Univention Bugzilla – Bug 34214
Samba4 @school test: GPC replication School S4 -> Master LDAP
Last modified: 2018-11-01 19:52:20 CET
In UCS@School the Group Policy Container (GPC) Objects are replicated via OpenLDAP. Some test cases should be implemented to check this: * Verify that a GPC created in the Samba directory at a school server (UCS@school Samba4 Slave DC) is replicated to the UCS Master LDAP. * Link the GPO to the School OU in the Samba directory and verify that this link is replicated to the UCS Master LDAP as well.
r53037: * Bug #34214 and #34216: 90_ucsschool/91_samba4_gpc_two_way_replication: test the GPC objects and links replication from DC-Master to DC-Slave or from DC-Slave to DC-Master; 90_ucsschool/essential/test_samba4.py: a helper class for Samba4 related tests. Test covers cases in this bug and bug #34216.
The test script "91_samba4_gpc_two_way_replication" produced a traceback in the last Jenkins run in a single server environment: http://jenkins.knut.univention.de:8080/job/UCSschool%204.0/job/UCSschool%204.0%20Singleserver/11/SambaVersion=s4/testReport/90_ucsschool/91_samba4_gpc_two_way_replication/test/ Current server role is DC-Master, trying to find a DC-Slave in the domain for the test ### FAIL ### Could not find at least one IP address of the DC-Slave in the output of the udm list command ### ### Maybe it is needed to check if the script is running on a single server or multi server environment, as there is no DC-Slave by default on a single server environment, and it is created manually when needed.
(In reply to Ammar Najjar from comment #2) > Maybe it is needed to check if the script is running on a single server or > multi server environment, as there is no DC-Slave by default on a single > server environment, and it is created manually when needed. Yep, there was such check, but it should have checked the udm output more explicitly, so now should be skipped: r57023: * 90_ucsschool/91_samba4_gpc_two_way_replication: check the udm output correctly when looking for DC-Slave in the domain (Bug #34214).
essential/test_samba4.py:62: undefined name 'utils' essential/test_samba4.py:67: undefined name 'utils' essential/test_samba4.py:92: undefined name 'utils' essential/test_samba4.py:103: undefined name 'utils' essential/test_samba4.py:125: undefined name 'utils' essential/test_samba4.py:146: undefined name 'utils' essential/test_samba4.py:211: undefined name 'utils'
(In reply to Florian Best from comment #4) > essential/test_samba4.py:62: undefined name 'utils' > essential/test_samba4.py:67: undefined name 'utils' > essential/test_samba4.py:92: undefined name 'utils' > essential/test_samba4.py:103: undefined name 'utils' > essential/test_samba4.py:125: undefined name 'utils' > essential/test_samba4.py:146: undefined name 'utils' > essential/test_samba4.py:211: undefined name 'utils' It's inherited, utils are imported in 9*_samba4_* tests.
I think the "samba-tool gpo create" command requires the -H option here, too, to select the specific server where the GPO should be created. The test currently fails without that: http://jenkins.knut.univention.de:8080/job/UCSschool%204.0/job/UCSschool%204.0%20Multiserver/16/SambaVersion=s4-school-only-with-slave/testReport/junit/90_ucsschool/91_samba4_gpc_two_way_replication/test/
Created attachment 6706 [details] Test run on Slave, replication from DC-Master
Created attachment 6707 [details] Test run on Master, replication from DC-Slave
(In reply to Arvid Requate from comment #6) > I think the "samba-tool gpo create" command requires the -H option here, > too, to select the specific server where the GPO should be created. The test > currently fails without that: > > http://jenkins.knut.univention.de:8080/job/UCSschool%204.0/job/UCSschool%204. > 0%20Multiserver/16/SambaVersion=s4-school-only-with-slave/testReport/junit/ > 90_ucsschool/91_samba4_gpc_two_way_replication/test/ The debug message says it is run with '-H' and host specified. Executing cmd: ('samba-tool', 'gpo', 'create', 'ucs_test_school_gpo_q53gz2ry', '-H', 'ldap://master204.autotest204.local', '-k', 'no', '--username', 'Administrator', '--password', 'univention') I've checked the test with the setup as 'autotest-201-ucsschool-singleserver-s4-with-slave' jenkins template. Test works for both cases: DC-Master --> DC-Slave and DC-Slave --> DC-Master. When running on Master the Slave accessed by IP, when running on Slave master accessed by 'ldap://master201.autotest201.local'. The only thing when GPO is removed after the test -> the host is not specified and samba-tool gives exception, which is just printed.
