[PATCH] Finally run bind9_dlz spnego test, fix drs delete behaviour

Andrew Bartlett abartlet at samba.org
Mon Jun 17 19:01:12 MDT 2013 

On Sun, 2013-06-16 at 22:35 +0200, Stefan (metze) Metzmacher wrote:
> Am 10.06.2013 13:31, schrieb Andrew Bartlett:
> > On Wed, 2013-06-05 at 16:31 +1000, Amitay Isaacs wrote:
> >>
> >> On Tue, Jun 4, 2013 at 10:03 PM, Andrew Bartlett <abartlet at samba.org>
> >> wrote:
> >>         On Tue, 2013-06-04 at 16:39 +1000, Andrew Bartlett wrote:
> >>         > On Mon, 2013-06-03 at 22:27 +1000, Andrew Bartlett wrote:
> >>         > > On Sun, 2013-06-02 at 23:05 +1000, Andrew Bartlett wrote:
> >>         > > > I've been frustrated for over 6 months by why adding
> >>         some 'simple' tests
> >>         > > > to confirm that some of the crypto in the bind9_dlz code
> >>         works because
> >>         > > > it suddenly broke make test, particularly dbcheck.
> >>         > > >
> >>         > > > The attached patches just passed a private autobuild.
> >>          They add the
> >>         > > > 'problem' tests, but first we fix the behaviour of
> >>         DRS-initiated object
> >>         > > > deletes.
> >>         > > >
> >>         > > > Please review/push/comment (this patch series includes
> >>         the usnChanged
> >>         > > > series I posted a few days ago).
> >>         > > >
> >>         > > > >From here, I would like to continue to improve the
> >>         tests - the tests in
> >>         > > > source4/torture/drs/python/delete_object.py could be
> >>         trivially extended
> >>         > > > to add a 'description' and 'memberOf' element that we
> >>         should ensure gets
> >>         > > > deleted on both hosts, for example.  We could also watch
> >>         usnChanged
> >>         > > > values to ensure we delete the right stuff, but for now
> >>         I'm simply
> >>         > > > stunned that this could ever have worked with this
> >>         incorrect!
> >>         > >
> >>         > > Just as a heads-up I'm continuing to work on these
> >>         patches.  The point
> >>         > > tests I added (rather than just waiting for the dbcheck)
> >>         show the issue
> >>         > > isn't totally resolved, but is better.  (I somehow found a
> >>         > > member/memberOf link left over...).
> >>         > >
> >>         > > Review of this much would be helpful, but expect
> >>         additional changes as
> >>         > > we finally start to get this right.
> >>         >
> >>         > I've not finished the patch yet, but what seems clear is
> >>         that the issue
> >>         > comes from processing (rather that dropping/ignoring, as we
> >>         should)
> >>         > linked attributes and to deleted objects.
> >>         
> >>         
> >>         I'm almost shocked to finally have this finished, given how
> >>         long this
> >>         problem has dogged me.  The patches are in my
> >>         fix-drs-testing-14 branch,
> >>         and attached.
> >>         
> >>         Not only does this open up the chance to do more DRS testing,
> >>         and more
> >>         unrelated fixes to DRS replication (now that adding tests does
> >>         not
> >>         suddenly cause 'unrelated' breakages), it also allows us to
> >>         resume
> >>         adding tests of the bind9 DLZ module, which stalled out when
> >>         adding
> >>         bind9 tests broke stuff.
> >>         
> >>         The patches handle both normal and linked attributes,
> >>         following all the
> >>         special rules for deleted objects.
> >>         
> >>         
> >>
> >>
> >> Hi Andrew,
> >>
> >>
> >> While testing this branch I noticed that on the server object
> >> "dNSHostName" attribute is missing for joined DC.  I have samba4 DC
> >> (euler-i1) and Windows DC (w2008r2-i1) joined to samba4.
> > 
> >>
> >> ==== KCC CONNECTION OBJECTS ====
> >>
> >> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
> >> element'
> >>   File "bin/python/samba/netcmd/__init__.py", line 175, in _run
> >>     return self.run(*args, **kwargs)
> >>   File "bin/python/samba/netcmd/drs.py", line 177, in run
> >>     c_server_dns = c_server_res[0]["dNSHostName"][0]
> >>
> >>
> >> The error in printing KCC connection objects is due to missing
> >> "dNSHostName" attribute.
> > 
> > While I've not fixed the underlying failure, I have fixed the backtrace
> > in this situation. 
> > 
> >> There seem to be some more issues with replication. I was interested
> >> in finding out whether DNS zones replicate to windows successfully.
> >>
> >> Let me know if you need any more information.
> > 
> > There is sadly so much more to do.  I'll keep digging as I get time -
> > metze is having success with the patch set we have been working on, so
> > I'm hopeful I'll be able to at least reduce the backlog, and start
> > working from a fresh start. 
> 
> I had success and failure with commit
> 7b5e0826b1e944b3df33bc3bfb0870f379c5339b
> in this branch
> https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-abartlet
> 
> It seems to be still flakey, one failure I got (which seems to be
> related) was this:
> 
> [1565/1574 in 1h38m59s] samba4.drs.delete_object.python(promoted_dc)
> Testing for DrsDelObjUser_1371245151 with GUID
> 9e791a68-54c7-4c59-99b2-80f8eb09bc1a
> UNEXPECTED(failure):
> samba4.drs.delete_object.python(promoted_dc).delete_object.DrsDeleteObjectTestCase.test_ReplicateDele
> tedObject1(promoted_dc)
> REASON: _StringException: _StringException: Content-Type:
> text/x-traceback;charset=utf8,language=python
> traceback
> 30B
> Traceback (most recent call last):
>   File "/usr/lib/python2.6/dist-packages/testtools/runtest.py", line
> 128, in _run_user
>     return fn(*args)
>   File "/usr/lib/python2.6/dist-packages/testtools/testcase.py", line
> 368, in _run_test_method
>     testMethod()
>   File
> "/memdisk/metze/W/b639394/samba/source4/torture/drs/python/delete_object.py",
> line 193, in test_ReplicateDeletedObject1
>     self._check_obj(sam_ldb=self.ldb_dc1, obj_orig=user_orig,
> is_deleted=True)
>   File
> "/memdisk/metze/W/b639394/samba/source4/torture/drs/python/delete_object.py",
> line 81, in _check_obj
>     "User %s is deleted but it is not located under %s!" % (name_orig,
> dodn))
> AssertionError: User DrsDelObjUser_1371245151 is deleted but it is not
> located under CN=Deleted Objects,DC=samba,DC=example,DC=com!
> 0
> 
> FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites)

Thanks metze,

To assert with more certainty that deleted objects stay under the
'Deleted Objects' container I've implemented the attached, and I'm
running a number of autobuilds with this to try and verify that. 

The branch I'm testing is fix-drs-testing-21

https://git.samba.org/abartlet/samba.git/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/fix-drs-testing-21

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dsdb-Ensure-we-always-force-deleted-objects-back-und.patch
Type: text/x-patch
Size: 4788 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130618/578bb871/attachment.bin>

More information about the samba-technical mailing list