aker-gateway / Aker

SSH bastion/jump host/jumpserver
Other
568 stars 71 forks source link

Aker crasches when selecting a host, MainLoop' object has no attribute 'stop' #96

Closed pewo closed 4 years ago

pewo commented 4 years ago
peter@elnuco ~ $ ssh aker

Traceback (most recent call last):
  File "/usr/bin/aker/aker.py", line 174, in <module>
    Aker().build_tui()
  File "/usr/bin/aker/aker.py", line 136, in build_tui
    self.tui.start()
  File "/usr/bin/aker/tui.py", line 349, in start
    self.loop.run()
  File "/usr/lib64/python2.7/site-packages/urwid/main_loop.py", line 271, in run
    self.screen.run_wrapper(self._run)
  File "/usr/lib64/python2.7/site-packages/urwid/raw_display.py", line 241, in run_wrapper
    return fn()
  File "/usr/lib64/python2.7/site-packages/urwid/main_loop.py", line 336, in _run
    self.event_loop.run()
  File "/usr/lib64/python2.7/site-packages/urwid/main_loop.py", line 707, in run
    self._loop()
  File "/usr/lib64/python2.7/site-packages/urwid/main_loop.py", line 786, in _loop
    self._watch_files[fd]()
  File "/usr/lib64/python2.7/site-packages/urwid/main_loop.py", line 387, in _update
    self.process_input(keys)
  File "/usr/lib64/python2.7/site-packages/urwid/main_loop.py", line 487, in process_input
    k = self._topmost_widget.keypress(self.screen_size, k)
  File "/usr/lib64/python2.7/site-packages/urwid/wimp.py", line 642, in keypress
    return self._current_widget.keypress(size, key)
  File "/usr/lib64/python2.7/site-packages/urwid/container.py", line 1102, in keypress
    return self.body.keypress( (maxcol, remaining), key )
  File "/usr/lib64/python2.7/site-packages/urwid/container.py", line 1102, in keypress
    return self.body.keypress( (maxcol, remaining), key )
  File "/usr/bin/aker/tui.py", line 76, in keypress
    self.focus.original_widget.get_caption())
  File "/usr/lib64/python2.7/site-packages/urwid/signals.py", line 120, in emit
    result |= bool(callback(*args_copy))
  File "/usr/bin/aker/tui.py", line 331, in host_chosen_handler
    self.aker.init_connection(self.user.allowed_ssh_hosts[host].fqdn)
  File "/usr/bin/aker/aker.py", line 141, in init_connection
    self.tui.pause()
  File "/usr/bin/aker/tui.py", line 357, in pause
    self.loop.stop()
AttributeError: 'MainLoop' object has no attribute 'stop'
Connection to aker closed.
peter@elnuco ~ $ 
pewo commented 4 years ago

[root@aker ~]# cat /etc/aker/aker.ini

[General]
#log_level = INFO
log_level = DEBUG
ssh_port = 22

# Identity Provider to determine the list of available hosts
# options shipped are IPA, Json. Default is IPA
idp = Json
hosts_file = /etc/aker/hosts.json

# FreeIPA hostgroup name contatining Aker gateways
# to be excluded from hosts presented to user
gateway_group = gateways

[root@aker ~]# cat /etc/aker/hosts.json

{
    "usergroups": [
        "lnxadmins"
    ],
    "users": [{
            "username": "peter",
            "keyfile": "~/.ssh/id_rsa",
            "usergroups": ["lnxadmins"]
        }
    ],
    "hosts": [{
            "name": "haproxy.wirdemo.com",
            "hostname": "haproxy.wirdemo.com",
            "port": "22",
            "key": "~/.ssh/id_rsa",
            "usergroups": [
                "lnxadmins"
            ],
            "hostgroups": [
                "linuxservers"
            ]
        }
    ]
}

I can from the aker host do a ssh to the configured server (haproxy) without password:


[peter@aker ~]$ ssh haproxy.wirdemo.com uptime
 15:32:07 up 68 days,  4:12,  0 users,  load average: 1.98, 2.48, 2.59
[peter@aker ~]$ 
EoleDev commented 4 years ago

Hi @pewo, I did some test on my own and I can't reproduce your error. To be able to help you, could you provide your log file and the result of the command : pip list ? Thank you.

pewo commented 4 years ago

Hi @pewo, I did some test on my own and I can't reproduce your error. To be able to help you, could you provide your log file and the result of the command : pip list ? Thank you.

