Univention Bugzilla – Bug 41052
Make ip/change module more robust
Last modified: 2019-02-27 18:04:59 CET
The ip/change module may fail due to some reasons. It should be more robust: Execution of command 'ip/change' has failed: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 283, in execute function(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/ipchange/__init__.py", line 147, in change record['a'].remove(request.options.get('oldip')) ValueError: list.remove(x): x not in list Failed to change DNS reverse zone: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/modules/ipchange/__init__.py", line 127, in change server.modify() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 363, in modify return self._modify(modify_childs,ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 852, in _modify ml=self._ldap_modlist() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/computers/domaincontroller_master.py", line 607, in _ldap_modlist ml=univention.admin.handlers.simpleComputer._ldap_modlist( self ) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 2192, in _ldap_modlist raise univention.admin.uexceptions.ipAlreadyUsed, ' %s' % ipAddress ipAlreadyUsed: 169.254.85.137 Failed to change IP: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/modules/ipchange/__init__.py", line 110, in change server.modify() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 363, in modify return self._modify(modify_childs,ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 975, in _modify self._ldap_post_modify() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/computers/domaincontroller_master.py", line 589, in _ldap_post_modify univention.admin.handlers.simpleComputer._ldap_post_modify( self ) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 2089, in _ldap_post_modify self.__add_dns_reverse_object( self[ 'name' ], x, entry ) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1669, in __add_dns_reverse_object raise univention.admin.uexceptions.InvalidDNS_Information, _( 'Reverse zone and IP address are incompatible.' ) InvalidDNS_Information: Reverse zone and IP address are incompatible.
This bug is very annoying, i have a ucs master system with two interfaces, during the installation i used eth0 (eth1 is un-configured). After the installation i started dhclient eth1, got no DHCP offers and a temp. ip for eth1 -> 169.254.91.45 In /var/log/univention/management-console-module-ipchange.log i have the same tracebacks as in comment #1 and my reverse zone is broken now. Seems that the ipchange module deleted my pointer record (the record for eth0) -> udm dns/ptr_record list --superordinate zoneName=7.200.10.in-addr.arpa,cn=dns,dc=home,dc=intranet Now i can no longer join other UCS systems with the u-system-setup (the setup looks for a valid pointer record for the dns server.)
I added a patch for the following problems (in branch fbest/41052-ip-change-errors): * general code cleanup * fix ldap filter escaping (which allowed to perform injection queries with cn=admin) * ignore link local address changes (e.g. if no IP address was assigned via DHCP) * don't fail if a-Record of old ip address is not set at the ucs-sso.$domainname entry * fix detection of the reverse zone where to create the new pointer record → if the netmask is not /32 /24 /16 /8 it fails. * If no zone (1.2.3) for 1.2.3.4/24 exists but there is a zone (1.2) this is taken instead * Check prior to any modifications if the IP is already used * Fix removal of Reverse Zone at the computer. It failed because server['ip'] is a list and the comparision with '1.2.3.4' == ['1.2.3.4'] fails. * fix changing of ucs-sso-Entry if host has multiple IP addresses
another issue, s4 environment, UCS master and a slave with two network interfaces (eth0 with proper DHCP, eth1 no DHCP), during the slave installation * eth0 (DHCP) was used in the installer * but the setup for Non-master systems opens a the network setup (if DHCP does not provide a ucs dns server) * now both interfaces are configured to DHCP in the setup network * during the installation (? im not 100% sure), at some point the ucs ifup/down script for both interfaces are executed, first eth0 then eth1 * eth1 has 169.254 address and the ipchange module (executed by /etc/network/if-up.d/90_dns_update) set the arecord of my slave to this ip * connectory synced the ip to samba and drs is broken, immediately after the installation of the slave ipchange module should ignore 169.254, or?
