Univention Bugzilla – Full Text Bug Listing |
Summary: | 01univention-ldap-server-init.inst slapadd fails silently | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | Join (univention-join) | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Stefan Gohmann <gohmann> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, hahn, hupertz, walkenhorst |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.1-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=41782 | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Cleanup, Error handling | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 39866 | ||
Attachments: | /var/log/univention/join.log with set -x |
Description
Florian Best
2015-03-16 15:37:02 CET
These are the failing lines from 01univention-ldap-server-init.inst: cat /usr/share/univention-ldap/base.ldif /usr/share/univention-ldap/ffpu.ldif | sed -e \ "s|@@%%@@ldap\.pw@@%%@@|$pw_crypt|;s|@@%%@@backup\.pw@@%%@@|$backup_crypt|;s|@@%%@@sambadomain@@%%@@|$sambadomain|;s|@@%%@@firstdc@@%%@@|$firstdc|;s|@@%%@@realm@@%%@@|$realm|;s|@@%%@@sid@@%%@@|$sid|;s|@@%@@domain@@%@@|$Domain|" | \ univention-config-registry filter | slapadd >>/var/log/univention/join.log 2>&1 The lines before that code seem to be very broken - a lot of unquoted variable assignments. (In reply to Florian Best from comment #1) > The lines before that code seem to be very broken - a lot of unquoted > variable assignments. FYI: variable assignment needs no extra quoting when using command substitution: # (foo=$(echo '1 2'); echo ">$foo<") >1 2< It much more likely that some of the variables inserted into the sed command break the script, as there no escaping of regular-expression-meta-characters is done. If you still have the system, please run the command in a shell without the trailing "|slapadd". (In reply to Philipp Hahn from comment #2) > If you still have the system, please run the command in a shell without the > trailing "|slapadd". I forced executed the joinscript again, it worked then. This Bug also occurs in different build configurations on Jenkins for the Autotest MutliEnv (IPv6) project in UCS-4.1 (probably also UCS-4.0-3). The master is a dualstack-machine with ipv4 and ipv6-adress. slave only has a ipv6-adress. We will look if this behaviour is reproducable on master/backup oder master/member-configurations to get further information Created attachment 7400 [details] /var/log/univention/join.log with set -x Happens again on my slave, which I had to re-join. Running `univention-join` always fails: - 01univention-ldap-server-init.inst fails, but is flagged as having run successfully. - later on 30univention-appcenter.inst fails, as the local slapd is not running The bug is explained here: <http://stackoverflow.com/questions/17779078/suffix-invalid-dn-21-invalid-syntax-openldap> - the backup/slave is unjoined, so /var/lib/univention-ldap/schema.conf is *empty* - so /etc/openldap/schema/core.schema is *not* included on those replication LDAP servers - but a DB with *dc*=xxx is given, which is defined in 'core.schema'! - so slapd does not know the attribute and refuses to start - normally running the listener in 03 will fetch the schema from the master; then it works - except other things like slapinex (Bug #39866) still fail slapd also fails to start if ldap/index/* contains any attributes not yet defined (e.g. univentionAppID from univention-appcenter, which is registered only in 30univention-appcenter.inst) r66712 | Bug #38051 LDAP: Initialize LDAP only on master Only initialize on DC Master Package: univention-ldap Version: 12.1.6-11.801.201601111622 Branch: ucs_4.1-0 Scope: errata4.1-0 r66714 | Bug #39866 ldap: Force ldap/index/* to defaults during join YAML univention-ldap.yaml r66725 | Bug #38051 ldap: Move cn=config on all server roles Package: univention-ldap Version: 12.1.6-12.802.201601121102 Branch: ucs_4.1-0 Scope: errata4.1-0 r66727 | Bug #38051 ldap: Move cn=config on all server roles YAML univention-ldap.yaml Code review: OK Tests upgrade (master|backup|slave): OK Tests rejoin (backup|slave): Failed I see the following message in the join.log: ----------------------------------------------------------------------------- Configure 01univention-ldap-server-init.inst Wed Nov 18 09:51:59 CET 2015 2015-11-18 09:51:59.587404416+01:00 (in joinscript_init) CRITICAL:__main__:OpenLDAP slapd is running; aborting Multifile: /etc/ldap/slapd.conf 2015-11-18 09:52:00.796326599+01:00 (in joinscript_save_current_version) ----------------------------------------------------------------------------- Tests new installation master: OK Tests new installation slave: OK YAML: OK r67152 | Bug #38051 LDAP: Kill OpenLDAP slapd for initial setup during domain (re-)join Make sure slapd is stopped and valid schema exists on LDAP slaves Package: univention-ldap Version: 12.1.6-21.811.201602031616 Branch: ucs_4.1-0 Scope: errata4.1-0 r67153 | Bug #38051 LDAP: Kill OpenLDAP slapd for initial setup during domain (re-)join YAML univention-ldap.yaml Code review: OK Upgrade (master, backup, slave) + Re-join Tests: OK I still see this message during a normal upgrade: CRITICAL:__main__:OpenLDAP slapd is running; aborting I think this CRITICAL message will confuse users. I split it into a new bug: Bug #40575. New backup installation Test: OK YAML: OK |