Bug 51210 - Update to UCS 4.4-0 fails with Samba/AD failed due to DLZ bind9 error
Summary: Update to UCS 4.4-0 fails with Samba/AD failed due to DLZ bind9 error
Status: RESOLVED WONTFIX
Alias: None
Product: UCS
Classification: Unclassified
Component: Samba
Version: UCS 4.4
Hardware: Other Linux
: P5 normal
Target Milestone: ---
Assignee: Samba maintainers
QA Contact: Samba maintainers
URL:
Keywords:
Depends on: 51121
Blocks:
  Show dependency treegraph
 
Reported: 2020-05-04 11:27 CEST by Arvid Requate
Modified: 2025-02-05 09:28 CET (History)
6 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020050421000488
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2020-05-04 11:27:07 CEST 
Currently the update to UCS 4.4 seems to abort, looks like a regression by Bug #51121

https://jenkins.knut.univention.de:8181/job/UCS-4.4/job/UCS-4.4-4/job/AutotestUpgrade/51/

Quoting Felix:
> univention-upgrade --noninteractive --ignoreterm --ignoressh --updateto 4.4-0
> 00:24:35 The connection to the repository server failed: Configuration error: host is unresolvable. Please check the repository configuration and the network connection.
> 00:24:35 + rv=3 

syslog:
=============================================================
Mai 04 10:30:04 master071 named[19784]: samba_dlz: FAILED dlz_create call result=25 #refs=0
Mai 04 10:30:04 master071 named[19784]: dlz_dlopen of 'samba4.zone' failed
Mai 04 10:30:04 master071 named[19784]: SDLZ driver failed to load.
Mai 04 10:30:04 master071 named[19784]: DLZ driver failed to load.
Mai 04 10:30:04 master071 named[19784]: loading configuration: failure
Mai 04 10:30:04 master071 named[19784]: exiting (due to fatal error)
Mai 04 10:30:04 master071 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Mai 04 10:30:05 master071 samba4[19785]: rndc: connect failed: 127.0.0.1#953: connection refused
Mai 04 10:30:06 master071 samba4[19785]: rndc: connect failed: 127.0.0.1#953: connection refused
Mai 04 10:30:07 master071 samba4[19785]: rndc: connect failed: 127.0.0.1#953: connection refused 
=============================================================
Comment 1 Felix Botner univentionstaff 2020-05-04 11:33:59 CEST 
seems that during the update to 4.4-0 errata samba-dsdb-modules got removed:

Starting univention-upgrade. Current UCS version is 4.4-0 errata0

Checking for local repository:                          none
Checking for package updates:                           found

updater.log
The following packages will be REMOVED:
 samba-dsdb-modules
The following packages will be installed:
 python-univention-namespace,python-setproctitle,linux-image-4.9.0-9-amd64,linux-image-4.9.0-9-amd64-signed
The following packages will be upgraded:

and so samba is unable to start 

log.samba
[2020/05/04 11:30:30.000633,  0, pid=29072] ../../source4/smbd/server.c:587(binary_smbd_main)
  samba version 4.10.1-Univention started.
  Copyright Andrew Tridgell and the Samba Team 1992-2019
ldb: WARNING: module version mismatch in ../modules/univention_ldb_log.c : ldb_version=1.5.7 module_version=1.5.4
ldb: WARNING: module version mismatch in ../modules/univention_samaccountname_ldap_check.c : ldb_version=1.5.7 module_version=1.5.4
[2020/05/04 11:30:30.158667,  0, pid=29073] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
  ldb: WARNING: Module [samba_dsdb] not found - do you need to set LDB_MODULES_PATH?
[2020/05/04 11:30:30.158693,  0, pid=29073] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
  ldb: Unable to load modules for /var/lib/samba/private/sam.ldb: (null)
[2020/05/04 11:30:30.158879,  0, pid=29073] ../../lib/util/become_daemon.c:122(exit_daemon)
  exit_daemon: daemon failed to start: Samba failed to prime database, error code 22

i guess "broken" named is just a consequence of this problem.
Comment 2 Felix Botner univentionstaff 2020-05-04 11:34:58 CEST 
samba-dsdb-modules : Hängt ab von: libldb1 (< 2:1.5.5~) aber 2:1.5.7-1A~4.3.0.202004231326 soll installiert werden
Comment 3 Christina Scheinig univentionstaff 2020-05-04 13:48:31 CEST 
My customer updated from 4.4-2 errata319
'Current UCS version is 4.4-2 errata319' and the package is already removed in this Version!
Comment 4 Felix Botner univentionstaff 2020-05-04 15:23:55 CEST 
(In reply to Christina Scheinig from comment #3)
> My customer updated from 4.4-2 errata319
> 'Current UCS version is 4.4-2 errata319' and the package is already removed
> in this Version!

