subject:"\[Freeipa\-users\] ipa\-replica\-install fails with python import error for module ssl_match

Re: [Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname

2016-08-29 Thread White Hat

The exact same error is in the /var/log/ipareplica-install log

Here are the last few relevant lines.

  File "/usr/lib/python2.7/site-packages/ipalib/plugins/otptoken.py",
line 28, in 
from backports.ssl_match_hostname import match_hostname

2016-08-11T03:53:02Z DEBUG The ipa-replica-install command failed,
exception: ImportError: No module named ssl_match_hostname
2016-08-11T03:53:02Z ERROR No module named ssl_match_hostname
[root@lcars log]#



On Thu, Aug 11, 2016 at 10:51 AM, Rob Crittenden  wrote:
> White Hat wrote:
>>
>> When attempting to run ipa-replica-install I get a python error, No
>> module named ssl_match_hostname
>>
>>
>> This is on a CentOS 7.2 x86_64 testing box.
>>
>> All available updates including kernel installed, and system rebooted
>> same day. Same error before and after patching and reboot.
>>
>> Let me know if you want to see the yum history log info.
>>
>> - Operating system version
>> [root@lcars site-packages]# cat /etc/redhat-release
>> CentOS Linux release 7.2.1511 (Core)
>>
>> [root@lcars site-packages]# uname -a
>> Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1
>> SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
>>
>> - Here are the installed packages.  All were installed using yum.
>> [root@lcars site-packages]# yum list installed | awk '/backports|ipa-/'
>> ipa-admintools.x86_64  4.2.0-15.0.1.el7.centos.18
>> @updates
>> ipa-client.x86_64  4.2.0-15.0.1.el7.centos.18
>> @updates
>> ipa-python.x86_64  4.2.0-15.0.1.el7.centos.18
>> @updates
>> ipa-server.x86_64  4.2.0-15.0.1.el7.centos.18
>> @updates
>> ipa-server-dns.x86_64  4.2.0-15.0.1.el7.centos.18
>> @updates
>> python-backports.noarch1.0-6.el7
>> @anaconda
>> python-backports.x86_641.0-8.el7
>> installed
>> python-backports-ssl_match_hostname.noarch
>>
>> I have the following repositories enabled:
>> base/7/x86_64
>> epel/x86_64
>> extras/7/x86_64
>> updates/7/x86_64
>>
>> - Other threads on this issue suggest using pip to install
>> backports.ssl_match_hostname.  I still get the same error after doing
>> that.
>>
>> [root@lcars site-packages]# pip install backports.ssl_match_hostname
>> Requirement already satisfied (use --upgrade to upgrade):
>> backports.ssl_match_hostname in /usr/lib/python2.7/site-packages
>>
>> [root@lcars site-packages]# pip install --upgrade
>> backports.ssl_match_hostname
>> Requirement already up-to-date: backports.ssl_match_hostname in
>> /usr/lib/python2.7/site-packages
>>
>> - Here's the actual attempt
>> [root@lcars site-packages]# ipa-replica-install --setup-ca --setup-dns
>> --forwarder=4.2.2.1
>> /root/replica-info-lcars.internal.madisonrentals.biz.gpg
>> WARNING: conflicting time synchronization service 'chronyd' will
>> be disabled in favor of ntpd
>>
>> Directory Manager (existing master) password:
>>
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>> ipa.ipapython.install.cli.install_tool(Replica): ERRORNo module
>> named ssl_match_hostname
>>
>> Even when running the suggested ipa-server-install --uninstall, I
>> still receive the error about the missing module.
>>
>> Here's what I have in /usr/lib/python2.7/site-packages
>>
>> [root@lcars site-packages]# pwd
>> /usr/lib/python2.7/site-packages
>> [root@lcars site-packages]# ls | awk '/backports.ssl/'
>> backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info
>> backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
>>
>> - And here are the contents of each directory.
>> [root@lcars site-packages]# cd
>> backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/
>>
>> [root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls
>> dependency_links.txt  PKG-INFO  SOURCES.txt  top_level.txt
>>
>> [root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd ..
>> [root@lcars site-packages]# ls
>> backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
>> dependency_links.txt  installed-files.txt  PKG-INFO  SOURCES.txt
>> top_level.txt
>>
>> Another thread suggested that this can be caused by a missing
>> __init__.py file, however, creating this file in both directories
>> doesn't help.
>>
>> A commit by Heimes may shed some light on this.
>> The commit is in regards to otptoken and states that:
>>
>> "The otptoken plugin is the only module in FreeIPA that uses Python's ssl
>> module instead of NSS. The patch replaces ssl with NSSConnection. It
>> uses the default NSS database to lookup trust anchors. NSSConnection
>> uses NSS for hostname matching. The package
>> python-backports-ssl_match_hostname is no longer required."
>>
>> The master IPA server is up and running with no issues.
>>
>> An ipa connection between replica server and master reports that the
>> connection is working.
>>
>> What else could I be missing?
>
>
> Is there a more complete traceback in /var/log/ipareplica-install?

