First Last Prev Next    This bug is not in your last search results.
Bug 49840 - New installed school slave is not quite usable
New installed school slave is not quite usable
Status: RESOLVED WORKSFORME
Product: UCS@school
Classification: Unclassified
Component: General
UCS@school 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: Daniel Tröder
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-12 13:34 CEST by Christina Scheinig
Modified: 2021-02-23 11:40 CET (History)
9 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019060621000511, 2019071121000722, 2021021521000489
Bug group (optional):
Max CVSS v3 score:

Attachments
directory-listener-ctrl-status (249.03 KB, image/png)
2019-07-12 15:04 CEST, Christina Scheinig 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2019-07-12 13:34:03 CEST 
In two customer environments a new installed edu-slave, which was joined afterwards, was not fully usable.

The main issue is, that shares are not usable, because students and teachers get an access denied, trying to access the share, for example "Marktplatz"

Investigating the issue I found incorrectly set file permissions like

root@slave:~# ls -lah /home/
insgesamt 48K
drwxr-xr-x  9 root          root          4,0K Jun  6 11:33 .
drwxr-xr-x 22 root          root          4,0K Jun  6 12:29 ..
drwx--x--x  4 Administrator Domain Admins 4,0K Jun  5 09:35 Administrator
drwxr-xr-x  3 root          root          4,0K Jun  4 17:22 backup
drwx------ 10 root          nogroup       4,0K Jun  6 12:00 sun
drwxr-xr-x  2 root          root          4,0K Jun  4 17:25 groups
drwx------  2 root          root           16K Jun  4 12:20 lost+found

→ sun (OU) does not have the default permissions
---------------------------------------
root@slave:/usr/share/pyshared/univention/admin/hooks.d# ls -lah
insgesamt 24K
drwxr-xr-x 2 root root    4,0K Jun  4 15:08 .
drwxr-xr-x 5 root root    4,0K Jun  4 12:24 ..
-rwxr-xr-x 1 root root       0 Mär 17 21:31 __init__.py
-rw------- 1 root nogroup 1,6K Jun  4 17:41 schoolAdminGroup.py
-rw------- 1 root nogroup 3,0K Jun  4 17:41 schoolOU.py
-rw------- 1 root nogroup 3,2K Jun  4 17:41 ucsschool_purge_timestamp.py
-rw------- 1 root nogroup 2,7K Jun  4 17:41 ucsschool_user_options.py

The Listener shows these messages:

08.06.19 16:31:37.775  ADMIN       ( ERROR   ) : admin.syntax.import_hook_files: loading /usr/lib/pymodules/python2.7/univention/admin/hooks.d/ucsschool_user_options.py failed
08.06.19 16:31:37.775  ADMIN       ( ERROR   ) : admin.syntax.import_hook_files: TRACEBACK:
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/admin/hook.py", line 57, in import_hook_files
    with open(fn, 'r') as fd:
IOError: [Errno 13] Permission denied: '/usr/lib/pymodules/python2.7/univention/admin/hooks.d/ucsschool_user_options.py'

08.06.19 16:31:37.775  ADMIN       ( ERROR   ) : admin.syntax.import_hook_files: loading /usr/lib/pymodules/python2.7/univention/admin/hooks.d/schoolOU.py failed
08.06.19 16:31:37.775  ADMIN       ( ERROR   ) : admin.syntax.import_hook_files: TRACEBACK:
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/admin/hook.py", line 57, in import_hook_files
    with open(fn, 'r') as fd:
IOError: [Errno 13] Permission denied: '/usr/lib/pymodules/python2.7/univention/admin/hooks.d/schoolOU.py'

08.06.19 16:31:37.775  ADMIN       ( ERROR   ) : admin.syntax.import_hook_files: loading /usr/lib/pymodules/python2.7/univention/admin/hooks.d/ucsschool_purge_timestamp.py failed
08.06.19 16:31:37.775  ADMIN       ( ERROR   ) : admin.syntax.import_hook_files: TRACEBACK:
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/admin/hook.py", line 57, in import_hook_files
    with open(fn, 'r') as fd:
IOError: [Errno 13] Permission denied: '/usr/lib/pymodules/python2.7/univention/admin/hooks.d/ucsschool_purge_timestamp.py'

08.06.19 16:31:37.775  ADMIN       ( ERROR   ) : admin.syntax.import_hook_files: loading /usr/lib/pymodules/python2.7/univention/admin/hooks.d/schoolAdminGroup.py failed
08.06.19 16:31:37.775  ADMIN       ( ERROR   ) : admin.syntax.import_hook_files: TRACEBACK:
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/admin/hook.py", line 57, in import_hook_files
    with open(fn, 'r') as fd:
IOError: [Errno 13] Permission denied: '/usr/lib/pymodules/python2.7/univention/admin/hooks.d/schoolAdminGroup.py'

