temboard icon indicating copy to clipboard operation
temboard copied to clipboard

Published 20 hours ago verified publisher icon dalibo

Critical error when re-executing auto_configure.sh

Open robinportigliatti opened this issue 2 years ago • 10 comments

Hello,

This commands return a CRITICALerror when you run them a second time, I think they should return in some cases a WARNING .

# Server
/usr/share/temboard/auto_configure.sh
temboard register-instance --groups default pg1.local 2345
# Agent
/usr/share/temboard-agent/auto_configure.sh https://temboard1.local:8888
temboard-agent -c /etc/temboard-agent/advanced/temboard-agent.conf fetch-key

Robin,

robinportigliatti avatar Dec 05 '22 18:12 robinportigliatti

Can you share the error message ?

bersace avatar Dec 06 '22 09:12 bersace

Server

Auto configure

[root@temboard1 ~]# /usr/share/temboard/auto_configure.sh
Configuring temboard in /etc/temboard.
Creating Postgres user, database and schema.
Failure. See /var/log/temboard-auto-configure.log for details.

+ setup_pq
+ local psql
+ export PGHOST=/var/run/postgresql
+ PGHOST=/var/run/postgresql
+ export PGPORT=5432
+ PGPORT=5432
+ export PGUSER=postgres
+ PGUSER=postgres
+ '[' -d /var/run/postgresql ']'
+ psql=(sudo -nEu "$PGUSER" psql)
+ sudo -nEu postgres psql -tc 'SELECT '\''Postgres connection working.'\'';'
 Postgres connection working.

++ pwgen
++ od -vN 16 -An -tx1 /dev/urandom
++ tr -d ' \n'
+ export TEMBOARD_PASSWORD=a3c58a84686a7978684a4e82e72aede8
+ TEMBOARD_PASSWORD=a3c58a84686a7978684a4e82e72aede8
+ getent passwd temboard
temboard:x:994:991:temBoard Web UI:/var/lib/temboard:/bin/bash
+ getent group ssl-cert
+ log 'Configuring temboard in /etc/temboard.'
+ echo 'Configuring temboard in /etc/temboard.'
+ tee -a /dev/fd/3
Configuring temboard in /etc/temboard.
+ mapfile -t sslfiles
++ set -eu
++ setup_ssl
++ local pki
++ for d in /etc/pki/tls /etc/ssl /etc/temboard
++ '[' -d /etc/pki/tls ']'
++ pki=/etc/pki/tls
++ break
++ '[' -z /etc/pki/tls ']'
++ '[' -f /etc/pki/tls/certs/ssl-cert-snakeoil.pem ']'
++ sslcert=/etc/pki/tls/certs/temboard-auto.pem
++ sslkey=/etc/pki/tls/private/temboard-auto.key
++ '[' -f /etc/pki/tls/certs/temboard-auto.pem ']'
++ chmod 640 /etc/pki/tls/private/temboard-auto.key
++ chgrp temboard /etc/pki/tls/private/temboard-auto.key
++ readlink -e /etc/pki/tls/certs/temboard-auto.pem /etc/pki/tls/private/temboard-auto.key
+ install -o temboard -g temboard -m 0750 -d /etc/temboard /var/log/temboard /var/lib/temboard
+ install -o temboard -g temboard -m 0640 /dev/null /etc/temboard/temboard.conf
+ generate_configuration /etc/pki/tls/certs/temboard-auto.pem /etc/pki/tls/private/temboard-auto.key
