Bug 51210 – Update to UCS 4.4-0 fails with Samba/AD failed due to DLZ bind9 error

Bug 51210 - Update to UCS 4.4-0 fails with Samba/AD failed due to DLZ bind9 error


Summary:	Update to UCS 4.4-0 fails with Samba/AD failed due to DLZ bind9 error

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Samba
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:	51121
Blocks:
	Show dependency tree / graph

Reported:	2020-05-04 11:27 CEST by Arvid Requate
Modified:	2020-05-15 16:44 CEST (History)
CC List:	6 users (show)

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2020050421000488
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2020-05-04 11:27:07 CEST

Currently the update to UCS 4.4 seems to abort, looks like a regression by Bug #51121

https://jenkins.knut.univention.de:8181/job/UCS-4.4/job/UCS-4.4-4/job/AutotestUpgrade/51/

Quoting Felix:
> univention-upgrade --noninteractive --ignoreterm --ignoressh --updateto 4.4-0
> 00:24:35 The connection to the repository server failed: Configuration error: host is unresolvable. Please check the repository configuration and the network connection.
> 00:24:35 + rv=3 

syslog:
=============================================================
Mai 04 10:30:04 master071 named[19784]: samba_dlz: FAILED dlz_create call result=25 #refs=0
Mai 04 10:30:04 master071 named[19784]: dlz_dlopen of 'samba4.zone' failed
Mai 04 10:30:04 master071 named[19784]: SDLZ driver failed to load.
Mai 04 10:30:04 master071 named[19784]: DLZ driver failed to load.
Mai 04 10:30:04 master071 named[19784]: loading configuration: failure
Mai 04 10:30:04 master071 named[19784]: exiting (due to fatal error)
Mai 04 10:30:04 master071 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Mai 04 10:30:05 master071 samba4[19785]: rndc: connect failed: 127.0.0.1#953: connection refused
Mai 04 10:30:06 master071 samba4[19785]: rndc: connect failed: 127.0.0.1#953: connection refused
Mai 04 10:30:07 master071 samba4[19785]: rndc: connect failed: 127.0.0.1#953: connection refused 
=============================================================

Comment 1 Felix Botner

2020-05-04 11:33:59 CEST

seems that during the update to 4.4-0 errata samba-dsdb-modules got removed:

Starting univention-upgrade. Current UCS version is 4.4-0 errata0

Checking for local repository:                          none
Checking for package updates:                           found

updater.log
The following packages will be REMOVED:
 samba-dsdb-modules
The following packages will be installed:
 python-univention-namespace,python-setproctitle,linux-image-4.9.0-9-amd64,linux-image-4.9.0-9-amd64-signed
The following packages will be upgraded:

and so samba is unable to start 

log.samba
[2020/05/04 11:30:30.000633,  0, pid=29072] ../../source4/smbd/server.c:587(binary_smbd_main)
  samba version 4.10.1-Univention started.
  Copyright Andrew Tridgell and the Samba Team 1992-2019
ldb: WARNING: module version mismatch in ../modules/univention_ldb_log.c : ldb_version=1.5.7 module_version=1.5.4
ldb: WARNING: module version mismatch in ../modules/univention_samaccountname_ldap_check.c : ldb_version=1.5.7 module_version=1.5.4
[2020/05/04 11:30:30.158667,  0, pid=29073] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
  ldb: WARNING: Module [samba_dsdb] not found - do you need to set LDB_MODULES_PATH?
[2020/05/04 11:30:30.158693,  0, pid=29073] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
  ldb: Unable to load modules for /var/lib/samba/private/sam.ldb: (null)
[2020/05/04 11:30:30.158879,  0, pid=29073] ../../lib/util/become_daemon.c:122(exit_daemon)
  exit_daemon: daemon failed to start: Samba failed to prime database, error code 22

i guess "broken" named is just a consequence of this problem.

Comment 2 Felix Botner

2020-05-04 11:34:58 CEST

samba-dsdb-modules : Hängt ab von: libldb1 (< 2:1.5.5~) aber 2:1.5.7-1A~4.3.0.202004231326 soll installiert werden

Comment 3 Christina Scheinig

2020-05-04 13:48:31 CEST

My customer updated from 4.4-2 errata319
'Current UCS version is 4.4-2 errata319' and the package is already removed in this Version!

