Project

General

Profile

Tâche #30556

Scénario #30539: Traitement express MEN (36-39)

L'import de la GPO EOLE se fait un reconfigure sur 2 sur un Scribe

Added by Emmanuel GARETTE about 1 year ago. Updated 12 months ago.

Status:
Fermé
Priority:
Normal
Start date:
09/04/2020
Due date:
% Done:

100%

Remaining (hours):
0.0

Description

Tant que la GPO n'est pas modifié, il ne devrait pas y avoir de réimporte de la GPO EOLE (sauf modification détecté) :

root@addc:~# /usr/share/eole/postservice/30-gposcript 
Import scripts and Registry.xml files in GPO (Krb)
 * update GPO
Password for [gpo-addc@DOMSCRIBE.AC-TEST.FR]:
 * updatePolicy: Machine Registry /usr/share/eole/gpo/reg/Machine/Registry.xml Machine/Preferences/Registry/Registry.xml
 * updatePolicy: User Scripts /usr/share/eole/gpo/script/User/scripts.ini User/Scripts/scripts.ini
 * updatePolicy: User Scripts /usr/share/eole/gpo/script/User/psscripts.ini User/Scripts/psscripts.ini
 * updatePolicy: User Scripts /usr/share/eole/gpo/script/User/ps.ps1 User/Scripts/Logon/ps.ps1
 * updatePolicy: Machine Scripts /usr/share/eole/gpo/script/Machine/scripts.ini Machine/Scripts/scripts.ini
 * updatePolicy: Machine Scripts /usr/share/eole/gpo/script/Machine/psscripts.ini Machine/Scripts/psscripts.ini
 * updatePolicy: Machine Scripts /usr/share/eole/gpo/script/Machine/installMinion.ps1 Machine/Scripts/StartUp/installMinion.ps1
Linked to container 'DC=domscribe,DC=ac-test,DC=fr'
 * GPO '{806793D9-2167-48CE-94C7-054394B46824}' already linked to this container
Import OK
Update OK
root@addc:~# /usr/share/eole/postservice/30-gposcript 
Import scripts and Registry.xml files in GPO (Krb)
 * update GPO
Suppression de la GPO EOLE "{806793D9-2167-48CE-94C7-054394B46824}" 
Password for [gpo-addc@DOMSCRIBE.AC-TEST.FR]:
GPO {806793D9-2167-48CE-94C7-054394B46824} is linked to containers
    Removed link from DC=domscribe,DC=ac-test,DC=fr.
GPO {806793D9-2167-48CE-94C7-054394B46824} deleted.
Enregistrement de la GPO EOLE "eole_script" 
Using temporary directory /tmp/tmpn9ecstq4 (use --tmpdir to change)
GPO 'eole_script' created as {81131335-87C8-4B82-A0A2-71618057E9D1}
 * Register 'WaitNetwork'
 * Add 'WaitNetwork' to GPO EOLE "eole_script" 
 * updatePolicy: Machine Registry /usr/share/eole/gpo/reg/Machine/Registry.xml Machine/Preferences/Registry/Registry.xml
 * updatePolicy: User Scripts /usr/share/eole/gpo/script/User/scripts.ini User/Scripts/scripts.ini
 * updatePolicy: User Scripts /usr/share/eole/gpo/script/User/psscripts.ini User/Scripts/psscripts.ini
 * updatePolicy: User Scripts /usr/share/eole/gpo/script/User/ps.ps1 User/Scripts/Logon/ps.ps1
 * updatePolicy: Machine Scripts /usr/share/eole/gpo/script/Machine/scripts.ini Machine/Scripts/scripts.ini
 * updatePolicy: Machine Scripts /usr/share/eole/gpo/script/Machine/psscripts.ini Machine/Scripts/psscripts.ini
 * updatePolicy: Machine Scripts /usr/share/eole/gpo/script/Machine/installMinion.ps1 Machine/Scripts/StartUp/installMinion.ps1
 * Restore link for GPO eole_script
linked to container 'DC=domscribe,DC=ac-test,DC=fr'
Linked to container 'DC=domscribe,DC=ac-test,DC=fr'
 * GPO '{81131335-87C8-4B82-A0A2-71618057E9D1}' already linked to this container
 * check_gpos_acl ...
 * Correction acl domscribe.ac-test.fr\Policies\{81131335-87C8-4B82-A0A2-71618057E9D1}\User
 * Correction acl domscribe.ac-test.fr\Policies\{81131335-87C8-4B82-A0A2-71618057E9D1}\Machine
 * Compute Hash, wait ...
Import OK
Update OK

Related issues

Related to EOLE AD DC - Tâche #17213: erreur lors de l'exécution de la commande 'samba-tool ntacl sysvolcheck' Fermé 09/22/2016

Associated revisions

Revision fbd70622 (diff)
Added by gilles.grandgerard about 1 year ago

Correction test gpo-tool-test.sh pour reproduire le cas d'erreur

REF #30556

Revision 2a70e5ca (diff)
Added by gilles.grandgerard about 1 year ago

Suite correction ACL, hashdeep semble renvoyer un résultat différent.
Nous imposons le calcul du hash à chaque appel

REF #30556

Revision 5efc6ec2
Added by gilles.grandgerard about 1 year ago

Merge branch '2.7.2/master' into dist/eole/2.7.2/master

REF #30556

Revision f9f36371
Added by gilles.grandgerard about 1 year ago

Merge remote-tracking branch 'origin/2.7.1/master'

REF #30556

Conflicts:
src/gpo_utils/importation.py

History

#1 Updated by Gilles Grandgérard about 1 year ago

La fonction de détection de modification de la GPO (hashdeep) semble ne plus renvoyer le bon résultat depuis que la correction des Acl est en place ('check_gpos_acl ...').
Donc, une fois sur deux elle signale que la GPO a été modifiée.

solution: recalculer systématiquement le hash.

A corriger depuis la 2.7.1.

#2 Updated by Gilles Grandgérard about 1 year ago

  • Related to Tâche #17213: erreur lors de l'exécution de la commande 'samba-tool ntacl sysvolcheck' added

#3 Updated by Gilles Grandgérard about 1 year ago

  • Tracker changed from Demande to Scénario
  • Project changed from Distribution EOLE to EOLE AD DC
  • Start date deleted (09/03/2020)
  • Parent task set to #30539

#4 Updated by Gilles Grandgérard about 1 year ago

  • Project changed from EOLE AD DC to Distribution EOLE
  • Status changed from Nouveau to Résolu
  • Start date set to 09/04/2020

#5 Updated by Joël Cuissinat about 1 year ago

  • Assigned To set to Gilles Grandgérard

#6 Updated by Fabrice Barconnière 12 months ago

  • Status changed from Résolu to Fermé
  • % Done changed from 0 to 100
  • Remaining (hours) set to 0.0

Les messages laissent penser que la mise à jour se fait à chaque reconfigure, mais il n'es est rien L'ID du GPO est identique à chaque reconfigure. Les tests Jenkins sont OK.
Test en 2.7.1 et 2.7.2

Also available in: Atom PDF