Closed nicolasbouchard-ubi closed 7 months ago
jborean93
commented
7 months ago While pypsrp[kerberos] should theoretically be pulling in the kerberos components of pyspnego something is going wrong with the import process at runtime. What happens when you just run python3 -m pip list or python3 -c "import gssapi" in the execution environment? For whatever reason when pyspnego goes to import gssapi it is failing to do so.
nicolasbouchard-ubi
commented
7 months ago python3 -m pip list
Package Version
---------------------- --------
ansible-core 2.15.9
ansible-runner 2.3.4
attrs 23.2.0
autopage 0.5.2
azure-core 1.30.0
azure-identity 1.15.0
boto3 1.34.39
botocore 1.34.39
certifi 2024.2.2
cffi 1.16.0
charset-normalizer 3.3.2
cliff 4.5.0
cmd2 2.4.3
cryptography 42.0.2
dbus-python 1.2.18
debtcollector 2.5.0
decorator 5.1.1
docutils 0.20.1
dogpile.cache 1.3.1
dumb-init 1.2.5
gpg 1.15.1
hvac 2.1.0
idna 3.6
importlib-metadata 6.2.1
importlib-resources 5.0.7
iso8601 2.1.0
Jinja2 3.1.3
jmespath 1.0.1
jsonpatch 1.33
jsonpointer 2.4
keystoneauth1 5.5.0
libcomps 0.1.18
lockfile 0.12.2
MarkupSafe 2.1.5
msal 1.26.0
msal-extensions 1.1.0
msgpack 1.0.7
netaddr 1.0.0
netifaces 0.11.0
openstacksdk 2.1.0
os-service-types 1.7.0
osc-lib 3.0.0
oslo.config 9.3.0
oslo.i18n 6.2.0
oslo.serialization 5.3.0
oslo.utils 7.0.0
packaging 23.2
pathspec 0.12.1
pbr 6.0.0
pexpect 4.9.0
pip 24.0
platformdirs 4.2.0
portalocker 2.8.2
prettytable 3.9.0
ptyprocess 0.7.0
pycparser 2.21
PyJWT 2.8.0
pykerberos 1.2.4
pyparsing 3.1.1
pyperclip 1.8.2
pypsexec 0.3.0
pypsrp 0.8.1
pyspnego 0.10.2
python-cinderclient 9.4.0
python-daemon 3.0.1
python-dateutil 2.8.1
python-keystoneclient 5.3.0
python-novaclient 18.4.0
python-openstackclient 6.5.0
pytz 2024.1
pywinrm 0.4.3
PyYAML 6.0.1
requests 2.31.0
requests-ntlm 1.2.0
requestsexceptions 1.4.0
resolvelib 1.0.1
rfc3986 2.0.0
rpm 4.16.1.3
s3transfer 0.10.0
setuptools 69.1.0
simplejson 3.19.2
six 1.15.0
smbprotocol 1.12.0
stevedore 5.1.0
systemd-python 234
typing_extensions 4.9.0
tzdata 2024.1
urllib3 1.26.18
wcwidth 0.2.13
wrapt 1.16.0
xmltodict 0.13.0
yamllint 1.34.0
zipp 3.17.0python3 -c "import gssapi"
Traceback (most recent call last):
File "<string>", line 1, in <module>
ModuleNotFoundError: No module named 'gssapi'The output indicates that the gssapi package is not available, it's not in pip list and trying to import it matches the error you get when running pypsrp with Kerberos auth. This doesn't make too much sense because your requirements was pyspnego[kerberos] but the output is clear it's not installed. You try manually installing it again with the same requirement of just gssapi explicitly. You could even see if the builder logs show anything suspicious when it comes to that requirement.
nicolasbouchard-ubi
commented
7 months ago I added gssapi explicitely and now it's in pip list. However I get a new package missing error now.
