afourmy
commented
3 years ago looks like the tacacs / vault (hvac) library is not installed. there should be an error message when you start eNMS telling you that the import failed ?
Closed jsmith7735 closed 3 years ago
afourmy
commented
3 years ago looks like the tacacs / vault (hvac) library is not installed. there should be an error message when you start eNMS telling you that the import failed ?
jsmith7735
commented
3 years ago @afourmy
Thanks for the response. I installed the optional requirements and it does appear as the TACACS+ may be working now. I have to define the TACACS user and password in the database of eNMS. Is this the intended behavior? I would expect that eNMS would authenticate against the TACACS+ server. If this is the case then I can consider the TACACS issue resolved.
Vault appears to be working but the default login stop functioning. Is there a method to update the Vault database or get eNMS to reinitialize the default credentials?
I was able to stay logged in across restarts of the eNMS service. I was able to attempt to create a new user with Vault enable. I am now receiving the error listed below.
afourmy
commented
3 years ago I have to define the TACACS user and password in the database of eNMS. Is this the intended behavior?
no the intended behavior is to query the tacacs+ server... are you selecting tacacs in the login page ?
I am now receiving the error listed below.
looks like the VAULT_TOKEN env variable is not defined, or maybe the version of the vault is too old, I'm not sure.
afourmy
commented
3 years ago closing as this is an environment issue, not a bug in eNMS
I modified the settings.json file on the local machine to add the TACACS+ address and the enable flag. I also set the environment variable using the system service configuration. When I try to log in via these are the log messages that I am noticing. I also did tcpdump to look for outbound packets on TCP/49 . This did not return any results. Based on the log and the lack of packets going out I believe there is an issue on the eNMS side.
Mar 13 21:52:59 cersrenms01 gunicorn[37420]: [2021-03-13 21:52:59 +0000] [37420] [DEBUG] POST /login Mar 13 21:52:59 cersrenms01 gunicorn[37420]: 2021-03-13 21:52:59,053 WARNING Authentication error for user 'myusername' (name 'TACACSClient' is not defined)
When I change the settings.json file to enable vault, the eNMS application fails to load. I receive the error messages below. Mar 13 22:08:54 cersrenms01 gunicorn[38435]: from eNMS.server import server as app # noqa: F401 Mar 13 22:08:54 cersrenms01 gunicorn[38435]: File "/var/www/eNMS/eNMS/init.py", line 3, in
Mar 13 22:08:54 cersrenms01 gunicorn[38435]: app = App()
Mar 13 22:08:54 cersrenms01 gunicorn[38435]: File "/var/www/eNMS/eNMS/controller/base.py", line 74, in init
Mar 13 22:08:54 cersrenms01 gunicorn[38435]: self.init_vault_client()
Mar 13 22:08:54 cersrenms01 gunicorn[38435]: File "/var/www/eNMS/eNMS/controller/base.py", line 329, in init_vault_client
Mar 13 22:08:54 cersrenms01 gunicorn[38435]: self.vault_client = VaultClient(url=url, token=getenv("VAULT_TOKEN"))
Mar 13 22:08:54 cersrenms01 gunicorn[38435]: NameError: name 'VaultClient' is not defined
Mar 13 22:08:54 cersrenms01 systemd[1]: enms.service: Main process exited, code=exited, status=1/FAILURE
Mar 13 22:08:54 cersrenms01 systemd[1]: enms.service: Failed with result 'exit-code'.
I can seal and unseal the vault manually. I used the Hashicorp installation instructions to install and setup the Vault server.