Closed ELCarmen01 closed 3 years ago
aebruno
commented
3 years ago Looks like you may have an error in your config file:
Apr 12 17:56:46 mokey[14905]: Failed reading config file - While parsing config: yaml: line 52: could not find expected ':'
ELCarmen01
commented
3 years ago Hey man thanks for the replay I have invest so much time trying to get mokey to work. so yesterday I desired to build another vm and start from the beginning. but I still having issues with this one too.
Now I am getting this error: ● mokey.service - mokey server Loaded: loaded (/usr/lib/systemd/system/mokey.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2021-04-13 11:56:22 EDT; 1min 5s ago Main PID: 23716 (code=exited, status=1/FAILURE)
Apr 13 11:56:22 systemd[1]: Started mokey server. Apr 13 11:56:22 mokey[23716]: time="2021-04-13T11:56:22-04:00" level=info msg="Using template dir: /usr/sh...lates" Apr 13 11:56:22 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 13 11:56:22 systemd[1]: Unit mokey.service entered failed state. Apr 13 11:56:22 systemd[1]: mokey.service failed. Hint: Some lines were ellipsized, use -l to show in full.
here is the journal
-- Logs begin at Mon 2021-04-12 22:50:09 EDT, end at Tue 2021-04-13 12:01:01 EDT Apr 12 22:50:25 systemd[1]: Started mokey server. Apr 12 22:50:25 mokey[1612]: time="2021-04-12T22:50:2 Apr 12 22:50:25 systemd[1]: mokey.service: main proce Apr 12 22:50:25 systemd[1]: Unit mokey.service entere Apr 12 22:50:25 systemd[1]: mokey.service failed. Apr 13 11:56:22 systemd[1]: Started mokey server. Apr 13 11:56:22 mokey[23716]: time="2021-04-13T11:56: Apr 13 11:56:22 systemd[1]: mokey.service: main proce Apr 13 11:56:22 systemd[1]: Unit mokey.service entere Apr 13 11:56:22 systemd[1]: mokey.service failed. lines 1-11/11 (END)...skipping... -- Logs begin at Mon 2021-04-12 22:50:09 EDT, end at Tue 2021-04-13 12:01:01 EDT. -- Apr 12 22:50:25 systemd[1]: Started mokey server. Apr 12 22:50:25 mokey[1612]: time="2021-04-12T22:50:25-04:00" level=info msg="Using template dir: /usr/share/mokey/ Apr 12 22:50:25 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 22:50:25 systemd[1]: Unit mokey.service entered failed state. Apr 12 22:50:25 systemd[1]: mokey.service failed. Apr 13 11:56:22 systemd[1]: Started mokey server. Apr 13 11:56:22 mokey[23716]: time="2021-04-13T11:56:22-04:00" level=info msg="Using template dir: /usr/share/mokey Apr 13 11:56:22 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 13 11:56:22 systemd[1]: Unit mokey.service entered failed state. Apr 13 11:56:22 systemd[1]: mokey.service failed.
aebruno
commented
3 years ago @ELCarmen01 What happens when you try to run mokey directly? mokey --debug server
ELCarmen01
commented
3 years ago I got the error bellow, I have no idea to what password is referring
INFO[0000] Using template dir: /usr/share/mokey/templates FATA[0000] [Root cause: KDC_Error] KDC_Error: AS Exchange Error: kerberos error response from KDC: KRB Error: (23) KDC_ERR_KEY_EXPIRED Password has expired; change password to reset - CLIENT KEY EXPIRED
aebruno
commented
3 years ago Looks like you may have an issue with your keytab file. Double check the install docs section on "Create a user account and role in FreeIPA" and extracting the keytab file. Make sure you set the path to the keytab file in the config file:
keytab: "/PATH/TO/YOUR/mokey.keytab"it is running now man. :) it was the service account I crated with a strong password but I never login on a machine with it to authenticate. so to do that and not lose my strong password I reset the password to something I could remember when it ask me to change password I place my strong password. after that deleted the old keytab and make a new one. I am going to test it Thank a lot for getting me this far. :)
aebruno
commented
3 years ago Great news! Happy to help.
