Upgrade to UCS5 fails on Backup DC


I tried to upgrade UCS 4.4 to UCS 5 several times in different errata states. Right now I’m using 4.4-8 errata1101.
After successfully upgrading my Main DC, my Backup DC always fails. The problem is always caused by the package univention-dhcp.

Not updating umc/http/session/timeout
Not updating umc/http/response-timeout
Not updating umc/http/autostart
Not updating umc/http/port
Not updating umc/http/interface
Not updating umc/server/upload/min_free_space
Not updating umc/http/content-security-policy/default-src
Not updating umc/http/content-security-policy/script-src
Not updating umc/http/content-security-policy/object-src
Not updating umc/http/content-security-policy/style-src
Not updating umc/http/content-security-policy/img-src
Not updating umc/http/content-security-policy/media-src
Not updating umc/http/content-security-policy/frame-src
Not updating umc/http/content-security-policy/font-src
Not updating umc/http/content-security-policy/connect-src
Not updating umc/http/content-security-policy/form-action
Not updating umc/http/content-security-policy/frame-ancestors
Not updating umc/login/content-security-policy/frame-ancestors
Calling joinscript 92univention-management-console-web-server.inst ...
2021-11-20 03:14:21.987667791+01:00 (in joinscript_init)
Joinscript 92univention-management-console-web-server.inst finished with exitcode 1
Setting up univention-management-console (12.0.12-3A~ ...
Setting up univention-server-backup (15.0.4-4A~ ...
Installing new version of config file /etc/univention/templates/files/etc/logrotate.d/univention-server-password-change ...
Not updating ldap/server/port
Not updating ldap/server/type
Not updating server/password/interval
Setting server/role
Not updating server/password/cron
Multifile: /etc/samba/smb.conf
File: /etc/default/univention-directory-listener
File: /etc/cron.d/univention-system-stats
File: /etc/systemd/system/univention-directory-listener.service.d/20_start_order.conf
File: /usr/lib/univention-portal/config/config.json
File: /etc/default/heimdal-kdc
File: /etc/issue.net
File: /etc/default/ntpdate
File: /etc/issue
File: /etc/krb5.conf
File: /usr/share/univention-management-console/modules/setup-certificate.xml
File: /var/www/univention/meta.json
File: /etc/welcome.msg
File: /etc/ntp.conf
File: /etc/cron.d/univention-delayed-account-activation
dpkg-query: no packages found matching univention-ox-directory-integration
File: /etc/logrotate.d/univention-server-password-change
File: /etc/cron.d/univention-server-backup
Processing triggers for dictionaries-common (1.28.1) ...
Processing triggers for ca-certificates (20200601~deb10u2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Processing triggers for initramfs-tools (0.133+deb10u1) ...
update-initramfs: Generating /boot/initrd.img-4.19.0-16-amd64
Processing triggers for libgdk-pixbuf2.0-0:amd64 (2.38.1+dfsg-1) ...
Processing triggers for univention-config (15.0.7-8A~ ...
dpkg-query: Kein Paket gefunden, das auf ldapacl_66univention-appcenter_app.acl passt
dpkg-query: Kein Paket gefunden, das auf ldapacl_62univention-portal.acl passt
dpkg-query: Kein Paket gefunden, das auf ldapacl_66univention-ldap-server_acl-master-uvmm.acl passt
Errors were encountered while processing:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Sub-process /usr/bin/dpkg returned an error code (1)
Error: Failed to execute "apt-get -o DPkg::Options::=--force-confold -o DPkg::Options::=--force-overwrite -o DPkg::Options::=--force-overwrite-dir --trivial-only=no --assume-yes --quiet=1 -u dist-upgrade"

It looks a bit like this bug.

What information would be needed to narrow down the problem? I used snapshots to revert my machines back to the version they had before the upgrade. But I can upgrade them again to get the necessary information. I just saved the updater.log.

Or should I just open a bug ticket?

If you are sure it is related to univention-dhcp why not just remove the package in UCS4 , upgrade and re-install it again when upgrade is finished?

BTW: I had issues with univention-dhcp AFTER the upgrade, if you have, too do a search here in the forum.

I didn’t know if the issue was the dhcp package itself or a prerequisite, but univention-dhcp was at least responsible for stopping the upgrade process.

Strangely, the management GUI wouldn’t work anymore, after I upgraded my server.

apt install --reinstall univention-management-console univention-management-console-frontend univention-management-console-server univention-management-console-web-server solved it.

After uninstalling univention-dhcp I could upgrade, the following manual installation of univention-dhcp failed again.

Syslog told me, that my backup-server couldn’t be found in LDAP.
udm dhcp/server list did show my Main DC, but not my Backup DC.

univention-run-join-scripts --force --run-scripts 25univention-dhcp.inst didn’t work, because there already was an entry for ucs-backup.

What solved it in the end, was to delete ucs-backup on my Main DC and to register it completely anew with univention-join. I had to reinstall the webserver again, but after that, the web GUI did work on my backup DC, too.