+ local sslcert=/etc/pki/tls/certs/temboard-auto.pem
+ shift
+ local sslkey=/etc/pki/tls/private/temboard-auto.key
+ shift
+ sudo -iu temboard test -r /etc/pki/tls/certs/temboard-auto.pem
+ sudo -iu temboard test -r /etc/pki/tls/private/temboard-auto.key
+ cat
++ date
++ pwgen 128
++ od -vN 64 -An -tx1 /dev/urandom
++ tr -d ' \n'
+ log 'Creating Postgres user, database and schema.'
+ echo 'Creating Postgres user, database and schema.'
+ tee -a /dev/fd/3
Creating Postgres user, database and schema.
+ DEBUG=y
+ TEMBOARD_CONFIGFILE=/etc/temboard/temboard.conf
+ ./create_repository.sh
++ readlink -m ./create_repository.sh/../sql/
+ SQLDIR=/usr/share/temboard/sql
+ SYSUSER=temboard
+ export PGUSER=postgres
+ PGUSER=postgres
+ export PGHOST=/var/run/postgresql
+ PGHOST=/var/run/postgresql
+ psql=(psql -d "$PGUSER")
+ '[' -d /var/run/postgresql ']'
+ psql=(sudo -nEHu "${PGUSER}" "${psql[@]}")
+ TEMBOARD_DATABASE=temboard
+ TEMBOARD_PASSWORD=a3c58a84686a7978684a4e82e72aede8
+ sudo -nEHu postgres psql -d postgres -c 'SELECT '\''SKIP'\'' FROM pg_catalog.pg_user WHERE usename = '\''temboard'\'''
+ grep -q SKIP
+ sudo -nEHu postgres psql -d postgres -c 'SELECT '\''SKIP'\'' FROM pg_catalog.pg_database WHERE datname = '\''temboard'\'''
+ grep -q SKIP
+ PGUSER=temboard
+ export PGPASSWORD=a3c58a84686a7978684a4e82e72aede8
+ PGPASSWORD=a3c58a84686a7978684a4e82e72aede8
+ export PGDATABASE=temboard
+ PGDATABASE=temboard
+ getent passwd temboard
++ whoami
+ '[' root '!=' temboard ']'
+ runas=(sudo -inu "$SYSUSER")
+ migratedb=("${runas[@]}" "$(type -p temboard)" ${TEMBOARD_CONFIGFILE+--config=$TEMBOARD_CONFIGFILE} migratedb)
++ type -p temboard
+ psql=(psql --set 'ON_ERROR_STOP=on' --pset 'pager=off')
+ '[' -d /var/run/postgresql ']'
+ psql=("${runas[@]}" "${psql[@]}")
+ sudo -inu temboard /bin/temboard --config=/etc/temboard/temboard.conf migratedb check
INFO:  app: Using config file /etc/temboard/temboard.conf.
INFO:  migrator: temBoard database is up-to-date.
++ whoami
+ '[' root '!=' temboard ']'
+ run_as_temboard=(sudo -Enu "$SYSUSER")
+ dsn=postgres://temboard:a3c58a84686a7978684a4e82e72aede8@/temboard
+ sudo -Enu temboard psql -Atc 'SELECT '\''CONNECTED'\'';' postgres://temboard:a3c58a84686a7978684a4e82e72aede8@/temboard
+ grep -q CONNECTED
+ TEMBOARD_CONFIGFILE=/etc/temboard/temboard.conf
+ sudo -Enu temboard temboard generate-key
INFO:  app: Using config file /etc/temboard/temboard.conf.
CRITICAL:  app: /etc/temboard/signing-private.pem exists. Use --force to overwrite.
+ catchall
+ local rc=1
+ trap - INT EXIT TERM
+ set +x
Failure. See /var/log/temboard-auto-configure.log for details.