Comment 4 Felix Botner

2020-05-04 15:23:55 CEST

(In reply to Christina Scheinig from comment #3)
> My customer updated from 4.4-2 errata319
> 'Current UCS version is 4.4-2 errata319' and the package is already removed
> in this Version!

during update to 4.4-3

Starting 2 pkgProblemResolver with broken count: 1
Investigating (0) samba-dsdb-modules:amd64 < 2:4.10.1-1A~4.4.0.201908281834 @ii mK Ib >
Broken samba-dsdb-modules:amd64 Hängt ab von on samba-libs:amd64 < 2:4.10.1-1A~4.4.0.201908281834 -> 2:4.10.1-1A~4.4.0.201912031949 @ii umU > (= 2:4.10.1-1A~4.4.0.201908281834)
  Considering samba-libs:amd64 24 as a solution to samba-dsdb-modules:amd64 3
  Removing samba-dsdb-modules:amd64 rather than change samba-libs:amd64
Done

but i cant see a relation to this bug, somebody should check this (update from 4.4-2 to 4.4-3 with the 4.3-5-errata scope)

Comment 5 Felix Botner

2020-05-04 16:39:34 CEST

the ldb/samba update in 4.3-5 is also the reason for the "ticket" problem


libldb1:
  Installiert:           2:1.5.4-1A~4.4.0.201903211536
  Installationskandidat: 2:1.5.7-1A~4.3.0.202004231326
  Versionstabelle:
     2:1.5.7-1A~4.3.0.202004231326 500
        500 http://updates.knut.univention.de/4.3/maintained/component 4.3-5-errata/amd64/ Packages
 *** 2:1.5.4-1A~4.4.0.201903211536 500
        500 http://updates.knut.univention.de/4.4/maintained 4.4-1/amd64/ Packages
        100 /var/lib/dpkg/status
     2:1.5.4-1A~4.3.0.201905151329 500
        500 http://updates.knut.univention.de/4.3/maintained 4.3-5/amd64/ Packages



Test:

4.4-2 with 4.3-5-errata

-> apt-get -s dist-upgrade 
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
Paketaktualisierung (Upgrade) wird berechnet... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt:
  libgpgme11 python-backports.ssl-match-hostname python-cached-property python-docker python-dockerpty python-dockerpycreds python-docopt python-funcsigs python-functools32 python-jsonschema python-mock
  python-pbr python-texttable python-websocket
Verwenden Sie »apt autoremove«, um sie zu entfernen.
Die folgenden Pakete werden ENTFERNT:
  samba-dsdb-modules
(In reply to Felix Botner from comment #4)
> (In reply to Christina Scheinig from comment #3)
> > My customer updated from 4.4-2 errata319
> > 'Current UCS version is 4.4-2 errata319' and the package is already removed
> > in this Version!
> 
> during update to 4.4-3
> 
> Starting 2 pkgProblemResolver with broken count: 1
> Investigating (0) samba-dsdb-modules:amd64 < 2:4.10.1-1A~4.4.0.201908281834
> @ii mK Ib >
> Broken samba-dsdb-modules:amd64 Hängt ab von on samba-libs:amd64 <
> 2:4.10.1-1A~4.4.0.201908281834 -> 2:4.10.1-1A~4.4.0.201912031949 @ii umU >
> (= 2:4.10.1-1A~4.4.0.201908281834)
>   Considering samba-libs:amd64 24 as a solution to samba-dsdb-modules:amd64 3
>   Removing samba-dsdb-modules:amd64 rather than change samba-libs:amd64
> Done
> 
> but i cant see a relation to this bug, somebody should check this (update
> from 4.4-2 to 4.4-3 with the 4.3-5-errata scope)
the ldb/samba update in 4.3-5 is also the reason for the "ticket" problem


libldb1:
  Installiert:           2:1.5.4-1A~4.4.0.201903211536
  Installationskandidat: 2:1.5.7-1A~4.3.0.202004231326
  Versionstabelle:
     2:1.5.7-1A~4.3.0.202004231326 500
        500 http://updates.knut.univention.de/4.3/maintained/component 4.3-5-errata/amd64/ Packages
 *** 2:1.5.4-1A~4.4.0.201903211536 500
        500 http://updates.knut.univention.de/4.4/maintained 4.4-1/amd64/ Packages
        100 /var/lib/dpkg/status
     2:1.5.4-1A~4.3.0.201905151329 500
        500 http://updates.knut.univention.de/4.3/maintained 4.3-5/amd64/ Packages



