Bug 46300 - docker/autostart value changes are not recognized if they are changed on different layers
docker/autostart value changes are not recognized if they are changed on diff...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: General
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.3-1-errata
Assigned To: Jürn Brodersen
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-16 11:29 CET by Christina Scheinig
Modified: 2018-06-27 14:37 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support: Yes
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018020121000654
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2018-02-16 11:29:02 CET
In a customer environment, the following situation occurred. Starting docker was always possible. Setting and unsetting the ucrv docker/autostart seems to have no consequence.
________________________________________________________________________________
root@master:~# systemctl list-unit-files |grep docker
docker.service                         enabled
docker.socket                          enabled
________________________________________________________________________________
root@master:~# ucr get docker/autostart
no
________________________________________________________________________________
ucr set docker/autostart='yes'
Setting docker/autostart
W: docker/autostart is overridden by scope "ldap"
Module: autostart
________________________________________________________________________________
root@master:~# grep docker/autostart /etc/univention/base*conf
/etc/univention/base.conf:docker/autostart: yes
/etc/univention/base-ldap.conf:docker/autostart: no
________________________________________________________________________________
root@master:~# ucr set --force docker/autostart='yes'
Create docker/autostart
Module: autostart
None → old
yes → new
root@master:~# systemctl list-unit-files |grep docker
docker.service                         enabled
docker.socket                          enabled
root@master:~# ucr unset --force docker/autostart
Unsetting docker/autostart
Module: autostart
yes → old
None → new
root@master:~# systemctl list-unit-files |grep docker
docker.service                         enabled
docker.socket                          enabled
________________________________________________________________________________


The situation could be fixed with setting and unsetting the ucr value on ldap-layer:

root@master:~# ucr set --ldap-policy docker/autostart='yes'·
Setting docker/autostart
Module: autostart
no
yes
root@master:~# grep docker/autostart /etc/univention/base*conf
/etc/univention/base.conf:docker/autostart: yes
/etc/univention/base-ldap.conf:docker/autostart: yes
root@master:~# systemctl list-unit-files |grep docker
docker.service                         enabled·
docker.socket                          enabled·
root@master:~# ucr set --ldap-policy docker/autostart='no'·
Setting docker/autostart
Module: autostart
yes
no
root@master:~# systemctl list-unit-files |grep docker
docker.service                         masked··
docker.socket                          enabled·
________________________________________________________________________________
Comment 1 Stefan Gohmann univentionstaff 2018-05-29 21:06:40 CEST
It is a problem in the autostart handling file and not a Docker problem. It was introduced with Bug #43470.
Comment 2 Jürn Brodersen univentionstaff 2018-06-11 19:08:44 CEST
The ucr autostart module is not scope aware.

It uses the changed variable which it gets from ucr. That variable does not contain the effective change but only the change on the scope.

Changing that in ucr might be problem (backwards compatibility?).
I will probably fix that by not using the changed variable in the autostart module and instead always call systemctl without checking if the value actually changed.
Comment 3 Jürn Brodersen univentionstaff 2018-06-13 17:16:26 CEST
[4.3-1 628afa8c38] Bug #46300: Do not ignore ucr layers in ucr autostart module
[4.3-1 864b663b7f] Bug #46300: YAML

Is a backport needed?
Comment 4 Philipp Hahn univentionstaff 2018-06-20 18:27:39 CEST
OK: 628afa8c38
OK: 864b663b7f
OK: univention-base-files.yaml
OK: errata-announce -V --only univention-base-files.yaml
OK:
  find /???/systemd -name docker.service -ls
  ucr set --ldap-policy docker/autostart=yes
  ucr set docker/autostart=no
  find /???/systemd -name docker.service -ls
  ucr unset --ldap-policy docker/autostart
  find /???/systemd -name docker.service -ls
  ucr set --forced docker/autostart=yes
  find /???/systemd -name docker.service -ls
  ucr unset --forced docker/autostart
  find /???/systemd -name docker.service -ls
  ucr set docker/autostart=yes
  find /???/systemd -name docker.service -ls
Comment 5 Erik Damrose univentionstaff 2018-06-27 14:37:24 CEST
<http://errata.software-univention.de/ucs/4.3/122.html>