Univention Bugzilla – Bug 53810
[4.4] univention-fetch-certificate hangs indefinitely when it cannot download certs
Last modified: 2021-09-29 16:34:49 CEST
The script "univention-fetch-certificate" hangs indefinitely when it cannot download certs. There is a guard that it should abort aber trying 30 times (and waiting 20 sec each time). But the guard does not trigger because it checks for the existence of directories that will only be created when the certificate download succeeds. The script should abort after 300 sec regardless of other conditions.
This is already fixed by Bug #51776 in UCS 5.0-0-errata.
This is happening on a regular basis → few - https://jenkins.knut.univention.de:8181/job/UCSschool-4.4/job/Install%20Multiserver/Config=s4,TestGroup=base1,UCSRelease=testing/974/ If it happens the setup is blocked → Blocking At least the work-around to timeout after 10m should be applied. Bonus points for actually figuring out why UDL does not create the certificate.
Again https://jenkins.knut.univention.de:8181/job/UCS-5.0/job/UCS-5.0-0/job/AutotestUpgrade/SambaVersion=s4,Systemrolle=member/259/console Lost tests from 4 days
[4.4-8] c047b3f2f6 style[ssl-download] Check also for machine.secret base/univention-ssl/univention-fetch-certificate | 3 +++ 1 file changed, 3 insertions(+) [4.4-8] b093975b4f fix[ssl-download] univention-scp detection base/univention-ssl/debian/ucslint.overrides | 2 ++ base/univention-ssl/univention-fetch-certificate | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) [4.4-8] 8d684f51e3 style[ssl-download] shellcheck issues base/univention-ssl/univention-fetch-certificate | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) [4.4-8] eadfe332ae fix[ssl-download] Abort after timeout base/univention-ssl/debian/changelog | 6 ++++++ base/univention-ssl/univention-fetch-certificate | 14 +++++--------- doc/errata/staging/univention-ssl.yaml | 10 ++++++++++ 3 files changed, 21 insertions(+), 9 deletions(-) [4.4-8] 320b493679 fixup! fix[ssl-download] Abort after timeout base/univention-ssl/debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Package: univention-ssl Version: 13.0.0-8A~4.4.0.202109250930 Branch: ucs_4.4-0 Scope: errata4.4-8 [4.4-8] 37a362eb47 Bug #53810: univention-ssl 13.0.0-8A~4.4.0.202109250930 doc/errata/staging/univention-ssl.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
OK: timeout after 10 minutes # time univention-fetch-certificate msater.school.dev master.school.dev Download host certificate for msater.school.dev:...............................failed to get host certificate real 10m20,482s user 0m0,392s sys 0m0,028s OK: code review ~OK: YAML
<https://errata.software-univention.de/#/?erratum=4.4x1056>