Re: [Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname

2016-08-11 Thread Rob Crittenden


White Hat wrote:

When attempting to run ipa-replica-install I get a python error, No
module named ssl_match_hostname


This is on a CentOS 7.2 x86_64 testing box.

All available updates including kernel installed, and system rebooted
same day. Same error before and after patching and reboot.

Let me know if you want to see the yum history log info.

- Operating system version
[root@lcars site-packages]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

[root@lcars site-packages]# uname -a
Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1
SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

- Here are the installed packages.  All were installed using yum.
[root@lcars site-packages]# yum list installed | awk '/backports|ipa-/'
ipa-admintools.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
ipa-client.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
ipa-python.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
ipa-server.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
ipa-server-dns.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
python-backports.noarch1.0-6.el7   @anaconda
python-backports.x86_641.0-8.el7   installed
python-backports-ssl_match_hostname.noarch

I have the following repositories enabled:
base/7/x86_64
epel/x86_64
extras/7/x86_64
updates/7/x86_64

- Other threads on this issue suggest using pip to install
backports.ssl_match_hostname.  I still get the same error after doing
that.

[root@lcars site-packages]# pip install backports.ssl_match_hostname
Requirement already satisfied (use --upgrade to upgrade):
backports.ssl_match_hostname in /usr/lib/python2.7/site-packages

[root@lcars site-packages]# pip install --upgrade backports.ssl_match_hostname
Requirement already up-to-date: backports.ssl_match_hostname in
/usr/lib/python2.7/site-packages

- Here's the actual attempt
[root@lcars site-packages]# ipa-replica-install --setup-ca --setup-dns
--forwarder=4.2.2.1
/root/replica-info-lcars.internal.madisonrentals.biz.gpg
WARNING: conflicting time synchronization service 'chronyd' will
be disabled in favor of ntpd

Directory Manager (existing master) password:

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERRORNo module
named ssl_match_hostname

Even when running the suggested ipa-server-install --uninstall, I
still receive the error about the missing module.

Here's what I have in /usr/lib/python2.7/site-packages

[root@lcars site-packages]# pwd
/usr/lib/python2.7/site-packages
[root@lcars site-packages]# ls | awk '/backports.ssl/'
backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info
backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info

- And here are the contents of each directory.
[root@lcars site-packages]# cd
backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/

[root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls
dependency_links.txt  PKG-INFO  SOURCES.txt  top_level.txt

[root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd ..
[root@lcars site-packages]# ls
backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
dependency_links.txt  installed-files.txt  PKG-INFO  SOURCES.txt  top_level.txt

Another thread suggested that this can be caused by a missing
__init__.py file, however, creating this file in both directories
doesn't help.

A commit by Heimes may shed some light on this.
The commit is in regards to otptoken and states that:

"The otptoken plugin is the only module in FreeIPA that uses Python's ssl
module instead of NSS. The patch replaces ssl with NSSConnection. It
uses the default NSS database to lookup trust anchors. NSSConnection
uses NSS for hostname matching. The package
python-backports-ssl_match_hostname is no longer required."

