Bug 1507420 - LDB / Samba module version mismatch
Summary: LDB / Samba module version mismatch
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: samba
Version: 27
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: RejectedFreezeException
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-30 08:38 UTC by Bradi
Modified: 2017-11-11 02:59 UTC (History)
13 users (show)

Fixed In Version: samba-4.7.1-0.fc27
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-11 02:59:36 UTC


Attachments (Terms of Use)
Samba_Update_to_v4.7.0-17 (28.00 KB, text/plain)
2017-10-30 10:20 UTC, Bradi
no flags Details

Description Bradi 2017-10-30 08:38:00 UTC
Description of problem:
Unable to run "samba-tool domain provision --use-rfc2307 --interactive" to provision new AD Domain due to version mismatch between LDB and Samba.


Version-Release number of selected component (if applicable):
samba-4.7.0-14.fc27


How reproducible:
Consistently


Steps to Reproduce:
1. Run "samba-tool domain provision --use-rfc2307 --interactive"
2. Provide "Realm", "Domain", "Server Role" and "Password" details
3. Unable to continue due to module version mismatch error.


Actual results:
ldb: module version mismatch in ../source4/dsdb/samdb/ldb_modules/acl.c : ldb_version=1.3.0 module_version=1.2.2
ldb: failed to initialise module /usr/lib64/samba/ldb/acl.so : Unavailable
Setting up secrets.ldb
WARNING: Module [samba_secrets] not found - do you need to set LDB_MODULES_PATH?
Unable to load modules for /var/lib/samba/private/secrets.ldb: (null)
ERROR(ldb): uncaught exception - None
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 474, in run
    nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
  File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2140, in provision
    backend_credentials=provision_backend.credentials, lp=lp)
  File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 966, in setup_secretsdb
    secrets_ldb = Ldb(path, session_info=session_info, lp=lp)
  File "/usr/lib64/python2.7/site-packages/samba/__init__.py", line 114, in __init__
    self.connect(url, flags, options)



Expected results:
Domain provisioning to complete successfully.


Additional info:

Comment 1 Alexander Bokovoy 2017-10-30 08:48:16 UTC
Wrong component.

Can you reproduce it with samba-4.7.0-17.fc27? This is currently the latest version available in Bodhi and updates-testing: https://bodhi.fedoraproject.org/updates/FEDORA-2017-c8663d6898

Comment 2 Bradi 2017-10-30 10:20:43 UTC
Created attachment 1345365 [details]
Samba_Update_to_v4.7.0-17

Comment 3 Bradi 2017-10-30 10:22:47 UTC
Yes error still occurs with update to v4.7.0-17.

Comment 4 Alexander Bokovoy 2017-10-30 10:37:39 UTC
Ok, the issue is that libldb was updated in Fedora 27 to 1.3.0 on October 21st but it still wasn't part of the Fedora 27 buildroot by October 27th: here is a root.log from samba build: https://kojipkgs.fedoraproject.org//packages/samba/4.7.0/17.fc27/data/logs/x86_64/root.log

DEBUG util.py:439:   libldb-devel             x86_64 1.2.2-1.fc27                       build  80 k
DEBUG util.py:439:   libtalloc-devel          x86_64 2.1.10-4.fc27                      build  59 k
DEBUG util.py:439:   libtdb-devel             x86_64 1.3.15-1.fc27                      build  22 k
DEBUG util.py:439:   libtevent-devel          x86_64 0.9.33-3.fc27                      build  54 k

It still isn't a part of the buildroot.

Lukas, could you please create a buildroot override so that we can rebuild samba? Ideally, it also needs to be pushed as a single update in bodhi to prevent such problems.

Comment 5 Lukas Slebodnik 2017-10-30 16:59:55 UTC
https://bodhi.fedoraproject.org/overrides/libldb-1.3.0-2.fc27

But it might take some time till override will be active
   koji wait-repo f27-build --build=libldb-1.3.0-2.fc27

Comment 6 Fedora Blocker Bugs Application 2017-10-30 18:50:43 UTC
Proposed as a Freeze Exception for 27-final by Fedora user abbra using the blocker tracking app because:

 Proposed as a freeze exception because otherwise it is impossible to use Samba AD DC in Fedora 27. Samba AD DC is new to Fedora and is one of publicised features of Fedora 27.