No pip modules or pip is installed. I have followed the instuction on https://github.com/aker-gateway/Aker, from the Manually section and forward... More or less the installation on my CentOS7 server:

yum -y install python2-paramiko python-configparser python-redis python-urwid python2-wcwidth redis

Which log would you be intrested in ? I include som part of the /var/log/aker/aker.log here:

2020-02-16 14:58:36,594 - INFO - Core: Starting up, user=peter from=10.0.0.252:48118
2020-02-16 14:58:36,671 - DEBUG - Core: using Identity Provider Json
2020-02-16 14:58:36,671 - INFO - IdPFactory: trying dynamic loading of module : Json 
2020-02-16 14:58:36,671 - INFO - Json: loaded
2020-02-16 14:58:36,672 - DEBUG - Json: loading all hosts from /etc/aker/hosts.json
2020-02-16 14:58:36,672 - DEBUG - Json: loading all users from /etc/aker/hosts.json
2020-02-16 14:58:36,672 - DEBUG - Json: loading all usergroups from /etc/aker/hosts.json
2020-02-16 14:58:36,672 - DEBUG - Json: loading hosts/groups for user peter
2020-02-16 14:58:36,672 - DEBUG - Json: loading host haproxy for user peter
2020-02-16 14:58:36,673 - DEBUG - Hosts: deleting hosts for user peter from cache
2020-02-16 14:58:36,673 - DEBUG - Hosts: adding host haproxy to cache
2020-02-16 14:58:36,674 - DEBUG - Hosts: deleting hostgroups for user peter from cache
2020-02-16 14:58:36,674 - DEBUG - Hosts: adding hostgroup linuxservers to cache
2020-02-16 14:58:36,674 - DEBUG - Core: Drawing TUI
2020-02-16 14:58:36,676 - DEBUG - TUI: tui started
2020-02-16 14:58:39,731 - DEBUG - TUI: user peter chose hostgroup linuxservers 
2020-02-16 14:58:39,731 - DEBUG - TUI: host haproxy is in hostgroup linuxservers, adding
2020-02-16 14:58:39,731 - DEBUG - TUI: Host search handler called with text 
2020-02-16 14:58:39,732 - DEBUG - TUI: host haproxy matches search text 
2020-02-16 14:58:41,627 - DEBUG - TUI: user peter chose server haproxy 
2020-02-16 14:58:41,628 - DEBUG - Core: pausing TUI
2020-02-16 14:58:41,628 - DEBUG - TUI: tui paused
2020-02-16 15:00:01,058 - INFO - Core: Starting up, user=peter from=10.0.0.252:48138
2020-02-16 15:00:01,099 - DEBUG - Core: using Identity Provider Json
2020-02-16 15:00:01,099 - INFO - IdPFactory: trying dynamic loading of module : Json 
2020-02-16 15:00:01,100 - INFO - Json: loaded
2020-02-16 15:00:01,100 - DEBUG - Json: loading all hosts from /etc/aker/hosts.json
2020-02-16 15:00:01,100 - DEBUG - Json: loading all users from /etc/aker/hosts.json
2020-02-16 15:00:01,100 - DEBUG - Json: loading all usergroups from /etc/aker/hosts.json
2020-02-16 15:00:01,100 - DEBUG - Json: loading hosts/groups for user peter
2020-02-16 15:00:01,100 - DEBUG - Json: loading host haproxy for user peter
2020-02-16 15:00:01,102 - DEBUG - Hosts: loading host haproxy from cache
2020-02-16 15:00:01,102 - INFO - Hosts: loading hosts from cache
2020-02-16 15:00:01,102 - DEBUG - Core: Drawing TUI
2020-02-16 15:00:01,104 - DEBUG - TUI: tui started
2020-02-16 15:00:07,315 - DEBUG - TUI: user peter chose hostgroup linuxservers 
2020-02-16 15:00:07,315 - DEBUG - TUI: host haproxy is in hostgroup linuxservers, adding
2020-02-16 15:00:07,315 - DEBUG - TUI: Host search handler called with text 
2020-02-16 15:00:07,315 - DEBUG - TUI: host haproxy matches search text 
2020-02-16 15:00:09,627 - DEBUG - TUI: User peter unhandled input : backspace
2020-02-16 15:00:10,219 - DEBUG - TUI: Group search handler called with text 
2020-02-16 15:00:10,219 - DEBUG - TUI: hostgroup linuxservers matches search text 
2020-02-16 15:00:10,219 - DEBUG - TUI: Group search handler called with text 
2020-02-16 15:00:10,219 - DEBUG - TUI: hostgroup linuxservers matches search text 