Hello I am trying to run Mokey on Centos 7 but I cant get it to star for more then I try.
here is my mokey.yaml file info
Database connection
------------------------------------------------------------------------------
dsn: "pwmDB_service:password12345@/myDB?parseTime=true"
Database driver
------------------------------------------------------------------------------
driver: "mysql"
------------------------------------------------------------------------------
Secure webserver port to listen on
------------------------------------------------------------------------------
port: 8080
------------------------------------------------------------------------------
Insecure redirect host and port. If set will redirect http to https
------------------------------------------------------------------------------
insecure_redirect_port: 80
insecure_redirect_host: localhost
------------------------------------------------------------------------------
Webserver interface to listen on
------------------------------------------------------------------------------
For utilizing all available IP interfaces, use:
bind: "0.0.0.0"
For localhost only, use:
bind: "0.0.0.0"
------------------------------------------------------------------------------
SSL certificate
------------------------------------------------------------------------------
cert: "/path/to/cert"
------------------------------------------------------------------------------
SSL private key
-------------------------------------------------------------------
key: "/path/to/key"
------------------------------------------------------------------------------
Password requirements
------------------------------------------------------------------------------
min_passwd_len: 8
min_passwd_classes: 2
------------------------------------------------------------------------------
Authentication key used for HMAC token signing and secure cookies
------------------------------------------------------------------------------
auth_key:2b77aa23478e247532ec6d09529f94e1ef8eca3a4a28a72ee0c42cae296e047c
------------------------------------------------------------------------------
Encryption key used for encrypting cookies
------------------------------------------------------------------------------
enc_key:41301c097a903de0dfc0f368179ad4d1
------------------------------------------------------------------------------
Templates directory
------------------------------------------------------------------------------
templates: /usr/share/mokey/templates
------------------------------------------------------------------------------
Custom URL context path
------------------------------------------------------------------------------
path_prefix: "/mokey"
------------------------------------------------------------------------------
FreeIPA server hostname (defaults to /etc/ipa/default.conf)
------------------------------------------------------------------------------
ipahost: "ipa.example.edu"
------------------------------------------------------------------------------
Keytab file and username for mokey to user for operations requiring elevated
privileges (should have "Modify users and Reset passwords" privilege in
FreeIPA)
------------------------------------------------------------------------------
keytab: "/etc/mokey/keytab/pwm_service.keytab" ktuser: "pwm_service"
------------------------------------------------------------------------------
Enable rate limiting based on remote ip (requires redis)
------------------------------------------------------------------------------
rate_limit: false
------------------------------------------------------------------------------
Redis server (used for rate limiting)
------------------------------------------------------------------------------
redis: ":6379"
------------------------------------------------------------------------------
Max POST requests. This value sets a max limit on the number of POST requests
made in a given time period. The time is defined by "rate_limit_expire".
------------------------------------------------------------------------------
max_requests: 15
------------------------------------------------------------------------------
The expire time in seconds for the max_requests counter. By default the
number of post requests from a given IP address is limited to 15 requests per
hour.
------------------------------------------------------------------------------
rate_limit_expire: 3600
------------------------------------------------------------------------------
SMTP server
------------------------------------------------------------------------------
smtp_host: "localhost"
smtp_username: "username"
smtp_password: "password"
------------------------------------------------------------------------------
SMTP port / TLS
Possible values for TLS are:
- on: Connection is fully encrypted with TLS
- off: Connection is unencrypted
- starttls: Connections is encrypted on demand via the STARTTLS command
------------------------------------------------------------------------------
smtp_port: 25 smtp_tls: "off"
------------------------------------------------------------------------------
From address used when sending emails
------------------------------------------------------------------------------
email_from: "helpdesk@example.edu"
------------------------------------------------------------------------------
Email signature used when sending emails
------------------------------------------------------------------------------
email_sig: "Mr. System Administrator"
------------------------------------------------------------------------------
Base URL of mokey server. Used for links in emails
------------------------------------------------------------------------------
email_link_base: "http://localhost:8080"
------------------------------------------------------------------------------
Subject prefix used when sending emails
------------------------------------------------------------------------------
email_prefix: "mokey"
------------------------------------------------------------------------------
Max age (in seconds) of setup account email tokens.
