Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RHEL9 - Installation error temboard 9.0.1.1 #1547

Open
egaultier opened this issue Dec 16, 2024 · 7 comments
Open

RHEL9 - Installation error temboard 9.0.1.1 #1547

egaultier opened this issue Dec 16, 2024 · 7 comments

Comments

@egaultier
Copy link

egaultier commented Dec 16, 2024
edited by bersace
Loading

Hi

RHEL 9.5

postgresql 17.2

Temboard 9.0.1

INFO:  app: Starting temboard. version=9.0.1
temBoard 9.0.1 (/bin/temboard)
System Red Hat Enterprise Linux 9.5 (Plow)
Python 3.9.21 (/usr/bin/python3)
cryptography 36.0.1
Tornado 6.4.2
Flask 2.0.3
libpq 17.2
psycopg2 2.9.10 (dt dec pq3 ext lo64)
SQLAlchemy 1.4.45

When I execute the post install command :

sudo -i
PGPORT=5500 /usr/share/temboard/auto_configure.sh

I have an error :

cat /var/log/temboard-auto-configure.log
++ pwgen
++ od -vN 16 -An -tx1 /dev/urandom
++ tr -d ' \n'
+ export TEMBOARD_PASSWORD=5042e859bd086bfbb6231cf7b59878d6
+ TEMBOARD_PASSWORD=5042e859bd086bfbb6231cf7b59878d6
+ getent passwd temboard
+ log 'Creating system user temBoard.'
+ echo 'Creating system user temBoard.'
+ tee -a /dev/fd/3
Creating system user temBoard.
+ useradd --system --user-group --shell /bin/bash --home-dir /var/lib/temboard --comment 'temBoard Web UI' temboard
+ getent group ssl-cert
+ log 'Configuring temboard in /etc/temboard.'
+ tee -a /dev/fd/3
+ echo 'Configuring temboard in /etc/temboard.'
Configuring temboard in /etc/temboard.
+ mapfile -t sslfiles
++ set -eu
++ setup_ssl
++ local pki
++ for d in /etc/pki/tls /etc/ssl /etc/temboard
++ '[' -d /etc/pki/tls ']'
++ pki=/etc/pki/tls
++ break
++ '[' -z /etc/pki/tls ']'
++ '[' -f /etc/pki/tls/certs/ssl-cert-snakeoil.pem ']'
++ sslcert=/etc/pki/tls/certs/temboard-auto.pem
++ sslkey=/etc/pki/tls/private/temboard-auto.key
++ '[' -f /etc/pki/tls/certs/temboard-auto.pem ']'
++ log 'Generating self-signed certificate.'
++ tee -a /dev/fd/3
++ echo 'Generating self-signed certificate.'
Generating self-signed certificate.
++ openssl req -new -x509 -days 365 -nodes -subj '/C=XX/ST= /L=Default/O=Default/OU= /CN= ' -out /etc/pki/tls/certs/temboard-auto.pem -keyout /etc/pki/tls/private/temboard-auto.key
..+...+....+...+........+....+.....+.+.........+......+..+...+.......+...+......+...+.....+.............+.........+......+.....+...+.+++++++++++++++++++++++++++++++++++++++*........+.+..................+++++++++++++++++++++++++++++++++++++++*...+..........+............+............+.....+...+.......+.....+.+.....+......+.+.........+.....+......+...+.+...........+....+......+...+............+...+..............+...+..........+........+....+...+..+.+......+......+.....+....+.....+......+...+.+...+..+...............+....+..+.......+........+..........+.........+...+...+.........+......+............+.....................+.....+............+.........+....+......+......+.....++++++
......+..+++++++++++++++++++++++++++++++++++++++*............+....+..+++++++++++++++++++++++++++++++++++++++*........+...+.+.........+..+.........+....+...........+.............+.....+.+..+..........+...+.....+......+..........+...+.....+..........+...+...+...........+.+..+.+..+....+........+.+......+......+.....+....+...............+......+..+.+......+......+..+..........+...+............+..+..........+...........+...+..........+..+...+.....................+....+............+.....+.......+..+.+........+....+.....+.++++++
-----
++ chmod 640 /etc/pki/tls/private/temboard-auto.key
++ chgrp temboard /etc/pki/tls/private/temboard-auto.key
++ readlink -e /etc/pki/tls/certs/temboard-auto.pem /etc/pki/tls/private/temboard-auto.key
+ install -o temboard -g temboard -m 0750 -d /etc/temboard /var/log/temboard /var/lib/temboard
+ install -o temboard -g temboard -m 0640 /dev/null /etc/temboard/temboard.conf
+ generate_configuration /etc/pki/tls/certs/temboard-auto.pem /etc/pki/tls/private/temboard-auto.key
+ local sslcert=/etc/pki/tls/certs/temboard-auto.pem
+ shift
+ local sslkey=/etc/pki/tls/private/temboard-auto.key
+ shift
+ local created cookie_secret version
+ sudo -iu temboard test -r /etc/pki/tls/certs/temboard-auto.pem
+ catchall
+ local rc=1
+ trap - INT EXIT TERM
+ set +x

Can you help me please ?

Thank You
Emmanuel
@bersace
Copy link
Member

bersace commented Dec 16, 2024

Bonjour,

Quel est le retour de namei -om /etc/pki/tls/certs/temboard-auto.pem ?

