Univention Bugzilla – Full Text Bug Listing |
Summary: | 00ucs-school-app-version-check.inst fails immediately on initial join of a DC backup | ||
---|---|---|---|
Product: | UCS@school | Reporter: | Sönke Schwardt-Krummrich <schwardt> |
Component: | General | Assignee: | Sönke Schwardt-Krummrich <schwardt> |
Status: | CLOSED FIXED | QA Contact: | Daniel Tröder <troeder> |
Severity: | normal | ||
Priority: | P5 | ||
Version: | UCS@school 4.4 | ||
Target Milestone: | UCS@school 4.4 v1 | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=48751 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 6: Setup Problem: Issue for the setup process |
Who will be affected by this bug?: | 4: Will affect most installed domains | How will those affected feel about the bug?: | 4: A User would return the product |
User Pain: | 0.549 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 48751 | ||
Attachments: | join.log (contains 2 join attempts: 1 fails, 1 successful) |
Description
Sönke Schwardt-Krummrich
2019-02-21 23:36:22 CET
s/silently/immediately and without log output/ Created attachment 9857 [details]
join.log (contains 2 join attempts: 1 fails, 1 successful)
I finally understood the problem: An unjoined domain controller backup should be added to an existing UCS@school-4.4 domain via univention-join. univention-join creates a host account in LDAP and also empties the /var/univention-join/status file, which lists which join scripts have already been executed in which version. Now the join hook becomes active and installs the UCS@school app as well as the metapackage ucs-school-master/ucs-school-singlemaster and its various dependencies. During the installation of the packages, various join scripts of these packages are also executed in the postinst scripts. This happens e.g. via a call_joinscript call. The (All?) join scripts run successfully because they have received valid join credentials as arguments and the local host account is already valid also. The join scripts then enter themselves in the /var/univention-join/status file as successfully completed. After the hook is finished, the control goes back to univention-join, which then executes all existing join scripts. As soon as univention-join now executes a joinscript, which has already run successfully during the installation of UCS@school, the joinscript terminates with exitcode 1 (which means for univention-run-join-scripts as much as "I have already run successfully in the lastest version. I don't have to do anything anymore"). According to univention-join, all joinscripts have not been run yet (the status file was emptied a moment ago), and therefore every exitcode != 0 is interpreted as a serious error and aborts the join process. This also happened in the above case. The fact that the join scripts are already executed during the installation of the packages is not optimal at this point. One possibility would have been to patch call_joinscript from univention-lib in such a way that the execution on a DC backup can be prevented e.g. by a UCR variable (temporarily set by the join hook). However, since there are still some packages that execute the joinscripts directly and do not do this via call_joinscript, this would not have been a reliable solution. Nevertheless, I switched all found UCS@school packages to call_joinscript accordingly (see commits below). In the end, I have adapted the join hook so that it checks the file /var/univention-join/status on startup and remembers the size and its presence. After all packages have been installed from the hook, the status file BEFORE the installation of UCS@school is checked to see if it was missing or 0 bytes in size (this is only the case if the hook is executed by univention-join!). In this case, the status file is restored to its original state (deleted or shortened to 0 bytes). If the control then goes over to univention-join again, there are no problems with the execution of the join scripts, because according to the status file none has been executed successfully yet. I think it is possible to reset the status file without any major problems, as this roughly corresponds to the situation where a rejoin is triggered via univention-join on a ready-to-use UCS@school system. Even then, with the current standard behaviour, all join scripts have run successfully, the status file is shortened to 0 bytes and then all join scripts are executed again. And also all other join hooks should show this behavior, otherwise they run into the same problem. If the status file is not 0 bytes large, the join hook is executed by univention-run-join-scripts and no further action is necessary with regard to the status file. 22bb08915 Bug #48731, #48743: update advisories cb3993405 Bug #48731: fixup for cd09fa800c4d3f1876e8ddbe2cc5f1ae7076f4ae: remove unused file 02a6e6153 Bug #48731: update advisory cd09fa800 Bug #48731: add changelog entry 3d9e5b1e8 Bug #48731: use call_joinscript instead of calling the joinscript directly 8d9f7b233 Bug #48731: add changelog entry 501dfff22 Bug #48731: keep /var/univention-join/status empty during univention-join 96dd92224 Bug #48731: remove debug output 3cd2f07fd Bug #48731: add changelog entry dd18eaad5 Bug #48731: add advisory 8bd4a764a Bug #48731: use call_joinscript instead of calling joinscript directly fdc025671 Bug #48731: update advisory e7a221fe7 Bug #48731: add changelog entry a93e5bf60 Bug #48731: use call_joinscript instead of calling the joinscript directly de22f5945 Bug #48731: removed outdated conflicts af007e1c0 Bug #48731: add debug output to 00ucs-school-app-version-check.inst Rebuilt packages: - ucs-school-metapackage 12.0.0-34A~4.4.0.201902240136 - ucs-school-import 17.0.4-8A~4.4.0.201902240135 - ucs-school-ldap-acls-master 17.0.0-1A~4.4.0.201902240135 - ucs-school-umc-exam 9.0.0-2A~4.4.0.201902240136 Still manually testing the solution, but in the meantime: OK: fix postinst to use call_joinscript OK: removed outdated conflicts REOPEN: /var/univention-join/status is not the join hooks data file. It should not meddle in other softwares data structures. Please apply the KeepEmptyStatusFile() code to the univention-join package, where the pre-join-hooks are called. This will also fix the problem for other pre-join-hooks and make the management team aware of it. We discussed the topic again and decided that univention-join would reset the status file itself (see also bug 48751). The changes made to the UCS@school join hook have therefore been reversed. eb2f22ca5 Bug #48731: removed last changes; the issues are now addressed directly in univention-join Package: ucs-school-metapackage Version: 12.0.0-37A~4.4.0.201902251422 Branch: ucs_4.4-0 Scope: ucs-school-4.4 OK: join script 00ucs-school-app-version-check.inst runs successfully on all roles (including DC backup) OK: revert status-file-modification here and move code to univention-join (see Bug #48751) UCS@school 4.4 v1 has been released. https://docs.software-univention.de/release-notes-ucsschool-4.4v1-de.html If this error occurs again, please clone this bug. |