Univention Bugzilla – Bug 51621
preup.sh blocks the update to UCS 5 if python code in LDAP is not prepared
Last modified: 2021-05-25 16:02:04 CEST
The preup.sh for UCS 5.0 must refuse the update on the Primary Directory Node/Domain Controller Master if a) have not yet updated all UCS systems in the domain to UCS 4.4-6 b) not all Python LDAP registered LDAP objects have been prepared for UCS5. Objects that do not fulfill the following conditions block the update: - ucsversionstart > 5.0 → no check of ucsversionend - ucsversionend=4.99 → no check of ucsversionstart - ucsversionstart < 5.0 and ucsversionend != ""
Fixed a) and b) in the preup.sh, which blocks the update to UCS 5.0 if there are any computer objects - except docker apps - with UCS < 4.4-6 or any UDM/LDAP extension not explicitly marking start and endversion. As current workaround to upgrade you need to `ucr set version/patchlevel=6`. univention-updater (15.0.0-8) | Bug #51621: block upgrade for systems which do not meet requirements changelog-5.0-0.xml | Changelog Bug #51621
As discussed in https://forge.univention.org/bugzilla/show_bug.cgi?id=51625#c4 on the DC Master/primary directory node, the update to UCS 5.0 must be blocked by the preup.sh script if there is a system that is not yet using UCS 4.4-6. This now includes appbox images in addition to native UCS systems. This means that a domain can only be upgraded to UCS 5 if all appbox images are based on at least UCS 4.4-6. ( JFYI: If a 4.3 appbox image is installed after updating the master to UCS 5.0, the listener module on the master will immediately delete the invalid LDAP object (due to invalid specification of ucsversionstart/ucsversionend) and the join script of the 4.3 appbox image will fail. Result: It is not possible to install outdated appbox images in a UCS5 domain. Furthermore, the domain can only be updated to UCS5 after the outdated appbox images have been removed/updated. )
OK: the "(!(univentionObjectFlag=docker))" filter addition has been removed, to block also the upgrade if docker images with < UCS 4.4-6 exists.
Tested on a 4.4-3 DC master: update50_ignoressh=yes ./preup.sh ---[updater.log]--- Running preup.sh script Do 9. Jan 02:49:25 CET 2020 Custom preupdate script /var/lib/local-preup.sh not found File "<stdin>", line 16 if LooseVersion(attr['univentionOperatingSystemVersion'][0].decode('UTF-8', 'replace')) < LooseVersion(REQUIRED_VERSION): ^ IndentationError: expected an indented block Paketlisten werden gelesen... Abhängigkeitsbaum wird aufgebaut.... Statusinformationen werden eingelesen.... 0 aktualisiert, 0 neu installiert, 0 zu entfernen und 18 nicht aktualisiert. ---
(In reply to Sönke Schwardt-Krummrich from comment #4) OK. changed from tab indentation to spaces.
* preup.sh simply prints to stderr. Since the updater does a "| tee /var/log/univention/updater.log" automatically, no manual redirection or "tee" is required. * the preup.sh checks all objects with objectclass univentionObjectMetadata but without objectclass univentionLDAPExtensionSchema → LDAP schema objs are ignored * actual checks for ucsversionstart/end: 1) versionstart and versionstart >= 5.0-0 → ignore 2) versionend and versionend < 5.0-0 → ignore 3) versionstart and versionend and versionstart < 5.0-0 → ignore All other combinations are considered as update blocker * actual check for UCS version: obj filter: (&(univentionOperatingSystemVersion=*) (univentionOperatingSystem=Univention Corporate Server))', check: univentionOperatingSystemVersion < 4.4-6 → update blocker * tested with - ucsversionstart = "5.0-0" + ucsversionend = "" → OK - ucsversionstart = "4.0-0" + ucsversionend = "6.0-0" → OK - ucsversionstart = "4.0-0" + ucsversionend = "4.9-9" → OK - ucsversionstart = "5.1-0" + ucsversionend = "6.9-9" → OK Package content has been checked: univention-updater_15.0.0-8A~5.0.0.202008241447_all.deb → VERIFIED
UCS 5.0 has been released: https://docs.software-univention.de/release-notes-5.0-0-en.html https://docs.software-univention.de/release-notes-5.0-0-de.html If this error occurs again, please use "Clone This Bug".