Agent

Auto configure

[root@pg1 ~]# export TEMBOARD_HOSTNAME=pg1.local
[root@pg1 ~]# /usr/share/temboard-agent/auto_configure.sh https://temboard1.local:8888
Using hostname pg1.local.
Configuring for PostgreSQL user postgres.
Configuring for cluster on port 5432.
Configuring for cluster at /var/lib/pgsql/.local/share/pglift/srv/pgsql/14/main/data.
Cluster name is advanced.
/etc/temboard-agent/advanced/temboard-agent.conf already exists.
To clean previous installation, use

    /usr/share/temboard-agent/purge.sh advanced

Refusing to overwrite existing configuration.
Failure. See /var/log/temboard-agent-auto-configure.log for details.

+ '[' -z https://temboard1.local:8888 ']'
+ umask 037
++ readlink -m /usr/share/temboard-agent/auto_configure.sh/..
+ cd /usr/share/temboard-agent
+ export TEMBOARD_HOSTNAME=pg1.local
+ TEMBOARD_HOSTNAME=pg1.local
+ '[' -n '' ']'
+ log 'Using hostname pg1.local.'
+ echo 'Using hostname pg1.local.'
+ tee -a /dev/fd/3
Using hostname pg1.local.
+ setup_pq
+ export PGUSER=postgres
+ PGUSER=postgres
+ log 'Configuring for PostgreSQL user postgres.'
+ echo 'Configuring for PostgreSQL user postgres.'
+ tee -a /dev/fd/3
Configuring for PostgreSQL user postgres.
+ export PGDATABASE=postgres
+ PGDATABASE=postgres
+ export PGPORT=5432
+ PGPORT=5432
+ log 'Configuring for cluster on port 5432.'
+ echo 'Configuring for cluster on port 5432.'
+ tee -a /dev/fd/3
Configuring for cluster on port 5432.
++ query_pgsettings unix_socket_directories
++ local name=unix_socket_directories
++ shift
++ local default=
++ shift
+++ psql -c 'SELECT setting FROM pg_settings WHERE name = '\''unix_socket_directories'\'';'
+++ local wrapper
+++ wrapper=()
++++ whoami
+++ '[' root = postgres ']'
+++ wrapper=(sudo -Eu "$SYSUSER")
+++ command sudo -Eu postgres psql -AtX -c 'SELECT setting FROM pg_settings WHERE name = '\''unix_socket_directories'\'';'
+++ sudo -Eu postgres psql -AtX -c 'SELECT setting FROM pg_settings WHERE name = '\''unix_socket_directories'\'';'
++ val='/var/run/postgresql, /tmp'
++ echo '/var/run/postgresql, /tmp'
+ export 'PGHOST=/var/run/postgresql, /tmp'
+ PGHOST='/var/run/postgresql, /tmp'
+ PGHOST=/var/run/postgresql
+ psql -c 'SELECT '\''Postgres connection working.'\'';'
+ local wrapper
+ wrapper=()
++ whoami
+ '[' root = postgres ']'
+ wrapper=(sudo -Eu "$SYSUSER")
+ command sudo -Eu postgres psql -AtX -c 'SELECT '\''Postgres connection working.'\'';'
+ sudo -Eu postgres psql -AtX -c 'SELECT '\''Postgres connection working.'\'';'
Postgres connection working.
+ export PGDATA
++ query_pgsettings data_directory
++ local name=data_directory
++ shift
++ local default=
++ shift
+++ psql -c 'SELECT setting FROM pg_settings WHERE name = '\''data_directory'\'';'
+++ local wrapper
+++ wrapper=()
++++ whoami
+++ '[' root = postgres ']'
+++ wrapper=(sudo -Eu "$SYSUSER")
+++ command sudo -Eu postgres psql -AtX -c 'SELECT setting FROM pg_settings WHERE name = '\''data_directory'\'';'
+++ sudo -Eu postgres psql -AtX -c 'SELECT setting FROM pg_settings WHERE name = '\''data_directory'\'';'
++ val=/var/lib/pgsql/.local/share/pglift/srv/pgsql/14/main/data
++ echo /var/lib/pgsql/.local/share/pglift/srv/pgsql/14/main/data
+ PGDATA=/var/lib/pgsql/.local/share/pglift/srv/pgsql/14/main/data
+ log 'Configuring for cluster at /var/lib/pgsql/.local/share/pglift/srv/pgsql/14/main/data.'
+ echo 'Configuring for cluster at /var/lib/pgsql/.local/share/pglift/srv/pgsql/14/main/data.'
+ tee -a /dev/fd/3
Configuring for cluster at /var/lib/pgsql/.local/share/pglift/srv/pgsql/14/main/data.
+ read -r PGVERSION
+ command -v pg_ctl
+ local home
++ eval readlink -e '~postgres'
+++ readlink -e /var/lib/pgsql
+ home=/var/lib/pgsql
+ '[' -z '' ']'
+ default_cluster_name=.local/share/pglift/srv/pgsql/14/main/data
+ export PGCLUSTER_NAME
++ query_pgsettings cluster_name .local/share/pglift/srv/pgsql/14/main/data
++ local name=cluster_name
++ shift
++ local default=.local/share/pglift/srv/pgsql/14/main/data
++ shift
+++ psql -c 'SELECT setting FROM pg_settings WHERE name = '\''cluster_name'\'';'
+++ local wrapper
+++ wrapper=()
++++ whoami
+++ '[' root = postgres ']'
+++ wrapper=(sudo -Eu "$SYSUSER")
+++ command sudo -Eu postgres psql -AtX -c 'SELECT setting FROM pg_settings WHERE name = '\''cluster_name'\'';'
+++ sudo -Eu postgres psql -AtX -c 'SELECT setting FROM pg_settings WHERE name = '\''cluster_name'\'';'
++ val=advanced
++ echo advanced
+ PGCLUSTER_NAME=advanced
+ log 'Cluster name is advanced.'
+ echo 'Cluster name is advanced.'
+ tee -a /dev/fd/3
Cluster name is advanced.
+ name=advanced
+ home=/var/lib/temboard-agent/advanced
+ '[' -f /etc/temboard-agent/advanced/temboard-agent.conf ']'
+ error '/etc/temboard-agent/advanced/temboard-agent.conf already exists.'
+ echo -e '\e[1;31m/etc/temboard-agent/advanced/temboard-agent.conf already exists.\e[0m'
+ tee -a /dev/fd/3
/etc/temboard-agent/advanced/temboard-agent.conf already exists.
+ error 'To clean previous installation, use'
+ echo -e '\e[1;31mTo clean previous installation, use\e[0m'
+ tee -a /dev/fd/3
To clean previous installation, use
+ error
+ echo -e '\e[1;31m\e[0m'
+ tee -a /dev/fd/3