during update to 4.4-3

Starting 2 pkgProblemResolver with broken count: 1
Investigating (0) samba-dsdb-modules:amd64 < 2:4.10.1-1A~4.4.0.201908281834 @ii mK Ib >
Broken samba-dsdb-modules:amd64 Hängt ab von on samba-libs:amd64 < 2:4.10.1-1A~4.4.0.201908281834 -> 2:4.10.1-1A~4.4.0.201912031949 @ii umU > (= 2:4.10.1-1A~4.4.0.201908281834)
  Considering samba-libs:amd64 24 as a solution to samba-dsdb-modules:amd64 3
  Removing samba-dsdb-modules:amd64 rather than change samba-libs:amd64
Done

but i cant see a relation to this bug, somebody should check this (update from 4.4-2 to 4.4-3 with the 4.3-5-errata scope)
Comment 5 Felix Botner univentionstaff 2020-05-04 16:39:34 CEST 
the ldb/samba update in 4.3-5 is also the reason for the "ticket" problem


libldb1:
  Installiert:           2:1.5.4-1A~4.4.0.201903211536
  Installationskandidat: 2:1.5.7-1A~4.3.0.202004231326
  Versionstabelle:
     2:1.5.7-1A~4.3.0.202004231326 500
        500 http://updates.knut.univention.de/4.3/maintained/component 4.3-5-errata/amd64/ Packages
 *** 2:1.5.4-1A~4.4.0.201903211536 500
        500 http://updates.knut.univention.de/4.4/maintained 4.4-1/amd64/ Packages
        100 /var/lib/dpkg/status
     2:1.5.4-1A~4.3.0.201905151329 500
        500 http://updates.knut.univention.de/4.3/maintained 4.3-5/amd64/ Packages



Test:

4.4-2 with 4.3-5-errata

-> apt-get -s dist-upgrade 
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
Paketaktualisierung (Upgrade) wird berechnet... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt:
  libgpgme11 python-backports.ssl-match-hostname python-cached-property python-docker python-dockerpty python-dockerpycreds python-docopt python-funcsigs python-functools32 python-jsonschema python-mock
  python-pbr python-texttable python-websocket
Verwenden Sie »apt autoremove«, um sie zu entfernen.
Die folgenden Pakete werden ENTFERNT:
  samba-dsdb-modules
(In reply to Felix Botner from comment #4)
> (In reply to Christina Scheinig from comment #3)
> > My customer updated from 4.4-2 errata319
> > 'Current UCS version is 4.4-2 errata319' and the package is already removed
> > in this Version!
> 
> during update to 4.4-3
> 
> Starting 2 pkgProblemResolver with broken count: 1
> Investigating (0) samba-dsdb-modules:amd64 < 2:4.10.1-1A~4.4.0.201908281834
> @ii mK Ib >
> Broken samba-dsdb-modules:amd64 Hängt ab von on samba-libs:amd64 <
> 2:4.10.1-1A~4.4.0.201908281834 -> 2:4.10.1-1A~4.4.0.201912031949 @ii umU >
> (= 2:4.10.1-1A~4.4.0.201908281834)
>   Considering samba-libs:amd64 24 as a solution to samba-dsdb-modules:amd64 3
>   Removing samba-dsdb-modules:amd64 rather than change samba-libs:amd64
> Done
> 
> but i cant see a relation to this bug, somebody should check this (update
> from 4.4-2 to 4.4-3 with the 4.3-5-errata scope)
the ldb/samba update in 4.3-5 is also the reason for the "ticket" problem


libldb1:
  Installiert:           2:1.5.4-1A~4.4.0.201903211536
  Installationskandidat: 2:1.5.7-1A~4.3.0.202004231326
  Versionstabelle:
     2:1.5.7-1A~4.3.0.202004231326 500
        500 http://updates.knut.univention.de/4.3/maintained/component 4.3-5-errata/amd64/ Packages
 *** 2:1.5.4-1A~4.4.0.201903211536 500
        500 http://updates.knut.univention.de/4.4/maintained 4.4-1/amd64/ Packages
        100 /var/lib/dpkg/status
     2:1.5.4-1A~4.3.0.201905151329 500
        500 http://updates.knut.univention.de/4.3/maintained 4.3-5/amd64/ Packages



