search

YunoHost / issues

General issue tracker for the YunoHost project
71 stars 8 forks source link

"Invalid domain to use with DynDNS" during postinstall #693

Closed yunohost-bot closed 6 years ago

yunohost-bot commented 7 years ago
Original Redmine Issue: 693

Author Name: ljf

I have tried a postinstall on a fresh updated vagrant unstable vm:

Note: I have applied the last commit from moulinette repo (not built for the moment).

root@yunohost:/vagrant# yunohost tools postinstall --debug --verbose
68   DEBUG loading actions map namespace 'yunohost'
69   DEBUG generating cache for actions map namespace 'yunohost'
350  DEBUG extra parameter classes loaded: ['ask', 'password', 'required', 'pattern']
352  DEBUG initializing base actions map parser for cli
353  DEBUG registering new callback action 'yunohost.utils.packages.ynh_packages_version' to ['-v', '--version']
Main domain: test.local
New administration password: 
Confirm new administration password: 
17976 DEBUG lock has been acquired
20162 INFO processing action [8883.1]: yunohost.tools.postinstall with args={'ignore_dyndns': False, 'password': 'rec223', 'domain': 'test.local'}
20163 INFO Installing YunoHost...
20347 DEBUG initialize authenticator 'default' with: uri='ldap://localhost:389', base_dn='dc=yunohost,dc=org', user_rdn='cn=admin'
20427 SUCCESS LDAP has been initialized
yunohost.org
20466 DEBUG custom hook folder not found for action 'conf_regen' in /etc/yunohost/hooks.d/
20469 INFO Executing command 'sudo -n -u admin -H sh -c BASH_XTRACEFD=7 /bin/bash -x "./02-ssl" pre 1 0 /home/yunohost.conf/pending/ssl 7>&1'...
20581 INFO + set -e
20582 INFO + ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
20583 INFO + FORCE=1
20584 INFO + DRY_RUN=0
20584 INFO + case "$1" in
20584 INFO + do_pre_regen /home/yunohost.conf/pending/ssl
20585 INFO + pending_dir=/home/yunohost.conf/pending/ssl
20585 INFO + cd /usr/share/yunohost/templates/ssl
20585 INFO + install -D -m 644 openssl.cnf /home/yunohost.conf/pending/ssl//usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf
20593 INFO + exit 0
20598 INFO Creating directory '/home/admin'.
20624 INFO Applying pending configuration for service 'ssl'...
20646 DEBUG unable to retrieve conf hashes for ssl
Traceback (most recent call last):
  File "/usr/lib/moulinette/yunohost/service.py", line 643, in _get_conf_hashes
    return _get_services()[service]['conffiles']
KeyError: 'ssl'
20648 DEBUG processing pending conf '/home/yunohost.conf/pending/ssl/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf' to system conf '/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf'
20648 DEBUG > system conf has been manually removed
20649 INFO The configuration file '/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf' has been updated
20650 SUCCESS The configuration has been updated for service 'ssl'
20650 DEBUG updating conf hashes for 'ssl' with: {'/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf': '0354dd165846ac350603e518653adf9e'}
20674 DEBUG custom hook folder not found for action 'conf_regen' in /etc/yunohost/hooks.d/
20674 INFO Executing command 'sudo -n -u admin -H sh -c BASH_XTRACEFD=7 /bin/bash -x "./02-ssl" post 1 0 /usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf 7>&1'...
20713 INFO + set -e
20714 INFO + ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
20715 INFO + FORCE=1
20715 INFO + DRY_RUN=0
20715 INFO + case "$1" in
20715 INFO + do_post_regen /usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf
20715 INFO + regen_conf_files=/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf
20716 INFO + index_txt=/usr/share/yunohost/yunohost-config/ssl/yunoCA/index.txt
20716 INFO + [[ -f /usr/share/yunohost/yunohost-config/ssl/yunoCA/index.txt ]]
20716 INFO + exit 0
Generating a 2048 bit RSA private key
........+++
....+++
writing new private key to '/usr/share/yunohost/yunohost-config/ssl/yunoCA/ca/cakey.pem'
-----
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
22491 DEBUG action [8883.1] ended after 2.328s
22493 DEBUG lock has been released
22495 ERROR Invalid domain to use with DynDNS
yunohost-bot commented 7 years ago
Original Redmine Comment

Author: alexAubin

Thanks for spotting this. After reading the code, sounds like it's my fault : https://github.com/YunoHost/yunohost/pull/187/files?diff=split (at the very end)

Thing is, postinstall assumes that you want a dyndns (ignore_dyndns is set to False) but before this PR, the case where domain was not at least a subdomain (i.e. sub.domain.tld) was ignored. But now we call directly domain_add() which raises an error in that case : https://github.com/YunoHost/yunohost/blob/unstable/src/yunohost/domain.py#L95-L97

I don't know what's the proper fix for this. To me, len(domain.split('.')) < 3 is a bad design... It doesn't make sense to me that when I want to add the domain "toto.netlib.re" during postinstall, I have to add --ignore-dyndns to the command line.