--------------------------------------------------------
Additionly 
root@slave:~# ls -lah /var
insgesamt 56K
drwxr-xr-x 14 root root  4,0K Jul 10 13:29 .
drwxr-xr-x 22 root root  4,0K Jul 12 10:00 ..
drwxr-xr-x  2 root root  4,0K Jul 12 06:25 backups
drwxr-xr-x 28 root root  4,0K Jul 10 13:48 cache
drwxr-xr-x 69 root root  4,0K Jul 12 09:59 lib
drwxrwsr-x  2 root staff 4,0K Mär  5 08:35 local
lrwxrwxrwx  1 root root     9 Jul 10 12:55 lock -> /run/lock
drwxr-xr-x 15 root root  4,0K Jul 12 10:00 log
drwxrwsr-x  2 root mail  4,0K Jul 10 12:55 mail
drwxr-xr-x  2 root root  4,0K Jul 10 12:55 opt
lrwxrwxrwx  1 root root     4 Jul 10 12:55 run -> /run
drwxr-xr-x 10 root root  4,0K Jul 10 13:31 spool
drwxrwxrwt  5 root root  4,0K Jul 12 10:04 tmp
drwxr-xr-x  4 root root  4,0K Jul 12 03:30 univention-backup

drwx------  2 root root  4,0K Jul 11 14:27 univention-join

drwxr-xr-x  4 root root  4,0K Jul 10 14:51 www


univention-join comes with wrong permissions too
----------------------------------------------------------
Comment 1 Christina Scheinig univentionstaff 2019-07-12 13:41:39 CEST 
Something more about the environment:

The first customer used an ucs 4.3-4 for installation and joined after the installation.
He reinstalled the slave on my advice an after that, the slave was fine.

The second customer used an ucs 4.4-0 for installation and joined after the installation. After having trouble with the shares, he reinstalled again and still have trouble and asked for help now. 

----------------------------------------------

Both customers uses virtualization. The first virtualized with Proxmox the second one uses VMWare.

The second one told me, that he installed with the same iso image and repartitioned the medium.

I don't know the procedure of the first one.
Comment 2 Christina Scheinig univentionstaff 2019-07-12 14:18:53 CEST 
The second customer (39471) now reported back, that another attempt to install the slave fails again.
They deleted all partitions and ran the setup again, and they get the same error, again.
Comment 3 Stefan Gohmann univentionstaff 2019-07-12 14:31:18 CEST 
(In reply to Christina Scheinig from comment #0)
> The Listener shows these messages:

Which listener modules are installed / used on the slave?

See Bug #49549#c1
Comment 4 Christina Scheinig univentionstaff 2019-07-12 15:04:19 CEST 
(In reply to Stefan Gohmann from comment #3)
> (In reply to Christina Scheinig from comment #0)
> > The Listener shows these messages:
> 
> Which listener modules are installed / used on the slave?
> 
> See Bug #49549#c1

I tried the command provided by Philipp:
grep Umask /proc/$(pgrep -f /usr/sbin/univention-directory-listener)/status

→ Umask: 0022

Attached the univention-directory-listener-ctrl status
Comment 5 Christina Scheinig univentionstaff 2019-07-12 15:04:54 CEST 
Created attachment 10118 [details]
directory-listener-ctrl-status
Comment 6 Florian Best univentionstaff 2019-07-12 15:13:48 CEST 
JFYI: I know that the listener samba-shares / nfs-shares sometimes change directory permissions of a share, if they are defined as a share in the LDAP. But I doubt that this is the problem.
Comment 7 Sönke Schwardt-Krummrich univentionstaff 2019-07-14 21:33:37 CEST 
Can we get the join.log and listener.log from the customer?
(these files should contain the output of the listener during join and the time after join).
Comment 8 Christina Scheinig univentionstaff 2019-07-15 09:59:46 CEST 
The logfiles are now attached to the ticket.
Comment 9 Christina Scheinig univentionstaff 2019-07-15 10:00:59 CEST 
(In reply to Christina Scheinig from comment #8)
> The logfiles are now attached to the ticket.

#2019071121000722
Comment 10 Christina Scheinig univentionstaff 2019-07-16 11:47:57 CEST 
The problem of the second customer is solved for now, too.

They have set everything to the beginning.
"
- Download the iso again
- The entire machine is deleted in the VM Ware.
- The school deleted from UCS 
"

Maybe there is a wording problem with "school deleted from UCS" and "server deleted from UCS" I questioned that in my ticket response.
Comment 11 Christina Scheinig univentionstaff 2019-07-26 12:29:14 CEST 
(In reply to Christina Scheinig from comment #10)
> The problem of the second customer is solved for now, too.
> 
> They have set everything to the beginning.
> "
> - Download the iso again
> - The entire machine is deleted in the VM Ware.
> - The school deleted from UCS 
> "
> 
> Maybe there is a wording problem with "school deleted from UCS" and "server
> deleted from UCS" I questioned that in my ticket response.

