Univention Bugzilla – Full Text Bug Listing |
Summary: | rdate in univention-ssl.postinst got stuck | ||
---|---|---|---|
Product: | UCS | Reporter: | Stefan Gohmann <gohmann> |
Component: | SSL | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Sönke Schwardt-Krummrich <schwardt> |
Severity: | normal | ||
Priority: | P5 | CC: | da, jmm |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | http://forum.univention.de/viewtopic.php?f=48&t=3596&p=12788 | ||
See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=37098 https://forge.univention.org/bugzilla/show_bug.cgi?id=27728 |
||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 36937 |
Description
Stefan Gohmann
2014-11-21 13:37:18 CET
same behaviour was seen during "apt-get install --reinstall univention-ssl" in 3.2.4 see my remarks in Ticket 2014111021000654 (14.11.2014 10:59) r56063 | Bug #36934 SSL: Timeout ntpdate command after 15s Package: univention-ssl Version: 9.0.4-1.150.201411211640 User: phahn Branch: ucs_4.0-0 Scope: errata4.0-0 r56068 | Bug #36934 SSL,Bug #36935 Join,Bug #36937 USS: timeout YAML root@master40:~# timeout -k 20 15 ntpdate-debian 25 Nov 19:40:06 ntpdate[8714]: no servers can be used, exiting On my UCS master test system /etc/default/ntpdate was empty → $NTPDATE_USE_NTP_CONF is not set (used within ntpdate-debian) → /var/lib/ntpdate/default.dhcp does not exist → no time server is given to ntpdate → error message from above → REOPEN Why not using one of the following pools? - 0.pool.ntp.org - 1.pool.ntp.org - 2.pool.ntp.org - 3.pool.ntp.org root@master40:~# time timeout -k 20 15 rdate 10.200.18.3 real 0m15.003s user 0m0.004s sys 0m0.000s root@master40:~# time timeout -k 20 15 rdate 192.168.0.3 Wed Nov 26 17:01:49 CET 2014 real 1269m58.097s user 0m0.000s sys 0m0.000s root@master40:~# time timeout -k 20 15 rdate 192.168.0.3 Wed Nov 26 17:01:59 CET 2014 real 0m0.000s user 0m0.000s sys 0m0.004s root@master40:~# → Works as expected. FAIL: why still using rdate as dependency? ntpdate-debian uses ntpdate YAML: not checked yet (In reply to Sönke Schwardt-Krummrich from comment #3) > root@master40:~# timeout -k 20 15 ntpdate-debian > 25 Nov 19:40:06 ntpdate[8714]: no servers can be used, exiting > > On my UCS master test system /etc/default/ntpdate was empty > → $NTPDATE_USE_NTP_CONF is not set (used within ntpdate-debian) > → /var/lib/ntpdate/default.dhcp does not exist > → no time server is given to ntpdate > → error message from above > → REOPEN This happens only on the DC Master, where no NTP server is configures by default; see Bug #37098. > Why not using one of the following pools? > - 0.pool.ntp.org > - 1.pool.ntp.org > - 2.pool.ntp.org > - 3.pool.ntp.org This is not allowed: <http://www.pool.ntp.org/de/vendors.html> > Basic guidelines > Do not use the standard pool.ntp.org names as a default configuration in your system. ... > Get your vendor zone > You must absolutely not use the default pool.ntp.org zone names as the default configuration in your application or appliance. We should either - apply for univention.pool.ntp.org, - ask Debian if using debian.pool.ntp.org is okay, - add ntp.univention.de and use that to DDoS ourselves. That's probably the easiest as an NTP query will only happen once per DC Master installation. Also see Bug #27728 for the hard-coded pool.ntp.org issue. (In reply to Sönke Schwardt-Krummrich from comment #3) > FAIL: why still using rdate as dependency? ntpdate-debian uses ntpdate "rdate" is still used by univention-base-files/conffiles/etc/init.d/rdate, which also violates the terms-of-use of pool.ntp.org. r56275 | Bug #36934: Timeout rdate command after 15+5s Use rdate again with fixed 10.1.133.130.in-addr.arpa domain name pointer time.fu-berlin.de. Reduce SIGKILL timeout to 5s. Package: univention-ssl Version: 9.0.4-2.151.201411281139 User: phahn Branch: ucs_4.0-0 Scope: errata4.0-0 r56279 | YAML Bug #36334 Bug #36937: timeout rdate OK: code change visibly checked OK: YAML Waiting for new DVD for functional check r56283 | Bug #36937: Timeout rdate command after 15+5s r56286 | YAML Bug #36334 Bug #36937: timeout rdate Package: univention-ssl Version: 9.0.4-3.152.201411281214 User: phahn Branch: ucs_4.0-0 Scope: errata4.0-0 Package: univention-system-setup Version: 8.1.65-24.811.201411281217 User: phahn Branch: ucs_4.0-0 Scope: errata4.0-0 No problem encountered during installation. |