No updates UCS 4.3-0

UCS - Univention Corporate Server
,
#1

Dear Forum
After a successful installation I am getting an error while trying to update. System diagnostic shows a warning: Check errors in sources.list files. I checked and got following results.

Has someone a hint what it could be?

Best regards
Alexander

ucr get repository/online/server
https://updates.software-univention.de/

ucr search version
repository/mirror/version/end: <empty>
 If the mirroring of the repository is active (see 'repository/mirror'), this variable is set each time to the UCS version which was last retrieved from the mirror.

repository/mirror/version/start: <empty>
 If the mirroring of the repository is active (see 'repository/mirror'), this variable configures the lowest UCS version which is retrieved from the mirror.

repository/online/component/.*/version: <empty>
 Components can be versioned. This ensures that only components are installed that are compatible with a UCS version. If the variable is empty or unset, all versions of the same major number will be used. If for example UCS 3.2 is installed, all repositories of the component with version numbers 3.0, 3.1 and 3.2 will be used if available. If the variable is set to 'current' all versions of the same major version will be included. Additionally it will block all minor and major upgrades of the installed UCS system until the respective component is also available for the new release. Patch level and errata updates are not affected.

repository/online/component/4.3-0-errata/version: 4.3
 Components can be versioned. This ensures that only components are installed that are compatible with a UCS version. If the variable is empty or unset, all versions of the same major number will be used. If for example UCS 3.2 is installed, all repositories of the component with version numbers 3.0, 3.1 and 3.2 will be used if available. If the variable is set to 'current' all versions of the same major version will be included. Additionally it will block all minor and major upgrades of the installed UCS system until the respective component is also available for the new release. Patch level and errata updates are not affected.

update/umc/nextversion: true

version/erratalevel: 0
 Four types of UCS updates are differentiated: Major releases (released approximately every four years, may introduce bigger changes), minor releases (released approximately every 6-8 months, error corrections and new functions), patch level releases (released every 2-3 months, less changes compared to a minor release, focus on bugfixes) and errata updates (timely bugfixes for security problems and critical bugs). This variable is set automatically during updates and contains the version of the installed errata updates.

version/patchlevel: 0
 Four types of Univention Configuration Registry updates are differentiated: Major releases (released approximately every four years, may introduce bigger changes), minor releases (released approximately every 6-8 months, error corrections and new functions), patch level releases (released every 2-3 months, less changes compared to a minor release, focus on bugfixes) and errata updates (timely bugfixes for security problems and critical bugs). This variable is set automatically during updates and contains the version of the installed patch level release.

version/releasename: Neustadt
 This variable contains the codename of the UCS release.

version/version: 4.3
 Four types of UCS updates are differentiated: Major releases (released approximately every four years, may introduce bigger changes), minor releases (released approximately every 6-8 months, error corrections and new functions), patch level releases (released every 2-3 months, less changes compared to a minor release, focus on bugfixes) and errata updates (timely bugfixes for security problems and critical bugs). This variable is set automatically during updates and contains the version of major and minor update.

ping updates.software-univention.de
PING updates.software-univention.de (176.9.114.147) 56(84) bytes of data.
64 bytes from download2.software-univention.de (176.9.114.147): icmp_seq=1 ttl=56 time=7.90 ms
64 bytes from download2.software-univention.de (176.9.114.147): icmp_seq=2 ttl=56 time=8.05 ms
64 bytes from download2.software-univention.de (176.9.114.147): icmp_seq=3 ttl=56 time=8.02 ms

apt-get update
File: /etc/apt/sources.list.d/15_ucs-online-version.list
An error occurred during the repository check. The error message:
Reading package lists... Done
E: Problem executing scripts APT::Update::Pre-Invoke 'grep -Fqs '# An error occurred during the repository check.' /etc/apt/sources.list.d/15_ucs-online-version.list && ucr commit /etc/apt/sources.list.d/15_ucs-online-version.list ; ! grep -F '# An error occurred during the repository check.' /etc/apt/sources.list.d/15_ucs-online-version.list'
E: Sub-process returned an error code
#2

Hey Alexander,

current UCS version is 4.3-0 errata3, and there are no further updates. The following is the output of a fresh and unmodified installation from yesterday after successful update:
https://pastebin.com/vX6sXvZB

May you are using a additional firewall between your server and https://updates.software-univention.de/? Are you are able to direct download a deb package from your server, i.e. doing something like this?

root@dc1:~# curl -O 'https://updates.software-univention.de/4.3/maintained/component/4.3-0-errata/amd64/isc-dhcp-server_4.3.5-3+deb9u1A~4.3.0.201803131309_amd64.deb'
#3

Hi Lutz, thanks for your help.

The download does not work. I scanned my ports with the results:

PORT    STATE SERVICE
22/tcp  open  ssh
53/tcp  open  domain
80/tcp  open  http
443/tcp open  https

Do I have to open a specific port for the repositories?

#4

Hey Xela,
seems you are not able to download anything, so you have to find out why. In order to be able to help you better it would be helpful to know the error message instead of “does not work”. So what is the exact error message if you try to download something?