------------------------------------------------------------------------------
setup_max_age: 86400
------------------------------------------------------------------------------
Max age (in seconds) of reset password email tokens.
------------------------------------------------------------------------------
reset_max_age: 3600
------------------------------------------------------------------------------
Max attempts for password resets and account setup.
------------------------------------------------------------------------------
max_attempts: 10
------------------------------------------------------------------------------
Sign emails using PGP/Mime
------------------------------------------------------------------------------
pgp_sign: false
------------------------------------------------------------------------------
PGP private key
------------------------------------------------------------------------------
pgp_key: "/path/to/key.gpg"
------------------------------------------------------------------------------
passphrase for PGP private key (if encrypted)
------------------------------------------------------------------------------
pgp_passphrase: "secret"
------------------------------------------------------------------------------
CAPTCHA support
------------------------------------------------------------------------------
enable_captcha: true
------------------------------------------------------------------------------
New User Account Signup
------------------------------------------------------------------------------
enable_user_signup: true
default_shell: "/bin/bash"
default_homedir: "/home"
------------------------------------------------------------------------------
Require FreeIPA admin to activate the account. With this option enabled new
accounts are disabled by default until a FreeIPA admin activates them.
This option is mutually exclusive with require_verify_email.
------------------------------------------------------------------------------
require_verify_admin: false
------------------------------------------------------------------------------
Require users to verify email address. With this option enabled new accounts
are disabled by default until the user verifies their email address
This option is mutually exclusive with require_verify_admin.
------------------------------------------------------------------------------
require_verify_email: false
------------------------------------------------------------------------------
Developer mode
------------------------------------------------------------------------------
develop: false
------------------------------------------------------------------------------
Globus Signup
------------------------------------------------------------------------------
globus_signup: false
globus_iss: "https://auth.globus.org"
globus_client_id: "xxx"
globus_secret: "xxx"
globus_trusted_providers:
- xxx
- xxx
------------------------------------------------------------------------------
Hydra config
------------------------------------------------------------------------------
hydra_admin_url: "https://localhost:4445"
hydra_consent_skip: false
hydra_consent_timeout: 86400
hydra_login_timeout: 86400
hydra_fake_tls_termination: true
------------------------------------------------------------------------------
Public oauth2 clients for Api Key access (requires Hydra)
------------------------------------------------------------------------------
enable_api_keys: false
enabled_api_client_ids:
- openstack-api
- mypublic-api
#
openstack-api:
name: "Openstack CLI"
desc: "Access to Openstack CLI"
scopes: openid
#
mypublic-api:
name: "Some other API"
desc: "Access to some other API"
scopes: openid
...
this are the errors
systemctl status mokey ● mokey.service - mokey server Loaded: loaded (/usr/lib/systemd/system/mokey.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2021-04-12 18:00:29 EDT; 10s ago Main PID: 16481 (code=exited, status=1/FAILURE)
Apr 12 18:00:29 systemd[1]: Started mokey server. Apr 12 18:00:29 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 18:00:29 systemd[1]: Unit mokey.service entered failed state. Apr 12 18:00:29 systemd[1]: mokey.service failed.