+ error '    /usr/share/temboard-agent/purge.sh advanced'
+ echo -e '\e[1;31m    /usr/share/temboard-agent/purge.sh advanced\e[0m'
+ tee -a /dev/fd/3
    /usr/share/temboard-agent/purge.sh advanced
+ error
+ echo -e '\e[1;31m\e[0m'
+ tee -a /dev/fd/3

+ fatal 'Refusing to overwrite existing configuration.'
+ error 'Refusing to overwrite existing configuration.'
+ echo -e '\e[1;31mRefusing to overwrite existing configuration.\e[0m'
+ tee -a /dev/fd/3
Refusing to overwrite existing configuration.
+ exit 1
+ catchall
+ local exit_code=1
+ trap - INT EXIT TERM
+ '[' 1 -gt 0 ']'
+ fatal 'Failure. See /var/log/temboard-agent-auto-configure.log for details.'
+ error 'Failure. See /var/log/temboard-agent-auto-configure.log for details.'
+ echo -e '\e[1;31mFailure. See /var/log/temboard-agent-auto-configure.log for details.\e[0m'
+ tee -a /dev/fd/3
Failure. See /var/log/temboard-agent-auto-configure.log for details.
+ exit 1

Fetch-key

[postgres@pg1 ~]$ temboard-agent -c /etc/temboard-agent/advanced/temboard-agent.conf fetch-key
INFO:  app: Using config file /etc/temboard-agent/advanced/temboard-agent.conf.
CRITICAL:  app: /etc/temboard-agent/advanced/signing-public.pem exists. Use --force to overwrite.

robinportigliatti avatar Dec 06 '22 11:12 robinportigliatti

auto_configure.sh refuse de travailler sur une configuration existente. Il faut explicitement exécuter purge.sh avant de relancer auto_configure.sh. C'est une demande.

bersace avatar Dec 09 '22 16:12 bersace

Merci @bersace.

J'avais bien compris ce message mais est ce qu'il ne devrait pas être en WARNING plutôt que critique ?

S'il ne doit pas être en WARNING, comment est ce que je peux voir si le auto_configure a déjà été lancé ?

Mêmes questions pour les fetch-key et register

robinportigliatti avatar Dec 12 '22 10:12 robinportigliatti

You can't mix temboard UI and temboard-agent home. Please configure [temboard] home parameter.

bersace avatar Dec 12 '22 13:12 bersace

You can't mix temboard UI and temboard-agent home. Please configure [temboard] home parameter.

I don't understand your point

If you think I configured temboard-agent and temboard-UI on the same node, I didn't.

All commands are executed on separated nodes (ie agent and server).

I understand that you don't want to or just can't update those CRITICAL messages in WARNING.

How can I know if auto_configure, fetch-key and register has been executed once ?

robinportigliatti avatar Dec 12 '22 13:12 robinportigliatti

J'avais bien compris ce message mais est ce qu'il ne devrait pas être en WARNING plutôt que critique ?

Non, c'est volontairement une erreur critique. En effet, la clef publique est un paramètre important pour la sécurité.

S'il ne doit pas être en WARNING, comment est ce que je peux voir si le auto_configure a déjà été lancé ?

Si /etc/temboard n'est pas vide pour l'UI ou si /etc/temboard-agent/$cluster_name/ existe pour l'agent.

bersace avatar Dec 12 '22 13:12 bersace

Thanks @bersace

robinportigliatti avatar Dec 12 '22 13:12 robinportigliatti

For auto-configure it is ok thanks

How can I see if fetch-key has been executed at least once ?

How can I see if register has been executed at least once ?

robinportigliatti avatar Dec 12 '22 14:12 robinportigliatti

For auto-configure it is ok thanks

How can I see if fetch-key has been executed at least once ?

Si le fichier référencé par [temboard] signing_key existe.

How can I see if register has been executed at least once ?

On peut taper dans l'API JSON de l'UI. Nous n'avons pas d'engagement de stabilité sur cette API. temboard register-instance a un paramètre --if-not-exists.

bersace avatar Oct 09 '23 12:10 bersace