Univention Bugzilla – Bug 56645
samba-env :51_samba4.52replication_sysvol fails
Last modified: 2023-11-10 13:39:46 CET
[VNC install samab-env](https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-5/job/Installation%20Tests/mode=samba-env/31/testReport/51_samba4/52replication_sysvol/backup/) is failing 12 times in a row. journcalctl -b 0 -u cron.service -f Sep 22 16:50:03 backup CRON[22611]: pam_unix(cron:session): session closed for user root Sep 22 16:50:03 backup CRON[22624]: (root) CMD (/usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh >>/var/log/univention/sysvol-sync.log 2>&1) ucr set samba4/sysvol/sync/debug=true tail -f /var/log/univention/sysvol-sync.log 2023-09-22 16:51:02 DEBUG [master] placing triggerfile. 2023-09-22 16:51:03 DEBUG [master] rsync check for changes on upstream DC 2023-09-22 16:51:04 DEBUG [master] No upstream changes. 2023-09-22 16:51:04 DEBUG [master] checking ACL's 2023-09-22 16:51:04 DEBUG [master] local sync from importdir to sysvol 2023-09-22 16:51:04 DEBUG [master] trying to get exclusive (write) lock on local sysvol 2023-09-22 16:55:55 DEBUG [master] placing triggerfile. 2023-09-22 16:55:56 DEBUG [master] rsync check for changes on upstream DC 2023-09-22 16:55:57 DEBUG [master] No upstream changes. 2023-09-22 16:55:57 DEBUG [master] checking ACL's 2023-09-22 16:55:57 DEBUG [master] local sync from importdir to sysvol 2023-09-22 16:55:57 DEBUG [master] trying to get exclusive (write) lock on local sysvol
Created attachment 11130 [details] sysvol-sync.log
The test running on the *backup* chooses the S4C on the *slave* and then tries to pull the GPO from the *master*: /usr/share/ucs-test/51_samba4/52replication_sysvol > ## create an fACL-free file in sysvol on remote DC slave.ucs.test /usr/share/univention-samba4/scripts/sysvol-sync.sh > sync_from_active_downstream_DCs ... > is_ucr_false samba4/sysvol/sync/from_downstream > /usr/sbin/univention-config-registry get samba4/sysvol/sync/from_downstream > value= > return 2 ... > DEBUG [master] placing triggerfile. ... 52replication_sysvol: 31 determine_neighbour_s4host() { 32 »···mapfile -t s4hosts < <(univention-ldapsearch -LLL "(univentionService=Samba 4)" cn | sed -ne 's/^cn: //p') # univention-ldapsearch -LLL "(univentionService=Samba 4)" cn univentionServerRole dn: cn=slave,cn=dc,cn=computers,dc=ucs,dc=test univentionServerRole: slave cn: slave dn: cn=backup,cn=dc,cn=computers,dc=ucs,dc=test univentionServerRole: backup cn: backup dn: cn=master,cn=dc,cn=computers,dc=ucs,dc=test univentionServerRole: master cn: master 33 »···for candidate in "${s4hosts[@]}" 34 »···do 35 »···»···[ "$candidate" = "$hostname" ] && 36 »···»···»···continue 37 »···»···# ignore hosts without a DNS service principal account, they are RODC's 38 »···»···# TODO Is there a better way to check for RODC's? 39 »···»···id "dns-$candidate" >/dev/null || 40 »···»···»···continue 41 »···»···ping -c 1 "$candidate.$domainname" >/dev/null || 42 »···»···»···continue 43 »···»···echo "$candidate.$domainname" 44 »···»···return 0 45 »···done 46 »···return 1 47 } It it okay for `determine_neighbour_s4host` to choose a slave or should be change the code to use the LDAP filter '(&(univentionService=Samba 4)(!(univentionServerRole=slave)))'
Well, no, that's not a bug. The idea of the test is to put the file on some DC and verify that it ends up on the local DC. The sysvol sync script has been created to sync DCs bidirectionally by default with a hub and spoke topology with the primary in the center. So, putting the file on the replica should still get it replicated to the backup (via the primary). I'll check if I can find a way to improve the test to make it more robust.
Created attachment 11141 [details] fixup-0ba9c99581.patch Anyway, the refactoring commit 0ba9c99581 changed timing and output. The attached patch may fix that back.
(In reply to Arvid Requate from comment #4) > Anyway, the refactoring commit 0ba9c99581 changed > timing and output. The attached patch may fix that back. Thank you for investigating this; I applied you change slightly modified. FYI: The test was already failing *before* my changed: while investigating the failure myself I took the opportunity to clean up the test myself as it re-implemented "undo" already implemented by "undo.sh" and "retry" from "base.sh". [5.0-5] 0ba9c99581 refactor(test): 51_samba4/52replication_sysvol test/ucs-test/tests/51_samba4/52replication_sysvol | 153 ++++++++++++----------------------------- 1 file changed, 45 insertions(+), 108 deletions(-) [5.0-5] 60d55aff54 refactor(test): 51_samba4/52replication_sysvol 2 test/ucs-test/debian/changelog | 6 ++++++ test/ucs-test/tests/51_samba4/52replication_sysvol | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) Package: ucs-test Version: 10.0.19-22 Branch: ucs_5.0-0 Scope: errata5.0-5
> FYI: The test was already failing *before* my changed Sure, I didn't imply anything else and put it into a separate comment for that reason. The original report is gone and the most recent doesn't show a failure: https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-5/job/Installation%20Tests/mode=samba-env/87/testReport/junit/51_samba4/52replication_sysvol/backup/ I won't change anything unless I can see proof and understand the issue.