@egaultier
Copy link
Author

image

@bersace
Copy link
Member

bersace commented Dec 16, 2024

Avez-vous SELinux activé ? getenforce vous le dira.

@egaultier
Copy link
Author

image

@egaultier
Copy link
Author

Bonjour

SElinux est bien activé. C'est une demande de nos équipes sécurité.
Comment puis je faire ?

Merci d'avance

@egaultier
Copy link
Author

egaultier commented Dec 19, 2024
edited
Loading

Bonjour

Le problème ne vient pas de SELinux, je viens de le passer en permissif.
Je suis revenu sur un snapshot fait avant l'install de temboard. J'ai tjs la même erreur au moment du script post insall.

la ligne de commande passée est : sudo PGPORT=5500 /usr/share/temboard/auto_configure.sh

image

Voici la log qui s'arrêt tjs au même moment.

`+ echo 'Creating system user temBoard.'

  • tee -a /dev/fd/3
    Creating system user temBoard.
  • useradd --system --user-group --shell /bin/bash --home-dir /var/lib/temboard --comment 'temBoard Web UI' temboard
  • getent group ssl-cert
  • log 'Configuring temboard in /etc/temboard.'
  • echo 'Configuring temboard in /etc/temboard.'
  • tee -a /dev/fd/3
    Configuring temboard in /etc/temboard.
  • mapfile -t sslfiles
    ++ set -eu
    ++ setup_ssl
    ++ local pki
    ++ for d in /etc/pki/tls /etc/ssl /etc/temboard
    ++ '[' -d /etc/pki/tls ']'
    ++ pki=/etc/pki/tls
    ++ break
    ++ '[' -z /etc/pki/tls ']'
    ++ '[' -f /etc/pki/tls/certs/ssl-cert-snakeoil.pem ']'
    ++ sslcert=/etc/pki/tls/certs/temboard-auto.pem
    ++ sslkey=/etc/pki/tls/private/temboard-auto.key
    ++ '[' -f /etc/pki/tls/certs/temboard-auto.pem ']'
    ++ log 'Generating self-signed certificate.'
    ++ tee -a /dev/fd/3
    ++ echo 'Generating self-signed certificate.'
    Generating self-signed certificate.
    ++ openssl req -new -x509 -days 365 -nodes -subj '/C=XX/ST= /L=Default/O=Default/OU= /CN= ' -out /etc/pki/tls/certs/temboard-auto.pem -keyout /etc/pki/tls/private/temboard-auto.key
    .....+....+......+......+...+...............+.....+.+..+...+++++++++++++++++++++++++++++++++++++++.....+.+..+...+..........+.....+++++++++++++++++++++++++++++++++++++++..+.+......+..+.......+..............+................+.....+......+...+....+...........+......+..........+.....+.+...............+.....+...+.+...........+.......+...+.........+........+...+...+.+...+.....+...+.........+.+..+......+.+......+...+.........+..+.+........+....+..+................+..+.......+.....+.............+...+..+.+..+............+......+.+.....+...+.......+.....+.+........+.+.........+..+...+.......+...+..+....+...+........+..........+..............+.++++++
    .+++++++++++++++++++++++++++++++++++++++.....+...+...+....+...+.....+...+++++++++++++++++++++++++++++++++++++++......+....+...+.....+.......+...........+.......+........+.+.....+....+......+........+..........+.....+...+...............+..........+...........................+........+...+.........+.+.....+......+.+...+..+....+.....+...+...+..................+......+....+...........+....+..+..........+..+......+.+.....+................+...............+..................+..+...+....+......+......+.....+......+....+...+.....+...+...+......+....+.....+......+...+.+......+........+............+.+.....+.............+..+....+.....+..........+..................+...........+.+......+.....+...+.......+.....++++++

++ chmod 640 /etc/pki/tls/private/temboard-auto.key
++ chgrp temboard /etc/pki/tls/private/temboard-auto.key
++ readlink -e /etc/pki/tls/certs/temboard-auto.pem /etc/pki/tls/private/temboard-auto.key

  • install -o temboard -g temboard -m 0750 -d /etc/temboard /var/log/temboard /var/lib/temboard
  • install -o temboard -g temboard -m 0640 /dev/null /etc/temboard/temboard.conf
  • generate_configuration /etc/pki/tls/certs/temboard-auto.pem /etc/pki/tls/private/temboard-auto.key
  • local sslcert=/etc/pki/tls/certs/temboard-auto.pem
  • shift
  • local sslkey=/etc/pki/tls/private/temboard-auto.key
  • shift
  • local created cookie_secret version
  • sudo -iu temboard test -r /etc/pki/tls/certs/temboard-auto.pem
  • catchall
  • local rc=1
  • trap - INT EXIT TERM
  • set +x
    ^[[1;31mFailure. See /var/log/temboard-auto-configure.log for details.^[[0m
    `

Nos serveurs Linux sont aussi durcis.

Merci d'avance

@egaultier
Copy link
Author

Bonjour

J'ai trouvé l'erreur dans mon cas.

Il y a un problème de propriétaire sur le fichier temboard-auto.pem.

image

en faisant un chown root:temboard /etc/pki/tls/certs/temboard-auto.pem

avant une seconde execution ca fonctionne.

Je reste à disposition en cas de besoin.

Emmanuel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bersace @egaultier