2.2 to 2.3 upgrade failure
44 views
Skip to first unread message
Todd F
May 26, 2015, 4:06:30 PM5/26/15
to priva...@googlegroups.com
This is what I get when trying to upgrade on Ubuntu 14 per the upgrade instructions at http://privacyidea.readthedocs.org/en/v2.3/installation/upgrade.html#stopping-your-server
Ultimately what happens is I get wrong otp pin in the web gui and the system no longer authenticates to the remote servers.
The log file is empty.
root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db stamp 4f32a4e1bf33
The configuration name is: production
Additional configuration can be read from the file /etc/privacyidea/pi.cfg
Traceback (most recent call last):
File "/usr/bin/pi-manage.py", line 401, in <module>
manager.run()
File "/usr/lib/python2.7/dist-packages/flask_script/__init__.py", line 405, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File "/usr/lib/python2.7/dist-packages/flask_script/__init__.py", line 384, in handle
return handle(app, *positional_args, **kwargs)
File "/usr/lib/python2.7/dist-packages/flask_script/commands.py", line 145, in handle
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/flask_migrate/__init__.py", line 88, in stamp
config = _get_config(directory)
File "/usr/lib/python2.7/dist-packages/flask_migrate/__init__.py", line 37, in _get_config
config.set_main_option('script_location', directory)
File "/usr/lib/python2.7/dist-packages/alembic/config.py", line 142, in set_main_option
self.file_config.set(self.config_ini_section, name, value)
File "/usr/lib/python2.7/ConfigParser.py", line 753, in set
ConfigParser.set(self, section, option, value)
File "/usr/lib/python2.7/ConfigParser.py", line 396, in set
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: 'alembic'
root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db stamp 4f32a4e1bf33
The configuration name is: production
Additional configuration can be read from the file /etc/privacyidea/pi.cfg
Traceback (most recent call last):
File "/usr/bin/pi-manage.py", line 401, in <module>
manager.run()
File "/usr/lib/python2.7/dist-packages/flask_script/__init__.py", line 405, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File "/usr/lib/python2.7/dist-packages/flask_script/__init__.py", line 384, in handle
return handle(app, *positional_args, **kwargs)
File "/usr/lib/python2.7/dist-packages/flask_script/commands.py", line 145, in handle
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/flask_migrate/__init__.py", line 88, in stamp
config = _get_config(directory)
File "/usr/lib/python2.7/dist-packages/flask_migrate/__init__.py", line 37, in _get_config
config.set_main_option('script_location', directory)
File "/usr/lib/python2.7/dist-packages/alembic/config.py", line 142, in set_main_option
self.file_config.set(self.config_ini_section, name, value)
File "/usr/lib/python2.7/ConfigParser.py", line 753, in set
ConfigParser.set(self, section, option, value)
File "/usr/lib/python2.7/ConfigParser.py", line 396, in set
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: 'alembic'
root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db upgrade -d /usr/lib/privacyidea/migrations
The configuration name is: production
Additional configuration can be read from the file /etc/privacyidea/pi.cfg
INFO [alembic.migration] Context impl MySQLImpl.
INFO [alembic.migration] Will assume non-transactional DDL.
INFO [alembic.migration] Running upgrade 2181294eed0b -> e5cbeb7c177, Add column 'priority' to table 'resolverealm'
Thanks,
Todd
Ultimately what happens is I get wrong otp pin in the web gui and the system no longer authenticates to the remote servers.
The log file is empty.
root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db stamp 4f32a4e1bf33
The configuration name is: production
Additional configuration can be read from the file /etc/privacyidea/pi.cfg
Traceback (most recent call last):
File "/usr/bin/pi-manage.py", line 401, in <module>
manager.run()
File "/usr/lib/python2.7/dist-packages/flask_script/__init__.py", line 405, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File "/usr/lib/python2.7/dist-packages/flask_script/__init__.py", line 384, in handle
return handle(app, *positional_args, **kwargs)
File "/usr/lib/python2.7/dist-packages/flask_script/commands.py", line 145, in handle
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/flask_migrate/__init__.py", line 88, in stamp
config = _get_config(directory)
File "/usr/lib/python2.7/dist-packages/flask_migrate/__init__.py", line 37, in _get_config
config.set_main_option('script_location', directory)
File "/usr/lib/python2.7/dist-packages/alembic/config.py", line 142, in set_main_option
self.file_config.set(self.config_ini_section, name, value)
File "/usr/lib/python2.7/ConfigParser.py", line 753, in set
ConfigParser.set(self, section, option, value)
File "/usr/lib/python2.7/ConfigParser.py", line 396, in set
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: 'alembic'
root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db stamp 4f32a4e1bf33
The configuration name is: production
Additional configuration can be read from the file /etc/privacyidea/pi.cfg
Traceback (most recent call last):
File "/usr/bin/pi-manage.py", line 401, in <module>
manager.run()
File "/usr/lib/python2.7/dist-packages/flask_script/__init__.py", line 405, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File "/usr/lib/python2.7/dist-packages/flask_script/__init__.py", line 384, in handle
return handle(app, *positional_args, **kwargs)
File "/usr/lib/python2.7/dist-packages/flask_script/commands.py", line 145, in handle
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/flask_migrate/__init__.py", line 88, in stamp
config = _get_config(directory)
File "/usr/lib/python2.7/dist-packages/flask_migrate/__init__.py", line 37, in _get_config
config.set_main_option('script_location', directory)
File "/usr/lib/python2.7/dist-packages/alembic/config.py", line 142, in set_main_option
self.file_config.set(self.config_ini_section, name, value)
File "/usr/lib/python2.7/ConfigParser.py", line 753, in set
ConfigParser.set(self, section, option, value)
File "/usr/lib/python2.7/ConfigParser.py", line 396, in set
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: 'alembic'
root@ubuntu14-privacyidea:/home/toddf# pi-manage.py db upgrade -d /usr/lib/privacyidea/migrations
The configuration name is: production
Additional configuration can be read from the file /etc/privacyidea/pi.cfg
INFO [alembic.migration] Context impl MySQLImpl.
