Bug 47105 - System Setup: Test outgoing connections before starting setup-join, warn if it does not work
System Setup: Test outgoing connections before starting setup-join, warn if i...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: System setup
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-1-errata
Assigned To: Richard Ulmer
Erik Damrose
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-30 14:16 CEST by Erik Damrose
Modified: 2018-08-22 14:26 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.206
Enterprise Customer affected?:
School Customer affected?:
ISV affected?: Yes
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Appliance, Error handling, Usability
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2018-05-30 14:16:19 CEST
UCS and UCS app appliances connect to several hosts during system setup
appcenter.software-univention.de
updates.software-univention.de
docker.software-univention.de
...

We should check the connectivity to these hosts (may want to get the hostnames from UCR) and warn if there is an issue. Also give hints about firewall and proxy settings, so that administrators do not have to debug these kind of things.

We currently check on the network page if 'an internet connection' is available, and warn when this is not true. Example: No IP address aqcuired via DHCP, APIPA address is used.
Comment 1 Richard Ulmer univentionstaff 2018-07-13 15:02:12 CEST
When clicking "Next" on the "Domain and network configuration" page in the system setup it will be checked if the servers from `ucr get repository/online/server` and `ucr get repository/app_center/server` can be reached.

univention-system-setup (11.0.5-6)
242395b0d806 | Bug #47105: Merge branch 'rulmer/47105' into 4.3-1
3bfe55407348 | Bug #47105: Add changelog entry
4097bf9eeba0 | Bug #47105: Add translations
ba3b1f2da1b4 | Bug #47105: Add check for reachability of the repository servers
d00b7743cea6 | Bug #47105: Refactor for readability
197afad16d29 | Bug #47105: Add minor cleanups for readability

univention-system-setup.yaml
867f935f5864 | Bug #47105: Update yaml file
Comment 2 Erik Damrose univentionstaff 2018-07-24 14:13:54 CEST
OK: new request repository_accessibility checks requests via curl.
OK: User can adjust the settings or chose to continue.

Code Review:
You introduced imports with relative paths in umc/python/setup/__init__.py. This is discouraged and generally not used, please change it to absolute imports.

Reopen: The current error message is not very helpful. It reads:
'Could not reach all repository servers. Please check if the UCR variables "repository/online/server" and "repository/app_center/server" are set correctly and the set servers can be reached through your network.'

A UCS Tester does not know what UCR variables are or how to set them, or what the correct values are. Besides, i think we can take it for granted that we configure well known servers in UCS, so we should not emphasize on 'correct' values.

To help testers at this point, the message should be clear and more precise, something like: "The server $URL can not be reached. For UCS to work properly, please configure the network, any proxy and firewall to allow UCS to access the server $URL"

Reopen: missing check for docker.software-univention.de. The address is currently used in app ini files, so it can be hardcoded in the check for now.
Comment 3 Richard Ulmer univentionstaff 2018-07-30 14:12:47 CEST
I have added docker.software-univention.de to the checked servers, changed to absolute imports and improved the error message as suggested in comment #2.

univention-system-setup (11.0.5-10)
7e64e68dfa9e | Bug #47105: Merge branch 'rulmer/47105' into 4.3-1
f7c91ebac0fc | Bug #47105: Add changelog entry
15d36ac6eb91 | Bug #47105: Change relative to absolute imports
9e8a14924668 | Bug #47105: Improve error message for unreachable repository servers
c6ba032aadca | Bug #47105: Also check if docker.software-univention.de is reachable

univention-system-setup.yaml
efe30a3fafbe | Bug #47105: Update yaml file
Comment 4 Erik Damrose univentionstaff 2018-07-31 13:57:15 CEST
The new popup looks very good.

Checks before repository_accessibility are not taken into account. If i configure e.g. no gateway, there is already a warning that UCS will not work correctly. If one clicks 'continue' here, the popup about the repository servers will be shown again. I think it is debatable if this is ok or only one popup should warn the user. I am ok with the current behavior.

Sorry i did not test far enough in my first QA, but i have some more issues:
* The check implemented here executes after the setup/net/apply request is finished. But while the test is running in the request setup/check/repository_accessibility, the network page is not blocked/disabled. I can click on next, which seems do to nothing. But looking at the browser debug tools, it starts another repository_accessibility request. These eventually come back and each may present the error message.
-> I think we should disable the network page as long as the request is running

* The checks for each server are done one after the other, which takes a lot of time. If wrong network settings are configured (no name resolutation for the servers), the repository_accessibility request takes 25 seconds. The curl calls could be started in parallel. We should also define a timeout, see curl options --connect-timeout and --max-time. Logging the curl return value can be useful when debugging any issues further.
Comment 5 Richard Ulmer univentionstaff 2018-08-01 11:49:23 CEST
Thanks for the thorough QA. I have now activated a standby animation when waiting for the UMCP commands, made the curl requests timeout and run in parallel and am logging curl return codes. 

univention-system-setup (11.0.5-12)
4e853e406216 | Bug #47105: Merge branch 'rulmer/47105' into 4.3-1
2a5d6ed60bc2 | Bug #47105: Add changelog entry
73118c28bc3d | Bug #47105: Log returncode if curl fails
481ac22e6998 | Bug #47105: Make curl requests in parallel to improve performance
a621cbad0274 | Bug #47105: Add timeout to curl request
7a2caa525470 | Bug #47105: Display standby animation during UMCP command

univention-system-setup.yaml
cc15b17b90df | Bug #47105: Update yaml file
Comment 6 Richard Ulmer univentionstaff 2018-08-02 13:15:37 CEST
univention-system-setup.yaml
d2599ed1d180 | Bug #47105: Update yaml file

univention-system-setup (11.0.5-14)
513b922cf900 | Bug #47105: Fix translation typo
Comment 7 Erik Damrose univentionstaff 2018-08-03 15:11:02 CEST
Nice solution. Even with not reachable servers the system setup page does not 'feel' slower when applying the network settings. We agreed on the maximum timeout of 10 seconds

The yaml is also fine.
-> Verified
Comment 8 Arvid Requate univentionstaff 2018-08-22 14:26:19 CEST
<http://errata.software-univention.de/ucs/4.3/214.html>