I would be more in favor of, for instance, having a list of supported dyndns domain in the code (or fetched from a provider), and check if the domain we're adding is a subdomain of those...

For now though, a working, dirty hack would be to simply change this line in the postinstall : https://github.com/YunoHost/yunohost/blob/unstable/src/yunohost/tools.py#L185 to : dydnds = (not ignore_dyndns) and (len(domain.split('.')) >= 3)

yunohost-bot commented 7 years ago
Original Redmine Comment

Author: ljf

I made this PR https://github.com/YunoHost/yunohost/pull/224

Don't hesitate to propose a better implementation.

yunohost-bot commented 7 years ago
Original Redmine Comment

Author: ljf

The is a 4th bug on postinstall ! It's near iptables : AttributeError: 'module' object has no attribute 'quote' May be it's beacause I use --verbose ?

root@yunohost:/vagrant# yunohost tools postinstall --verbose
Main domain: test.local
New administration password: 
Confirm new administration password: 
Installing YunoHost...
Success! LDAP has been initialized
yunohost.org
Executing script '/usr/share/yunohost/hooks/conf_regen/02-ssl'...
+ set -e
+ ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
+ FORCE=1
+ DRY_RUN=0
+ case "$1" in
+ do_pre_regen /home/yunohost.conf/pending/ssl
+ pending_dir=/home/yunohost.conf/pending/ssl
+ sudo -s --
+ exit 0
Creating directory '/home/admin'.
Applying pending configuration for service 'ssl'...
The configuration file '/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf' has been updated
Success! The configuration has been updated for service 'ssl'
Executing script '/usr/share/yunohost/hooks/conf_regen/02-ssl'...
+ set -e
+ ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
+ FORCE=1
+ DRY_RUN=0
+ case "$1" in
+ do_post_regen /usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf
+ regen_conf_files=/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf
+ index_txt=/usr/share/yunohost/yunohost-config/ssl/yunoCA/index.txt
+ [[ -f /usr/share/yunohost/yunohost-config/ssl/yunoCA/index.txt ]]
+ exit 0
Generating a 2048 bit RSA private key
......+++
..+++
writing new private key to '/usr/share/yunohost/yunohost-config/ssl/yunoCA/ca/cakey.pem'
-----
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Generating a 2048 bit RSA private key
..................................+++
................................+++
writing new private key to '/etc/yunohost/certs//test.local-history/20170102.144018-selfsigned/key.pem'
-----

Using configuration from /etc/yunohost/certs//test.local-history/20170102.144018-selfsigned/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jan  2 14:40:18 2017 GMT
            Not After : Dec 31 14:40:18 2026 GMT
        Subject:
            commonName                = test.local
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                01:FF:81:B7:07:37:E3:6A:89:51:95:17:4A:D3:58:84:85:5B:48:29
            X509v3 Authority Key Identifier: 
                keyid:06:24:5C:39:55:DF:49:53:F1:31:ED:91:5D:56:9D:0A:6F:FA:E2:DA

            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:test.local, DNS:www.test.local, DNS:ns.test.local
Certificate is to be certified until Dec 31 14:40:18 2026 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Enabling the certificate for domain test.local ...
Restarting services...
Success! Successfully installed a self-signed certificate for domain test.local!
Success! The domain has been created
Success! The main domain has been changed
--2017-01-02 14:40:24--  https://app.yunohost.org/official.json
Resolving app.yunohost.org (app.yunohost.org)... 37.187.18.36
Connecting to app.yunohost.org (app.yunohost.org)|37.187.18.36|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 26105 (25K) [application/json]
Saving to: ‘/var/cache/yunohost/repo/yunohost.json.tmp’

/var/cache/yunohost/repo/yunohost.json.tmp                  100%[===========================================================================================================================================>]  25.49K  --.-KB/s   in 0.04s  

2017-01-02 14:40:27 (622 KB/s) - ‘/var/cache/yunohost/repo/yunohost.json.tmp’ saved [26105/26105]

Success! The app list has been fetched
Success! The SSOwat configuration has been generated
Success! The administration password has been changed
Traceback (most recent call last):
  File "/usr/bin/yunohost", line 217, in <module>
    timeout=opts.timeout,
  File "/usr/lib/python2.7/dist-packages/moulinette/__init__.py", line 139, in cli
    moulinette.run(args, output_as=output_as, password=password, timeout=timeout)
  File "/usr/lib/python2.7/dist-packages/moulinette/interfaces/cli.py", line 358, in run
    ret = self.actionsmap.process(args, timeout=timeout)
  File "/usr/lib/python2.7/dist-packages/moulinette/actionsmap.py", line 484, in process
    return func(**arguments)
  File "/usr/lib/moulinette/yunohost/tools.py", line 295, in tools_postinstall
    firewall_upnp('enable', no_refresh=True)
  File "/usr/lib/moulinette/yunohost/firewall.py", line 328, in firewall_upnp
    firewall_reload(skip_upnp=True)
  File "/usr/lib/moulinette/yunohost/firewall.py", line 228, in firewall_reload
    % (protocol, process.quote(str(port))))
AttributeError: 'module' object has no attribute 'quote'
yunohost-bot commented 7 years ago
Properties Change