INFO [alembic.migration] Will assume non-transactional DDL.
INFO [alembic.migration] Running upgrade 2181294eed0b -> e5cbeb7c177, Add column 'priority' to table 'resolverealm'
Thanks,
Todd
Cornelius Kölbel
May 26, 2015, 4:21:45 PM5/26/15
to priva...@googlegroups.com
Hi Todd,
I am sorry for this inconvenience.
When using the ubuntu packages you do not need to run this manually as
it is run in the post install script.
Anyway, when stamping you also need to specify the directory, where the
migration scripts are located. I will adapt the documentation
immediately.
pi-manage.py db stamp 4f32a4e1bf33 -d /usr/lib/privacyidea/migrations
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/3a16b1b3-051b-4d5f-bc00-441d5adaace6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
I am sorry for this inconvenience.
When using the ubuntu packages you do not need to run this manually as
it is run in the post install script.
Anyway, when stamping you also need to specify the directory, where the
migration scripts are located. I will adapt the documentation
immediately.
pi-manage.py db stamp 4f32a4e1bf33 -d /usr/lib/privacyidea/migrations
pi-manage.py db upgrade -d /usr/lib/privacyidea/migrations
Kind regards
Cornelius
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/3a16b1b3-051b-4d5f-bc00-441d5adaace6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Todd F
May 27, 2015, 9:45:06 PM5/27/15
to priva...@googlegroups.com
Well, I had to install form scratch to get the wrong otp pin problem solved, but now I can see all of my AD users and it tests fine in a ldap_users realm.
But I can't logon to the gui as an ldap user. Here is what is in the privacyidea.log.
[2015-05-27 18:27:46,415][6378][140193862629120][WARNING][privacyidea.lib.resolver:124] the passed key u'filename' is not a paramet$
[2015-05-27 18:28:24,379][6378][140193929770752][WARNING][privacyidea.lib.utils:170] the passed key u'fileName' is not a parameter $
[2015-05-27 18:35:28,474][1056][140690891945728][ERROR][privacyidea.app:1423] Exception on /auth [POST]
But I can't logon to the gui as an ldap user. Here is what is in the privacyidea.log.
[2015-05-27 18:27:46,415][6378][140193862629120][WARNING][privacyidea.lib.resolver:124] the passed key u'filename' is not a paramet$
[2015-05-27 18:28:24,379][6378][140193929770752][WARNING][privacyidea.lib.utils:170] the passed key u'fileName' is not a parameter $
[2015-05-27 18:35:28,474][1056][140690891945728][ERROR][privacyidea.app:1423] Exception on /auth [POST]
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 83, in policy_wrapper
response = wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py", line 191, in get_auth_token
superuser_realms=superuser_realms)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 77, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 237, in login_mode
return wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py", line 119, in check_webui_user
if user_obj.realm in superuser_realms:
TypeError: argument of type 'type' is not iterable
[2015-05-27 18:35:39,767][1056][140690791233280][ERROR][privacyidea.app:1423] Exception on /auth [POST]
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 83, in policy_wrapper
response = wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py", line 191, in get_auth_token
superuser_realms=superuser_realms)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 77, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 237, in login_mode
return wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py", line 119, in check_webui_user
if user_obj.realm in superuser_realms:
TypeError: argument of type 'type' is not iterable
[2015-05-27 18:35:39,767][1056][140690791233280][ERROR][privacyidea.app:1423] Exception on /auth [POST]
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 83, in policy_wrapper
response = wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py", line 191, in get_auth_token
superuser_realms=superuser_realms)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 77, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 237, in login_mode
return wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py", line 119, in check_webui_user
if user_obj.realm in superuser_realms:
TypeError: argument of type 'type' is not iterable
Thanks,
Todd
response = self.full_dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/lib/postpolicy.py", line 83, in policy_wrapper
response = wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/api/auth.py", line 191, in get_auth_token
superuser_realms=superuser_realms)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 77, in policy_wrapper
return self.decorator_function(wrapped_function, *args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/policydecorators.py", line 237, in login_mode
return wrapped_function(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/privacyidea/lib/auth.py", line 119, in check_webui_user
if user_obj.realm in superuser_realms:
TypeError: argument of type 'type' is not iterable
Thanks,
Todd
Cornelius Kölbel
May 28, 2015, 1:16:31 AM5/28/15
to Todd F, priva...@googlegroups.com
Hi Todd,
in your pi.cfg you propably have a line
SUPERUSER_REALM = super
This line defines realms, where those users can log in with
administrative rights.
This line should be
SUPERUSER_REALM = ['adminRealm1', 'adminRealm2']
or whatever realms you want to use as admin realms.
If none:
SUPERUSER_REALM = []
Kind regards
Cornelius
in your pi.cfg you propably have a line
SUPERUSER_REALM = super
This line defines realms, where those users can log in with
administrative rights.
This line should be
SUPERUSER_REALM = ['adminRealm1', 'adminRealm2']
or whatever realms you want to use as admin realms.
If none:
SUPERUSER_REALM = []
Kind regards
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/c53b51c7-25db-4b1d-90af-ade20468402a%40googlegroups.com.
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
Reply all
Reply to author
Forward
0 new messages