The error was: ImportError: GSSAPIProxy requires the Python gssapi library: No module named 'krb5'I'll try to add it too.
jborean93
commented
7 months ago Yea there are those two dependencies, just to be safe you can do pyspnego[kerberos]
nicolasbouchard-ubi
commented
7 months ago Good, adding these two requirements fixed Kerberos authentication with PSRP. For those who would encounter the same problem, here the final content of requirement.txt.
urllib3
hvac
cryptography
yamllint
pykerberos
pypsrp[kerberos]
pywinrm[kerberos]
gssapi
krb5
python-openstackclient
pypsexec
pyyaml
python-daemonIt's good that you have this work around, it is good to keep in mind this shouldn't be necessary. Installing pypsrp[kerberos] should be bringing in those deps automatically.
$ pip list
Package Version
------- -------
pip 23.2.1
[notice] A new release of pip is available: 23.2.1 -> 24.0
[notice] To update, run: python3.12 -m pip install --upgrade pip
$ pip install pypsrp[kerberos]
Collecting pypsrp[kerberos]
Using cached pypsrp-0.8.1-py3-none-any.whl (88 kB)
Collecting cryptography (from pypsrp[kerberos])
Obtaining dependency information for cryptography from https://files.pythonhosted.org/packages/3c/72/fb557573cebcae88c6efe3a73981181384e08408c1125a8e97a7fb3edde4/cryptography-42.0.2-cp39-abi3-manylinux_2_28_x86_64.whl.metadata
Downloading cryptography-42.0.2-cp39-abi3-manylinux_2_28_x86_64.whl.metadata (5.3 kB)
Collecting pyspnego<1.0.0 (from pypsrp[kerberos])
Obtaining dependency information for pyspnego<1.0.0 from https://files.pythonhosted.org/packages/cc/fd/06a7618de50ad13b7e85115bd1e42c1625e3365313a4c971898386781f89/pyspnego-0.10.2-py3-none-any.whl.metadata
Downloading pyspnego-0.10.2-py3-none-any.whl.metadata (5.4 kB)
Collecting requests>=2.9.1 (from pypsrp[kerberos])
Obtaining dependency information for requests>=2.9.1 from https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl.metadata
Using cached requests-2.31.0-py3-none-any.whl.metadata (4.6 kB)
Collecting charset-normalizer<4,>=2 (from requests>=2.9.1->pypsrp[kerberos])
Obtaining dependency information for charset-normalizer<4,>=2 from https://files.pythonhosted.org/packages/ee/fb/14d30eb4956408ee3ae09ad34299131fb383c47df355ddb428a7331cfa1e/charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata
Using cached charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (33 kB)
Collecting idna<4,>=2.5 (from requests>=2.9.1->pypsrp[kerberos])
Obtaining dependency information for idna<4,>=2.5 from https://files.pythonhosted.org/packages/c2/e7/a82b05cf63a603df6e68d59ae6a68bf5064484a0718ea5033660af4b54a9/idna-3.6-py3-none-any.whl.metadata
Using cached idna-3.6-py3-none-any.whl.metadata (9.9 kB)
Collecting urllib3<3,>=1.21.1 (from requests>=2.9.1->pypsrp[kerberos])
Obtaining dependency information for urllib3<3,>=1.21.1 from https://files.pythonhosted.org/packages/88/75/311454fd3317aefe18415f04568edc20218453b709c63c58b9292c71be17/urllib3-2.2.0-py3-none-any.whl.metadata
Downloading urllib3-2.2.0-py3-none-any.whl.metadata (6.4 kB)
Collecting certifi>=2017.4.17 (from requests>=2.9.1->pypsrp[kerberos])
Obtaining dependency information for certifi>=2017.4.17 from https://files.pythonhosted.org/packages/ba/06/a07f096c664aeb9f01624f858c3add0a4e913d6c96257acb4fce61e7de14/certifi-2024.2.2-py3-none-any.whl.metadata
Downloading certifi-2024.2.2-py3-none-any.whl.metadata (2.2 kB)
Collecting cffi>=1.12 (from cryptography->pypsrp[kerberos])
