Bug 51531 - Files registered by ucs_RegisterLDAPExtension --ucsversionstart are not re-evaluated after a UCS upgrade
Files registered by ucs_RegisterLDAPExtension --ucsversionstart are not re-ev...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0
Assigned To: Florian Best
Sönke Schwardt-Krummrich
:
: 51623 (view as bug list)
Depends on: 46465 51655
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-19 10:55 CEST by Dirk Wiesenthal
Modified: 2021-05-25 16:03 CEST (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 7: Crash: Bug causes crash or data loss
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.160
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2020-06-19 10:55:02 CEST
Many (all?) files that can be registered by ucs_RegisterLDAPExtension with the parameter --startucsversion and --stopucsversion.

If so, the initial listener handler does not write the file if the current UCS version is not in the range of "supported" versions. In fact, it deletes the file if it was present.

But it is not automatically "corrected" should the UCS version enter or leave that range. So if a UDM module was registered with --startucsversion 5.0-0 and a system was at 4.4-4 at that time, the module will not be present even after an upgrade to UCS 5.

The UCS version is stored here pretty reliably:

univention-ldapsearch -b "$(ucr get ldap/hostdn)" | grep univentionOperatingSystemVersion
Comment 1 Florian Best univentionstaff 2020-08-13 16:40:25 CEST
*** Bug 51623 has been marked as a duplicate of this bug. ***
Comment 2 Florian Best univentionstaff 2020-08-18 14:56:22 CEST
Fixed by making sure the objects are correctly removed when doing a listener resync.
The listener resync is now made in postup.sh.
Therefore the new UCS version must be set, this has been fixed in Bug #46465.

univention-lib (9.0.0-39)
39291abf57ca | Bug #51531: remove LDAP extensions when enducsversion is reached

univention-directory-manager-modules (15.0.2-13)
40deb8176e9e | Bug #51531: remove UDM extensions when enducsversion is reached

univention-updater (15.0.0-8)
87dda9a570e7 | Bug #51531: re-evaluate startucsversion and enducsversion in postup.sh

changelog-5.0-0.xml
a81a7e5f3c0d | Changelog Bug #51531
Comment 3 Jürn Brodersen univentionstaff 2020-08-25 09:48:08 CEST
What I tested:

Listener module resync re-evaluates startucsversion and stopucsversion -> OK
postup.sh calls resync -> OK

-> Verified
Comment 4 Erik Damrose univentionstaff 2021-02-23 18:45:28 CET
e02043a8 wait up to 300 seconds for listener module resync

The listener module resync in postup.sh takes a while to finish, but the
call to resync modules returns immediately. While the resync happens,
UDM may be unusable and further calls to udm may fail.
Wait up to 300 seconds for the module resync to finish.

univention-updater 15.0.3-15A~5.0.0.202102231839
Comment 5 Sönke Schwardt-Krummrich univentionstaff 2021-03-19 12:14:35 CET
On a UCS member server the package univention-ldap-server is not installed, therefore there is no listener module called "ldap_extension". In postup.sh a simultaneous resync of "ldap_extension" and "udm_extension" is tried, and univention-directory-listener-ctrl does no resync instead it prints all available modules:

[member076] 2021-03-19T01:13:53.772366	3	app_attributes	/usr/lib/univention-directory-listener/system/app_attributes.py
[member076] 2021-03-19T01:13:53.776317	3	faillog	/usr/lib/univention-directory-listener/system/faillog.py
[member076] 2021-03-19T01:13:53.780359	3	gencertificate	/usr/lib/univention-directory-listener/system/gencertificate.py
[member076] 2021-03-19T01:13:53.784670	3	hosteddomains	/usr/lib/univention-directory-listener/system/hosteddomains.py
[member076] 2021-03-19T01:13:53.788510	3	keytab	/usr/lib/univention-directory-listener/system/keytab.py
[member076] 2021-03-19T01:13:53.792211	3	ldap_server	/usr/lib/univention-directory-listener/system/ldap_server.py
[member076] 2021-03-19T01:13:53.796293	3	license_uuid	/usr/lib/univention-directory-listener/system/license_uuid.py
[member076] 2021-03-19T01:13:53.800180	3	nagios-client	/usr/lib/univention-directory-listener/system/nagios-client.py
[member076] 2021-03-19T01:13:53.803607	3	nfs-homes	/usr/lib/univention-directory-listener/system/nfs-homes.py
[member076] 2021-03-19T01:13:53.807259	3	nfs-shares	/usr/lib/univention-directory-listener/system/nfs-shares.py
[member076] 2021-03-19T01:13:53.810863	3	nscd_update	/usr/lib/univention-directory-listener/system/nscd.py
[member076] 2021-03-19T01:13:53.814625	3	nss	/usr/lib/univention-directory-listener/system/nss.py
[member076] 2021-03-19T01:13:53.819517	3	pkgdb-watch	/usr/lib/univention-directory-listener/system/pkgdb-watch.py
[member076] 2021-03-19T01:13:53.822839	3	portal_groups	/usr/lib/univention-directory-listener/system/portal_groups.py
[member076] 2021-03-19T01:13:53.826380	3	portal_server	/usr/lib/univention-directory-listener/system/portal_server.py
[member076] 2021-03-19T01:13:53.829962	3	quota	/usr/lib/univention-directory-listener/system/quota.py
[member076] 2021-03-19T01:13:53.833283	3	udm_extension	/usr/lib/univention-directory-listener/system/udm_extension.py
[member076] 2021-03-19T01:13:53.837373	3	umc-service-providers	/usr/lib/univention-directory-listener/system/umc-service-providers.py
[member076] 2021-03-19T01:13:53.841190	3	univention-admin-diary-backend	/usr/lib/univention-directory-listener/system/univention-admin-diary-backend.py
[member076] 2021-03-19T01:13:53.845194	3	univention-saml-servers	/usr/lib/univention-directory-listener/system/univention-saml-servers.py
[member076] 2021-03-19T01:13:53.849482	3	well-known-sid-name-mapping	/usr/lib/univention-directory-listener/system/well-known-sid-name-mapping.py

Due to this problem, UDM extensions are not available after the update and calling join scripts fails, because of missing py3 pendants of the UDM extensions.
Comment 6 Florian Best univentionstaff 2021-03-19 13:13:50 CET
Fixed the postup.sh in (accidentally committed with the wrong bug number):

univention-updater (15.0.3-29)
b58844130fda | Bug #51655: fix resyncing of ldap_extension, which is not available on memberserver
Comment 7 Sönke Schwardt-Krummrich univentionstaff 2021-03-25 18:11:45 CET
(In reply to Florian Best from comment #6)
> univention-updater (15.0.3-29)
> b58844130fda | Bug #51655: fix resyncing of ldap_extension, which is not
> available on memberserver

Diff looks good so far, currently not tested yet due to missing update tests.
Comment 8 Sönke Schwardt-Krummrich univentionstaff 2021-03-31 13:17:35 CEST
* Check update + resync of listener modules
** Update master: update OK, both modules resynced
** Update backup: update OK, both modules resynced
** Update slave: update OK, both modules resynced
** Update memberserver: update OK, udm_extensions module resynced
Comment 9 Florian Best univentionstaff 2021-05-25 16:03:16 CEST
UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".