Re: [OpenXPKI-users] OpenxPKI Update
Hi Elias, > After updating our Debian server from version 9 to 11 and also updating the > OpenXPKI installation and configuration, I am encountering the following > problem: > openxpkictl[1592]: Please set database schema version! at > /usr/share/perl5/OpenXPKI/Server/Init.pm line 291. > Here is the database configuration: > (/etc/openxpki/config.d/system/database.yaml) > main: > debug: 1 > type: MariaDB > name: openxpki > host: localhost > #port: 3306 > user: openxpki > passwd: password > Can you help me correct the configuration? Best regards, Elias In version 3.26 we introduced a version indicator which will help us to address schema updates in the future more easily. Please read the file contrib/sql/UPGRADE.md in the configuration repository and perform the necessary updates on the database: https://github.com/openxpki/openxpki-config/blob/community/contrib/sql/UPGRADE.md Cheers Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Failed Action: csr_notify_pending - ERROR: requested value is not a scalar
Found this at the end of perl5/Connector/Builtin/Memory.pm:
=item primary_attribute
If your data consists of hashes as leaf nodes, set this to the name of
the node that is considered the primary attribute, e.g. the name of a
person. If you now access the key on the penultimate level using I
you will receive the value of this attribute back.
user1234:
name: John Doe
email: john@acme.com
When you call I on this structure, the connector will
usually die with a "not a scalar" error. With I
you will get back I.
=back
This seems relevant to the issue I'm seeing. Is this something I can
change, or is this an issue with how the server is calling this function?
On Fri, Dec 22, 2023 at 9:22 AM Maximillian Busiek <
busiek.maximill...@gmail.com> wrote:
> After a quick test modifying the smtp.yaml file slightly, and sending a
> test email, I get the same error as before:
>
> root@openxpki:~/openxpki# docker exec -it openxpki-openxpki-server-1
> openxpkicli send_notification --arg message=testmail --param notify_to=
> busiek.maximill...@gmail.com
> Error: Error while executing API command
> requested value is not a scalar at
> /usr/share/perl5/Connector/Builtin/Memory.pm line 74, line 1.
>
> logs:
>
> 2023/12/22 14:05:33 ERROR Error while executing API command; __caller__ =>
> /usr/share/perl5/OpenXPKI/Service/Default.pm:644, __command__ =>
> send_notification, __error__ => requested value is not a scalar at
> /usr/share/perl5/Connector/Builtin/Memory.pm line 74, line 1.
> [pid=17|user=Anonymous|role=System|sid=QmyG|pki_realm=the-sprawl]
>
> and the relevant part of smtp.yaml:
>
> # Sample config for good old email notifications
> backend:
> class: OpenXPKI::Server::Notification::SMTP
> host: smtp.gmail.com
> # FQDN for helo - defaults to system fqdn
> helo: certs.internal.the-sprawl.org
> port: 587
> starttls: 1
> username: busiek.maximill...@gmail.com
> password:
> debug: 0
> # You need to install MIME::Tools for html support
> use_html: 0
>
> #smime:
> # certificate_key_file: /etc/openxpki/local/smime.key
> # certificate_file: /etc/openxpki/local/smime.crt
> # certificate_key_password: test
>
> # alternative to key/certificate, requires Crypt::SMIME 0.17 or newer!
> #certificate_p12_file: /etc/openxpki/local/smime.p12
>
> default:
> to: "[% data.notify_to %]"
> from: busiek.maximill...@gmail.com
> reply: busiek.maximill...@gmail.com
> cc: schmitt.maximill...@gmail.com
> prefix: PKI [% meta_wf_id %]
> images:
> banner: head.png
>
> # template settings
> template:
> dir: /etc/openxpki/template/email/
>
> message:
> testmail:
> default: # The internal handle for this thread
> template: testmail
> subject: SMTP Notification Test
> from: busiek.maximill...@gmail.com
> reply: ''
> cc: ''
> prefix: ''
>
> csr_created: # The message Id as referenced in the activity
> default: # The internal handle for this thread
> template: csr_created_user
> subject: CSR for [% cert_subject %]
>
> raop: # Another internal handle for a second thread
> template: csr_created_raop # Suffix .txt is always added!