Obtaining dependency information for cffi>=1.12 from https://files.pythonhosted.org/packages/09/d4/8759cc3b2222c159add8ce3af0089912203a31610f4be4c36f98e320b4c6/cffi-1.16.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata
Using cached cffi-1.16.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (1.5 kB)
Collecting gssapi>=1.6.0 (from pyspnego<1.0.0->pypsrp[kerberos])
Using cached gssapi-1.8.3-cp312-cp312-linux_x86_64.whl
Collecting krb5>=0.3.0 (from pyspnego<1.0.0->pypsrp[kerberos])
Using cached krb5-0.5.1-cp312-cp312-linux_x86_64.whl
Collecting pycparser (from cffi>=1.12->cryptography->pypsrp[kerberos])
Using cached pycparser-2.21-py2.py3-none-any.whl (118 kB)
Collecting decorator (from gssapi>=1.6.0->pyspnego<1.0.0->pypsrp[kerberos])
Using cached decorator-5.1.1-py3-none-any.whl (9.1 kB)
Downloading pyspnego-0.10.2-py3-none-any.whl (129 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 129.9/129.9 kB 3.2 MB/s eta 0:00:00
Using cached requests-2.31.0-py3-none-any.whl (62 kB)
Downloading cryptography-42.0.2-cp39-abi3-manylinux_2_28_x86_64.whl (4.7 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.7/4.7 MB 13.0 MB/s eta 0:00:00
Downloading certifi-2024.2.2-py3-none-any.whl (163 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 163.8/163.8 kB 16.0 MB/s eta 0:00:00
Using cached cffi-1.16.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (477 kB)
Using cached charset_normalizer-3.3.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (141 kB)
Using cached idna-3.6-py3-none-any.whl (61 kB)
Downloading urllib3-2.2.0-py3-none-any.whl (120 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 120.9/120.9 kB 26.6 MB/s eta 0:00:00
Installing collected packages: urllib3, pycparser, krb5, idna, decorator, charset-normalizer, certifi, requests, gssapi, cffi, cryptography, pyspnego, pypsrp
Successfully installed certifi-2024.2.2 cffi-1.16.0 charset-normalizer-3.3.2 cryptography-42.0.2 decorator-5.1.1 gssapi-1.8.3 idna-3.6 krb5-0.5.1 pycparser-2.21 pypsrp-0.8.1 pyspnego-0.10.2 requests-2.31.0 urllib3-2.2.0
[notice] A new release of pip is available: 23.2.1 -> 24.0
[notice] To update, run: python3.12 -m pip install --upgrade pip
$ pip list
Package Version
------------------ --------
certifi 2024.2.2
cffi 1.16.0
charset-normalizer 3.3.2
cryptography 42.0.2
decorator 5.1.1
gssapi 1.8.3
idna 3.6
krb5 0.5.1
pip 23.2.1
pycparser 2.21
pypsrp 0.8.1
pyspnego 0.10.2
requests 2.31.0
urllib3 2.2.0
[notice] A new release of pip is available: 23.2.1 -> 24.0
[notice] To update, run: python3.12 -m pip install --upgrade pipI've tried a few permutations where pyspnego was already installed but without the extras or doing pywinrm[kerberos] pypsrp[kerberos] and all will ensure the kerberos extras (gssapi, krb5) are installed. I'm unsure what is going on in your case and why it's not installing those deps but the workaround is still an ok solution.
When trying to use PSRP with Kerberos authentication, I get this error on the first task (gather_facts):
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ImportError: GSSAPIProxy requires the Python gssapi library: No module named 'gssapi' fatal: [REDACTED]: FAILED! => {"msg": "Unexpected failure during module execution: GSSAPIProxy requires the Python gssapi library: No module named 'gssapi'", "stdout": ""}Here are my connection options:
The list of packages I install in my execution environment: bindep.txt
requirement.txt
If I switch to WinRM, everything works fine. I suspect missing/conflicting package but everything I tried didn't work. Please help!
Thanks!