Created attachment 6798 [details] log.samba Test failed in the last two Jenkins runs for: - SambaVersion=s4-all-components - SambaVersion=s4 http://jenkins.knut.univention.de:8080/view/UCSschool/job/UCSschool%204.0/job/UCSschool%204.0%20Multiserver/30/SambaVersion=s4-all-components/testReport/90_ucsschool/91_samba4_gpc_two_way_replication/test/ http://jenkins.knut.univention.de:8080/view/UCSschool/job/UCSschool%204.0/job/UCSschool%204.0%20Multiserver/31/SambaVersion=s4-all-components/testReport/90_ucsschool/91_samba4_gpc_two_way_replication/test/ http://jenkins.knut.univention.de:8080/view/UCSschool/job/UCSschool%204.0/job/UCSschool%204.0%20Multiserver/30/SambaVersion=s4/testReport/90_ucsschool/91_samba4_gpc_two_way_replication/test/ http://jenkins.knut.univention.de:8080/view/UCSschool/job/UCSschool%204.0/job/UCSschool%204.0%20Multiserver/31/SambaVersion=s4/testReport/90_ucsschool/91_samba4_gpc_two_way_replication/test/ With the failing message: Executing cmd: ('samba-tool', 'gpo', 'show', '{55FEE9FD-36B3-456D-8F75-A7E389848184}') ### FAIL ### An error occured while getting the GPO link using 'samba-tool', STDERR: 'ERROR(runtime): uncaught exception - ('Could not find a DC for domain', RuntimeError('NT_STATUS_OBJECT_NAME_NOT_FOUND',)) File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/gpo.py", line 513, in run self.url = dc_url(self.lp, self.creds, H) File "/usr/lib/python2.7/dist-packages/samba/netcmd/gpo.py", line 117, in dc_url raise RuntimeError("Could not find a DC for domain", e)' ### ### In the attachment see "log.samba" from the last run #31.
Test is skipped with SKIP-UCSSCHOOL tag in both 4.0 & 3.2r2, please enable when this bug is fixed.
(In reply to Ammar Najjar from comment #11) > Test is skipped with SKIP-UCSSCHOOL tag in both 4.0 & 3.2r2, please enable > when this bug is fixed. The test worked in previous test run: http://jenkins.knut.univention.de:8080/view/UCSschool/job/UCSschool%204.0/job/UCSschool%204.0%20Multiserver/29/SambaVersion=s4/artifact/ucs-test.log where the '98univention-samba4-dns.inst' script executed successfully. I've opened Bug #38228 and Bug #38229 As a workaround, the hostname might be specified for all samba-tool executions, but I think the test should fail if the samba-tool does not work.
> As a workaround, the hostname might be specified for all samba-tool executions, Yes, please do that. > but I think the test should fail if the samba-tool does not work. This will happen if -H doesn't fix the issue.
(In reply to Arvid Requate from comment #13) > > As a workaround, the hostname might be specified for all samba-tool executions, > > Yes, please do that. > I could not reproduce the issue on the 'autotest-203-ucsschool-multiserver-s4' fresh setup.. r59914: * 90_ucsschool/91_samba4_gpc_two_way_replication: wait more for replication; specify local ip and credentials when running local checks using samba-tool (Bug #34214). committed to both School 3.2 and 4.0
The presented test-case will be skipped, if no S4 is found on the UCS@School Master DC. It also checks the replication only via the `samba-tool`. The test should be reworked to include a check in the OpenLDAP if `server/role` == "domaincontroller_master". In doing so, be aware to not break bug #34216.
Reworked in r76047 / r76048.
Updated in r76063 to use `univention.admin.uldap`.