journalctl -u mokey
-- Logs begin at Mon 2021-04-12 11:33:12 EDT, end at Mon 2021-04-12 18:00:34 EDT. -- Apr 12 11:33:23 systemd[1]: Started mokey server. Apr 12 11:33:23 mokey[1576]: time="2021-04-12T11:33:23-04:00" level=info msg="Using template dir: /usr/share/mokey/templates" Apr 12 11:33:23 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 11:33:23 systemd[1]: Unit mokey.service entered failed state. Apr 12 11:33:23 systemd[1]: mokey.service failed. Apr 12 11:51:16 systemd[1]: Started mokey server. Apr 12 11:51:16 mokey[7145]: time="2021-04-12T11:51:16-04:00" level=info msg="Using template dir: /usr/share/mokey/templates" Apr 12 11:51:16 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 11:51:16 systemd[1]: Unit mokey.service entered failed state. Apr 12 11:51:16 systemd[1]: mokey.service failed. Apr 12 12:15:54 systemd[1]: Started mokey server. Apr 12 12:15:54 mokey[17359]: time="2021-04-12T12:15:54-04:00" level=info msg="Using template dir: /usr/share/mokey/templates" Apr 12 12:15:54 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 12:15:54 systemd[1]: Unit mokey.service entered failed state. Apr 12 12:15:54 systemd[1]: mokey.service failed. Apr 12 12:26:06 systemd[1]: Started mokey server. Apr 12 12:26:06 mokey[21596]: time="2021-04-12T12:26:06-04:00" level=info msg="Using template dir: /usr/share/mokey/templates" Apr 12 12:26:06 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 12:26:06 systemd[1]: Unit mokey.service entered failed state. Apr 12 12:26:06 systemd[1]: mokey.service failed. Apr 12 17:22:08 systemd[1]: Started mokey server. Apr 12 17:22:08 mokey[383]: time="2021-04-12T17:22:08-04:00" level=info msg="Using template dir: /usr/share/mokey/templates" Apr 12 17:22:08 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 17:22:08 systemd[1]: Unit mokey.service entered failed state. Apr 12 17:22:08 systemd[1]: mokey.service failed. Apr 12 17:28:44 systemd[1]: Started mokey server. Apr 12 17:28:44 mokey[3241]: time="2021-04-12T17:28:44-04:00" level=info msg="Using template dir: /usr/share/mokey/templates" Apr 12 17:28:44 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 17:28:44 systemd[1]: Unit mokey.service entered failed state. Apr 12 17:28:44 systemd[1]: mokey.service failed. Apr 12 17:46:27 systemd[1]: Started mokey server. Apr 12 17:46:27 mokey[10586]: time="2021-04-12T17:46:27-04:00" level=info msg="Using template dir: /usr/share/mokey/templates" Apr 12 17:46:27 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 17:46:27 systemd[1]: Unit mokey.service entered failed state. Apr 12 17:46:27 systemd[1]: mokey.service failed. Apr 12 17:55:45 systemd[1]: Started mokey server. Apr 12 17:55:45 mokey[14455]: time="2021-04-12T17:55:45-04:00" level=info msg="Using template dir: /usr/share/mokey/templates" Apr 12 17:55:45 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 17:55:45 systemd[1]: Unit mokey.service entered failed state. Apr 12 17:55:45 systemd[1]: mokey.service failed. Apr 12 17:56:46 systemd[1]: Started mokey server. Apr 12 17:56:46 mokey[14905]: Failed reading config file - While parsing config: yaml: line 52: could not find expected ':' Apr 12 17:56:46 mokey[14905]: NAME: Apr 12 17:56:46 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 17:56:46 systemd[1]: Unit mokey.service entered failed state. Apr 12 17:56:46 systemd[1]: mokey.service failed. Apr 12 18:00:29 systemd[1]: Started mokey server. Apr 12 18:00:29 systemd[1]: mokey.service: main process exited, code=exited, status=1/FAILURE Apr 12 18:00:29 systemd[1]: Unit mokey.service entered failed state. Apr 12 18:00:29 systemd[1]: mokey.service failed. #