The master IPA server is up and running with no issues.

An ipa connection between replica server and master reports that the
connection is working.

What else could I be missing?


Is there a more complete traceback in /var/log/ipareplica-install? I'm 
curious where the import is originating? If not instrumenting 
ipa-replica-install with pdb would be a way to find it.


rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname

2016-08-10 Thread White Hat

When attempting to run ipa-replica-install I get a python error, No
module named ssl_match_hostname


This is on a CentOS 7.2 x86_64 testing box.

All available updates including kernel installed, and system rebooted
same day. Same error before and after patching and reboot.

Let me know if you want to see the yum history log info.

- Operating system version
[root@lcars site-packages]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

[root@lcars site-packages]# uname -a
Linux lcars.internal.madisonrentals.biz 3.10.0-327.28.2.el7.x86_64 #1
SMP Wed Aug 3 11:11:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

- Here are the installed packages.  All were installed using yum.
[root@lcars site-packages]# yum list installed | awk '/backports|ipa-/'
ipa-admintools.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
ipa-client.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
ipa-python.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
ipa-server.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
ipa-server-dns.x86_64  4.2.0-15.0.1.el7.centos.18  @updates
python-backports.noarch1.0-6.el7   @anaconda
python-backports.x86_641.0-8.el7   installed
python-backports-ssl_match_hostname.noarch

I have the following repositories enabled:
base/7/x86_64
epel/x86_64
extras/7/x86_64
updates/7/x86_64

- Other threads on this issue suggest using pip to install
backports.ssl_match_hostname.  I still get the same error after doing
that.

[root@lcars site-packages]# pip install backports.ssl_match_hostname
Requirement already satisfied (use --upgrade to upgrade):
backports.ssl_match_hostname in /usr/lib/python2.7/site-packages

[root@lcars site-packages]# pip install --upgrade backports.ssl_match_hostname
Requirement already up-to-date: backports.ssl_match_hostname in
/usr/lib/python2.7/site-packages

- Here's the actual attempt
[root@lcars site-packages]# ipa-replica-install --setup-ca --setup-dns
--forwarder=4.2.2.1
/root/replica-info-lcars.internal.madisonrentals.biz.gpg
WARNING: conflicting time synchronization service 'chronyd' will
be disabled in favor of ntpd

Directory Manager (existing master) password:

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERRORNo module
named ssl_match_hostname

Even when running the suggested ipa-server-install --uninstall, I
still receive the error about the missing module.

Here's what I have in /usr/lib/python2.7/site-packages

[root@lcars site-packages]# pwd
/usr/lib/python2.7/site-packages
[root@lcars site-packages]# ls | awk '/backports.ssl/'
backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info
backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info

- And here are the contents of each directory.
[root@lcars site-packages]# cd
backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info/

[root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# ls
dependency_links.txt  PKG-INFO  SOURCES.txt  top_level.txt

[root@lcars backports.ssl_match_hostname-3.4.0.2-py2.7.egg-info]# cd ..
[root@lcars site-packages]# ls
backports.ssl_match_hostname-3.5.0.1-py2.7.egg-info
dependency_links.txt  installed-files.txt  PKG-INFO  SOURCES.txt  top_level.txt

Another thread suggested that this can be caused by a missing
__init__.py file, however, creating this file in both directories
doesn't help.

A commit by Heimes may shed some light on this.
The commit is in regards to otptoken and states that:

"The otptoken plugin is the only module in FreeIPA that uses Python's ssl
module instead of NSS. The patch replaces ssl with NSSConnection. It
uses the default NSS database to lookup trust anchors. NSSConnection
uses NSS for hostname matching. The package
python-backports-ssl_match_hostname is no longer required."

The master IPA server is up and running with no issues.

An ipa connection between replica server and master reports that the
connection is working.

What else could I be missing?

Thanks,
Chris.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname

Re: [Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname

[Freeipa-users] ipa-replica-install fails with python import error for module ssl_match_hostname

3 matches

Site Navigation

Mail list logo

Footer information