> to: busiek.maximill...@gmail.com
> cc: ''
> reply: "[% IF data; IF data.notify_cc; data.notify_cc; ELSE;
> data.notify_to; END; END; %]"
> subject: CSR for [% cert_subject %]
>
>
>
>
>
> Is there something I'm missing? In reading the docs, it seems like you can
> just (at least for testing) use the templates directory as I am doing, so I
> don't think it's having an issue reading the files. I've tried looking at
> the perl code at Connector/Builtin/Memory.pm but I couldn't really make
> heads or tails of what it would be expecting and what is 'not a scalar' in
> that call:
>
> sub get {
>
> my $self = shift;
> my $value = $self->_get_node( shift );
>
> return $self->_node_not_exists() unless (defined $value);
>
> if (ref $value ne '') {
> die "requested value is not a scalar"
> unless ($self->has_primary_attribute() && ref $value eq
> 'HASH');
>
> return $self->_node_not_exists()
> unless (defined $value->{$self->primary_attribute});
>
> die "primary_attribute is not a scalar"
> unless (ref $value->{$self->primary_attribute} eq '');
>
> return $value->{$self->primary_attribute};
> }
>
> return $value;
>
> }
>
> On Fri, Dec 22, 2023 at 8:55 AM Maximillian Busiek <
> busiek.maximill...@gmail.com> wrote:
>
>> Hi Martin,
>>
>> I had left the notification and metadata handling at default - hadn't
>> touched them since initial setup, and was getting this error. I then tried
>> setting up the smtp backend, but I may not have done it correctly. I'll
>> start digging into the notification handling, as that does seem to be
Re: [OpenXPKI-users] Failed Action: csr_notify_pending - ERROR: requested value is not a scalar
After a quick test modifying the smtp.yaml file slightly, and sending a
test email, I get the same error as before:
root@openxpki:~/openxpki# docker exec -it openxpki-openxpki-server-1
openxpkicli send_notification --arg message=testmail --param notify_to=
busiek.maximill...@gmail.com
Error: Error while executing API command
requested value is not a scalar at
/usr/share/perl5/Connector/Builtin/Memory.pm line 74, line 1.
logs:
2023/12/22 14:05:33 ERROR Error while executing API command; __caller__ =>
/usr/share/perl5/OpenXPKI/Service/Default.pm:644, __command__ =>
send_notification, __error__ => requested value is not a scalar at
/usr/share/perl5/Connector/Builtin/Memory.pm line 74, line 1.
[pid=17|user=Anonymous|role=System|sid=QmyG|pki_realm=the-sprawl]
and the relevant part of smtp.yaml:
# Sample config for good old email notifications
backend:
class: OpenXPKI::Server::Notification::SMTP
host: smtp.gmail.com
# FQDN for helo - defaults to system fqdn
helo: certs.internal.the-sprawl.org
port: 587
starttls: 1
username: busiek.maximill...@gmail.com
password:
debug: 0
# You need to install MIME::Tools for html support
use_html: 0
#smime:
# certificate_key_file: /etc/openxpki/local/smime.key
# certificate_file: /etc/openxpki/local/smime.crt
# certificate_key_password: test
# alternative to key/certificate, requires Crypt::SMIME 0.17 or newer!
#certificate_p12_file: /etc/openxpki/local/smime.p12
default:
to: "[% data.notify_to %]"
from: busiek.maximill...@gmail.com
reply: busiek.maximill...@gmail.com
cc: schmitt.maximill...@gmail.com
prefix: PKI [% meta_wf_id %]
images:
banner: head.png
# template settings
template:
dir: /etc/openxpki/template/email/
message:
testmail:
default: # The internal handle for this thread
template: testmail
subject: SMTP Notification Test
from: busiek.maximill...@gmail.com
reply: ''
cc: ''
prefix: ''
csr_created: # The message Id as referenced in the activity
default: # The internal handle for this thread
template: csr_created_user
subject: CSR for [% cert_subject %]
raop: # Another internal handle for a second thread
template: csr_created_raop # Suffix .txt is always added!
to: busiek.maximill...@gmail.com
cc: ''
reply: "[% IF data; IF data.notify_cc; data.notify_cc; ELSE;
data.notify_to; END; END; %]"
subject: CSR for [% cert_subject %]
Is there something I'm missing? In reading the docs, it seems like you can
just (at least for testing) use the templates directory as I am doing, so I
don't think it's having an issue reading the files. I've tried looking at
the perl code at Connector/Builtin/Memory.pm but I couldn't really make
heads or tails of what it would be expecting and what is 'not a scalar' in
that call:
sub get {
my $self = shift;
my $value = $self->_get_node( shift );
return $self->_node_not_exists() unless (defined $value);
if (ref $value ne '') {
die "requested value is not a scalar"
unless ($self->has_primary_attribute() && ref $value eq 'HASH');
return $self->_node_not_exists()
unless (defined $value->{$self->primary_attribute});
die "primary_attribute is not a scalar"
unless (ref $value->{$self->primary_attribute} eq '');
return $value->{$self->primary_attribute};
}
return $value;
}
On Fri, Dec 22, 2023 at 8:55 AM Maximillian Busiek <
busiek.maximill...@gmail.com> wrote:
> Hi Martin,
>
> I had left the notification and metadata handling at default - hadn't
> touched them since initial setup, and was getting this error. I then tried
> setting up the smtp backend, but I may not have done it correctly. I'll
> start digging into the notification handling, as that does seem to be where
> it's getting tripped up.