Test:

4.4-2 with 4.3-5-errata

-> apt-get -s dist-upgrade 
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
Paketaktualisierung (Upgrade) wird berechnet... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt:
  libgpgme11 python-backports.ssl-match-hostname python-cached-property python-docker python-dockerpty python-dockerpycreds python-docopt python-funcsigs python-functools32 python-jsonschema python-mock
  python-pbr python-texttable python-websocket
Verwenden Sie »apt autoremove«, um sie zu entfernen.
Die folgenden Pakete werden ENTFERNT:
  samba-dsdb-modules

Comment 6 Arvid Requate

2020-05-04 19:50:29 CEST

The problem seems to be caused by the new libldb1 package version 1.5.7 in errata4.3-5, which is newer than the version shipped in UCS 4.4-0. The package samba-dsdb-modules in 4.4-0 has a versioned dependency on ldb version 1.5.4, so the conflict resolver of apt-get decides to uninstall samba-dsdb-modules.


* We have removed those binary packages from the repositories, which have been published via Bug 51122. This avoids update issues for customers that are on UCS 4.4-x but have the errata4.3-5 component still active in /etc/apt/sources.list.d/20_ucs-online-component.list

* We have adjusted the UCS 4.4-0 preup.sh script to check if the one of the problem causing binary package versions is installed (samba or libldb1). If that is the case, the update aborts and points to https://help.univention.com/t/14992 . We'll add a description for downgrading the critical packages to continue with a smooth update.

* We adjusted the errata pages (e.g. http://errata.software-univention.de/ucs/4.3/670.html ) to point out that the errata update has been reverted. We still need to decide how to proceede with those. We have the classic version number issue here, where errata4.3-5 has newer package versions than 4.4-0. Maybe we can adjust the package version numbers to stay below the threshold.

Comment 7 Felix Botner

2020-05-04 22:56:10 CEST

OK - 4.4-2 with 4.3-5-errata with
  libldb1 2:1.5.4-1A~4.4.0.20190321153
  samba 2:4.10.1-1A~4.4.0.2019102215 

  samba-dsdb-modules is not removed during the update
  the "1.5.7" version of the libldb1 package is removed


  -> apt-cache policy libldb1
  libldb1:
  Installiert:           2:1.5.4-1A~4.4.0.201903211536
  Installationskandidat: 2:1.5.4-1A~4.4.0.201903211536
  Versionstabelle:
   *** 2:1.5.4-1A~4.4.0.201903211536 500
        500 http://updates.knut.univention.de/4.4/maintained 4.4-1/amd64/Packages
        100 /var/lib/dpkg/status
     2:1.5.4-1A~4.3.0.201905151329 500
        500 http://updates.knut.univention.de/4.3/maintained 4.3-5/amd64/Packages

TODO - update from 4.3-5 (with 4.3-5-errata) to 4.4-0

Comment 8 Felix Botner

2020-05-04 23:19:30 CEST

Fail - http://errata.software-univention.de/ucs/4.3/670.html - 
        what has been changed here?

OK - https://help.univention.com/t/14992 
OK - update from 4.3.5 (with samba from 4.3-5 errata, 
      2:4.10.1-1A~4.3.0.202001141253) to 4.4-0
OK - samba/ldb packages have been removed/replaced in 4.3-5-errata
TODO - jenkins test tomorrow

Comment 9 Erik Damrose

2020-05-05 09:22:08 CEST

(In reply to Felix Botner from comment #8)
> Fail - http://errata.software-univention.de/ucs/4.3/670.html - 

There are two notes on the errata detail pages informing of the removal, linking to the help/sdb article.

"This errata update has been removed, for more information see this article."

Comment 10 Felix Botner

2020-05-05 10:05:41 CEST

(In reply to Erik Damrose from comment #9)
> (In reply to Felix Botner from comment #8)
> > Fail - http://errata.software-univention.de/ucs/4.3/670.html - 
> 
> There are two notes on the errata detail pages informing of the removal,
> linking to the help/sdb article.
> 
> "This errata update has been removed, for more information see this article."

;-) now i saw it too