mokey service failing to start

[pqvindesland]

Hi

Mokey doesn't start on a Centos 8 instance with IPA 4.8.7-13 installed

After following the instructions and issuing systemctl restart mokey the service fails to start and doesn't give much information, systemctl status mokey gives the output below but i am not sure what the error is, does anyone have any suggestions?

mokey.service - mokey server Loaded: loaded (/usr/lib/systemd/system/mokey.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2021-01-28 17:05:18 CET; 6s ago Process: 2807 ExecStart=/usr/bin/mokey --debug server (code=exited, status=1/FAILURE) Main PID: 2807 (code=exited, status=1/FAILURE)

Jan 28 17:05:18 ldap2.inne.proxdynamics.com systemd[1]: Started mokey server. Jan 28 17:05:18 ldap2.inne.proxdynamics.com mokey[2807]: time="2021-01-28T17:05:18+01:00" level=info msg="Using template dir: /usr/share/mokey/templates" Jan 28 17:05:18 ldap2.inne.proxdynamics.com mokey[2807]: time="2021-01-28T17:05:18+01:00" level=fatal msg="encoding/hex: invalid byte: U+0048 'H'" Jan 28 17:05:18 ldap2.inne.proxdynamics.com systemd[1]: mokey.service: Main process exited, code=exited, status=1/FAILURE Jan 28 17:05:18 ldap2.inne.proxdynamics.com systemd[1]: mokey.service: Failed with result 'exit-code'.

[gah242s]

Seeing the same on Centos 7. I believe that this is related to something in a recent system update that created the problem. The current 0.5.4-1.el7.x86_64 version was working before system updates.

[aebruno]

@gah242s what version of FreeIPA are you running?

[gah242s]

Whatever is latest. Looks like 4.6.8-5.el7.centos from Base.

[Ashaman-]

Same issue here on CentOS 7...

[aebruno]

Having trouble re-producing this. Tested on ipa-server-4.6.8-5.el7.x86_64 and mokey v0.5.4 and all works well. The above error looks to be about a mis-configured enc_key? Can you verify your config is correct. See this issue #40

[gah242s]

I haven't changed the .yaml file from the initial install of 0.5.3. Additionally, this was working after the upgrade to 0.5.4, but before OS updates. I guess I could regen a new enc_key and see if it changes things?

[aebruno]

@gah242s Yes, give that a shot. There was a change in 0.5.4 that ensured the enc_key is properly set. Let me know if that fixes your issue.

[gah242s]

That didn't help. However, for kicks, I regenerated the auth_key then with openssl rand -hex 64, resulting a 128 character key. That made the difference and it is now running, though I haven't actually tested anything, but it is started. I'm not sure if both are needed or only one. I can say that doing enc_key alone did not make the change to allow the service to start.

[aebruno]

@gah242s Great. Thanks for testing. The next version of mokey should have an easier way of generating these keys as they tend to trip up new users.

[zem]

I ran into the same error and I ended up using:

export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 64 | head -n 1

as MOKEY_AUTH_KEY

and

export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 32 | head -n 1

as MOKEY_ENC_KEY

The documentation definitely has some "room for improvement" here.

[aebruno]

I ran into the same error and I ended up using:

export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 64 | head -n 1

@zem Thanks for sharing this, I'll add it to the docs.

The documentation definitely has some "room for improvement" here.

Agreed. The docs need a lot of work. We're also working on improving the key generation in the next major release of mokey which will make this much more user friendly.