CEST (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019041521000944
Bug group (optional): Workaround is available
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Stöckigt univentionstaff 2019-04-15 17:11:31 CEST
+++ This bug was initially created as a clone of Bug #48475 +++

The join fails with Message "E: failed to create DC Slave (1) [E: Object exists: (mac)  aa:bb:cc:dd:ee:ff]" but there is no entry in OpenLDAP that is related to the Slave (Hostname nor MAC)

============================================================
Tue Jan 15 12:41:34 CET 2019: starting /usr/sbin/univention-join -dcname srv10.schule.stadt.intranet -dcaccount Administrator -dcpwd /tmp/tmp4bBISx
running version check
OK: UCS version on srv10.schule.stadt.intranet is higher or equal (4.33) to the local version (4.33).
Stopping slapd (via systemctl): slapd.service.
Starting slapd (via systemctl): slapd.service.
Tue Jan 15 12:41:46 CET 2019
univention-server-join: joins a server to an univention domain
copyright (c) 2001-2018 Univention GmbH, Germany

E: failed to create DC Slave (1) [E: Object exists: (mac)  ac:1f:6b:77:6d:f6]


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- failed to create DC Slave (1) [E: Object exists: (mac)  aa:bb:cc:dd:ee:ff]
**************************************************************************
Tue Jan 15 12:41:48 CET 2019: finish /usr/sbin/univention-join

============================================================
Comment 1 Nico Stöckigt univentionstaff 2019-04-15 17:12:32 CEST
This still happened in a customers environment with

> univention-join   11.0.1-15A~4.4.0.201903121842
Comment 2 Erik Damrose univentionstaff 2019-04-15 17:34:02 CEST
Please add the join log and the network interface configuration of the affected system here (e.g. ip a, brctl show)
Comment 3 Nico Stöckigt univentionstaff 2019-04-16 10:32:58 CEST
All I have so far is

======================================================================

root@slave01:~# univention-join
univention-join: joins a computer to an ucs domain
copyright (c) 2001-2019 Univention GmbH, Germany

Enter DC Master Account : Administrator
Enter DC Master Password:

Search DC Master:                                          done
Check DC Master:                                           done
Stop LDAP Server:                                          done
Search ldap/base                                           done
Start LDAP Server:                                         done
Search LDAP binddn                                         done
Sync time:                                                 done
cat: /sys/class/net/bonding_masters/address: Ist kein Verzeichnis
Running pre-join hook(s):                                  done
Join Computer Account:

**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems
during the join and how to fix them -- failed to modify DC Slave
cn=slave01,cn=dc,cn=computers,dc=schule,dc=domain,dc=tld [LDAP Error: Type or
value exists: macAddress: value #0 provided more than once]
**************************************************************************
Comment 4 Jürn Brodersen univentionstaff 2019-04-16 10:59:21 CEST
Depending on the mode of operation, bond interfaces use the same physical mac.

-> This "mac_addr="$(find /sys/class/net/* -not -lname ../../devices/virtual/\* -exec cat {}/address \;)"" in univention-join needs to remove duplicate mac addresses.

We also should check this error message: "cat: /sys/class/net/bonding_masters/address: Ist kein Verzeichnis".

https://wiki.linuxfoundation.org/networking/bonding
Comment 5 Valentin Mayer 2019-04-16 11:08:34 CEST
The mode used here is 802.3ad. From /etc/network/interfaces:

auto trk1
iface trk1 inet manual
        bond-miimon 100
        bond-mode 4
        bond-slaves eno1 eno2
Comment 7 Erik Damrose univentionstaff 2019-04-17 11:34:55 CEST
Workaround: Create computer object manually, and join the computer with 'univention-join -skipIpMac'
Comment 8 Jannik Ahlers univentionstaff 2019-04-23 10:53:57 CEST
In the script management/join/univention-join, we have this line:
> mac_addr="$(find /sys/class/net/* -not -lname ../../devices/virtual/\* -exec cat {}/address \;)"
, which gets a list of all mac addresses of physical network devices. It seems to be incompatible with bonding.
Comment 9 Jannik Ahlers univentionstaff 2019-04-29 17:52:12 CEST
Successful build
Package: univention-join
Version: 11.0.1-16A~4.4.0.201904291745
Branch: ucs_4.4-0
Scope: errata4.4-0

bacad59 Bug #49298: yaml
d60a129 Bug #49298: Repair join when using bonding

(In reply to Jannik Ahlers from comment #8)
> In the script management/join/univention-join, we have this line:
> > mac_addr="$(find /sys/class/net/* -not -lname ../../devices/virtual/\* -exec cat {}/address \;)"
> , which gets a list of all mac addresses of physical network devices. It
> seems to be incompatible with bonding.

I fixed two things in that line:
- the cat error that occurs when the find command finds a file instead of a folder (or a symlink to a folder)
- duplicate mac addresses get removed
Comment 10 Philipp Hahn univentionstaff 2019-05-02 14:11:37 CEST
OK: apt install univention-join=11.0.1-17A~4.4.0.201905021401
OK: tail -f /home/Administrator/.univention-server-join.log
OK: ip --color link show
OK: univention-join

OK: errata-announce  -V --only univention-join.yaml
FIXED: univention-join.yaml -> git:85a9f5c9f7
OK: git log --grep='Bug #49298'
Comment 11 Arvid Requate univentionstaff 2019-05-08 13:26:21 CEST
<http://errata.software-univention.de/ucs/4.4/83.html>