Univention 4.2-3 broke into pieces - where do I start

I have a member server which I think also replicates LDAP from slaves. It is also nagios server. I do not have working Web interface on this server, so I had to use cli commands.
I tried running upgrade from cli using command univention-upgrade
Upgrade failed fairly quick and now I cannot ssh into this server with any user apart from root user.
I get following emails from this box:

Cron Daemon:

Cron <root@monitoring> /usr/share/univention-updater/updater-statistics > /dev/zero
/bin/sh: 1: /usr/share/univention-updater/updater-statistics: not found

Cron <root@monitoring> /usr/share/univention-updater/enable-apache2-umc
/bin/sh: 1: /usr/share/univention-updater/enable-apache2-umc: not found

Nagios:

Service: UNIVENTION_REPLICATION
CRITICAL: difference was = 100 over last 10 checks (nid=1058563 lid=952032)

Service: UNIVENTION_JOINSTATUS
CRITICAL: auth failed: ldapsearch -x -ZZ -D ldap_hostdn

I do not even know where to begin searching for issue. The command univention-upgrade is also not available from CLI any more.

All I have in updater.log:

Starting update process, this may take a while.
Check /var/log/univention/updater.log for more information.
Fri 29 Mar 11:53:43 GMT 2019
grep: /etc/apt/sources.list.d/15_ucs-online-version.list: No such file or directory
E: The method driver /usr/lib/apt/methods/https could not be found.
E: The method driver /usr/lib/apt/methods/https could not be found.
Error: Failed to execute "apt-get update"

I went through some logs, found this
tail ssl-sync.log

/bin/sh: 1: /usr/share/univention-ssl/ssl-sync: not found
/bin/sh: 1: /usr/share/univention-ssl/ssl-sync: not found
/bin/sh: 1: /usr/share/univention-ssl/ssl-sync: not found
/bin/sh: 1: /usr/share/univention-ssl/ssl-sync: not found
/bin/sh: 1: /usr/share/univention-ssl/ssl-sync: not found
/bin/sh: 1: /usr/share/univention-ssl/ssl-sync: not found

exitcode of univention-updater: 1
ERROR: update failed. Please check /var/log/univention/updater.log

cat ldap-policy.log

nfsmounts: FAIL: failed to execute `univention_policy_result cn=monitoring,cn=memberserver,cn=computers,dc=office,dc=com'
run-parts: /usr/lib/univention-directory-policy/nfsmounts exited with return code 1
Traceback (most recent call last):
  File "/usr/lib/univention-directory-policy/univention-policy-update-config-registry", line 146, in <module>
    main()
  File "/usr/lib/univention-directory-policy/univention-policy-update-config-registry", line 118, in main
    set_list = get_policy(host_dn, options.verbose)
  File "/usr/lib/univention-directory-policy/univention-policy-update-config-registry", line 50, in get_policy
    proc = subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE)
  File "/usr/lib/python2.7/subprocess.py", line 710, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1335, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory
run-parts: /usr/lib/univention-directory-policy/univention-policy-update-config-registry exited with return code 1

Sounds like a lot of essential packages have been removed. First you should reinstall the meta package for the server’s type which should pull in a lot of the other essential packages.

First determine your server type: ucr get server/role If that doesn’t work (e.g. because ucr isn’t found anymore) a simple grep server/role /etc/univention/base.conf should work, too.

Now install the corresponding univention-server-… package, e.g. univention-server-slave for the role domaincontroller_slave. Take a look at apt-cache search univention-server- if you’re unsure.

BTW, if the packages aren’t found then your APT sources are incomplete. As a stopgap measure you can copy /etc/apt/sources.list.d/15_ucs-online-version.list and …/20_ucs-online-component.list from another UCS server.

# ucr get server/role: memberserver

sudo apt search univention-server:
Sorting… Done
Full Text Search… Done
univention-server-member/now 12.0.0-13A~4.2.0.201709281718 all [residual-config]
(none)

I have /etc/apt/sources.list.d/00_ucs_temporary_installation.list
with only 4.2-3 and 2.3-4 version repositories. I did as you said and commented out this file, and created 15_ucs-online-version.list which now has repositories for version from 4.0-0 till 4.3-3

Tried apt udpate or apt-get update, but get this:

E: The method driver /usr/lib/apt/methods/https could not be found.
N: Is the package apt-transport-https installed?

cannot install apt-transport-https:

root@monitoring:/etc/apt/sources.list.d# apt install apt-transport-https
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  apt-transport-https
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
E: The method driver /usr/lib/apt/methods/https could not be found.
N: Is the package apt-transport-https installed?