>
> Here is the technical log from the GUI (the dns lookup failing is
> expected, this was just a test cert):
>
> 2023-12-21 21:18:39 UTC INFO Trigger notification message csr_created
> ([undef])
> 2023-12-21 21:18:39 UTC INFO Set datapool entry: key = RE:DA:CT:ED,
> namespace = certificate.privatekey ([undef])
> 2023-12-21 21:18:33 UTC INFO Policy DNS check failed on 1 items ([undef])
> 2023-12-21 21:18:33 UTC INFO Check DNS policy on these items: test
> ([undef])
> 2023-12-21 21:18:33 UTC INFO Rendering subject:
> CN=test,DC=internal,DC=the-sprawl,DC=org ([undef])
>
> and here is the snippet of openxpki.log from inside the docker container
> when I hit 'resume' on the workflow:
>
> 2023/12/22 13:42:01 ERROR Workflow
> 4863/certificate_signing_request_v2/NOTIFY_CSR_PENDING uncaught exception
> [pid=29|role=RA
> Operator|sid=6RUz|rid=564c63cfcd38|wftype=certificate_signing_request_v2|wfid=4863]
> 2023/12/22 13:42:01 ERROR
Re: [OpenXPKI-users] Failed Action: csr_notify_pending - ERROR: requested value is not a scalar
Hi Martin, I had left the notification and metadata handling at default - hadn't touched them since initial setup, and was getting this error. I then tried setting up the smtp backend, but I may not have done it correctly. I'll start digging into the notification handling, as that does seem to be where it's getting tripped up. Here is the technical log from the GUI (the dns lookup failing is expected, this was just a test cert): 2023-12-21 21:18:39 UTC INFO Trigger notification message csr_created ([undef]) 2023-12-21 21:18:39 UTC INFO Set datapool entry: key = RE:DA:CT:ED, namespace = certificate.privatekey ([undef]) 2023-12-21 21:18:33 UTC INFO Policy DNS check failed on 1 items ([undef]) 2023-12-21 21:18:33 UTC INFO Check DNS policy on these items: test ([undef]) 2023-12-21 21:18:33 UTC INFO Rendering subject: CN=test,DC=internal,DC=the-sprawl,DC=org ([undef]) and here is the snippet of openxpki.log from inside the docker container when I hit 'resume' on the workflow: 2023/12/22 13:42:01 ERROR Workflow 4863/certificate_signing_request_v2/NOTIFY_CSR_PENDING uncaught exception [pid=29|role=RA Operator|sid=6RUz|rid=564c63cfcd38|wftype=certificate_signing_request_v2|wfid=4863] 2023/12/22 13:42:01 ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => csr_notify_pending, __ERROR__ => requested value is not a scalar at /usr/share/perl5/Connector/Builtin/Memory.pm line 74, line 1. at /usr/share/perl5/OpenXPKI/Server/API2/Plugin/Workflow/Util.pm line 318. , __EXCEPTION__ => [pid=29|role=RA Operator|sid=6RUz|rid=564c63cfcd38|wftype=certificate_signing_request_v2|wfid=4863] 2023/12/22 13:42:01 ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => csr_notify_pending, __ERROR__ => requested value is not a scalar at /usr/share/perl5/Connector/Builtin/Memory.pm line 74, line 1. at /usr/share/perl5/OpenXPKI/Server/API2/Plugin/Workflow/Util.pm line 318. , __EXCEPTION__ => [pid=29|role=RA Operator|sid=6RUz|rid=564c63cfcd38|wftype=certificate_signing_request_v2|wfid=4863] and here is a snippet of my notification/smtp.yaml: backend: class: OpenXPKI::Server::Notification::SMTP host: smtp.gmail.com # FQDN for helo - defaults to system fqdn #helo: my.own.fqdn port: 587 starttls: 1 username: busiek.maximill...@gmail.com password: debug: 0 # You need to install MIME::Tools for html support use_html: 0 everything else in smtp.yaml was copied from democa/notification/smtp.yaml.sample Let me know if there's anything else I can provide that would be of help troubleshooting this issue. Appreciate your assistance! Thanks, Max On Fri, Dec 22, 2023 at 2:51 AM Martin Bartosch via OpenXPKI-users < openxpki-users@lists.sourceforge.net> wrote: > Hi Maximillian, > > > Having some trouble with a new openxpki install using the docker image. > I've gotten most everything configured, but when I try to generate a CSR > via the webui, I get the following error: > > > > Unexpected error > > This workflow was interrupted by an unexpected event, it will not > continue without a manual interaction. Please contact the support team! > > Last Update > > 2023-12-21 21:18:39 UTC > > Failed Action > > csr_notify_pending > > Exception Message > > requested value is not a scalar at > /usr/share/perl5/Connector/Builtin/Memory.pm line 74. at > /usr/share/perl5/OpenXPKI/Server/API2/Plugin/Workflow/Util.pm line 318. > > > > I've tried swapping out the profile I'm using with the tls_server.yaml > profile in the democa and that has the same issue. I've also swapped out > the default.yaml with the one from the democa and still, same issue. Not > sure what else I can set to default configs to get this working, but any > help would be appreciated. > > From the GUI error message you posted something is not correctly > configured with regard to notification. > > Reading between the lines of your post I assume you did a certain amount > of customization, possibly involving notification or metadata handling. > However, without additional information such as technical log, log file > contents and relevant configuration snippets it is unfortunately not > possible to provide any assistance. > > Cheers > > Martin > > > > ___ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users > ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
