Univention Bugzilla – Bug 47105
System Setup: Test outgoing connections before starting setup-join, warn if it does not work
Last modified: 2018-08-22 14:26:19 CEST
UCS and UCS app appliances connect to several hosts during system setup appcenter.software-univention.de updates.software-univention.de docker.software-univention.de ... We should check the connectivity to these hosts (may want to get the hostnames from UCR) and warn if there is an issue. Also give hints about firewall and proxy settings, so that administrators do not have to debug these kind of things. We currently check on the network page if 'an internet connection' is available, and warn when this is not true. Example: No IP address aqcuired via DHCP, APIPA address is used.
When clicking "Next" on the "Domain and network configuration" page in the system setup it will be checked if the servers from `ucr get repository/online/server` and `ucr get repository/app_center/server` can be reached. univention-system-setup (11.0.5-6) 242395b0d806 | Bug #47105: Merge branch 'rulmer/47105' into 4.3-1 3bfe55407348 | Bug #47105: Add changelog entry 4097bf9eeba0 | Bug #47105: Add translations ba3b1f2da1b4 | Bug #47105: Add check for reachability of the repository servers d00b7743cea6 | Bug #47105: Refactor for readability 197afad16d29 | Bug #47105: Add minor cleanups for readability univention-system-setup.yaml 867f935f5864 | Bug #47105: Update yaml file
OK: new request repository_accessibility checks requests via curl. OK: User can adjust the settings or chose to continue. Code Review: You introduced imports with relative paths in umc/python/setup/__init__.py. This is discouraged and generally not used, please change it to absolute imports. Reopen: The current error message is not very helpful. It reads: 'Could not reach all repository servers. Please check if the UCR variables "repository/online/server" and "repository/app_center/server" are set correctly and the set servers can be reached through your network.' A UCS Tester does not know what UCR variables are or how to set them, or what the correct values are. Besides, i think we can take it for granted that we configure well known servers in UCS, so we should not emphasize on 'correct' values. To help testers at this point, the message should be clear and more precise, something like: "The server $URL can not be reached. For UCS to work properly, please configure the network, any proxy and firewall to allow UCS to access the server $URL" Reopen: missing check for docker.software-univention.de. The address is currently used in app ini files, so it can be hardcoded in the check for now.
I have added docker.software-univention.de to the checked servers, changed to absolute imports and improved the error message as suggested in comment #2. univention-system-setup (11.0.5-10) 7e64e68dfa9e | Bug #47105: Merge branch 'rulmer/47105' into 4.3-1 f7c91ebac0fc | Bug #47105: Add changelog entry 15d36ac6eb91 | Bug #47105: Change relative to absolute imports 9e8a14924668 | Bug #47105: Improve error message for unreachable repository servers c6ba032aadca | Bug #47105: Also check if docker.software-univention.de is reachable univention-system-setup.yaml efe30a3fafbe | Bug #47105: Update yaml file
The new popup looks very good. Checks before repository_accessibility are not taken into account. If i configure e.g. no gateway, there is already a warning that UCS will not work correctly. If one clicks 'continue' here, the popup about the repository servers will be shown again. I think it is debatable if this is ok or only one popup should warn the user. I am ok with the current behavior. Sorry i did not test far enough in my first QA, but i have some more issues: * The check implemented here executes after the setup/net/apply request is finished. But while the test is running in the request setup/check/repository_accessibility, the network page is not blocked/disabled. I can click on next, which seems do to nothing. But looking at the browser debug tools, it starts another repository_accessibility request. These eventually come back and each may present the error message. -> I think we should disable the network page as long as the request is running * The checks for each server are done one after the other, which takes a lot of time. If wrong network settings are configured (no name resolutation for the servers), the repository_accessibility request takes 25 seconds. The curl calls could be started in parallel. We should also define a timeout, see curl options --connect-timeout and --max-time. Logging the curl return value can be useful when debugging any issues further.
Thanks for the thorough QA. I have now activated a standby animation when waiting for the UMCP commands, made the curl requests timeout and run in parallel and am logging curl return codes. univention-system-setup (11.0.5-12) 4e853e406216 | Bug #47105: Merge branch 'rulmer/47105' into 4.3-1 2a5d6ed60bc2 | Bug #47105: Add changelog entry 73118c28bc3d | Bug #47105: Log returncode if curl fails 481ac22e6998 | Bug #47105: Make curl requests in parallel to improve performance a621cbad0274 | Bug #47105: Add timeout to curl request 7a2caa525470 | Bug #47105: Display standby animation during UMCP command univention-system-setup.yaml cc15b17b90df | Bug #47105: Update yaml file
univention-system-setup.yaml d2599ed1d180 | Bug #47105: Update yaml file univention-system-setup (11.0.5-14) 513b922cf900 | Bug #47105: Fix translation typo
Nice solution. Even with not reachable servers the system setup page does not 'feel' slower when applying the network settings. We agreed on the maximum timeout of 10 seconds The yaml is also fine. -> Verified
<http://errata.software-univention.de/ucs/4.3/214.html>