Univention Bugzilla – Full Text Bug Listing |
Summary: | License request from system setup not working in App Appliances | ||
---|---|---|---|
Product: | UCS | Reporter: | Erik Damrose <damrose> |
Component: | System setup | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Jürn Brodersen <brodersen> |
Severity: | normal | ||
Priority: | P5 | CC: | best, brodersen |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=47880 https://forge.univention.org/bugzilla/show_bug.cgi?id=38319 |
||
What kind of report is it?: | Bug Report | What type of bug is this?: | 6: Setup Problem: Issue for the setup process |
Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
User Pain: | 0.206 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Appliance, Usability | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 51299 | ||
Attachments: |
possible patch
patch (git:fbest/49384-license-request) |
Description
Erik Damrose
2019-04-29 14:06:18 CEST
This is also a problem in normal ucs appliances. The setup log has the same error message, but I also get this error in management-console-server.log: 03.06.19 13:51:32.089 MAIN ( WARN ) : Module None (command='udm/request_new_license', id='155956269191661-0') does not exists anymore 03.06.19 13:51:32.119 MODULE ( PROCESS ) : Verboten Created attachment 10084 [details]
possible patch
Comment on attachment 10084 [details]
possible patch
Es wird der Maschinenaccount genutzt, nicht __systemsetup__.
Siehe auch base/univention-system-setup/usr/lib/univention-system-setup/cleanup-post.d/08_activate_license
Okay, then, let's see what permissions the machine account has?: # eval "$(ucr shell)" # umc-acls show -u "$hostname\$" Username: master100$ → None?! I analyzed this, and it is a regression from Bug #47880. Because now all flavors have a <requiredCommand> and therefore the module is forbidden for the user because the DC Master only has permissions for udm/request_new_license. Somehow even if the request doesn't specify a flavor the ACL evaluation doesn't consider this. Created attachment 10085 [details]
patch (git:fbest/49384-license-request)
Could you test this patch? For me it works. But didn't run system-setup.
Patch + Translation has been applied. univention-management-console-module-udm.yaml a80a65f0629f | YAML Bug #49384 univention-management-console-module-udm (9.0.12-16) 5b3a5f412c53 | Bug #49384: fix permissions for requesting a license univention-system-setup.yaml a80a65f0629f | YAML Bug #49384 univention-system-setup (12.0.2-9) 5b3a5f412c53 | Bug #49384: fix permissions for requesting a license What I tested: Installed from the latest test dvd with email -> License was requested and send -> OK The new flavor does not show up as a module -> OK jenkins -> OK YAML -> OK I added a test: [4.4-0 f35f62f317] Bug #49384: add 59_udm/21_request_new_license.py -> Verified |