Comment 7 Adam Williamson 2017-10-30 21:26:54 UTC
"Ok, the issue is that libldb was updated in Fedora 27 to 1.3.0 on October 21st"

No it wasn't. An update was *submitted to testing* on October 21st. Packages in u-t are not and never have been part of the buildroot unless a buildroot override is submitted.

The update has never been pushed to stable, nor has it ever been listed as being pushed to stable. It's been *submitted*, but of course has not been pushed, as we are frozen.

If this issue only occurs if you have the libldb from u-t (i.e. 1.3.0-2.fc27) and samba from stable - but works fine if both libldb and samba are from stable - then I don't think this needs or deserves an FE, because what's in stable is fine and consistent.

Similarly, if the case is as I understand it - 'libldb 1.3.0 breaks samba', basically - then the rebuilt samba *must* be added to the libldb update so that the two go stable together. I'd advise the update should be un-queued from batched/stable until that is done.

Comment 8 Alexander Bokovoy 2017-10-31 06:14:38 UTC
Adam, your last sentence is basically what I wrote in the comment 4.

I added an explicit '%requires_eq libldb' in samba-dc subpackage as of 4.7.0-18. This forces samba-dc to have 'Requires: libldb = <majorversion>' requires for the version of libldb in the buildroot. As result, we'll see such breakage much earlier, when a new version of libldb would be submitted.

Since I'm not a packager for libldb, I cannot submit a combined update, but I'll ask Andreas to do so.

Comment 9 Adam Williamson 2017-10-31 16:22:55 UTC
I can edit the build into the update for you once it's done, if you like (I'm a provenpackager so I can do that kinda stuff :>)

Comment 10 Alexander Bokovoy 2017-10-31 16:32:28 UTC
Yes, the package is built already for quite some time. Unfortunately, the other two persons who were able to combine updates had public holiday today and weren't online.

Please do the merge. ;)

Comment 11 Fedora Update System 2017-10-31 17:44:34 UTC
libldb-1.3.0-2.fc27 samba-4.7.0-18.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-18d849bd06

Comment 12 Fedora Update System 2017-10-31 19:08:46 UTC
libldb-1.3.0-2.fc27, samba-4.7.0-18.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-18d849bd06

Comment 13 Bradi 2017-11-01 02:18:06 UTC
Thanks guys, now running my Samba DC :)

Comment 14 Bradi 2017-11-03 06:37:49 UTC
Issues with SELinux / Bind9_DLZ see https://bugzilla.redhat.com/show_bug.cgi?id=1476187

Not seeing any audit messages unless I "sudo setenforce 0"

Comment 15 Fedora Update System 2017-11-03 12:28:46 UTC
libldb-1.3.0-2.fc27 samba-4.7.1-0.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-18d849bd06

Comment 16 Adam Williamson 2017-11-03 20:45:46 UTC
Discussed at 2017-11-01 to 2017-11-02 Fedora 27 Go/No-Go meeting, acting as a freeze exception review meeting: https://meetbot-raw.fedoraproject.org/fedora-meeting-1/2017-11-02/f27-final-and-server-beta-go-no-go-meeting.2017-11-02-17.00.html . To our best understanding, there is no real need for a freeze exception here, as the samba and libldb packages in stable (and thus in the F27 release candidate composes) - that is, samba-4.7.0-12.fc27 and libldb-1.2.2-1.fc27 - are consistent and compatible. There's no need to get the 1.3.0 / 4.7.1 update into the compose, it can be shipped fine as a post-release update. Thus this is rejected as a freeze exception issue.

Comment 17 Fedora Update System 2017-11-04 19:04:31 UTC
libldb-1.3.0-2.fc27, samba-4.7.1-0.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-18d849bd06

Comment 18 Fedora Update System 2017-11-11 02:59:36 UTC
libldb-1.3.0-2.fc27, samba-4.7.1-0.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.