Author: ljf

yunohost-bot commented 7 years ago
Original Redmine Comment

Author: ljf

Now there is this one ! https://paste.yunohost.org/ojazagawil.vhdl

LJF‎: là j'ai un autre soucis: les hooks de la regenconf n'ont pas les permissions, je suppose donc que j'ai un soucis avec slapd, nscd ou nslcd durant la postinstall
‎[16:41:33] ‎LJF‎: Du coup je n'arrive même pas à voir ce dont parle opi à propos de rspamd
‎[16:46:17] ‎Bram‎: ah zut :/
‎[16:48:21] ‎LJF‎: Apparement les hook sont executé avec sudo -u admin ... Et effectivement impossible d'avoir accès à certains répertoires de cette façon !
‎[16:48:41] ‎Bram‎: ah ben comme tous les hook_exec non ?
‎[16:48:50] ‎Bram‎: ah mais pourtant admin a un le sudo non ?
‎[16:49:16] ‎LJF‎: Ben oui mais alors pourquoi les hook de la regen jusqu'ici réussissait à accéder à ces répertoires ???
‎[16:49:44] ‎Bram‎: aucune idée :/
‎[16:49:47] ‎LJF‎: Oui admin a le sudo
‎[16:51:03] ‎LJF‎: Exemple cette ligne ne passe pas https://github.com/YunoHost/yunohost/blob/unstable/data/hooks/conf_regen/02-ssl#L63
‎[16:51:28] ‎LJF‎: parce que admin n'a pas les perm pour accéder à ce dossier
‎[16:52:02] ‎LJF‎: Exemple d'appel: sudo -n -u admin -H sh -c BASH_XTRACEFD=7 /bin/bash -x "./46-nsswitch
‎[16:52:46] ‎LJF‎: peut être à cause du bash dans le shell !
‎[17:11:13] ‎GitBot‎: [yunohost] @zamentur commented on issue #224: It seems the erreor on ssl is the same on other regenconf hooks!... https://github.com/YunoHost/yunohost/pull/224#issuecomment-269991323
‎[17:15:45] ‎Aleks‎: LJF: j'essaye de refaire une postinstall chez moi, et j'ai TypeError: cli() got an unexpected keyword argument 'timeout'
‎[17:15:51] ‎Aleks‎: t'as eu ca récemment aussi ou bien ?
‎[17:16:12] ‎Aleks‎: ah faut ptete je pull moulinette
‎[17:16:22] ‎LJF‎: Aleks: non mais j'ai autre chose
‎[17:16:35] ‎LJF‎: Aleks: oui il faut que tu use-git moulinette
‎[17:17:55] ‎LJF‎: et aussi yunohost ou alors il faut que tu utilises --ignore-dyndns pendant la postinstall si c'est domaine qui n'est pas en noho.st ou nohost.me
‎[17:18:10] ‎Aleks‎: LJF: hm du coup chez moi a part le dyndns et rmliter/rmspad, j'ai pas de probleme
‎[17:18:23] ‎Aleks‎: pendant la postintall~*
‎[17:18:44] ‎LJF‎: t'as mis à jour avant la postinstall ?
‎[17:19:01] ‎LJF‎: apt-get update & apt-get dist-upgrade
‎[17:19:07] ‎Aleks‎: ah
‎[17:19:28] ‎LJF‎: t'utilises les images vagrant ou t'es sur un autre trucs ?
‎[17:20:34] ‎Aleks‎: j'utilise ynh-dev yep
‎[17:21:46] ‎LJF‎: je peux redestroy la vm et refaire un essai mais bon:q
‎[17:22:17] ‎LJF‎: (j'utilise un snapshot avant la postinstall mais après l'update debian)
‎[17:24:24] ‎LJF‎: Ca c'est mon log : https://paste.yunohost.org/ojazagawil.vhdl
‎[17:25:22] ‎LJF‎: Ca commence à barder ligne 117 et ligne 120
yunohost-bot commented 7 years ago
Original Redmine Comment

Author: ljf

Pull your moulinette repo and use this pull request https://github.com/YunoHost/yunohost/pull/224

./ynh-dev run local.test unstable
sudo su
root@yunohost:/home/vagrant# apt-get update
root@yunohost:/home/vagrant# apt-get dist-upgrade
root@yunohost:/home/vagrant# cd /vagrant
root@yunohost:/vagrant# ./ynh-dev use-git moulinette
root@yunohost:/vagrant# ./ynh-dev use-git yunohost
root@yunohost:/vagrant# yunohost tools postinstall --verbose --debug

At this step I have failure on (almost) all regenconf hooks

yunohost-bot commented 7 years ago
Original Redmine Comment

Author: ljf

I have create an other bug for ssl Permission denied #699

yunohost-bot commented 7 years ago
Status Change

Author: ljf

Status Changed: Resolved