2020-02-16 15:00:11,106 - DEBUG - TUI: user peter chose hostgroup linuxservers 
2020-02-16 15:00:11,106 - DEBUG - TUI: host haproxy is in hostgroup linuxservers, adding
2020-02-16 15:00:11,107 - DEBUG - TUI: Host search handler called with text 
2020-02-16 15:00:11,107 - DEBUG - TUI: host haproxy matches search text 
2020-02-16 15:00:11,779 - DEBUG - TUI: user peter chose server haproxy 
2020-02-16 15:00:11,779 - DEBUG - Core: pausing TUI
2020-02-16 15:00:11,779 - DEBUG - TUI: tui paused
2020-02-16 15:04:18,460 - INFO - Core: Starting up, user=peter from=10.0.0.252:48292
2020-02-16 15:04:18,471 - DEBUG - Core: using Identity Provider Json
2020-02-16 15:04:18,471 - INFO - IdPFactory: trying dynamic loading of module : Json 
2020-02-16 15:04:18,472 - INFO - Json: loaded
2020-02-16 15:04:18,472 - DEBUG - Json: loading all hosts from /etc/aker/hosts.json
2020-02-16 15:04:18,472 - DEBUG - Json: loading all users from /etc/aker/hosts.json
2020-02-16 15:04:18,472 - DEBUG - Json: loading all usergroups from /etc/aker/hosts.json
2020-02-16 15:04:18,472 - DEBUG - Json: loading hosts/groups for user peter
2020-02-16 15:04:18,472 - DEBUG - Json: loading host haproxy.wirdemo.com for user peter
2020-02-16 15:04:18,474 - DEBUG - Hosts: deleting hosts for user peter from cache
2020-02-16 15:04:18,474 - DEBUG - Hosts: adding host haproxy.wirdemo.com to cache
2020-02-16 15:04:18,474 - DEBUG - Hosts: deleting hostgroups for user peter from cache
2020-02-16 15:04:18,474 - DEBUG - Hosts: adding hostgroup linuxservers to cache
2020-02-16 15:04:18,475 - DEBUG - Core: Drawing TUI
2020-02-16 15:04:18,477 - DEBUG - TUI: tui started
2020-02-16 15:04:19,649 - DEBUG - TUI: user peter chose hostgroup linuxservers 
2020-02-16 15:04:19,649 - DEBUG - TUI: host haproxy.wirdemo.com is in hostgroup linuxservers, adding
2020-02-16 15:04:19,650 - DEBUG - TUI: Host search handler called with text 
2020-02-16 15:04:19,650 - DEBUG - TUI: host haproxy.wirdemo.com matches search text 
2020-02-16 15:04:21,081 - DEBUG - TUI: user peter chose server haproxy.wirdemo.com 
2020-02-16 15:04:21,081 - DEBUG - Core: pausing TUI
2020-02-16 15:04:21,081 - DEBUG - TUI: tui paused
2020-02-16 15:11:34,347 - INFO - Core: Starting up, user=peter from=10.0.0.252:48538
2020-02-16 15:11:34,347 - DEBUG - Core: using Identity Provider Json
2020-02-16 15:11:34,347 - INFO - IdPFactory: trying dynamic loading of module : Json 
2020-02-16 15:11:34,348 - INFO - Json: loaded
2020-02-16 15:11:34,348 - DEBUG - Json: loading all hosts from /etc/aker/hosts.json
2020-02-16 15:11:34,348 - DEBUG - Json: loading all users from /etc/aker/hosts.json
2020-02-16 15:11:34,348 - DEBUG - Json: loading all usergroups from /etc/aker/hosts.json
2020-02-16 15:11:34,348 - DEBUG - Json: loading hosts/groups for user peter
2020-02-16 15:11:34,348 - DEBUG - Json: loading host haproxy.wirdemo.com for user peter
2020-02-16 15:11:34,350 - DEBUG - Hosts: loading host haproxy.wirdemo.com from cache
2020-02-16 15:11:34,350 - INFO - Hosts: loading hosts from cache
2020-02-16 15:11:34,350 - DEBUG - Core: Drawing TUI
2020-02-16 15:11:34,352 - DEBUG - TUI: tui started
2020-02-16 15:11:36,903 - DEBUG - TUI: user peter chose hostgroup linuxservers 
2020-02-16 15:11:36,904 - DEBUG - TUI: host haproxy.wirdemo.com is in hostgroup linuxservers, adding
2020-02-16 15:11:36,904 - DEBUG - TUI: Host search handler called with text 
2020-02-16 15:11:36,904 - DEBUG - TUI: host haproxy.wirdemo.com matches search text 
2020-02-16 15:11:38,183 - DEBUG - TUI: user peter chose server haproxy.wirdemo.com 
2020-02-16 15:11:38,183 - DEBUG - Core: pausing TUI
2020-02-16 15:11:38,183 - DEBUG - TUI: tui paused
EoleDev commented 4 years ago