If you are located inside a company or organisation, you often have to use a proxy server to be able to reach the internet, or you have to check/adapt the outgoing firewall (i.e not your opened ports on the host itself). Do you have a proxy server or firewall?

From your newly installed host, are you able to download from a random server instead from univention? Here is a example using a not encrypted download from debian.org:

root@dc1:~# curl -O 'http://ftp.de.debian.org/debian/pool/main/a/a56/a56_1.3+dfsg-8+b1_amd64.deb'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 35178  100 35178    0     0   380k      0 --:--:-- --:--:-- --:--:--  381k
root@dc1:~# ls *deb
a56_1.3+dfsg-8+b1_amd64.deb
root@dc1:~#
#5

Hi Lutz

It is an UCS running in latest Proxmox on a dedicated server @OVH. Firewalls are disabled at the moment, no proxy. In Proxmox with vmbr0, name, given MAC. ‘/etc/network/interfaces’ is set via variables according OVH:

auto lo
iface lo inet loopback

auto ens18
iface ens18 inet static
        address FO IP
        netmask 255.255.255.255
        broadcast FO IP
        post-up route add GW IP dev ens18
        post-up route add default gw GW IP
        pre-down route del GW IP dev ens18
        pre-down route del default gw GW IP

root@ucs:~# curl -O 'https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-9.4.0-amd64-DVD-1.iso'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   357  100   357    0     0   1851      0 --:--:-- --:--:-- --:--:--  1859
root@ucs:~#

Starts a download but does not download the full file.

root@ucs:~# wget https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-9.4.0-amd64-DVD-1.iso
--2018-03-26 12:16:30--  https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-9.4.0-amd64-DVD-1.iso
Resolving cdimage.debian.org (cdimage.debian.org)... 194.71.11.173, 194.71.11.165, 2001:6b0:19::165, ...
Connecting to cdimage.debian.org (cdimage.debian.org)|194.71.11.173|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://saimei.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-9.4.0-amd64-DVD-1.iso [following]
--2018-03-26 12:16:30--  https://saimei.ftp.acc.umu.se/debian-cd/current/amd64/iso-dvd/debian-9.4.0-amd64-DVD-1.iso
Resolving saimei.ftp.acc.umu.se (saimei.ftp.acc.umu.se)... 194.71.11.138, 2001:6b0:19::138
Connecting to saimei.ftp.acc.umu.se (saimei.ftp.acc.umu.se)|194.71.11.138|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3977379840 (3.7G) [application/x-iso9660-image]
Saving to: 'debian-9.4.0-amd64-DVD-1.iso.3'

debian-9.4.0-amd64-DVD-1.iso.3      0%[                                                           ]       0  --.-KB/s

... hangs.

Pinging out works well:

root@ucs:~# ping google.com
PING google.com (216.58.209.238) 56(84) bytes of data.
64 bytes from par10s29-in-f238.1e100.net (216.58.209.238): icmp_seq=1 ttl=56 time=6.31 ms
64 bytes from par10s29-in-f238.1e100.net (216.58.209.238): icmp_seq=2 ttl=56 time=6.34 ms
64 bytes from par10s29-in-f238.1e100.net (216.58.209.238): icmp_seq=3 ttl=56 time=6.36 ms
64 bytes from par10s29-in-f238.1e100.net (216.58.209.238): icmp_seq=4 ttl=56 time=6.45 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 6.310/6.366/6.453/0.095 ms

A port scan shows:

Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-26 12:08 +07
Nmap scan report for ucs.xx.com (xx.xx.xx.xx)
Host is up (0.40s latency).
Not shown: 978 filtered ports
PORT      STATE  SERVICE
21/tcp    open   ftp
22/tcp    open   ssh
25/tcp    open   smtp
53/tcp    open   domain
80/tcp    open   http
88/tcp    open   kerberos-sec
110/tcp   open   pop3
111/tcp   open   rpcbind
113/tcp   closed ident
143/tcp   open   imap
389/tcp   open   ldap
443/tcp   open   https
636/tcp   open   ldapssl
749/tcp   open   kerberos-adm
2000/tcp  open   cisco-sccp
2049/tcp  open   nfs
5060/tcp  open   sip
5666/tcp  open   nrpe
6669/tcp  open   irc
7777/tcp  open   cbt
8008/tcp  open   http
32768/tcp open   filenet-tms

Nmap done: 1 IP address (1 host up) scanned in 45.04 seconds
#6

Hey,

Does the same same download work from your Proxmox hypervisor and from another virtual machine?

Kind regards,
mosu

#7

Hi,
A download with wget is successful in Proxmox and in another VM. But curl does not work (in both), same results.

Best regards
Alexander

#8

Hey,

to me this sounds a bit like MTU problems. Try running e.g. tracepath www.heise.de in the UCS VM and in another VM and see if there are differences in the reported PMTU values.

Kind regards,
mosu

1 Like
#9

Hi there,

I changed the MTU back to 1450 and everything works proper again.
Thank you very much for your support, I appreciate it very much!

Best regards
Alexander

Mastodon