Univention Bugzilla – Bug 53129
Block update if DefaultPackagesMaster are installed
Last modified: 2021-05-25 16:02:51 CEST
DC Master with 4.4 should not update to 5.0 as long as DefaultPackagesMaster are installed (but the App itself is not). We should list the packages in a preup check.
i found these apps with DefaultPackagesMaster kopano4ucs-udm ucc-management-integration,python-univention-directory-manager-ucc,univention-corporate-client-schema univention-fetchmail-schema univention-openvpn-schema,univention-openvpn-master univention-self-service-master univention-self-service-master and univention-fetchmail-schema are already migrated ucc is deprecated so we block the update (on master systems) if kopano4ucs-udm or univention-openvpn-schema,univention-openvpn-master is installed, the idea is that these apps have to migrate to the non-DefaultPackagesMaster mechanism and before the update to user has to remove the old DefaultPackagesMaster
f7b5ee518156fe9fea1d4e10e5a47e14ce1add77 - univention-updater block update if kopano4ucs-udm, univention-openvpn-schema or univention-openvpn-master is installed once these apps have a 5.0 compatible version in UCS 4.4, we change the error message to something like The 123 App is installed in your domain. In order to update to UCS 5.0 the 123 App has to be updated to version x.x. Once all systems are updated the package 123-schema has to be removed from this server: univention-remove --purge 123-schema
preup.sh stops: OK Message: OK
Still works. But the problem may be more complicated. As the App could have already been removed, the sentence about the App update may make no sense. Still, they get the message because DefaultPackagesMaster are not uninstalled. Maybe add this sentence: If you removed the App in your domain, this command will remove remnants of the installation: univention-remove --purge kopano4ucs-udm Also, have we checked univention-openvpn-schema and univention-openvpn-master? Maybe we cannot safely remove univention-openvpn-schema, but only univention-openvpn-master? Then, we should not test for first package. Alternatively, we would need to link to our help article where the removal of a schema is described.
kopano-core changed the message to The Kopano App is or was installed in your domain. A newer version of the Kopano App is needed in order to update to UCS 5.0. Kopano and Univention are currently working on providing this new version as soon a possible. If the Kopano App is no longer used and has already been removed from the domain the package kopano4ucs-udm can be removed from this server in order to update to UCS 5.0: univention-remove --purge kopano4ucs-udm This check can be disabled by setting the UCR variable 'update50/ignore_default_master_packages_apps' to 'yes'. kopano4ucs-udm (and kopano4ucs-schema) can safely be removed, as the schema is "locally" registered in /var/lib/univention-ldap/local-schema/kopano4ucs.schema. openvpn4ucs This app already uses ucs_registerLDAPExtension to register the extensions, DefaultPackagesMaster seems to be an artifact here. But the update is currently blocked, not by this test here, but by the minimum_ucs_version_of_all_systems_in_domain minimum_ucs_version_of_all_systems_in_domain: The following extensions are incompatible with UCS 5.0: cn=63openvpn-sitetosite,cn=ldapacl,cn=univention,dc=four,dc=four: [unspecified..unspecified) cn=univention-openvpn-schema,cn=udm_syntax,cn=univention,dc=four,dc=four: [unspecified..unspecified) cn=univention-openvpn,cn=udm_hook,cn=univention,dc=four,dc=four: [unspecified..unspecified) Even if i remove the univention-openvpn-master and univention-openvpn-schema packages (LDAP schema is not a problem, it is registered) The system can not be updated to UCS 5.0 due to the following reasons: minimum_ucs_version_of_all_systems_in_domain: The following extensions are incompatible with UCS 5.0: cn=63openvpn-sitetosite,cn=ldapacl,cn=univention,dc=four,dc=four: [unspecified..unspecified) For now i decided to remove openvpn4ucs from the default_master_packages test. If the app is installed in the domain the update is blocked by minimum_ucs_version_of_all_systems_in_domain, until a new UCS 5 compatible version is released. If the app has been removed, the update is also blocked by minimum_ucs_version_of_all_systems_in_domain. At this point some manual steps are required (purge univention-openvpn-master univention-openvpn-schema and remove cn=63openvpn-sitetosite,cn=ldapacl,cn=univention,$ldap_base). I think we should write a help article for that (if this becomes a problem for somebody), OK?
Yes, the points make sense. The text is better.
UCS 5.0 has been released: https://docs.software-univention.de/release-notes-5.0-0-en.html https://docs.software-univention.de/release-notes-5.0-0-de.html If this error occurs again, please use "Clone This Bug".