Hi @pewo , Thanks for your answer. I reproduced your problem. The patch #95 I introduced on this repo was testing against the 2.1.0 version of urwid. The problem is centos package the 1.1.1 version. There is a lot of breaking changes in the 2.0.0 version.

@anazmy May we update the deployment instructions to use pip with requirements ? It would allow to use new version of dependencies.

anazmy commented 4 years ago

First, sorry for delays as am on biz travel now.

@EoleDev Thank you so much for checking on that.

@pewo I see the issue might be cuz of urwid incompatibility as @EoleDev mentioned. I did revert the change causing this for now, can you please check with latest phase0 branch and let us know how it goes?

@EoleDev I guess we will need to keep up with the lowest common denominator across distros, for package compatibility I mean. Maybe revisit issue #88 if it is reproducible with debug logs, what do you think?

EoleDev commented 4 years ago

Hi @anazmy, The fact is the documentation only explain how to deploy on centos7. These packages will not exist on other distributions.

All the people who want to use it on another distrib, will use pip with your requirements.txt. They will all end up with urwid 2.1.0 or later installed. So your project will not work.

The best solution would be to drop the deployment instructions on centos7 to only rely on pip. I am using your project on centos7 with pip requirements and with my patch all is working well.

pewo commented 4 years ago

I did a git pull and distributed that to my aker host. Works like a charm, many thanks for this quick responce.

I would like to add, that using repo installation is way much easier then using pip for me. Mostly since I'm planning to use this in a disconnected network.

EoleDev commented 4 years ago

@pewo If you are using the packages in a disconnected network, I think you are hosting your own centos 7 repo ? Could you just host a pypy repo too ?

The problem with supporting the old version packaged by centos, is that we can't support other distribs well. With pip we ensure that all the distributions will use the same packages and install instructions.

Furthermore, we could use the last version of dependencies which could help implement new functionalities or fix some bugs.

anazmy commented 4 years ago

@EoleDev you have a point and that's why I created https://github.com/aker-gateway/aker-freeipa-playbook

And I had disconnected environments in mind like @pewo case while handling this installer.

Maybe drop the manual instructions in favor of this playbook to avoid confusion? Just thinking out loud

EoleDev commented 4 years ago

@anazmy The only problem with the playbook is the fact it use ansible. My company is currently using puppet to manage configurations. So I can't use this playbook. All the people using Aker on small environment would be forced to deploy an ansible environment only to install aker.

The playbook is quite useful for people already using ansible. But you should keep installations instructions for people who just want to deploy the project.

pewo commented 4 years ago

I think that a "manual" installation instruction is good to have. I was planning to move this to a Dockerized solution. Also i might not be intreseted in everything included in the "Ansible installation" version.

We have looked into mirroring pip repo, but there are som security issues around this. CentOS/epel is ok to mirror at this time. Which makes installation of aker simple for me :-)

I can understand using pip instead which to not use the very old packages in CentOS repos...

EoleDev commented 4 years ago

@anazmy, What do you want to do? I could open a PR request with the change you need.