In more detail:
In the UMC you have deleted everything that was created for the new school (school and networks).
The data center has deleted the entire VM container again and provided a new one.
Then the ISO was loaded again and reinstalled. Then everything worked.
Comment 12 Erik Damrose univentionstaff 2019-07-29 13:02:41 CEST 
Both Tickets have been resolved successfully. Was the cause of the issue identified while fixing the problem in the customer environments? Can the issue be reproduced?
Comment 13 Christina Scheinig univentionstaff 2019-08-02 09:43:25 CEST 
(In reply to Erik Damrose from comment #12)
> Both Tickets have been resolved successfully. Was the cause of the issue
> identified while fixing the problem in the customer environments? Can the
> issue be reproduced?

I would guess, that there was an issue with the iso image. I have not tried to reproduce the issue here.
Comment 14 Daniel Tröder univentionstaff 2019-08-02 13:02:41 CEST 
Media problem.
Comment 15 Christina Scheinig univentionstaff 2021-02-23 11:28:00 CET 
Seems to have occurred again with a backup server, so I recommend a new installation.

I have checked the umask from Bug 49549, but it is okay:
:~/univention-support# grep Umask /proc/$(pgrep -f /usr/sbin/univention-directory-listener)/status
Umask:  0022

Installed Listener Modules:
Modules:
3       app_attributes  /usr/lib/univention-directory-listener/system/app_attributes.py
3       bind    /usr/lib/univention-directory-listener/system/bind.py
3       cups-pdf        /usr/lib/univention-directory-listener/system/cups-pdf.py
3       cups-printers   /usr/lib/univention-directory-listener/system/cups-printers.py
3       faillog /usr/lib/univention-directory-listener/system/faillog.py
3       gencertificate  /usr/lib/univention-directory-listener/system/gencertificate.py
3       hosteddomains   /usr/lib/univention-directory-listener/system/hosteddomains.py
3       keytab-member   /usr/lib/univention-directory-listener/system/keytab-member.py
3       keytab  /usr/lib/univention-directory-listener/system/keytab.py
3       ldap_extension  /usr/lib/univention-directory-listener/system/ldap_extension.py
3       ldap_server     /usr/lib/univention-directory-listener/system/ldap_server.py
3       license_uuid    /usr/lib/univention-directory-listener/system/license_uuid.py
3       nagios-client   /usr/lib/univention-directory-listener/system/nagios-client.py
3       nfs-homes       /usr/lib/univention-directory-listener/system/nfs-homes.py
3       nfs-shares      /usr/lib/univention-directory-listener/system/nfs-shares.py
3       nscd_update     /usr/lib/univention-directory-listener/system/nscd.py
3       nss     /usr/lib/univention-directory-listener/system/nss.py
3       office365-group /usr/lib/univention-directory-listener/system/office365-group.py
3       office365-user  /usr/lib/univention-directory-listener/system/office365-user.py
3       pkgdb-watch     /usr/lib/univention-directory-listener/system/pkgdb-watch.py
3       portal_groups   /usr/lib/univention-directory-listener/system/portal_groups.py
3       portal_server   /usr/lib/univention-directory-listener/system/portal_server.py
3       pupilgroups     /usr/lib/univention-directory-listener/system/pupilgroups.py
3       quota   /usr/lib/univention-directory-listener/system/quota.py
3       remove-old-homedirs     /usr/lib/univention-directory-listener/system/remove-old-homedirs.py
3       remove-old-sharedirs    /usr/lib/univention-directory-listener/system/remove-old-sharedirs.py
3       replication     /usr/lib/univention-directory-listener/system/replication.py
3       s4-connector    /usr/lib/univention-directory-listener/system/s4-connector.py
3       samba4-idmap    /usr/lib/univention-directory-listener/system/samba4-idmap.py
3       samba-shares    /usr/lib/univention-directory-listener/system/samba-shares.py
3       ucs-school-user-logonscript     /usr/lib/univention-directory-listener/system/ucs-school-user-logonscript.py
3       udm_extension   /usr/lib/univention-directory-listener/system/udm_extension.py
3       umc-service-providers   /usr/lib/univention-directory-listener/system/umc-service-providers.py
3       univention-admin-diary-backend  /usr/lib/univention-directory-listener/system/univention-admin-diary-backend.py
3       univention-saml-groups  /usr/lib/univention-directory-listener/system/univention-saml-groups.py
3       univention-saml-idp-config      /usr/lib/univention-directory-listener/system/univention-saml-idp-config.py
3       univention-saml-servers /usr/lib/univention-directory-listener/system/univention-saml-servers.py
3       univention-saml-simplesamlphp-configuration     /usr/lib/univention-directory-listener/system/univention-saml-simplesamlphp-configuration.py
3       well-known-sid-name-mapping     /usr/lib/univention-directory-listener/system/well-known-sid-name-mapping.py
Comment 16 Christina Scheinig univentionstaff 2021-02-23 11:40:34 CET 
I think this was a 4.4-6 errata750 installation. → The first entry in the updater.log
First Last Prev Next    This bug is not in your last search results.