(In reply to Felix Botner from comment #3) > ipchange module should ignore 169.254, or? This is already part of the patch.
ok, patch looks good, i tested ... just return if ip is a link local address error if ip is already used update forward zone host record update reverse zone if exists update ucs-sso host record additionally i changed univention-register-network-address in univention-network-manager to ignore docker0 too univention-management-console-module-ipchange d54a652f39cd7df0bbc9c85ceb0677f6d19ae367 univention-network-manager bcc300f611d58dbda7ef6b3854feff558c7d1075 YAML 6543435ca2f52548e494c25685bffe31a33ff73d
b59346866fd92af0b674119aa85e3123fe928c7b small fix in 60_umc/75_ipchange_basic (oldip is (was) string not list)
FYI: setting up a VM with 2 interfaces and only configuring the 2nd interface to use DHCP using UMC later on shows the issues and the tracebacks in "/var/log/univention/management-console-module-ipchange.log": InvalidDNS_Information: Reverse zone and IP address are incompatible. ipAlreadyUsed: 169.254.30.182 Running "dhclient enp?s?" is not enough as the LL-FB-address is only enabled in /etc/dhcp/dhclient.conf in UCRV interfaces/$IFACE/type=='dhcp'. FIXED: 6543435ca2f5 | Bug #41052: yaml [4.3-0] 2822ddc869 Bug #41052 QA: ip/change YAML OK: errata-announce -V --only univention-network-manager.yaml OK: errata-announce -V --only univention-management-console-module-ipchange.yaml ~OK: b59346866fd9 | Bug #41052: 60_umc/75_ipchange_basic There is an unrelated change to ucs-test:80_docker/64_app_container_upgrade OK: bcc300f611d5 | Bug #41052: ignore lo and docker0 in univention-register-network-address OK: bcc300f611d5 | Bug #41052: ignore lo and docker0 in univention-register-network-address OK: 60_umc/75_ipchange_basic OK: udm computers/domaincontroller_master list | grep ip: OK: udm dns/host_record list | grep a: OK: udm dns/ptr_record list | grep ip: OK: /var/log/univention/management-console-module-ipchange.log OK: dig @localhost +short $(hostname -f)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/univention-network-manager_10.0.0-2A~4.3.0.201712121316.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/univention-network-manager_10.0.0-3A~4.3.0.201804231306.dsc @@ -1,6 +1,10 @@ -10.0.0-2A~4.3.0.201712121316 [Tue, 12 Dec 2017 13:16:40 +0100] Univention builddaemon <buildd@univention.de>: +10.0.0-3A~4.3.0.201804231306 [Mon, 23 Apr 2018 13:06:29 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +10.0.0-3 [Mon, 23 Apr 2018 13:05:06 +0200] Felix Botner <botner@univention.de>: + + * Bug #41052: ignore lo and docker0 in univention-register-network-address 10.0.0-2 [Tue, 12 Dec 2017 13:10:02 +0100] Jürn Brodersen <brodersen@univention.de>:
--- mirror/ftp/4.3/unmaintained/4.3-0/source/univention-management-console-module-ipchange_6.0.0-2A~4.3.0.201712211409.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/univention-management-console-module-ipchange_6.0.0-3A~4.3.0.201804231303.dsc @@ -1,6 +1,10 @@ -6.0.0-2A~4.3.0.201712211409 [Thu, 21 Dec 2017 14:09:02 +0100] Univention builddaemon <buildd@univention.de>: +6.0.0-3A~4.3.0.201804231303 [Mon, 23 Apr 2018 13:03:31 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +6.0.0-3 [Mon, 23 Apr 2018 13:00:47 +0200] Felix Botner <botner@univention.de>: + + * Bug #41052: ignore link local in ip/change (mostly Florian Best's patch) 6.0.0-2 [Thu, 21 Dec 2017 11:52:25 +0100] Florian Best <best@univention.de>:
<http://errata.software-univention.de/ucs/4.3/34.html> <http://errata.software-univention.de/ucs/4.3/35.html>