Test:

4.4-2 with 4.3-5-errata

-> apt-get -s dist-upgrade 
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.       
Statusinformationen werden eingelesen.... Fertig
Paketaktualisierung (Upgrade) wird berechnet... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt:
  libgpgme11 python-backports.ssl-match-hostname python-cached-property python-docker python-dockerpty python-dockerpycreds python-docopt python-funcsigs python-functools32 python-jsonschema python-mock
  python-pbr python-texttable python-websocket
Verwenden Sie »apt autoremove«, um sie zu entfernen.
Die folgenden Pakete werden ENTFERNT:
  samba-dsdb-modules
Comment 6 Arvid Requate univentionstaff 2020-05-04 19:50:29 CEST 
The problem seems to be caused by the new libldb1 package version 1.5.7 in errata4.3-5, which is newer than the version shipped in UCS 4.4-0. The package samba-dsdb-modules in 4.4-0 has a versioned dependency on ldb version 1.5.4, so the conflict resolver of apt-get decides to uninstall samba-dsdb-modules.


* We have removed those binary packages from the repositories, which have been published via Bug 51122. This avoids update issues for customers that are on UCS 4.4-x but have the errata4.3-5 component still active in /etc/apt/sources.list.d/20_ucs-online-component.list

* We have adjusted the UCS 4.4-0 preup.sh script to check if the one of the problem causing binary package versions is installed (samba or libldb1). If that is the case, the update aborts and points to https://help.univention.com/t/14992 . We'll add a description for downgrading the critical packages to continue with a smooth update.

* We adjusted the errata pages (e.g. http://errata.software-univention.de/ucs/4.3/670.html ) to point out that the errata update has been reverted. We still need to decide how to proceede with those. We have the classic version number issue here, where errata4.3-5 has newer package versions than 4.4-0. Maybe we can adjust the package version numbers to stay below the threshold.
Comment 7 Felix Botner univentionstaff 2020-05-04 22:56:10 CEST 
OK - 4.4-2 with 4.3-5-errata with
  libldb1 2:1.5.4-1A~4.4.0.20190321153
  samba 2:4.10.1-1A~4.4.0.2019102215 

  samba-dsdb-modules is not removed during the update
  the "1.5.7" version of the libldb1 package is removed


  -> apt-cache policy libldb1
  libldb1:
  Installiert:           2:1.5.4-1A~4.4.0.201903211536
  Installationskandidat: 2:1.5.4-1A~4.4.0.201903211536
  Versionstabelle:
   *** 2:1.5.4-1A~4.4.0.201903211536 500
        500 http://updates.knut.univention.de/4.4/maintained 4.4-1/amd64/Packages
        100 /var/lib/dpkg/status
     2:1.5.4-1A~4.3.0.201905151329 500
        500 http://updates.knut.univention.de/4.3/maintained 4.3-5/amd64/Packages

TODO - update from 4.3-5 (with 4.3-5-errata) to 4.4-0
Comment 8 Felix Botner univentionstaff 2020-05-04 23:19:30 CEST 
Fail - http://errata.software-univention.de/ucs/4.3/670.html - 
        what has been changed here?

OK - https://help.univention.com/t/14992 
OK - update from 4.3.5 (with samba from 4.3-5 errata, 
      2:4.10.1-1A~4.3.0.202001141253) to 4.4-0
OK - samba/ldb packages have been removed/replaced in 4.3-5-errata
TODO - jenkins test tomorrow
Comment 9 Erik Damrose univentionstaff 2020-05-05 09:22:08 CEST 
(In reply to Felix Botner from comment #8)
> Fail - http://errata.software-univention.de/ucs/4.3/670.html - 

There are two notes on the errata detail pages informing of the removal, linking to the help/sdb article.

"This errata update has been removed, for more information see this article."
Comment 10 Felix Botner univentionstaff 2020-05-05 10:05:41 CEST 
(In reply to Erik Damrose from comment #9)
> (In reply to Felix Botner from comment #8)
> > Fail - http://errata.software-univention.de/ucs/4.3/670.html - 
> 
> There are two notes on the errata detail pages informing of the removal,
> linking to the help/sdb article.
> 
> "This errata update has been removed, for more information see this article."

;-) now i saw it too
Comment 12 Jan-Luca Kiok univentionstaff 2025-02-05 09:28:46 CET 
This issue has been filed against UCS 4.4.

UCS 4.4 is out of maintenance and components may have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer versions, please use "Clone this bug" or reopen this issue. In this case please provide information on how this issue is affecting you.