Bug 48475 - duplicate MAC prevents successful join
duplicate MAC prevents successful join
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Join (univention-join)
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-3-errata
Assigned To: Jannik Ahlers
Jürn Brodersen
:
Depends on:
Blocks: 49298
  Show dependency treegraph
 
Reported: 2019-01-15 16:53 CET by Nico Stöckigt
Modified: 2019-04-15 17:11 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019011521000575, 2019021921000351
Bug group (optional):
Max CVSS v3 score:
ahlers: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Stöckigt univentionstaff 2019-01-15 16:53:50 CET
The join fails with Message "E: failed to create DC Slave (1) [E: Object exists: (mac)  aa:bb:cc:dd:ee:ff]" but there is no entry in OpenLDAP that is related to the Slave (Hostname nor MAC)

============================================================
Tue Jan 15 12:41:34 CET 2019: starting /usr/sbin/univention-join -dcname srv10.schule.stadt.intranet -dcaccount Administrator -dcpwd /tmp/tmp4bBISx
running version check
OK: UCS version on srv10.schule.stadt.intranet is higher or equal (4.33) to the local version (4.33).
Stopping slapd (via systemctl): slapd.service.
Starting slapd (via systemctl): slapd.service.
Tue Jan 15 12:41:46 CET 2019
univention-server-join: joins a server to an univention domain
copyright (c) 2001-2018 Univention GmbH, Germany

E: failed to create DC Slave (1) [E: Object exists: (mac)  ac:1f:6b:77:6d:f6]


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- failed to create DC Slave (1) [E: Object exists: (mac)  aa:bb:cc:dd:ee:ff]
**************************************************************************
Tue Jan 15 12:41:48 CET 2019: finish /usr/sbin/univention-join

============================================================
Comment 1 Nico Stöckigt univentionstaff 2019-01-15 16:58:34 CET
The Environment is UCS 4.3-3 current erratum

There are two interfaces with the same MAC address and it figures out that the udm command to create the object tries to add both mac addresses but fails. (see attachments)

Here some additional info about the network:

root@srv1:/usr/share/univention-join# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether aa:bb:cc:dd:00:11 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
    inet 172.23.255.253/24 brd 172.23.255.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::ae1f:6bff:fe77:6df6/64 scope link 
       valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:f2:f5:52:70 brd ff:ff:ff:ff:ff:ff
    inet 172.17.42.1/16 scope global docker0
       valid_lft forever preferred_lft forever
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fa:fb:fc:fd:fe:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe41:d6c2/64 scope link 
       valid_lft forever preferred_lft forever


root@srv1:/usr/share/univention-join# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.aabbccddeeff       no              eno1
                                                        vnet0
docker0         8000.0242f2f55270       no
Comment 3 Nico Stöckigt univentionstaff 2019-01-15 17:07:37 CET
A Workaround might be to find the udm command in the log, edit it by removing duplicate mac addresses and execute it manually. If the host object is successfully created the next 'univention-join' will be successful.
Comment 4 Jannik Ahlers univentionstaff 2019-02-07 13:51:56 CET
The problem is that univention-join tries to add mac addresses of network bridges to the computer object. These are the same as the macs of the master interfaces, and therefore udm failes to create the object.

The fix is to make univention-join only append mac addresses of "real" interfaces to the computer objects.

I fixed it in git branch jahlers/48475-join-duplicate-macs.
Comment 5 Philipp Hahn univentionstaff 2019-02-07 17:14:43 CET
(In reply to Jannik Ahlers from comment #4)
> I fixed it in git branch jahlers/48475-join-duplicate-macs.

That patch is wrong:
> 	mac_addr="$(LC_ALL=C ip link show | grep -A 1 "eth[0-9]" | ...

you MUST NOT assume that real interfaces are names "eth*"; that was true a long time ago in Linux but with persistent naming they are named "en*" ow "wl*" or whatever you configure. See <https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/>

$ find /sys/class/net/* -not -lname ../../devices/virtual/\* -exec cat {}/address \;

See <https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-net> for more details about /sys/class/net/<iface>/
Comment 6 Jannik Ahlers univentionstaff 2019-02-08 08:53:27 CET
(In reply to Philipp Hahn from comment #5)
> (In reply to Jannik Ahlers from comment #4)
> > I fixed it in git branch jahlers/48475-join-duplicate-macs.
> 
> That patch is wrong:
> > 	mac_addr="$(LC_ALL=C ip link show | grep -A 1 "eth[0-9]" | ...
> 
> you MUST NOT assume that real interfaces are names "eth*"; that was true a
> long time ago in Linux but with persistent naming they are named "en*" ow
> "wl*" or whatever you configure. See
> <https://www.freedesktop.org/wiki/Software/systemd/
> PredictableNetworkInterfaceNames/>
> 
> $ find /sys/class/net/* -not -lname ../../devices/virtual/\* -exec cat
> {}/address \;
> 
> See <https://www.kernel.org/doc/Documentation/ABI/testing/sysfs-class-net>
> for more details about /sys/class/net/<iface>/

Thanks for the tip. I was desperate to find a better solution yesterday, but I didn't come up with anything.
I pushed the new command to the branch.
Comment 7 Jannik Ahlers univentionstaff 2019-02-22 10:59:17 CET
To reliably reproduce the bug, you will have to add multiple network interfaces to your VM and add some bridges to them.

4.3-3:
25393bc Bug #48475: yaml
2fd2a57 Bug #48475: debian changelog
a7725f8 Bug #48475: Merge branch 'jahlers/48475-join-duplicate-macs' into 4.3-3
3f46bb5 Bug #48475: use philipps better command to find real network interfaces
7102175 Bug #48475: make univention-join create computer objects with real network interfaces only

Successful build
Package: univention-join
Version: 10.0.0-32A~4.3.0.201902221045
Branch: ucs_4.3-0
Scope: errata4.3-3

4.4:
beb2b38 Bug #48475: debian changelog
2186555 Bug #48475: use philipps better command to find real network interfaces
91a51b4 Bug #48475: make univention-join create computer objects with real network interfaces only

Successful build
Package: univention-join
Version: 11.0.1-11A~4.4.0.201902221049
Branch: ucs_4.4-0
Comment 8 Jürn Brodersen univentionstaff 2019-03-01 13:11:42 CET
Looks good :)

Join works (with multiple bridges) -> OK
Only mac from physical interfaces is added -> OK
4.4 merge -> OK

Small yaml change:
[4.3-3 8e09fed05e] Bug #48475: yaml
-> verified
Comment 9 Arvid Requate univentionstaff 2019-03-06 13:45:24 CET
<http://errata.software-univention.de/ucs/4.3/449.html>