Edit: Probably I will reinstall the whole server, seems like a lot of things are broken.

Could someone tell me how would it be possible to uninstall Nagios server from my Univention, App centre. I can only login into broken server with root user. I would like to remove it in a clean way.

You can uninstall App Center apps via the univention-app command-line utility. Use univention-app in order to list the installed apps and their names and univention-app remove <name> to uninstall an installed app.

univention-app command missing, tried installing univention-appcenter, could not install because apt-transport-https was missing and all repositories urls were starting with https.

Changed apt repositories urls https to http. Installed apt-transport-https, installing univention-appcenter with dependencies, will try your suggestion.

Could it be that upgrade failed because apt-transport-https was missing in the first place?

Your server is in a severely degraded state at the moment. If you want to try to continue fixing it (instead of re-installing as you said you’d do earlier), I highly suggest you install the correct univention-server-… package first as I said above.

Edit: apt-transport-https not being installed is just a symptom of other packages not being installed, primarily univention-server-…. That’s likely not the only important one missing. You should probably check /var/log/dpkg.log* when univention-server-… was removed, which other univention-… packages were removed, and try to reinstall those.

I only want to cleanly remove it from Univention. At the moment on domain controller it it shows that I have nagios installed, which is this broken machine. To remove it I would need to use univention-appcenter as you suggested.

It still does not work. Is there any other way? I wish just to delete the server but I do not want any leftovers on domain controller.

univention-app list and univention-app remove nagios fail to execute with lots of traceback. I think the error:

Traceback (most recent call last):
  File "/usr/bin/univention-app", line 91, in <module>
    main()
  File "/usr/bin/univention-app", line 78, in main
    ret = args.func(args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/__init__.py", line 226, in call_with_namespace
    result = self.main(namespace)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/remove.py", line 53, in main
    return self.do_it(args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/install_base.py", line 109, in do_it
    self._do_it(app, args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/docker_remove.py", line 51, in _do_it
    super(Remove, self)._do_it(app, args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/remove.py", line 64, in _do_it
    self._unregister_app(app, args)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/actions/register.py", line 624, in _unregister_app
    ldap_object = get_app_ldap_object(app, lo, pos)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 278, in get_app_ldap_object
    return ApplicationLDAPObject(app, lo, pos, or_create)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 178, in __init__
    self._reload(app, create_if_not_exists)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 189, in _reload
    self._udm_obj = init_object('appcenter/app', self._lo, self._pos, self.dn)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 74, in init_object
    module = _get_module(module, lo, pos)
  File "/usr/lib/pymodules/python2.7/univention/appcenter/udm.py", line 68, in _get_module
    udm_modules.init(lo, pos, mod)
  File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 125, in init
    univention.admin.ucr_overwrite_properties(module, lo)
  File "/usr/lib/pymodules/python2.7/univention/admin/__init__.py", line 59, in ucr_overwrite_properties
    ucr_prefix = ucr_property_prefix % module.module
AttributeError: 'NoneType' object has no attribute 'module'

I went back a bit and installed univention-server-member-role. That fixed the server. i can now remove the role safely. Thanks.

I have removed nagios from nagios server itself with command univention-app remove nagios
However it still appears on my domain controller in:
App Center -> Installed in domain -> Network monitoring (Nagios)
If I try remove from here, but get error:

The server tried to connect to the involved systems. The following hosts cannot be reached or do not have access to the App Center server:

  • monitoring

The following software changes on monitoring will be applied: an unknown amount of packages will be installed / upgraded, an unknown amount of packages will be removed , an unknown amount of packages are erroneous

Error from /var/log/univention/management-console-module-appcenter.log

15.04.19 17:57:11.602  MODULE      ( ERROR   ) : Error during remote appcenter/invoke: ('Could not send request.', CertificateError("hostname 'monitoring' doesn't match either of '*.local.company.com', 'local.comapny.com'",))

I have removed machine from Devices->Computers. Seems it removed Nagios from Software->App Centre.

The only thing left is Nagios in Devices tab, however that does not bother me, for now.

I think it can be resolved.

Mastodon