Univention Bugzilla – Full Text Bug Listing |
Summary: | New check `kerberos_ddns_update.py` | ||
---|---|---|---|
Product: | UCS | Reporter: | Lukas Oyen <oyen> |
Component: | UMC - System diagnostic | Assignee: | Lukas Oyen <oyen> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | enhancement | ||
Priority: | P5 | CC: | best, gohmann, requate |
Version: | UCS 4.2 | Flags: | oyen:
Patch_Available+
|
Target Milestone: | UCS 4.2-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Feature Request | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 45418, 45584, 47216 | ||
Attachments: |
nt-diagnostic-nsupdate-421.patch
qa_bug_44902.patch nsupdate_check.patch bug44902_proposal.diff |
Committed in r81644 - r81646 (advisory r81649). Created attachment 9111 [details]
qa_bug_44902.patch
Ok, looks good, I'd like to include the direction and the estring, see attached patch.
Created attachment 9144 [details]
nsupdate_check.patch
The nsupdate check doesn't actually send the command, see patch attached to previous comment (In reply to Arvid Requate from comment #5) > The nsupdate check doesn't actually send the command, see patch attached to > previous comment Fixed: 4.2-1: r82619, YAML: r82626 4.2-2: r82628, YAML: r82635 Ok. I've also reverted unreleased errata4.2-1 changes (r81147:82625) since Erratum 98 from the ucs-4.2-1 SVN branch and merged the unpublished errata4.2-1 advisory into the errata4.2-2 advisory. So everything's up to date in the ucs-4.2-2 branch. The tests fail in Jenkins in a Samba 3 environment: http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-2/job/AutotestJoin/7/SambaVersion=s3,Systemrolle=master/testReport/00_checks/81_diagnostic_checks/test/ Maybe the whole test should be skipped in S3 environments? The plugin is now skipped in ucs-test. Please revert it once the issue is fixed: 0987b829 by Stefan Gohmann at 2017-09-08T19:47:41+02:00 00_checks/81_diagnostic_checks.py: skip 46_kerberos_ddns_update since it doesn't work in S3 environments (Bug #44902) (In reply to Stefan Gohmann from comment #9) > The plugin is now skipped in ucs-test. Please revert it once the issue is > fixed: > > 0987b829 > by Stefan Gohmann at 2017-09-08T19:47:41+02:00 > 00_checks/81_diagnostic_checks.py: skip 46_kerberos_ddns_update since it > doesn't work in S3 environments (Bug #44902) Fixed in 1484bf36, YAML dc706e39, Test enabled 6ea5ac94. Created attachment 9202 [details] bug44902_proposal.diff One final thing: * Servers that migrated from "Samba 3" to "Samba 4" usually have both services registered. Yeah, not good, but that's how it is. * Memberservers have "Samba 3" and should be able to do ddns updates in a "Samba 4" domain. See attached patch for a proposal. (In reply to Arvid Requate from comment #11) > * Servers that migrated from "Samba 3" to "Samba 4" usually have both > services registered. Yeah, not good, but that's how it is. > > * Memberservers have "Samba 3" and should be able to do ddns updates in a > "Samba 4" domain. Reworked and applied (with some modifications) in 6464f49b. Ok, works. I've split of Bug #45418 to add support for special setups. |
Created attachment 8988 [details] nt-diagnostic-nsupdate-421.patch Adds a new check `kerberos_ddns_update.py` which acquires a kerberos ticket for `$hostname$` and `dns-$hostname` and performs a `nsupdate` with a prerequisite check for `$domainname`.